I’ve written several privacy-related articles discussing various aspects of technological risk. The computers we use, the systems that run them, and the applications and tools we rely on each add risk of some kind.
And yet, in my experience, the greatest risk we’re exposed to has little do with technology.
It’s a risk we don’t think of — yet I see privacy compromised more often due to this than any other reason.
Become a Patron of Ask Leo! and go ad-free!
The biggest risk is people
Even with semi-regular news of data breaches, hacking, and other technological intrusions, the single biggest cause for privacy-related damage boils down to nothing more than… people.
I’m certain you’re already making assumptions about which people to be concerned about. I’m just as certain you’re overlooking the ones who put our privacy most at risk every day.
Let’s review some of the various classes of people involved in compromising our privacy.
Hackers, scammers, and other ne’er-do-wells
This is the first thing people think of when it comes to privacy invasions. We hear a seemingly endless stream of news and word-of-mouth reports of privacy hacks every day. It’s easy to think we’re under constant threat from evil villains trying to get at our data.
In a sense, we are. There’s no question that organized crime and other malicious entities have their sights set on gathering personal information and either using it for nefarious purposes directly, or reselling it to those who would.
While your data could fall victim to the individuals in this category, it’s important to realize they’re not interested in you as an individual. They care about gathering as much data as they can, or scamming as many people as they can. They don’t care who those people are; just that they’re vulnerable.
This is the group of people we can most easily protect ourselves from, using technology and common sense. Security software of various flavors and layers, coupled with skepticism and our own smart habits, are our first, best line of defense.
Governments and government agencies
You may think I’m including this because I’m concerned your government is spying on you.
Oh, it’s certainly possible, and in some countries even plausible, depending on your behavior and “value” to whoever might be watching. Once again, however, I believe strongly that most of us, in most countries, simply aren’t worth the effort for individual government surveillance. It’s just not that big of an individual risk.
No, what makes government one of the largest threats to our privacy are the laws and policies they enact or fail to enact. Weak government policy and enforcement around individual rights and privacy makes it easier for others — in the government and elsewhere — to access and possibly misuse our personal information.
Most people don’t pay attention to this unless they’re already living under an oppressive regime, in which case it could be considered too late. I strongly suggest that paying attention and working within your system to ensure personal privacy rights is an important responsibility.
Employees, technicians, and policy makers
Many people are concerned about big business and corporations collecting and using our personal information.
I’m generally not. Other than making sure government regulations are in place to protect my information, as well as corporate policies that similarly ensure my privacy (whether legally required or not), I’m not that concerned about the information I’m certain is out there about me.
Unless those companies get hacked or otherwise compromised.
That generally comes back to the people involved. I believe the majority of breeches boil down to individual people making individual errors.
One example might be the software engineer who, with little to no security experience, is put in charge of the security of my data. All the good intentions in the world won’t make up for the inevitable oversight (which is probably more common than we suspect). Software developers and policy makers operate under a “features first, security later” approach that often pushes service development — and with it, our personal information — beyond acceptable risk. Then, once a vulnerability is discovered, the hackers mentioned earlier swoop in to take advantage of the unintentional access to our information.
The most important thing you can do to secure yourself against these types of oversights is to know who you’re dealing with and hold them responsible and accountable for the security of your information. Do business with companies that have a proven track record. If you find you can’t — if you find you need the services of an unproven entity — be particularly wary of the information you choose to share.
Friends and family, business contacts, and associates
We share a fair amount of information without thinking about the ramifications of exposing ourselves to other people.
Sometimes that can be literal. I frequently encounter individuals who come to me concerned that their video chats might be intercepted by some middleman. As it turns out, it’s not the middleman they need be concerned about when they find themselves being blackmailed by the individual at the other end of the conversation.
The fact is, there’s no technology — none whatsoever — that can protect you from the people to whom you choose to expose your information (or anything else). Any technology can be circumvented in one form or another by the recipient. If it can be seen, it can be copied — even if it’s just taking a picture of the computer screen while your sensitive details are displayed.
And of course, once something is posted publicly (and let’s be clear: all social media is “public”, regardless of your privacy settings), it cannot be recalled.
This is, perhaps, the single most common cause of privacy violations I’ve encountered over the many years I’ve been doing Ask Leo! — not big business or government, not massive data breaches, not malware, not even ransomware1 — but one-to-one interactions in which individuals share too much and later regret it.
This risk is only growing on social media, which creates an illusion of intimacy and safety while nothing of the sort exists.
You are the biggest risk to your own privacy.
By sharing too much on social media, trusting too easily when some stranger calls to tell you your computer has a problem, or by reaching out to the wrong people in times of technological crisis, the biggest risk of all comes back to you.
And that’s great!
Now, why, after what might seem like gloom and doom about all the ways our privacy can be compromised, am I so excited to point the finger at you?
Because the one thing you have control over is yourself.
You can become more knowledgeable. You can make better decisions. You can take responsibility for your privacy from here on out.
There’s no requirement that you become a Luddite and walk away from technology in general — Lord knows I’ve certainly not done that. What’s required is simple awareness — mindfulness, if you will — of exactly what, where, and with whom you share.
That last one is perhaps the most important: your privacy is all about the people you trust and share with.
1: Which is just malware. Particularly destructive, but malware nonetheless.