In our constant crusade to stop cybercrime and fight the good fight against our invisible enemy, we (the good guys) seem to have lost sight of one of the most important things we are trying to protect. In the fervor to cover a cyber breach and spread the FUD about the ‘end of all times’ we have lost sight of the most important factor in all of this: people.
Think not in terms of the millions of credit cards or medical records, of fingerprints and retinal scans—stop thinking in such abstract and let us consider what a credit card is in the first place.
This data, this information is a sacred trust between business operators and consumers, even more importantly, between people and other people. Turning a breech into a statistic is a way of dehumanizing the impact. Data without context is a statistic, and that is what we are making our customers, business partners, and friends into—’statistics’.
Our culture does this with horrible atrocities, like plane crashes (no, I am not comparing a data breach to a plane crash). When we anonymize the data to the point of abstraction we also lose the very nature of what that data actually means. Consider any statistic you want—or that you read in the news today—then dig into what they are actually measuring and in what context.
The stolen information is not ‘Personally Identifiable Information’, it is not some abstract statistic, these are our customers’, our friends’, our parents’, our kids’—and their identities (the digital essence of who they are). Through our dealings with each other (if we are a business, community website, or other place where data lingers) information that seems to be our customer, friend, co-workers, family, has leaked out into the hands of bad guys. I think the first step in moving to a culture of security is to stop dehumanizing the data—and thus dehumanizing the people the data represents.
Let’s stop calling it data.
Lets call it people, or life. Think about that paradigm shift in reporting a breach: “Giant box retailer breached: 3 million lives directly affected”. Now doesn’t that have a different sound?
When a breach happens machines don’t care, reporters don’t care, even CEO’s don’t care (really)—but the actual people affected do... or would, if they knew that their names were among those within the “millions of supposedly encrypted files lost, says Major Retailer.”
About Jamison Utter
Jamison's personal interests push an understanding of the human side of technology and how it effects our lives, our future, and our minds.