Is Data Security a Big Waste of Time? And Other Questions
Mon Dec 10, 2007 11:02PM EST
See Comments (1)
I've written before that Bruce Schneier is possibly the most insightful technologist around these days, and his blog is essential reading. The folks at the equally insightful Freakonomics blog sat down with Schneier with a bunch of reader-submitted questions, and the combination is inspired. The Freaks got the Schneier thinking about topics in ways he doesn't ordinarily write about, while Schneier twisted some questions back to create an enlightened conversation. Some highlights:
One of the best questions asks that, considering the cavalier attitude with which corporate-held personal information is safeguarded (or not) and the frequent severity of security breaches like this, is it even worthwhile to bother with security at all? Schneier says that sure, you're at risk, and data theft is going to happen, but essentially you should still do everything you can to protect yourself and try to ensure that when such theft occurs, you lose as little as possible. (You don't leave your car unlocked and a pile of cash on the front seat, even though anyone could smash the window, right?) A subsequent blog post offers some essential tips.
Schneier also notes that you are at greater risk of simply losing your data through a hard drive crash than you are to a hacker or a security breach. In answering a common question of whether online backup/storage services are worthwhile, Schneier notes that, as long as you encrypt your data (a feature offered directly by most such services), there is only upside.
On the subject of centralized ID plans, Schneier notes that they are such valuable criminal targets that they become impossible to secure. If you knew something felt wrong about things like Real ID, but couldn't put your finger on it, well, there you go.
When asked whether he shopped online (presumably asking whether he was worried about someone eavesdropping on his personal and financial information), Schneier says of course he does. It may be trivially easy for someone to snoop on your credit card number by simply intercepting your Wi-Fi connection, but that's not cost effective for criminals. Credit card numbers are stolen and resold "in blocks of a million" by hacking the back-end database. "It doesn't matter if you bought something over the Internet, by phone, by mail, or in person — you're equally vulnerable," he concludes.
Comments on Is Data Security a Big Waste of Time? And Other Questions
Post a Comment
Join in the discussion. Here you'll see the comments in the order they were posted.
1 Posted by rogueist on Thu Sep 3, 2009 8:49PM EDT Report Abuse
Good answers, although if he realizes that the primary way people lose data is through hard drive crashes, why does he support data encryption? Encrypted hard drives along with a hard drive crash usually means you lose everything on the hard drive - something which is coming up more and more often as companies start to totally encrypt hard drives. A new type of setup is needed, one that is immune to high density data loss.