It’s Your Life, Starring Your Data

At a recent EPIC Champions of Freedom privacy event, Apple’s CEO Tim Cook finger-wagged some of his Silicon Valley neighbors—without mentioning names Facebook and Google—on how they were using their users’ data. “They’re gobbling up everything they can learn about you and trying to monetize it. We think that’s wrong. And it’s not the kind of company that Apple wants to be,” Cook said.

At a recent EPIC Champions of Freedom privacy event, Apple’s CEO Tim Cook finger-wagged some of his Silicon Valley neighbors—without mentioning names Facebook and Google—on how they were using their users’ data. “They’re gobbling up everything they can learn about you and trying to monetize it. We think that’s wrong. And it’s not the kind of company that Apple wants to be,” Cook said.

He went on to say, “We believe that people have a fundamental right to privacy. The American people demand it, the constitution demands it, morality demands it.”

That sounds really good, especially to an audience of privacy professionals and customers, but let me get this straight. There’s no question that Facebook and Google are keeping themselves front and center in the data privacy and usage discussions, but wasn’t it just last fall when Apple’s iCloud got hacked and embarrassing nude celebrity photos were released? Apple, you say that you’re not in the business of selling your users’ data, but how well are you protecting it?

This got me to thinking: What’s worse—having my data sold or having my data stolen? Regardless of my answer to this question, you may answer the question differently—and that’s what makes this privacy/security discussion so challenging. Personal moral standards may not be the best driver as we try to establish a broader-based set of big data privacy guidelines.

The current data breach stats. It seems like every day we’re hearing about data being stolen (a.k.a., data breaches), so I decided to investigate further. The 2015 statistics below come from the Identity Theft Resource Center, who’ve been tracking security breaches since 2005.

As of July 21^st, 2015, there’s already been 436 reported data breaches in the U.S. alone: 

You’ll see that I also included the 2014 totals for some hypothetical considerations:

• # of breaches: The 2015 breach rate (# of breaches per week) seems to be holding steady as compared to last year. We’re on track to hit 781 breaches this year.
• # of records: At our current rate, we’re on target to exceed 240 million stolen records this year, which is almost 3X more than last year.

Even though it feels like the number of breaches is increasing, the real impact is the volume of data that’s being stolen. In other words, on average, more data is being stolen per breach. Is that because there is more data to steal—since we, the people, are generating more of it through our many devices, sensors, and online activity? My take is yes.

And then there’s Ashley Madison. You probably noticed that the above stats don’t include this week’s Ashley Madison hack job. That will add one more breach and 37 million more records to this year’s tally. For a site that promised their users’ ultimate privacy in their extramarital encounters, they certainly fumbled when it came to protecting their users’ data.

But they didn’t just fumble once; they fumbled twice.

This International Business Times article reports that John McAfee—yes, that McAfee—went in and hacked the Ashley Madison site again, just days after the initial hack and threat to release user details. It wasn’t that hard for McAfee to do; nor was it hard for him to figure out what kinds of folks frequent the site.

Lesson learned: If you’re going to make a big deal about privacy, then you need to make a big deal about securing that privacy. I wonder how Ashley Madison users would now answer the question I posed earlier: Which is worse—having your data sold or having your data stolen?

One final thought. Remember how Apple was finger-wagging other companies for making money off your data? Well, it seems that Apple was recently awarded another patent to do just that. Seriously. Which just goes to show that…

Every character you type, tap, swype, or speak is leaving a digital trail of where you’ve been and what you’ve said and done. And there are both good players and bad players out there taking advantage of this digital trail. Even though you don’t have any control about how these data players are going to use/misuse/abuse your data—regardless of what they say—you do have control over what and how much data you’re going to share online.

Be mindful of your digital content and don’t be naïve in believing that anything you put online can be 100% “safe.” Because it’s not. Just ask the Ashley Madison users.