The Internet and its spawn, the Web, are, in a sense, an irresistible honeypot[1]. While we fall down “rabbit holes,” numerous firms are collecting out information: credit cards, addresses, purchase information, all used to build personal profiles to sell to those wishing to target you for goals licit and illicit, legal profit to theft.
WaPo’s Michelle Singletary demonstrates general consumer ignorance on the matter:
Whenever possible, push back when companies ask for information they don’t actually need.
Once, as I was picking up some furniture, the clerk wanted to take my driver’s license and scan a copy into the retailer’s computer system.
“No, sir,” I said.
He insisted the information was needed to keep a record of the items that were picked up by customers. Nonsense. I had a receipt. But I was okay with him verifying my identity by eyeballing my license.
There was a long line of customers behind me, visibly annoyed — blowing their breath, rolling their eyes. I told the employee, loudly enough for them to hear, that the store’s policy was unnecessary and that it could expose me to identity theft should their system be hacked. Every piece of information that is compromised helps criminals improve their tactics in targeting victims.
And we see the hacking every day, with notices from vendors announcing the access of information describing you with mind-numbing regularity. Sometimes we receive mail from vendors we’ve never heard of announcing a victorious hack of them, and now our credit card information is floating about in the dark version of the Internet, available for a small fee, and because it’s digital, it can be copied and sold an infinite number of times. The lower prices made possible by the indiscriminate copying entices more and more criminals, like a hive of vicious wasps presented with a ham sandwich.
So where is this going to end? Are there penalties for the security-deficient firms, legal or market, that motivates improved security behavior? Is the problem too difficult to solve?
Or, someday, will we see firms begin to flee the Internet? Will we see a great rush among the non-Amazons to announce that they no longer use the Internet for customer-facing applications, for their financial facets, for even supplier interactions?
Will there ever be a first? Or will the lure of bigger profits continue to keep every firm in line?
1 Honeypot is a cybersecurity term for one or more systems on the Internet that appear to be loaded with valuable information. They distract a criminal (let’s not glorify them with “cybercriminal”, they’re simply destructive parasites) with faux-information while those hosting the honeypot collect information from the criminal.
