They say that the reputation of Target may never recover from the company’s massive data breach in December. As one of their victims, I fervently hope that is true, and that the management and marketing staffs of that retail operation are brought up on charges for criminal greed and stupidity. Or at least tarred and feathered. For two reasons:
- This was not a breach of data from “holiday shoppers,” but rather of data that Target has been collecting, using and selling for years. I got one of their letters indicating my debit card data was taken, and I wasn’t anywhere near a Target store for the holidays.
- This is not a failure of data security alone. Rather, it is part of a massive invasion of privacy and collection of data that Target simply did not need in order to sell its merchandise.
To put this another way, everyone is so busy feeling bad for Target and its victimhood that no one has asked the real relevant question – why did Target have the data to begin with? The answer, simply put, is that they were taking your data and selling it.
In truth, if you use a debit or credit card to make a purchase, that store has every right to hold that data until the transaction clears. After that, they have no legitimate purpose for the information.
Beginning in 1998, with the rise of electronic commerce, companies discovered a basic fact: personal information, not money, would become the new currency of the Internet. Suddenly, you could not read a headline on a web site or buy anything in a store without giving up every personal, intimate detail of your life. Address. Phone Number. Email Address. Social Security Number. Bank account details, including pins and security codes.
Today, they have a new term for it: “Big Data.” Taking all your personal information, rolling it into massive databases, and then using that data to somehow find you and convince you to give even more current data so they can re-sell it.
Marketers nationwide assured consumers that this “big data” was needed in order to “enhance the shopping experience.” That somehow by collecting all of our data, they could tailor advertising to only the things we were truly interested in. Which was, of course, nothing more than a blatant lie. Over the following decade, marketers learned the second great truth – it didn’t matter what cheap, Chinese merchandise they slopped out to consumers, or even if they made a profit on it. What mattered was getting their grubby, greedy hands on our personal data. They also swore a pinkie-promise that they would never, never use personally identifiable information of yours.
They lied through their teeth, laughing all the way to the bank. They still do today.
Nor is it just retail stores. Grocery stores, cable services, churches, schools, and government agencies like the DMV – they all are in the business of selling consumers down the river.
In 1998, I shared a ride with the vice president of one of the “big data” companies, who told me bluntly that with just my first name, hair color and zip code, she could tell me what brand of toothpaste I use. She meant it.
It’s more serious now, because this data is falling into the hands of identity thieves, and last year alone nearly twelve million Americans suffered financial losses to the thieves. And it can only get worse going forward, unless something changes.
There is plenty of blame to go around. In fact, at least seven groups of people are responsible for this deplorable and nearly-preventable crime wave:
- The identity thieves themselves. Unlikely to be caught in the first place by our law enforcement agencies, if a thief is actually ever caught he or she will either get a slap on the wrist – or a lucrative contract as a “security consultant.” They need to be sent to prison for life, with no possibility of parole.
- Marketers. They created identity theft, arranged for the sale of the data, and encouraged their managers to participate in this wholesale theft – yet pay no penalty at all for their actions. Being drummed out of their profession is the least that should happen.
- Government agencies. The Internal Revenue Service prints your social security number on correspondence. The DMV openly sells your registration and license information. Virtually every government database rates a failing grade for basic security. As of last year, 11 of the 13 major federal agencies could not pass a basic security audit. Your information is there for the taking. And the new ObamaCare site has been described as an “identity thief’s paradise” it is so insecure.
- The credit card companies. In Europe and elsewhere, credit card identity theft has been substantially reduced by replacing the insecure “strip” on the back of the card with an encrypted micro-chip inside the card. In order to use the card, you must have a card-reader for the implant, and those are carefully regulated. In the US, credit card companies have weaseled their way out of any such requirements because it would cost a few billion dollars to implement. They would rather we lost millions of dollars each year than upgrade their technology.
- Congress. Members of Congress could easily pass regulations requiring security of personal data and the implementation of new security technologies, but they simply don’t care. Their focus is on taking contributions from the marketers who sell your data so they can get themselves elected for life. It is a shame, but with few exceptions it is true.
- Software publishing and distribution companies. Why is it that every publisher of crippled, useless applications…games…and utilities…feel it is perfectly okay to bundle their software with ad-ware, mal-ware and viruses. Hunt these companies down and put them out of business. You could start with Oracle and its vile Java products.
- Us consumers. Americans (and Canadians and Britons) are known worldwide for our willingness to give up the most personal details of our lives to save a dollar on a trinket. Case in point are the number of people who gleefully “Like” a promotion on Facebook without reading the fine print that says they not only agree to give up their own data, but all of the data of everyone on their “friends list.”
How do you protect yourself in a nation gone rogue with identity theft? It is not easy, but here are some basics:
- Make all of your purchases in cash, and refuse to give up any personal information whatsoever to make a simple purchase. Marketers be damned.
- For online purchases, use a third-party payment system. I like PayPal, but there are others.
- Refuse to give your Social Security number to anyone other than the Social Security Administration, and never over the phone or on a document. Bet you did not know it is against federal regulations for them to even ask for your SSAN. Not even the IRS is supposed to do that.
- Pass tougher privacy laws. If any member of Congress refuses to vote for them, put them out of office. In the rest of the world, privacy is a guaranteed right. It should be here, as well.
- Stop being stupid. If it seems too good to be true, it is. There is nothing for free on the Internet that is worth having. Web sites are not your friend. And stop looking at porn sites unless you really want your identity stolen.
I know it seems harsh, but the fact is that most people who are victimized by identity theft are set up by their own poor computing habits…sold down the river by marketers…and left unprotected by our government.
These things have to change.