A true story that sets up my premise: An article in the New
York Times last week written by a man, Hasan Elahi, an Associate professor at
the University of Maryland – and an American - who was incorrectly identified
by the FBI as someone associated with terrorists sets up an interesting
discussion about the value of keeping your private information so private.
The story goes like this: while returning from trip abroad,
Mr. Elahi arrived at customs, and was asked to step aside for additional screening.
After a significant period of questioning, and unadulterated cooperation by the
author, the FBI ultimately realized their mistake. In what I interpreted as a
stick in the eye to the Man, the author soon after began a process of
documenting with photographs everyplace he had been, every meal he has eaten
every, every flight he had taken, every call he made, every store he has
visited and every purchase made there, every toilet he used to let them know
that he was not up to no good. He began by e-mailing the FBI the photos but
then set up his own web site which now ultimately houses 46,000 images of his
every movement over the past 6 months. To take it one step further, he has
included screen shots of his financial data, phone records and transportation
logs - all cross-referenced with the photos on the site so anyone can verify he
was where he said he was.
Insane? Possibly? Obsessive? Absolutely. But Elahi goes on
to say that anyone who has a social media site that they use on any regular
basis does almost the same thing willingly
every time they post an update, sends a tweet, checks in, pokes someone, etc.
whether they realize it or not.
More interestingly though, Elahi states:
“In an era in which everything is archived and
tracked, the best way to maintain privacy may be to give it up. Information
agencies operate in an industry that values data. Restricted access to
information is what makes it valuable. If I cut out the middleman and flood the
market with my information, the intelligence the F.B.I. has on me will be of no
value. Making my private information public devalues the currency of the
information the intelligence gatherers have collected.”
This is an interesting premise: data about you, the real
sensitive type, is only valuable to someone else, say, an identity thief,
because it is so private and protected – and by inference, difficult for others
to authenticate because it rarely sees the light of day. It is valuable to others,
because it is valuable to you. (How much sleep do you lose knowing your name,
address and phone number is in the yellow pages which has almost no value?)
Keeping non-public data private also prevents some legitimate
sources from, for example, reliably validating that the person trying to open a
Best Buy instant credit card and purchase a 55-inch high-def flat screen TV is
indeed you. Imagine if most of the data that you now protect so dearly (social
security number, bank account number, drivers license number) were readily
public, and easily available through a Google search. The clerk at Best Buy
would simply type in your name into a search engine and a number of sources
would corroborate (with a photo) you and all of your data. No identity thief could
then be successful without a tremendous amount of effort in trying to
impersonate you – and it wouldn’t be easy or worth it.
Thwarting the misuse of private data via identity theft may
be as easy as making (most) private data held by governmental institutions so easily
available to any one so that acquiring it means nothing since it can not be
readily misused, like it can be today. A secret is only a secret when it
remains between a minimal amount of people; when the world knows it, it becomes
as useful, and valuable as a day-old newspaper.
Now, who wants to go first?
