Few topics are covered so poorly as online privacy, few are handled with such indifference toward reader interest or facts. Take, for example, last week’s big scary Twitter hack. Twitter realized a significant number of accounts were compromised by a new attack. So it reset passwords. No one has reported any identity theft, fraud, or damage. Twitter issued a blog post to make sure those affected would get online and change their passwords. Somehow, this snowballed into a major privacy story.
While I was delivering some talking-head sound-bites on this item for a certain newscast, the reporter asked me why the Twitter hack was such a huge deal. I was stumped–it wasn’t. So she asked me why it was getting so much attention. I knew the answer, but held my tongue.
Here’s what I was thinking: it gets so much attention because print and TV news love to bash technology, especially social media, and can’t resist a scary story about how the people who use it should be very, very afraid. The truth is, despite years of fear-mongering stories about Facebook identity theft, Gmail phishing attacks and massive Twitter hacks, public interest and concern about these things remains very low. That’s because these things haven’t happened to the vast majority of us, or to anyone we know. For the small number of people this has happened to, the impact is typically minimal. The mainstream news has become the Boy who Cried Internet.
This is not to say privacy isn’t a valid concern when it comes to free Internet services. There’s much to worry about, but little of it has to do with Russian digital mobsters, Chinese military hackers or spammy Nigerian princes. The real data privacy danger–with social media, and beyond–comes from government.
Consider this: federal Privacy Commissioner Jennifer Stoddart’s office received just 18 complaints from the public about (alleged) Internet privacy violations in 2011. In 2010, the number was 19. In Stoddart’s 2011 ranking of privacy-challenged industries, the Internet came in at seventh place, way behind the financial industry, transportation, and telecommunications, which took the top three spots, in that order. Even the hotel industry was worse than the Internet, earning 24 complaints, though you won’t hear much about the privacy dangers of Holiday Inn on the news. But here’s the truly shocking thing: add up all of the public’s privacy gripes with private companies in 2011, and you get 281 formal complaints to the Office of the Privacy Commissioner.
Now look at the most recent OPC annual report on alleged government intrusions into our privacy: the number is 986. And that’s an almost 40 per cent jump over the previous year’s number of government-related complaints. As I’ll detail in the next post, these complaints aren’t trivial: the breaches are serious, with real implications, and they stem from a culture of privacy sloppiness (at best). So yes, you should be scared about your privacy. But it’s not Twitter you should be scared of.
Over the next few posts I’ll be telling you what, if anything, is being done about it. Then we’ll look ahead at the real privacy threats Canadians should be thinking about. (Hint: C-30, the defeated Internet Snooping bill just rumbled from its coffin and stuck a zombie finger through the dirt.)
Next: Civil servants with your data in their pants: Why it’s still OK to bring a USB key home in Ottawa.
Follow Jesse on Twitter @JesseBrown