Is it my fault?
Jeremy Keith writes about where the fault lies:
If I’m on the tube listening to my iPod—because, y’know, that’s exactly the kind of situation for which the iPod was invented—and somebody steals said iPod, which is illegal, is that my fault? If I publish my email address online—because, y’know, I actually want people to be able to get in touch with me quickly and conveniently—and it gets harvested by scum-sucking spammers who send unsolicted commercial email, which is illegal, is that my fault? If I utter my date of birth or my mother’s maiden name—because, y’know, I don’t believe that information should be a state secret—and somebody uses that information to “steal my identity”, which is illegal, is that my fault?
Nope. None of those things are your fault. In a similar way, another Jeremy, Top Gear presenter Jeremy Clarkson, published his bank details in a newspaper in an attempt to prove that the furore over the UK government losing the personal data of 25 million people was a storm in a teacup. Of course, someone used those details to set up a £500 direct debit to a diabetes charity, so he’s now a monkey out of pocket. That act is basically theft; theft is illegal. Was that Clarkson’s fault? No, not really. He wasn’t at fault. What he was was imprudent, deeply so. (And deservedly so, I feel. Clarkson is one of my favourite presenters, and I have boundless respect for his knowledge of cars and engineering and his personal style; he knows a round brown fuck-all about technology, though.)
Look, it works like this. If you believe that the world should be open (which I do), then you can’t insist that if someone takes advantage of that openness, it’s Someone Else’s Problem. It’s your problem if they take advantage of your data. If you want to be open, to publish, to break down barriers that stop us properly communicating, then that’s a great idea… but each person then becomes individually responsible for their own security. On the other hand, if you want someone else to make the hard decisions for you, to accept liability and take responsibility for problems, to protect you so you can go about your life unscathed, then that someone else gets to make the decisions about what you do with your data, and you don’t.
If you ask your bank “should I publish all my bank details online?”, they’ll say: no, don’t do that. If you ask the police “should I leave my iPod visible on the tube?”, they’ll say: no, don’t do that (and that’s what the “byepod” posters are all about). If it’s the police’s responsibility to keep your iPod safe (by tracking down criminals who steal it) then they get to have some measure of control over what you do with it.
If you demand the ability to do what you like with your stuff, then you have to take on some of the responsibility for protecting it. It can’t work both ways; you can’t have all the benefits of openness (I can publish my email address where I like!) and none of the deficits (someone else must solve my spam problem!). With great power comes great responsibility, as Uncle Ben tells us. It’s not about blame, it’s about prudence. It’s not about taking decisions out of fear, it’s about taking responsibility for life. We’re all grown-ups now. No more hiding under the bedclothes and letting Daddy protect you from the big bad world.
I tend to agree but I think you have to be careful with this train of thought other wise you could get into “if you dress like a slut, you’re asking to get raped” or vigilante territory - I’m not suggesting that is what you’re saying, but it’s a fine balance. And remember bad things can happen even if you are prudent and take responsibility for your life.
Anyway, on a lighter note, someone pointed me to this Mitchell and Webb piece about identity theft,
http://youtube.com/watch?v=CS9ptA3Ya9E
43 minutes later
I agree on principle, but it has to be stressed that it’s a *trade-off* situation, not a “either/or”. Police and government are still responsible for avoiding that the streets get infested by hordes of would-be muggers.
48 minutes later
Going back to the ipod being stolen example - I wonder, if the owner had bought all the music on it from say, itunes, would the thief also be able to be charged under copyright / intellectual property laws for ’stealing music’..?
77 minutes later
What about where your details are published by a third party and subsequently put into the public domain? Take for example the recent government fuckup with the personal details of junior doctors or the magical disappearance of the HMRC CDs?
Are these just to be expected because we’ve delegated ownership of our data to a third party?
3 hours later
Phil: to some extent, yep. However, you, Phil Wilson, can’t independently and autonomously decide to not participate, and this is a problem; these issues need to be fixed by large-scale public debate and challenge. This is why I’m a member of the Open Rights Group, and why I’ve written to my MP to try and persuade her to persuade the Government that big government-owned databases are a bad idea. I suspect you have too, on a similar subject.
3 hours later
Sure, he made his sort code and account number public, and the banks tell you not to do that. But that’s complete arsegravy, at least where Barclays are concerned.
Take a look at your bank cards, they have your name, sort code and account number written on them. Likewise so do your cheque books and paying in slips.
And if that weren’t enough, Barclays helpfully ensure every single letter they send you has your name, address, sort sode and account number written on them.
It’s tiresomely easy to obtain enough information to do this, none of it is private.
For any other kind of transaction with the account, a “secret” is involved; be it a pin number, three digits on the back of the card or some of the letters of an extra password for online transactions. Even in-person withdrawls need additional identification, usually a drivers licence or passport.
Yet no secret information is required to set up a Direct Debit. It’s all public.
Consider this example:
I don’t know about you, but our postman suck and maybe once a month or so, we’ll get someone else’s letters or someone on our street will helpfully pop round with one of ours.
If they’re not very honest, and they see it’s a letter from Barclays, they might decide to open it instead. They now have all of my bank details necessary to set up a Direct Debit in my name.
Ah the bank will say, only reputable companies are part of that scheme and they all obey the “Direct Debit Guarantee”. No normal person on the street can just take money out of my account by direct debit.
Maybe not, but they can still profit by it.
Maybe that postman delivered a final warning reminder bill from NPower along with my post? Looks awfully tempting to the naughty people, that.
They can pop onto the NPower website, tap in the details, and hey presto; I’ve now paid for their electricity bill.
I won’t even receive a courtesy letter to let me know the direct debit has been set up, the first I’ll know about it is when I read through a statement — probably to try and find out why I have less money than I thought I had.
At least the Direct Debit Guarantee is there to protect us, right? Hah! Anyone who believes that has clearly never had to try and deal with a bank when things go wrong.
Only a couple of months ago, I had to read out the Direct Debit Guarantee to a member of Barclay’s complaints department when they refused to refund an incorrect payment — they said I had to get the refund for it (and a refund for Barclay’s own charges) from the originating company. This is a direct contradiction to the guarantee, and their own exact words were “we aren’t bound by the Direct Debit Guarantee”.
4 hours later
I think “is it your fault” is an interesting question, but that’s a matter of ethics or philosophy.
To me the question is, “is there anything you could have easily done to prevent it?” and the answers in all three cases are “yes”.
Stuart’s right, with openness comes responsibility.
36 hours later
[...] Langridge recently asked a question along the lines of "Is it my fault if I make some piece of information public, and [...]
11 days later