I grow more and more convinced that, while the issues that keep us busy generate headlines that have migrated from the legal journals and trade publications into the mainstream media, the basic need for education among consumers becomes more urgent. Lately the Wall Street Journal has published a steady stream of insightful articles related to digital privacy, and data breaches are reported in local newspapers wherever and whenever they occur, but in my experience talking with regular folks, the lessons contained in these articles don’t seem to be having any meaningful effect.
Whenever I’ve had the privilege of standing before an audience of regular folks, the questions I hear over and over again are related to information so basic that in my professional interactions they don’t even come up. “Is it safe to send a check through the mail?” “Should I pay with cash, credit, or debit?” “How can I tell the difference between a fake email and a legitimate one?”
I’ve heard a lot of people scoff at the simplicity of these questions. Surely we’ve moved well beyond the question of spam and phishing, right? We’ve got bigger questions to address today, like HIPAA and HITECH; like RFID and biometrics; like behaviorally targeted advertising; like Mass 201 CMR 17…
Like anyone who you’d pass on the street knows or cares about what any of that means.
This morning I was reminded of an old sketch from the early years of Saturday Night Live in which a clever landshark knocks on an apartment door and offers reasons why it should be let inside: flowers, plumber, telegram, candygram, I’m a harmless dolphin.
The sketch is funny because of the absurdity of the deceit, but this is exactly how many scam operators ply their trade. And too many people fall for the con because they simply don’t know any better. Those of us with the knowledge tend to forget that for millions of people, the Internet remains a mysterious and intimidating environment, and their innocence leaves them vulnerable to dishonest and malicious social engineers.
Meanwhile, we privacy professionals are more concerned with demonstrating how smart we are to our peers that we’ve forgotten the tens of thousands of consumers who, each day, could benefit from some of what we know. Instead, we leave them at the mercy of scammers, grifters, con artists, frausdsters, charlatans, and swindlers and wonder incredulously at how the problems associated with cybercrime and identity theft can persist.
We need to make an effort to step outside our professional circles and step into the everyday world, and make an effort to help raise awareness of the threats that exist in today’s digital economy and how to avoid them. We need to take our knowledge out of the conference room and the exhibition hall and bring it to the schoolroom, the senior center, the town hall, the church, the barracks and wherever else people are gathered.
Through education and awareness we can make the biggest gains in preventing identity theft, but that can’t happen unless we tell folks what they need to know.
Mike Spinney is a senior privacy analyst with privacy research and consulting firm Ponemon Institute. For more information about or to contact the Ponemon Institute, visit www.ponemon.org.