Why Books, CDs, and DVDs are STILL Better

I get some grief from some friends about why I still prefer books and DVDs to subscription and streaming services.

In my inbox I got another reminder why this is the case.

I bought a movie through Target’s streaming service a couple of years ago, to try them out. And now I have a notification that they’re canceling the service.

They’re semi-helpfully providing the option of migrating your purchases to another service when they’re available. But it’s not guaranteed that they’ll have what you bought. In which case, you’ll get a credit (for the full amount you paid, I wonder?).

This highlights why I like books over e-books in particular. E-anything can go away for good. And unless you have your own copy (like I do my digital music library), you’re at the mercy of someone else who may, or may not be there tomorrow.

It’s why I have my own copies of all my digital pictures too.

This relates to security and privacy because this is really about trust and control if your information. And being a good security person I have low levels of trust.

Vint Cert recently highlighted another very real concern with e-everything. The real possibility of a dark age where all information and knowledge is lost in one fell swoop. Likely? Not necessarily. But not impossible. And security is always about thinking in worst case scenarios.

Someone put out what amounts to a handbook on how to rebuild civilization recently: The Knowledge: How to Rebuild Our World from Scratch. Ironically, though, there’s a Kindle version of the book, which would seem to totally defeat the purpose.

“Hi We’re from the Government, We’re Here to Help You”

Yesterday the President announced a new executive order “to promote information-sharing within the private sector and with the government” around cybersecurity (I HATE that term).

I work in the private sector he’s talking about and have for nearly 20 years now. And I’ve seen and been part of a lot of really important collaboration and information sharing between government agencies and the private sector.

So I generally think this sort of thing is a good thing. The bad guys of all stripes always benefit when dealing with divided defenders.

But I don’t think this can and will be as successful as it could be or needs to be.

Because the fact is that in the security and privacy community, there’s a lot of lingering suspicion and bad feeling around the activities that government agencies are alleged to have engaged in as a result of the Snowden disclosures.

Information sharing will only happen and so only works where there’s trust. And a lot of people I know in the security and privacy space lost a lot of trust in the US government in the wake of those claims.

And that trust hasn’t been rebuilt or regained at all because there still hasn’t been an upfront discussion about what is and isn’t going on. And in that vacuum, a lot of people are assuming the worst, rightly or wrongly.

I’ve taken a very moderate stance on this all myself. I’ve worked with some very good people with intelligence backgrounds so don’t fall into the facile “the NSA is evil camp”. But I also don’t fall into the other, “the NSA can do no wrong” camp either. My views are more nuanced with an underlying respect, gratitude and appreciation for those people willing to do hard, thankless work to protect us (having done a lot of that myself).

Regardless of my own views on this all though, the fact remains that for any information sharing program to succeed, there has to be trust. And it’s hard to argue there’s trust to fuel information sharing when one of the biggest, most important players is involved in a lawsuit to prevent having to disclose information it believes it shouldn’t have to.

In the end, it’s too bad because the horrible way the Snowden disclosures have been handled in terms of a response will undermine what is an important initiative that ultimately will benefit everyone.

This is yet another example that how you handle and respond to what you do is at least (if not more) important than what you do itself.

A Trip to the Doctor

Or, more accurately, the local urgent care clinic.

I had to make a trip there today to get looked at for the latest crud that I’ve been battling for the last week.

My check-in was a good example of how you have to be assertive to protect your security and privacy these days. Sometimes, very uncomfortably so.

While I was doing the usual check-in paperwork, the admissions clerk asked me, “Can I get your driver’s license to scan please?”

I asked, “why do you need that?”

She replied, “Because the copy we have is expired.”

I looked puzzled and she rotated her monitor for me to see the black and white scanned copy of my old, expired license.

It’s been years since I’ve been here, but I don’t remember them ever telling me they were taking a scan of my driver’s license on check-in. Probably one time when I was sick I wasn’t paying enough attention to ask my usual “Why do you need it, what are you going to do with it” questions.

I explained to her that I wasn’t comfortable with her taking a scan. I was happy, I said, to show it to them, but not to retain a copy.

She then said that the point was to protect my identity. I said, I understand but holding that information is itself a threat to my identity. I said, when this clinic’s information is stolen like Anthem’s was it will be harder to steal my identity since they won’t have my drivers’ license.

She said she understood and we moved on in the check-in process.

Later, I was chatting about identity theft to try and lighten things after having to say “no”. While we were talking she told me how she was herself the victim of identity theft. Someone stole mail out of her mailbox and was able to steal her identity. She said it was finally cleared up but it took years and included a knock at the door at 3AM from a sheriff looking to serve a warrant on her meant for the identity thief.

It was a good exercise in real world security and privacy protection. It underscores how you have to be active and sometimes push back, even to the point of seeming like you’re being difficult. It underscores too how you have to always be paying attention since I can’t recall how they got my old driver’s license into the system in the first place. And it also shows that identity theft is very real, very prevalent, very hard to untangle, and has nasty consequences. Finally, it reminds me that we can’t just focus on the digital side of things. Physical mail theft and phone scams are old but still delivering; so they’re still active threats.

It really reinforces the fact that I think real-time identity theft monitoring and monthly checking of accounts and records are critical for all of us.

It really is dangerous out there. It really is hard to do the right thing, even when you know what it is.

At least some of us have job security.

Interviews on the Anthem Data Breach

I had a chance recently to talk with reporters from the Associated Press and the Hill about the recent Anthem data breach and what that means for online security and privacy for healthcare and what people need to know about it.

Is your doctor’s office the most dangerous place for data?

Anthem hack raises ObamaCare concerns

Getting the story right when you didn’t get it right

Today via Geekwire (and others) we’re hearing about how the radio show This American Life has issued a wholesale retraction of their story from January about factory working conditions at an Apple supplier in China. The full retraction is available on This American Life’s blog.

What’s interesting about this is how they’re handling the issue. News organizations make mistakes and issue retractions regularly: this isn’t a unique incident. But, as This American’s Life’s press release makes clear, this wasn’t just any story for them. This was a very big story for them.

To their credit, since they have to retract a big story, they’re doing so in a big way. They’ve essentially done a new story talking about how they got this wrong. They’re even doing a special broadcast just to focus on how they got this wrong. And, they’ve taken full and clear responsibility, apologized, and spoken openly about how this situation can impact the trust their audience puts in them.

A big mistake on a big story requires a big response to make it right. By handling this like they have, This American Life has not only taken steps that very effectively mitigate the harm of this incident, by being so open and upfront they’ve also taken steps to actively regain the trust that they acknowledge an incident like this can harm.

This is a model for how news organizations can effectively handle situations like this. They really should be commended.