To: The National Security Agency
From: The Protojournalist
Subject: Please feel free to read our email exchange with Wendy Nather, a hightech analyst who focuses on security issues at 451 Research in Austin, Texas. Not that you need our permission.
Dear Wendy Nather,
I am writing a blogpost for NPR's website about legitimate paranoia when it comes to life online. After seeing your thoughtful piece about PRISM [the U.S. government's Internet-monitoring program] on the Dark Reading website. I hoped you might be able to elevate the story.
Perhaps the NSA is not really monitoring our day-to-day dealings with websites. But are there other types of people who are keeping an eye on our online engagements — identity thieves, webcam hijackers, insurance detectives, people who want to obtain information about our online habits and use that information for their own benefit?
Wendy Nather's Reply
I don't think it's a matter of being too paranoid, so much as knowing which things are more appropriate to be paranoid about. :-)
One of the things that we have lost with the Internet is the ability not to be singled out. It used to be that you had to work hard to gather information on one person, even if that data was publicly available somehow: you had to go to offices, to the library, search newspaper archives, etc. But now all you have to do is decide that you want to research someone, and the searching takes only minutes or a couple of hours if you know what you're doing.
This is the difference between what we traditionally understand as our Fourth Amendment rights and what advertisers, the government, law enforcement, and entities of any kind are able to do today. They can gather aggregate information on huge populations, and you might be in there — but if someone decides to query your data individually, is that the part that constitutes "unreasonable search"? Is just possessing the data considered a search? Or is it when they construct the database query that brings up your name and your data together for intentional viewing? We don't know, and that's the very thin dividing line that used to be thicker.
So yes, anyone can search out your information for different reasons. The only question is the probability of that happening. You should probably be most concerned about anyone who would have a reason to want to single you out:
Angry exes
Employers (or potential ones)
Anyone who wants to validate information about you (such as a public assertion you've made, or a benefit you've applied for)
Curious family or friends (my mother has had a Google Alert on me for years ;-)
Anyone who is investigating someone you're connected to in some way (law enforcement, government agencies)
Anyone else who is angry enough with you to want retribution, and who is the type to be able to do it online
Yes, we should be worried about credit card fraud, which is different from identity theft. The former is done in bulk today, without discrimination, as opposed to the latter, which is often done by someone who has reason to know more of your biographical data to make the identity theft more complete.
In my opinion, the general population should not be too worried about being singled out. However, the fact that the government is collecting the type of data already that makes it even easier to do just that, at the drop of a hat, is something that we as a society should discuss. We should figure out how to make the barrier higher to being singled out, as opposed to making the barrier higher to collecting our data, because that's already too late.
Hope this helps!
Regards,
Wendy Nather