Nathan Sweaney is a Senior Security Consultant for Secure Ideas. If you are in need of a penetration test or other security consulting services you can contact him at firstname.lastname@example.org or visit the Secure Ideas – Professionally Evil site for services provided.
“What do you think about privacy?”
That’s the question I asked my wife last week. We had just received an email from Target explaining that our personal data was stolen along with 70 million other customers in their latest breach. The week before we had received notification from our bank that both of our cards were included in the breach and would be replaced.
In the midst of these breach notifications, our mailbox has been barraged by the annual Privacy Notification letters from our banks, retirement accounts, insurance companies, etc. They’re all required by law to tell us how they will treat our personal information, or at least how they intend to. By now history has shown that what organizations intend to do, and what they really do aren’t always they same thing.
But back to my wife. As a security person I’m immersed in the privacy discussion. Target, the NSA, PCI, HIPAA; these are all topics that fill my twitter feed, but my wife is a former school teacher & now stay-at-home mom. I was curious what she thought about all of this. As the mother of three small children, her first thought about privacy is those few moments during the day that she can shut the bathroom door and be alone. That’s not quite what I meant. So I dug deeper.
“What do you think about this Target breach & the fact that our data is out there? That anyone could steal our identities?”
Her answer surprised me.
“I guess I’m just used to it. It’s the world we live in. Until something bad actually happens to us, it’s hard to get too worried about it.”
As we continued to talk, she told me that her parents have had their cards compromised & replaced twice in the last six months. “It’s a bit of a hassle,” she said, “but they didn’t suffer any significant consequences. So why should we care?” Why indeed?
I couldn’t help but hear the words of Martin Niemöller ringing in my head. Does she really not understand why this is a big deal? How can she be so cavalier?
But at the same time something gnawed at me. Am I wrong? Has the constant buzz of the twitter echo chamber and grandiose conversations in the hallways of security conferences skewed my reality? Does privacy really matter anymore? Is it worth caring about?
Stepping up to the plate for a second swing, I asked what she thought about the actions of the NSA and friends over the last few years. What about those warrantless wiretaps, and the cellphone metadata collection, and all the National Security Letters courtesy of the Patriot Act?
What?!? Don’t you read the news? Don’t you care what’s going on?
After a short summary of the major news events the last few years she finally started to understand my concern.
“Wow. They can do that? That’s scary.”
And that’s where it ended. Kids have to be fed. The baby needs a bath. Other priorities quickly shadowed our brief discussion. But I couldn’t stop watching my 5-yr old and wondering what his future will be like. Will his generation even have a glimpse of what privacy is about? Will they know what they’ve lost? Will he care?
Do you care? Does privacy matter? Leave a comment & tell me what you think.