Posted by: David Schneier
compliance, Facebook, identify theft, LinkedIn, NPPI, PCI, PII, privacy, regulatory, Regulatory Compliance, Security
I just came to find out that I’m old. It was somewhat sudden and sort of unexpected as I’m not quite half way to one hundred and have fooled myself into thinking that old doesn’t roll in until somewhere beyond sixty. But apparently one persons middle-aged is another persons old. Let me explain…
I read an article in which Reid Hoffman, LinkedIn’s founder was quoted this past summer as saying that privacy was for old people. To be at least a little fair he was making a point about transparency of data and how it’s shared is an important component of social networks. Young people are more interested in enhancing the experience and less concerned about revealing too much information in exchange for making that happen. But really, isn’t it both a bit self-serving and irresponsible for someone atop the world’s largest professional social network to be thinking along those lines?
First of all it sort of makes him seem like a visionary rather than irresponsible for allowing LinkedIn to take certain liberties with regards to protecting my personally identifiable information (PII) in exchange for furthering the platform – he’s not irresponsible, he’s forward thinking. Second he marginalizes the concerns of experienced people by making such a statement as if to say “you’re too old to understand that it’s more important to be out there too much rather than not enough” – it conveys a message that I’m not cautious, I’m slow to adapt and that’s primarily because I’m not young. Third it makes it so much easier and cheaper for LinkedIn to continue building out their platform if security isn’t their top priority – wouldn’t we rather have them introduce cool new features rather than enhance their controls?
Well Mr. Hoffman here’s what I have to say about all of this. What you call old, I call experienced. I’m not concerned about my privacy because I have a dated way of thinking, I’m concerned because I know too much about identity theft and the damage it can cause. I know that sites such as LinkedIn and Facebook have made it sooo much easier for the criminal element to develop profiles on people and figure out how to crack passwords, hijack email accounts and obtain information that allows them to assume someone’s identity. I know that features such as TripIt and Foursquare allows criminals to figure out when people are going to be away from home and plan break-ins accordingly. I know that it’s much easier to obtain inside information by trending activities on LinkedIn (e.g. I always know when someone works for a company facing downsizing or layoffs based on the type of profile updates they’re making).
And you’re right that privacy is for old people. So are life insurance, money management and parenting. We’ve worked long and hard to get what we have and we understand the value of losing it. Anyone much under the age of twenty-five likely hasn’t a clue as to why privacy is such a big deal because their exposure is so much less. If someone stole my identify when I first started my career they would have had access to a few hundred dollars, maybe one or two credit cards with ridiculously low limits and have discovered that my house was sparsely furnished with hardly anything worth stealing. I could have repaired most of the damage from a stolen identity within a couple of paychecks. At that point I would have totally thrown caution to the wind and have leveraged the full offerings of today’s social networks in order to market myself both professionally and socially. At this point I simply want to protect myself from unnecessary risks and exposures.
Last night I watched a story on the news about how insurance companies are using Facebook as a way to investigate disability fraud as well as profile policyholders who engage in high-risk activities in order to decide who’s too risky to insure. Do you think those people think their privacy is an issue for the old? And doesn’t LinkedIn process credit cards for its paying customers? Is PCI for old people too (now that would be a newsworthy quote)?
I’m sure at some point Reid Hoffman has backtracked on his statement in some measure because whether you hear it in or out of context it still sounds awful. And I can only imagine that officially LinkedIn will point out that he’s no longer running the company (officially anyway). And I also realize that his statement didn’t convey in any way that LinkedIn didn’t value privacy just like I know from firsthand experience that LinkedIn as designed allows me to throttle what I share with the rest of the community in a way that I’m comfortable with. But still, comments like that make my blood run a little cold and make me jump online right away to make sure that I’ve kept my information sharing to a minimum. Because in the end while “I’m older and I have more insurance” I don’t want to have to use it.