Sign in Subscribe

Why I Started this Blog

Unlike in Europe, where every single website asks for your permission to store cookies about you, websites in America store our every detail without blinking an eye. Our credit card information, our addresses, and our delivery preferences exist in databases all across the globe for very good reason: so that we can purchase things like a couch in a single click.

Americans don't seem to care about cybersecurity

Do Americans care if our information is stored in an insecure database? Not really. Security has a high price, and, hey, it would make couch buying a lot harder. Every day brings a new data breach with blink-and-you-miss-it frequency.

When a company gets hacked, it just patches its website with a Terms & Conditions statement like this:

YOU ACKNOWLEDGE AND AGREE THAT ANY INFORMATION YOU SEND OR RECEIVE DURING YOUR USE OF THE SITE MAY NOT BE SECURE AND MAY BE INTERCEPTED OR LATER ACQUIRED BY UNAUTHORIZED PARTIES.

At least that's what VTech did after the FTC fined them only $650,000 for failing to adequately protect their customer data, which included the names, addresses, and photos of 6,368,509 children.

It's no wonder companies don't care about data protection when the fines for data negligence are so low. The problem of cybersecurity negligence in America reminds me of our issues with flood negligence: people build houses, hurricanes happen, their houses get flooded, NFIP bails them out, and they rebuild houses in the exact same place. Similarly, companies get hacked, their customers' private data is leaked, the FTC punishes the company with a slap-on-the-wrist fine, and the company continues doing business as usual.

Are people rational? No. Is the situation worse because the government encourages bad behavior? Yes.

I didn't care about cybersecurity either

Back in 2012, I graduated from college and made an unconscious decision not to worry too much about my online footprint. Of course, there were some consequences: hackers stole my credit card information from Target in 2013, and they stole my social security number from my alma mater in 2018. No big deal: in the first case, I simply got a new credit card. And in the second, I did what my grandma told me to do and froze my credit report at the major agencies. I’m no poorer or sadder because hackers stole my data.

Then, in 2013, my ability to 🙉 and 🙈 reached new heights when Edward Snowden revealed that all of my internet data was being tracked by the NSA.

So what? I thought: if anything, I expected all my information to be shared everywhere, and I trusted that the NSA was using my data in ways that wouldn’t immediately harm me (and was likely deleting it pretty quickly once they realized how much time I spent shopping for a couch).

In 2013, a Pew Research poll showed that, for the first time since 9/11, more Americans thought that the government had "gone too far", rather than "not far enough", in regards to civil liberties. I, however, still had my eyes and ears closed.

Then I woke up

Who can forget the Cambridge Analytica scandal? In 2018, news broke that Facebook shared 87 million users’ data – including News Feed, timeline, and personal message data – with the "This Is Your Digital Life" Facebook app for YEARS. And this data wasn’t just being shared with the app itself; it was shared with ad partners like the Trump presidential campaign and the UK’s Vote Leave campaign. Facebook knew this and didn't notify users. When I realized that political campaigns had access to a "psychological profile" about me based on my personal Facebook messages, without my knowledge or consent, I finally woke up and decided to start taking cybersecurity more seriously. (Specifically, I discovered this podcast that changed my life.)

Clearly a complicated game is being played.

As I’ve followed more cybersecurity litigation, I’ve realized that not only do advertisers get our data, but the U.S. government does as well. The FBI, for example, frequently asks Facebook for users’ data, and gets it. (See my first blog post for more info.) We no longer live in a world where you commit a crime and the FBI has to spend 15 months searching for evidence; now they can just send a search warrant to Facebook or Google to access your entire email history. Voila!

Who are the players in this game?

Well, first of all: us, the users of these websites.

Secondly, tech companies: Facebook, Google, Apple, etc., who host these websites and store our data. (And sell it to advertisers.)

Thirdly: the hackers who try to hack the companies on a seemingly hourly basis.

And fourthly: the government, who tries to punish the hackers, but in the process, reveals that the hackers are just like us in the first place, in that hackers too have all of their data online and easily accessible to the government.

It’s a fascinating and weird cycle that I’m only now waking up to. Since the dawn of the internet 30 years ago, a whole new market has sprung up, one that no one fully understands.

So, in short, I started this blog to better understand the cybersecurity game. How does this game work? What motivates companies to take data security more seriously? One thing is for sure: storing data securely is not an easy thing to do, and it’s only going to get harder.

About Lydia

I spent the past decade as a software and DevOps engineer working on data-related technologies at places like MongoDB and Codecademy. Before that, I wrote for publications including Us Weekly and Shanghai Talk Magazine. I'm passionate about making security topics more accessible to people.

Acknowledgements

I'd like to thank Margaret Traylor for convincing me that my opinions would be interesting to people and for giving me the courage to start this blog. (And also for editing every post I've written.)

I'd also like to thank Mary Altonji, Claire Stepanek, Christoph Ding, and Sara Rose Gallagher for their constant advice and many, many edits.