RSS: Hi Cathy, Thank you for allowing me to interview you about your new book The Audacity to Spy – How Government, Business and Hackers Rob Us of Privacy; co-written with Ashley M. Wilson, JD; published by our friend Steve Hoberman and Technics Publications.I have known you for many years although not well, and I have always admired your work with DAMA International from afar. You have been extremely active in the data management industry with DAMA for many years. What inspired you to co-write this book now?
CN: In addition to having my personal email compromised twice, I had one of my credit cards hacked resulting in my identity being stolen and then used to cash checks and make purchases in Georgia (I live in Illinois). I was very unhappy with the lack of concern on the part of both law enforcement officials and my credit card company when I reported the hacking and was unable to obtain any subsequent information about whether the thieves were continuing in their attempt to use my identity. The advice I received amounted to “change your password”. I decided to do some research about identity theft which led to the subject of personal data privacy and ultimately the writing of the book.
RSS: I really like the term “Audacity” and I tend to use it often when describing what I consider to be rude or uncalled for behavior. How did you select that term for the title of the book and does the term have special meaning to you?
CN: Audacity can mean many things, daring or bravery are the positive traits of audacity but in the title of the book I am using the term to convey the effrontery that data brokers possess to use our personal data for both advertising and marketing and the virtual impunity in which data hackers operate.
RSS: Can you share with my readers how the subject of the book relates to your lengthy experience in the field?
CN: My field of Data Management is exactly what the book talks about—managing your personal data in a way that keeps your personal life private. We all have intimate data we don’t wish to share with the world but sometimes we don’t think before we post on social media or use other sites that expose our lives to unscrupulous data “thieves” who are selling our social security numbers for as little as $5 each on clandestine internet sites. My co-author is an attorney and she gives practical ways to manage your digital assets and stresses the importance of writing a will that includes not only the data you wish to share, but just as importantly excludes that which you don’t want your friends and family to have after you are gone. In addition, she has included a list of legal sources for data privacy information at the conclusion of the book.
RSS: The world is a scary place when it comes to identity theft and the protection of personal data; and even scarier to those that have had their privacy breached. Share with us a brief rundown of some of the main ideas you write about and what people can expect to learn from your book?
CN: In the book I give recommendations on limiting the amount of data you inadvertently reveal to the wrong people and give steps you can take if you do become a victim of identity, medical, or financial data theft. I recommend that people limit the use of debit cards because if you are a victim of a data breach it can take months to get any stolen money returned to your account. Credit cards are safer because you are able to refuse to pay charges you did not make. Some additional deterrents to theft are having strong passwords which you change often; reading your privacy statements to see what information sharing you can “opt” out of; and understanding your rights when it comes to medical records.
RSS: In the book you write about your car spying on you. What do you mean by that?
CN: Police and other government officials have access to license plate scans which can pinpoint your movements whenever you are driving. In addition, automobiles have built-in EDR (Electronic Data Recorders) that can be used by your insurance company in the event of an accident. And don’t forget while Siri is talking to you, your GPS is also recording everything from your favorite restaurants to what stores you frequent and even the church you attend.
RSS: Further, you write about your phone selling your secrets. What’s that mean?
CN: We all know about the NSA tapping our phone conversations but many cell phone apps that seem harmless are sending data, and even pictures, back to data brokers who then package the data with other information. This data is then sold to marketing companies and other people interested in your preferences. Installing security apps to protect personal information has become a big business and we list many of the most popular and effective ones in the book.
RSS: Throughout the book you mention serious data breaches and apply them to a variety of subject. Is there a single breach that you find most amazing and what makes it so amazing?
CN: The one I found amazing was the big one at Target. At first Target claimed they didn’t know how they had been hacked but later it was found that hackers entered through their heating & cooling system. Companies often buy such systems and then enable their controls to a web server, inadvertently making them easy targets for hackers. Another interesting one was the fact that even Ben Bernacke, the Federal Reserve Chairman, had been hacked by a scam artist known as “Big Head”.
RSS: What is the lesson that can be learned from this breach? Has making the breach so public decreased the chance that it will happen again?
CN: I hope companies are waking up the fact that hackers can enter their systems in a variety of ways. When a large percent of companies continue to use “admin” as their user name and “1234” as their password, it’s no wonder hackers can take over a company’s system control devices. The way data was breached at Home Depot was to have malware put on each of their registers by their own system. It’s become apparent that large retail companies have very poor security and I wouldn’t be surprised if we see many people going back to cash transactions.
RSS: I think that most people are becoming more aware of the privacy risks associated with their data. I also subscribe to the thought that there is nothing we can do to become totally protected in this day of bigger and bigger data. In other words, build a ten foot wall around your data, and someone will build a twelve foot ladder. Am I stuck in doom and gloom mode or is there a light at the end of the tunnel?
CN: European countries don’t have nearly as much trouble with data breaches as the U.S. because they converted to EMV chips years ago. The U.S. credit card companies have mandated that retail outlets only accept credit cards with EMV chips by October 2015 or the store itself will be responsible for any losses due to credit card theft. In addition, consumers need to insist that their government officials enact strong privacy protection legislation, something that is picking up speed as more state governments pass various privacy laws. These two things along with public awareness of steps that can be taken to protect individual personal data gives me hope that identity and other data theft can be reduced by a significant amount.
RSS: Thank you very much for answering my questions. Do you have any last comments on the subject of privacy or the topic of your book Audacity to Spy?
CN: In our research we were surprised to find that medical identity theft, not financial, accounted for 43% of all identity thefts reported in the United States. We devote a chapter to this subject and I think others will be shocked at both the amount of data illegally obtained but also by the amount of medical data gathered and shared by government agencies.
RSS: I’ve enjoyed the conversation. Please tell people where they can get their hands on your book.
CN: The book is available through our publisher, Technics Publications and on Amazon in both soft cover and Kindle versions.
RSS: Best wishes to you and your co-writer.