San Francisco (Reuters, March 21) - Hackers attacked computer servers of a California university and may have gained access to the personal information of 59,000 people affiliated with the school, a university spokesman said on Monday.There followed the SOP reassurance that "we have no indication that the hackers used the information," but even if that is by some happy chance true, when will the fact sink in that our personal information, information not only private but which can be used to steal our identity, ruin our credit, spread confidential details of our most personal affairs, are vulnerable to attack and theft and the more we allow, indeed cooperate with, these increasingly-intrusive databases, the more at risk we are?
California State University, Chico in northern California is alerting students, former students, prospective students and faculty that their personal information, including Social Security numbers, may have been compromised in the attack three weeks ago, said spokesman Joe Wills.
Last week I had to go to the Emergency Room because I had a subconjunctival hemorrhage (bleeding into the tissue of the eye). Turned out this is essentially harmless, probably related to one of the meds I'm on, and the only treatment, if any, is warm compresses. But I didn't know that at the time. The point here is that while I was waiting for the doctor, the secretary came to get my information. After name, address, and phone, she said "social?" Not even "social security number," just "social." That's how routine a question it had become. So routine, in fact, that she was perturbed and rather taken aback when I wouldn't give it to her.
I'm less concerned by her reaction than by what it means: People normally, again routinely, just give out their social security number to any "official"-type person who asks for it. This is a number that originally was not to be used for anything other than Social Security Adminstration records but now threatens to become a de facto (and, some desire, de jure) national ID number tracing you from birth to death. Why do we surrender it so easily? Is it submission to authority? Ignorance of the possible effects? Are we convinced by the corporate claims that it's all for our own good and that we actually really do want our privacy stripped away for the sake of "convenience" and a "personalized experience?"
I actually tend to think, as cliched an answer as it may be, it's D)All of the above. We tend to assume that when asked for information in any "official" situation that we are somehow obligated to provide it, it's somehow "necessary." And while the benefits of giving out personal data (mostly convenience) may be easily visible, the costs and risks tend to be hidden or seem far off or at least unlikely, so we're more likely to cooperate. The result is that identify theft is one of the fastest-growing crimes and we have less and less control over who knows what about the details of our lives.
One solution, my first big step, would be to ban the use of social security numbers for any purpose unrelated to Social Security. In the meantime, if anyone wants any information from you, expect them to be able to give you a damn good reason why they need it.
Footnote: The Federal Deposit Insurance Corporation has approved a ruling that would require banks to tell their customers if they believe they may have had their private information misused.
Jim Stickley, chief technology officer at LA firm, TraceSecurity says that, if approved [by] the Federal Reserve, the FDIC ruling, "could cause a significant increase in identity theft disclosures." He said: "most large-scale identity thefts go unreported, either because the bank wants to avoid tarnishing their reputation or because they are simply unaware of the breaches".Maybe if more thefts are reported, people will become more aware of the problem and maybe, just maybe, I know it's a long shot but at least it's a shot, people will be dissatisfied with assurances about "increased vigilance" and start asking whether that particular information has to be stored in the first place.
No comments:
Post a Comment