When people learn that I work in cybersecurity, I’m invariably asked about “hackers” and all the mischief they may cause. I’m also asked what I think about government spying. Of course, I’ll explain the different ways malicious hackers and governments can gain access to and exploit personal data, and how individuals may protect themselves. It’s dismaying how often most people I speak with will start throwing up the same old, worn out excuses for why they don’t really need to protect themselves, and I thought it high time I dispense with some of the most offensive of those excuses:
1.) “I’m not doing anything illegal, so I have nothing to hide.”
Have you ever drawn the shades in your home? Have you ever used an empty conference room at work to make a call? Have you ever sealed an envelope in which you were mailing a letter?
I would wager that you answered “yes” to all of these questions – except maybe the third one if you’re 30 years old or younger. Did you take these precautions because you were engaged in illegal activity? Of course, not. You just wanted some simple privacy. Your neighbors don’t need see you in your boxers; your coworkers don’t need know you want that embarrassing mole removed; and, you don’t want some random person reading about your battle with a credit bureau over your ex-spouse’s credit card indiscretions. And why not?
Because it’s none of their business.
Why should our attitudes, then, be any different with our electronic communications or with what we wish to read or view online? How are keeping those things, or any other aspect of our personal lives, private somehow indicative of illegal activities? The view that the desire for privacy equates to hiding something that should be exposed is misguided and sets a dangerous tone. The real issue is that we all have the freedom to choose what to share about ourselves with whom and when.
2.) “Privacy controls will prevent law enforcement from monitoring terrorists and detecting terrorist attacks.”
It’s not unusual for me to log over 100,000 air miles each year, so you can imagine that preventing terrorist attacks is something in which I have a personal stake. But the idea that encryption systems should have built-in “back doors” (master keys, if you will, to our communications and personal information) exposes us to greater threats than by allowing strong security for all of us. It’s akin to saying that you should leave the back door to your home unlocked so the police can have quicker access to the house to protect you should a criminal enter the house through a window. The problem is that criminals may notice the back door is unlocked. Wouldn’t we be safer if we could lock all of the doors and windows?
3.) “I don’t have anything anybody wants, so I’m not concerned.”
Everything you do on the Internet is logged, analyzed, and shared amongst those who want to sell you things. You are a commodity and your personal information has value.
The right to privacy discussion often becomes a political one, but we can’t forget that, no matter where we may fall along the political spectrum, our personal information is increasingly the currency of the realm – for marketers and criminals, alike. (Full disclosure: I am a marketer in my day job.) Have you ever noticed that after you search for a product with Google, ads for that same product start showing up in Facebook? Would it bother you to know that Facebook knows what you’ve searched for in Google? If not, what if I told you that you may be charged higher prices for goods, like airfare, when your interests are known?
Now what if I told you that your computer is frequently rented out to different criminal organizations to promote illegal online pharmacies, to attack websites for ransom, or even to share child pornography without your knowledge? Criminals are not always interested in you, but it is quite lucrative for them to infect your computer with malware by which they can take control of your computer and rent it out to the highest bidder. By following safe computing practices, including guarding your privacy, and using common sense, you can avoid having your computer becoming one of these “bots.” The bad guys want the largest return, which means compromising a system with the least amount of effort. With so many poorly defended systems out there, you don’t need to outrun the bear; just outrun the other guy.
In the end, we’re all responsible for our securing our privacy and personal data. There is no one technology or software that will do it for us, and while our personal data is a commodity, you can rest assured that there will be many forces that will resist privacy protections. Your privacy can only be protected with your active involvement, and it’s up to you to educate yourself, but you don’t have to do it alone. The first step is to find a local CryptoParty. These events are free and primarily set up for those with little-to-no technical skills, and therefore, are focused on providing a basic understanding of the concepts involved, and the tools to get started.
The 1NTERRUPT team will be hosting a CryptoParty at the Worcester Public Library’s Main Branch on June 20th from 9:30AM – 12:00 PM, and we’ll have the registration page live soon. To find a CryptoParty in your area, check the CryptoParty main site or simply search on “CryptoParty” and your location.
Now go forth and Internet privately.