Why I care when people with ‘something to hide’ are hacked


“Privacy” by Melanie Feuerer used under a Creative Commons Attribution 2.0 United States License

It’s all about the Privacy. 

Do some people deserve it less than others?  Who decides?

Online Cheating Site AshleyMadison Hacked
Brian Krebs, @briankrebs Krebs on Security July 19, 2015

When people who are supposed to protect someone’s privacy fail, what should their responsibility be following the failure?  How do you make “someone whole,”  as they say in the insurance biz, following a privacy breach?

Hacks of OPM databases compromised 22.1 million people, federal authorities say     — Ellen Nakashima, @nakashimae, The Washington Post, July 9, 2015

 What are the valid reasons someone’s privacy is violated? National Security? Public safety? Potential violence? Donating to the wrong cause?  Who gets permission? Who oversees this?

“I don’t care if the government listens to me, I don’t have anything to hide. If you don’t have anything to hide, what are you worried about?”

— US citizen comment I read in response to Snowden revelations

Are there standards and regulations that organizations should meet? Who enforces them? What are the penalties if they don’t?

If they don’t follow the standards should there be additional sanctions? Who decides?

“JPMorgan Chase Hacking Affects 76 Million Households”
Announcement of breach delayed months, only revealed due to SEC filing–Jessica Silver-Greenberg, Matthew Goldstein and Nicole Perlroth

What are the requirements for reporting to people when private information is revealed? Who sets these requirements and who enforces them?  Do the agencies suffer from regulatory capture? Do they have a budget or was it slashed so “the market” can decide?

Yesterday on Virtually Speaking Jay Ackroyd  and I talked about cybersecurity, cyberterrorism and end-to-end encryption. I touched on some of these questions, but I think the Ashley Madison breach might get more people to pay attention to this issue. Here are for two reasons why, plus an attitude to notice.

1) Salacious! Schadenfreude!
2) Famous people having sex.

Moral superiority, (“It serves them right, those cheating bastards!”)

The news media will cover all the juicy details because it’s fun, but, like some 1st Amendment fights, privacy protecting should extend to unsavory characters,  such as lying cheaters, who DO have something to hide.

There are criteria on privacy that need be discussed.  It’s easier to say some people don’t deserve it, especially when it’s an activity you don’t approve of. But think about what activities that happen between consenting adults in the bedroom that recently became approved of in many states.

My favorite response to the US Citizen comment is from Glenn Greenwald following the Snowden revelations:

Jay and I discussed the massive Office of Personal Management breach quite a bit but not much about privacy. Part of that was because of a question Jay poised:

 ‘What will it take for people to take this computer security and cyberterrorism seriously?”

My first response was, “An effective attack on the power grid by a non-state actor in which important people die.”

I quoted from Shane Harris’ book @War, (page 52-53) What most people don’t know is that our power grid has been hit twice (that we know of) in 2003 and 2008. But because the entity that appear to be behind it was a State Actor (China) the cases were covered up.

If people die, and those attacks get pointed to ISIS as the entity behind it, that would give certain groups a “Cyber 9/11!” power that they want. But it has to be pointed at a group or individuals that aren’t a huge trading partner.

Today I realized that my answer was incomplete. There need to be multiple attacks on the right kind of infrastructures, in theright regions, and from the right sources.  So for example, power grids, in media dense areas. They need to be TV visual, innocent powerful people or children need to be hurt. The source needs to be an entity without state backing  or an individual.

Also, the reasons need to be the right ones. As we might be seeing in the Ashly Madison case WHY someone starts an attack is important. It’s NOT always about the money. Sometimes it’s revenge. Other times scores to settle. “Senseless” reasons,  like the kind that does not pay off in cash are harder for the media to understand.

It’s all about the Leverage.

The other big issue I mention on the show is leverage.  If you are an entity that has personal information on government employees and their relatives from one hack and you also have information on their financial status from another hack, together you have a perfect tool kit for a Spymaster.

Spymasters don’t sell their info on the open market. They save it. And use it when they need something bigger to happen,  like a Trade deal.

Maybe I’m like Richard Clarke running around with my hair on fire, telling people to do something on this issue and they can’t see the fire.

Vulcans love to be right on things and have nobody listen to them. Just like dirty hippies loved to be right about the war in Iraq and have nobody listen to them then or now.

As Jay pointed out there ARE things that can be done,  both personally,  corporately and federally.  But an attitude of  “small government” and weak regulation conservatives always push is harming our economy and jeopardizing people’s lives.

But I guess they need to wait until cyber attack or computer breach leads physical death to do some deeper investigation into failures and make changes to secure our systems and people’s private data.

I don’t want to assume that mostly conservatives are on the Ashley Madison list, it’s none of my business if they aren’t breaking the law with consenting adults. But if they dodge a bullet this time, maybe they will consider the importance of privacy for everyone.  And do it soon more before more lives are ruined, after all,  as the people at Ashley Madison say, life is short.

Comments are closed.