Saturday, March 22, 2008

Barack, Hillary John - Does anyone know where our (your) privacy has gone?

About a week ago, I wrote a post about Britney having her privacy "jacked" by a bunch of "naughty" hospital employees. This occurred at one of the most respected medical and institutions of higher learning in the world, the University of California, Los Angeles.

Ironically, it's now been revealed that another highly respected institution, the State Department had some "naughty" employees "jack" the privacy of the three major presidential candidates, Barack, Hillary and John.

While a lot of us take Britney's exploits with a grain of salt, it's another example where too many people are being given access to too much sensitive information. Even if we take most of Britney's adventures in a not very serious light -- she is a human being and therefore worthy of a little respect and privacy in her personal affairs.

This should be especially true when someone is seeking medical attention of a sensitive nature.

The official spin in both instances is that these events were caused by naughty employees, who were snooping where they shouldn't have been. While it appears there was no sinister intent in all of this, it points to the fact that none of us can count on a little respect or privacy, anymore.

Maybe we have too many databases containing highly personal information that the wrong people have been given access to? You can spend millions on security, but no amount of it will prevent something from being compromised if the wrong person has been given access to it.

Of course, the there is a financial motive to not wanting to fix the problem anytime in the near future. It's no secret that selling personal information is a multi-billion dollar business. Implementing technology is a multi-billion dollar venture, also. It shouldn't surprise us that there is a lobby (with a lot of money), who wants to keep things the way they are.

Because of this, it shouldn't surprise us that we see criminals exploiting the loopholes in protecting information, either. After all, they're making a lot of money off it, also.

If naughty employees with a penchant for snooping could obtain the personal information of three political candidates, it isn't a far stretch that someone with more sinister intentions could have accomplished the same thing. I wonder, who failed to notice that we are now granting "contract employees" access to information of this nature?

After all, this isn't the first time a contract employee, government or otherwise, has compromised sensitive information.

I guess private businesses aren't the only entities outsourcing jobs (and a lot of people's personal information) in the process. We seem to live in a world, where in order to save a little on the bottom line, we seem to ignore basic principles (like need to know) when protecting information.

Perhaps, if we stopped storing sensitive information in too many places with little regard to who can look at it, we would stop being "shocked" when it's compromised?

All a reasonably intelligent person would have to do is look at the number of reported compromises involving sensitive information that occur and then wonder how many more there are that no one knows about? I threw that in because most people, who do something wrong normally don't disclose what they did to third parties.

After a compromise occurs, we all seem content that security enhancements will prevent the next one. Sadly, most of the enhancements introduced so far haven't put a dent in the problem and the saga goes on. In fact, it normally doesn't take very long before we hear about the latest security enhancement being defeated.

Maybe the problem needs to be taken to a more simple level? Perhaps if we weren't storing information in places -- where too many people have access to it -- we would see less of it being compromised?

We live in a world, where technology has made things easier and more productive. The problem is that "easy and productive" is taking a toll on what should be a basic human right, privacy.

The bottom line is that it has become too easy to compromise information and technology makes both good and bad people, more productive.

Saying all that, the three candidates are on record, when it comes to privacy. In July of 2006, Hillary Clinton spoke to a lot of same issues in a speech, where she said:

Privacy is at the crossroads of all these issues, and modern life makes many things easier… and many things easier to know. And yet, privacy is somehow caught in the crosshairs of these changes.

Our economy is increasingly data driven. We have dramatically ramped up surveillance in our efforts to fight terrorists who hide among innocent civilians.

But every day the news contains a story of how the records of millions of consumers, veterans, patients have been compromised.

At all levels, the privacy protections for ordinary citizens are broken, inadequate and out of date.

Likewise, Barack Obama has the following statement about this issue on his site:

Dramatic increases in computing power, decreases in storage costs and huge flows of information that characterize the digital age bring enormous benefits, but also create risk of abuse. We need sensible safeguards that protect privacy in this dynamic new world. As president, Barack Obama will strengthen privacy protections for the digital age and will harness the power of technology to hold government and business accountable for violations of personal privacy.
John McCain (as part of a bipartisan committee) has expressed frustration on the privacy issue, also. Here is what he was quoted as saying in a CNet story after a FTC report was released on the state of the state on privacy:

A bipartisan group of senators led by Sen. John McCain, R-Ariz., said it is determined to pass new laws restricting the ability of Web sites to collect and use information from a visitor without that person's consent.

For the last several years, Web sites have operated under a form of self-regulation, and industry groups have touted the ever-increasing number of sites posting privacy policies. However, members of the Senate Commerce Committee today decried those steps as inadequate and cited polls showing that the vast majority of consumers opposed industry self-regulation.
There is no doubt that by this point in the game, most of our politicians have made a statement on the privacy issue. Despite these statements, most of the legislation presented in Washington hasn't been passed yet?

In fact if memory serves me correctly, the last time we tried to pass some federal legislation, the end result was that it would have watered down more proactive laws already passed into law at the State level.

I know everyone is busy with the campaign underway so I'm going to include a reference to an article (with an interactive map) showing what State laws on this issue have already been enacted. Included on the map is a interactive flag over the District of Columbia showing which federal laws have not.

Well put together article by csoonline.com, here.

In case anyone reading this can't keep up with the record number of data breaches, Attrition.org had a chronology, here.

PogoWasRight is another place that helps me keep up with the record number of compromises, also.

1 comment:

Marla said...

Fresno, CA - massive real estate fraud / real estate theft operation going on. Where is help?

http://fresnorealestatefraudtheft.blogspot.com/