Personal Information as Money

 ethics, IT Security, Privacy  Comments Off on Personal Information as Money
Aug 192014
 

I’m a fan of bit torrents. To be clear, I rent movies legally; I do not “share.” Still, bit torrents fascinate me because the peer-to-peer system represents thinking for what could be the next great leap in online privacy protection.
The obvious problem with privacy (online) shows up in one of two types of news items. One: a breach of data on some organization’s servers or lost off someone’s USB drive puts thousands or perhaps millions of people’s private information into the hands of unauthorized and probably unsavoury characters. Two: an organization that has amassed privileged, personal information about customers or citizens for some purpose shows its industriousness and uses its “intelligence” to draw undesired conclusions about and harass those same people. In either case, when such a situation is exposed, people feel justifiably violated… even if there is no real harm done.
As I say, these are obvious challenges to privacy. They are not, however, the real issue. Privacy breaches are a symptom and proxy complaint. What’s happening in both circumstances is a breach of trust. In the first case by criminals (or the government) who have larcenously acquired private property (your information), and in the latter by an institution that said “trust us with your important information,” then misused it without your understanding or approval. Blame gets properly directed toward those that have let us down.
Funny that we don’t turn that blame inward. After all, the root of the problem is that we have trusted some organization to keep safe and use only as prescribed something of value to us: our most personal information. At least that’s what we say while we’re railing on about its loss or misuse. But we did let go of that information in the first place, likely without appreciating the potential impact. And probably for not even fifty pieces of silver. So the real problem is that we have ignorantly given up what is dearest to us to somebody else’s keeping. Worse, we gave it to someone or something that is acquiring similarly valuable information from many others and keeping the whole lot in a single place. That creates a treasure trove of value for a thief and a wicked temptation to any other amoral entity.
Is it really any wonder not that there are privacy breaches at all but rather that there aren’t more?
Whether you are reading this as an individual whose information is so entrusted or as an organizational leader in possession of that information, perhaps you’re thinking about information wrong. Chances are that you imagine all this personal information is ones and zeros. Less of a nerd, perhaps in your imagination it is benign sets of discrete data. In any case, “information” is almost certainly an abstraction. Even when rendered as reams of paper (Who else does that anymore?) it has no substance. That makes it very easy to minimize and marginalize.
Try a little thought experiment with me. Contrast and then equate this personal data with cash. Yes, now your (customers’) information is money! Now it has meaning and substance. Doesn’t that change things a bit?
If it’s your information/cash, don’t you take more care with it? Won’t you be a bit more circumspect about where you pull it out, where you put it, and with whom you entrust it—and why? The problem with information (and where this metaphor breaks down, actually) is that it is not a diminishing asset: when you give it up, you still have it. So, perceptually, there is no fine point on losing possession of it.
On the other hand, if you are entrusted with money (information), you now have a fiduciary responsibility for it. Financial institutions (except certain S+Ls, derivatives houses, and mortgage lenders) tend to take their responsibility for their customers’ money seriously. To start with, their customers take it seriously. Then, of course, so does society in the form of strict regulations and governance.
Moral, legal, and economic incentives seem to have the necessary impact. So you don’t often hear about frivolous or cavalier disregard for how a financial institution tends to and uses its customers’ money. And, we don’t hear about too many thefts arising from the interception of bits and bytes that represent real money. When there is such a theft, there are again many incentives to pursue and recover the money, and prejudicially prosecute the crime.
Only a fool expects complete safety and everyone wants some control and means to exert control to get (what’s left of) their money back from those to whom they have entrusted it. The entire system of “tangible” fiat money makes everyone care more about the exchange.
We could do a lot worse than think about our allegedly valuable personal information with the same concern that we give dirty old cash.