I’ve written several privacy-related articles discussing the various aspects of risk we assume when we use technology. From the computers we use to the systems that run them, as well as the applications and tools we rely on, each adds risk of some kind of exposure.
And yet, in my experience, the greatest risk we’re exposed to has little do with technology.
It’s a risk we don’t think of – and yet I see privacy directly invaded more often due to this than any other reason.
The biggest risk is people
Even with semi-regular news of data breaches, hacking, and other technological intrusions, the single biggest cause for actual tangible privacy-related damage boils down to nothing more than… people.
I’m certain you’re already making assumptions about which people you should be concerned about. I’m just as certain you’re overlooking perhaps the most important group that puts our privacy at risk every day.
Let’s review some of the various classes of people involved in putting our privacy at risk.
Hackers, scammers, and other ne’er-do-wells
This is the first thing people think of when it comes to privacy invasions. We hear a seemingly endless stream of news and word-of-mouth reports of privacy hacks every day. It’s easy to think we’re under constant threat from evil villains trying to get at our data.
In a sense, we are. There’s no question that organized crime and other malicious entities have their sights set on gathering personal information and either using that for nefarious purposes directly, or reselling it to those who would.
While your data could fall victim to the individuals in this category, it’s important to realize they’re simply not interested in you as an individual. What they’re interested in is much broader; what they care about is gathering as much data as they can, or scamming as many people as they can. Particularly when it comes to scams, they don’t care who those people are, just that they’re vulnerable.
Perhaps in part due to the obviousness of this class, this is the group of people we most easily protect ourselves from, using technology and common sense. Security software of various flavors and layers, coupled with skepticism and our own smart habits, are our first, best line of defense.
Governments and government agencies
You may think I’m including this because I’m concerned your government is spying on you.
Oh, it’s certainly possible, and in some countries even plausible, depending on your own behavior and “value” to whomever might be watching. Once again, however, I believe strongly that most of us, in most countries, simply aren’t that interesting (or worth the effort) for individual government surveillance. It’s just not that big of an individual risk.
No, what makes government in general one of the largest threats to our privacy are the laws and policies they enact or fail to enact. Weak government policy and enforcement around individual rights and privacy makes it easier for others – in the government and elsewhere – to access and possibly misuse our personal information.
Most people never pay attention to this unless they’re already living under an oppressive regime, in which case it could be considered too late. I strongly suggest that paying attention and working within your system to ensure personal privacy rights is an important responsibility.
Employees, technicians, and policy makers
Many people are concerned about big business and corporations collecting and using our personal information.
I’m generally not. Excepting the previous point about making sure that government regulations are in place to protect my information, and corporate policies that similarly ensure my privacy – whether a legal requirement or not – I’m actually not that concerned about the information I’m certain is out there about me.
With one exception: when those companies get hacked or otherwise compromised.
That generally comes back to the people involved. I believe the majority of breeches boil down to individual people making individual errors.
One example might be the software engineer with little to no security experience placed in charge of the security of my data. All the good intentions in the world won’t make up for the inevitable oversight (which is probably more common than we suspect). Software developers and policy makers operate under a “features first, security later” approach that often pushes service development – and with it our personal information – beyond acceptable risk. Then, once a vulnerability is discovered, the hackers mentioned earlier swoop in to take advantage of the unintentional access to our information.
The most important thing you can do to secure yourself against these types of oversights is to know who you’re dealing with and hold them responsible and accountable for the security of your information. Do business with companies that have a proven track record. If you find you can’t – if you find you need the services of an unproven entity – be particularly wary of the information you choose to share.
Friends and family, business contacts, and associates
We share a fair amount of information without thinking about the ramifications of exposing ourselves to other people.
Sometimes that can even be literal. I frequently encounter individuals who come to me concerned that their video chats might be intercepted by some middleman. As it turns out, it’s not the middleman they need be concerned about when they find themselves being blackmailed by the individual at the other end of the conversation.
The fact is, there’s no technology – none whatsoever – that can protect you from the people to whom you choose to expose your information (or anything else). Any technology can be circumvented in one form or another by the recipient. If it can be seen, it can be copied – even if it’s just taking a picture of the computer screen while your sensitive details are displayed.
And of course, once something is posted publicly (and let’s be clear: all social media is “public”, regardless of your privacy settings), it cannot be recalled.
This is, perhaps, the single most common cause of privacy violations I’ve encountered over the many years I’ve been doing Ask Leo! – not big business or government, not massive data breaches, not malware, not even ransomware1 – but one-to-one interactions in which individuals simply share too much and later regret it.
This risk is only growing on social media, which creates an illusion of intimacy and safety while nothing of the sort exists.
You are the biggest risk to your own privacy.
By sharing too much on social media or trusting too easily when some stranger calls to tell you your computer has a problem, or by reaching out to the wrong people in times of technological crisis because you’re panicking, the biggest risk of all comes back to you.
And that’s great!
Now, why, after what might seem like gloom and doom about all the ways that our privacy can be compromised, am I so excited to point the finger at you?
Because the one thing you have control over is yourself.
You can become more knowledgeable. You can make better decisions. You can take responsibility for your privacy from here on out.
There’s no requirement that you become a Luddite and walk away from technology in general – Lord knows I’ve certainly not done that. What’s required is simply awareness – mindfulness, if you will – of exactly what, where, and with whom you share.
That last one is perhaps the most important: your privacy is all about the people you trust and share with.