SXSW: Freedom of Your Information
If everyone cares about privacy, why do we give it away?
By Richard Whittaker,
1:47PM, Mon. Mar. 10, 2014
In the afterglow of the Edward Snowden talk at SXSW, the interactive world may be bullish about the future of privacy. And then they'll use free services that data mine their communications to talk about it. As David Tishgart of local security startup Gazzang warned, "If it's free, then you're the product."
He started his Saturday talk, "Dear Taco Vendor, How Are You Securing My Data?," with a brief personal résumé. Age, address, number of kids, even his time in the last Austin Half Marathon (about 90 minutes). "All this information is readily available. You just need my email address. You don't even need my Facebook login. Just my email."
Slide 1: A Cowboy taco from local chain Torchy's Tacos. Tishgart said, "If I said, 'I'll give you this taco if you give me your email address,' would you do it?" Most of the crowd said yes. "How about if I ask you how much you made last year? Would you give me that for a taco?"
Here's a question for the SXSW Interactive crowd. Think about all the times you've given your email away, and all the data that's associated with it. "Most people just click through all the acceptance buttons, but they don't think about where that information is going."
Even Tishgart was amazed by how readily people give info away, just because they're asked. He said, "I signed up for a party, and they asked for my birthday. Not how old I am, but my actual birth date. I was so surprised that I gave it to them."
Even the tiniest amount of information can give a motivated hacker an in. Tishgart had talked to a friend at a leasing agency, who told him that the biggest problem their customers face is phishing. "If you can get the address of someone with a house listed, you can spoof them. It doesn't take much to brute force a password."
Legislation trails the tech badly. Even federal compliance rules like the Health Insurance Portability and Accountability Act and Family Educational Rights and Privacy Act, are based on thinking that is decades old. "The problem is that they're being rewritten, when they should be burnt to the ground." As he pointed out, most of the privacy concerns center around encrypting passwords. "Rarely do we talk to these companies about securing email addresses." A coda: That's a bigger issue in the U.S.: By contrast, in Europe, laws are much tighter and the penalties are greater. "A data breach that results in emails being lost? In the U.S., not bad. But in Europe, people go to jail."
In that context, Tishgart asked, "Is privacy an antiquated notion? Is it a thing of the past?" It definitely costs. Julia Angwin, author of Dragnet Nation: A Quest for Privacy, Security, and Freedom in a World of Relentless Surveillance, estimated a cost of $22,000 a month to get real privacy. That's where there's a real cultural division: In the open talk after his initial presentation, there was an Old World/New World consensus that Europeans accept that it's pay-to-play. Americans don't want that.
Is Tishgart prepared to put all that information out there, in exchange for the convenience of free websites and having all his music in the cloud? "I think it's worth the trade-off." How does he know that he's not on the bad end of the bargain? "I don't, but that's what I tell myself before I go to sleep at night."
Dear Taco Vendor, How Are You Securing My Data?Saturday, March 8, Sheraton Austin
Keep up with all our dispatches from SXSW at austinchronicle.com/sxsw.