Wednesday, October 23, 2013

People of the world beware: An assault on our privacy is coming, of unimaginable proportions.

Yes, that's kind of hyperbolic, but it's really the only way to get the point across.  Your personal data and information is quickly becoming digital - and almost everything digital is accessible online.  Here are a few small examples of the things that you probably don't think about being accessed by someone you haven't authorized, and how it could impact your life:
There is no denying that we are heading toward a completely on-line existence.  Progress has spoken - social networking has propelled much more than photos of you and your friends to be put online.  Devices like exercise bracelets, music sharing websites that advertise what you listened to, refrigerators that track what you've eaten, cars that log your speed and driving habits, and SO MUCH MORE.   And the convenience of the cloud means that all this data is likely to be housed not in your hands - but those of someone else (like Facebook or Google).

The big question is this:

What stands in the way of someone you don't know getting access to these things?

In today's world, 9-times-out-of-10, even in the best case scenario, it's a single password.  Yes, a single password is all it takes for someone who wanted to completely ruin your life.  Even if you are conscientious and maintain a separate password for each website (which most people don't), most systems utilize your e-mail address to reset your password, making the point of vulnerability for almost of your data a single password - the one on your e-mail account.

Ask yourself another question:  What is my attitude toward passwords? How about my family's? And my friends'?  I'm willing to guess that the answer for at least one of these contingents is something along the lines of this:
"Passwords are a pain in the neck, I invest the minimum amount of effort I can get away with."
Unfortunately, it gets worse.

As your data footprint gets wider, the chances that someone will make a human error that exposes your data rises.  That means your data could be compromised even if you are diligent about security.

So if we look at all this in perspective over time, we have the following factors:

  • More sensitive data being created, 
  • More of that sensitive data being put on online, 
  • With basically the same type of security we have had to protect our data since the invention of e-mail - at best, a single password, and
  • At worst, diminishing security, as any of the increasing number of online services housing our data are vulnerable to compromise.
  • As people are becoming increasingly aware, government agencies like the NSA are becoming more powerful (by necessity?), and can requisition your data from those services whenever they want
And still worse.

Up until now, you probably have a friend or two who have had their computer "pwned", or their e-mail account hacked.  Most likely they had to reformat their computer, change their e-mail and other passwords, maybe send an apology to their friends for spam they received from their account, and in the more extreme cases, change their credit card numbers and notify their banks.  

But this is NOTHING, in terms of the amount or severity, compared to what we will see in 5-10 years from now, as more of our data is made digital.  The stakes will be far higher.  If a hacker gains access to your Facebook account today, that counts for some amount of value - perhaps they can advertise something or blackmail you into paying some amount of money.  But if they can gain access to your banking info, your living habits, the vehicles you own, all of your financials, and other things we can't even imagine, hacking becomes more lucrative.  Instead of script-kiddies and people who write in broken English sitting in front of a home computer, we are talking about highly paid, technically adept, convincing actors, whose job it is to gain access to your data.  These people could even be blurring the lines between malicious or illegal activity, working for government contracts for organizations like the NSA.  They will stop at almost nothing, and they will move on to someone else before you even know anything happened to you.  Eventually, privacy is going to become one of the most valued (and valuable) things on the internet, and in the world.

The point of this article isn't to generate paranoia.  It's a wake-up call about where we're heading, and how our (collective) attitudes are going to need to change, if this is all going to be sustainable.  Sadly, we are most assuredly going to have to weather a few major storms before there is a widespread change in the way we all approach security.

So as crazy new gadgets that find new and novel ways to computerize your life emerge, think carefully about what you choose to adopt.  Consider the gains against the risks to your privacy.  If you do decide to adopt something, think about what you can do to prevent your data from falling into the wrong hands, and take the opportunity to do it.  

No comments: