What Do YOU Think About Privacy?

“What do you think about privacy?”

That’s the question I asked my wife last week. We had just received an email from Target explaining that our personal data was stolen along with 70 million other customers in their latest breach.  The week before we had received notification from our bank that both of our cards were included in the breach and would be replaced. 
In the midst of these breach notifications, our mailbox has been barraged by the annual Privacy Notification letters from our banks, retirement accounts, insurance companies, etc. They’re all required by law to tell us how they will treat our personal information, or at least how they intend to. By now history has shown that what organizations intend to do, and what they really do aren’t always they same thing. 
But back to my wife. As a security person I’m immersed in the privacy discussion. Target, the NSA, PCI, HIPAA; these are all topics that fill my twitter feed, but my wife is a former school teacher & now stay-at-home mom.  I was curious what she thought about all of this. As the mother of three small children, her first thought about privacy is those few moments during the day that she can shut the bathroom door and be alone. That’s not quite what I meant. So I dug deeper.
“What do you think about this Target breach & the fact that our data is out there? That anyone could steal our identities?” 
Her answer surprised me. 
“I guess I’m just used to it. It’s the world we live in. Until something bad actually happens to us, it’s hard to get too worried about it.”
As we continued to talk, she told me that her parents have had their cards compromised & replaced twice in the last six months. “It’s a bit of a hassle,” she said, “but they didn’t suffer any significant consequences. So why should we care?” Why indeed?
I couldn’t help but hear the words of Martin Niemöller ringing in my head. Does she really not understand why this is a big deal? How can she be so cavalier? 
But at the same time something gnawed at me. Am I wrong? Has the constant buzz of the twitter echo chamber and grandiose conversations in the hallways of security conferences skewed my reality? Does privacy really matter anymore? Is it worth caring about?
Stepping up to the plate for a second swing, I asked what she thought about the actions of the NSA and friends over the last few years. What about those warrantless wiretaps, and the cellphone metadata collection, and all the National Security Letters courtesy of the Patriot Act? 
Blank stare. 
What?!? Don’t you read the news? Don’t you care what’s going on? 
After a short summary of the major news events the last few years she finally started to understand my concern.
“Wow. They can do that? That’s scary.”
Scary indeed. 
And that’s where it ended. Kids have to be fed. The baby needs a bath. Other priorities quickly shadowed our brief discussion. But I couldn’t stop watching my 5-yr old and wondering what his future will be like. Will his generation even have a glimpse of what privacy is about?  Will they know what they’ve lost? Will he care?
Do you care? Does privacy matter? Leave a comment & tell me what you think.

Nathan Sweaney is a Senior Security Consultant for Secure Ideas. If you are in need of a penetration test or other security consulting services you can contact him at nathan@secureideas.com or visit the Secure Ideas – Professionally Evil site for services provided.

1 thought on “What Do YOU Think About Privacy?”

  1. I do think sometimes because we are in the biz of selling the products and solutions to security and privacy problems we overvalue both.

    We think our companies ideas are so original that if our competition got them we'd be doomed. Reality is different, for example When Pepsi once had a former Coke employee offer the secret formula to them, Pepsi turn them leaker in vs getting the formula, because a LOT more goes into being a successful company then a formula.

    Think about your competition what would you like to know about their secrets that could really help you? Nothing they're idiots our ideas are so much better anyway well they are probably thinking the same thing about you.

    Now when you hold someone else's data, you have a responsibility to NOT make security and privacy information decisions without their consent. We should be ever vigilant about protecting others data. And there is probably somethings of your own data that are worth protecting. But the PROTECT ALL THE THINGS mindset is too much.

    On a personal level too, I think we freakout a little too much when corporations hold our data, but love it when they cater to us. One comes with the other.

    But let's not confuse corporations and governments. Governments have NO innate right to our data. And care & vigilance should be place to prevent that collection. Governments have powers well beyond corporations. Facebook can't imprison me or put me on a no-fly list for unpopular political beliefs or having friends with unpopular political beliefs. Because of the governments extraordinary power, we must limit what they can see by warrant tied to a crime.

Leave a Comment

Your email address will not be published. Required fields are marked *