A guest post by my dear friend, Anonymous Pragmatic Man
A few months ago, I received a notice from Vendini Corporation that their databases had been hacked, and my credit card info had been
stolen. My first question was, WHO THE F*#&K IS VENDINI CORPORATION???
It turned out that they processed my credit card transaction when I went to a community theater production back in 2009. That was my one and only transaction with them, but they had held onto my information all this time, and now my credit info had been stolen. I got on the phone, then dealt with a followup email and insisted that they start purging old data, and purge mine right then. NO WAY does a single transaction
entitle a company to keep my credit card info forever. I laid it out for them: the CIA website had been hacked, the White House had been hacked, it was only a matter of time before they would be hacked again. They needed to purge old data, or I would never use a card to buy tickets again. To their credit, Vendini changed their policy and will purge everything but the last 4 digits of card numbers after 45 days. It's a
start.
Then the Edward Snowden story hit the headlines.
A lot of people are paranoid about Snowden somehow giving data to "the enemy," as if the public was the enemy. They miss the point: this isn't
about him, it's about the data. Some people are paranoid about the NSA,
because somehow the government reading your email and tracking whom you
call and what you buy or download seems more sinister to them than Google reading your email or the phone company tracking whom you call or VISA tracking what you buy or your ISP tracking what you download. But again, it's about the data, not who first collects it.
In fact, the government could buy your phone records from your phone company out in the sunlight, because phone companies have been selling them *to anybody* for years. I'm sure credit card companies and email providers and, above all, Facebook, have been selling you every way but sideways to all sorts of companies, including start-ups with no track record. So unless you implicitly trust all those companies, the government is just another peeper.
What people are ignoring is that all this stored data is a treasure trove for identity thieves. And don't kid yourself that government data is more secure than corporate data. If you think Ed Snowden is
dangerous, imagine a different temp working for an intelligence agency, with illicit profit rather than privacy rights in mind. She/he could funnel away all sorts of relevant and useful data to an identity theft ring. It's the ultimate inside hack. Likewise IT temps working for banks, credit agencies, etc. If they store it, someone will come for it.
A certain Mr. Murphy became famous in the 70s, but was very much misunderstood. Murphy's Law, namely "if anything can go wrong, eventually it will," was not an expression of pessimism. Murphy was an engineer, and this was a DESIGN PRINCIPLE. Design your system so NOTHING can go wrong. A worthy goal, but obviously, NSA's system, like Vendini's, will never be perfect. So why hold onto vast amounts of data and attract thieves, instead of just collecting on viable suspects? And
perhaps we should prevent companies from selling their databases to just anyone, so organized crime doesn't just buy them. And perhaps when we make an internet or telephone purchase, or even one in a store, we should ask just how long they'll store our info.
A few months ago, I received a notice from Vendini Corporation that their databases had been hacked, and my credit card info had been
stolen. My first question was, WHO THE F*#&K IS VENDINI CORPORATION???
It turned out that they processed my credit card transaction when I went to a community theater production back in 2009. That was my one and only transaction with them, but they had held onto my information all this time, and now my credit info had been stolen. I got on the phone, then dealt with a followup email and insisted that they start purging old data, and purge mine right then. NO WAY does a single transaction
entitle a company to keep my credit card info forever. I laid it out for them: the CIA website had been hacked, the White House had been hacked, it was only a matter of time before they would be hacked again. They needed to purge old data, or I would never use a card to buy tickets again. To their credit, Vendini changed their policy and will purge everything but the last 4 digits of card numbers after 45 days. It's a
start.
Then the Edward Snowden story hit the headlines.
A lot of people are paranoid about Snowden somehow giving data to "the enemy," as if the public was the enemy. They miss the point: this isn't
about him, it's about the data. Some people are paranoid about the NSA,
because somehow the government reading your email and tracking whom you
call and what you buy or download seems more sinister to them than Google reading your email or the phone company tracking whom you call or VISA tracking what you buy or your ISP tracking what you download. But again, it's about the data, not who first collects it.
In fact, the government could buy your phone records from your phone company out in the sunlight, because phone companies have been selling them *to anybody* for years. I'm sure credit card companies and email providers and, above all, Facebook, have been selling you every way but sideways to all sorts of companies, including start-ups with no track record. So unless you implicitly trust all those companies, the government is just another peeper.
What people are ignoring is that all this stored data is a treasure trove for identity thieves. And don't kid yourself that government data is more secure than corporate data. If you think Ed Snowden is
dangerous, imagine a different temp working for an intelligence agency, with illicit profit rather than privacy rights in mind. She/he could funnel away all sorts of relevant and useful data to an identity theft ring. It's the ultimate inside hack. Likewise IT temps working for banks, credit agencies, etc. If they store it, someone will come for it.
A certain Mr. Murphy became famous in the 70s, but was very much misunderstood. Murphy's Law, namely "if anything can go wrong, eventually it will," was not an expression of pessimism. Murphy was an engineer, and this was a DESIGN PRINCIPLE. Design your system so NOTHING can go wrong. A worthy goal, but obviously, NSA's system, like Vendini's, will never be perfect. So why hold onto vast amounts of data and attract thieves, instead of just collecting on viable suspects? And
perhaps we should prevent companies from selling their databases to just anyone, so organized crime doesn't just buy them. And perhaps when we make an internet or telephone purchase, or even one in a store, we should ask just how long they'll store our info.
No comments:
Post a Comment