In terms of the impact of a data breach on an organisation, the Hacking Team incident last week is about as bad as it gets. 400 plus GB of publicly dumped emails, source code and other things which were never intended to see the public light of day. It’s not only been enormously damaging for Hacking Team as an organisation, but for the people working there in terms of their individual reputations.
A perfect example of this is the very well-publicised password list of Christian Pozzi. Here we have a security engineer who chose the passwords of “Passw0rd” and “P4ssword” which in and of itself is bad enough given the role he played, but then he perpetually reused them. But poor password practices aren’t particularly sensational, what really would have made Christian uncomfortable is the links to his favourite porn videos. Now Christian has every right to have his own private interests in legal material, but there are some classes of interests that people expect to have – and indeed have a right to – complete privacy.
Another recent case where private things unexpectedly made their way into the public domain was with Sony Pictures late last year. What was particularly damaging on a personal level were the racist jokes between Amy Pascal and Scott Rudin. Here we have a private email conversation between two people which whilst inappropriate by most reasonable measures, should have remained a private dialog between the two of them.
But it doesn’t necessarily take a hacking incident for otherwise private communications to blow up in the public domain either. The infamous Claire Swire incident of 2000 was a stellar example of how rapidly content in the digital form can spread well beyond the intended recipients.
Back on Hacking Team for a moment, disclosing bad passwords or you favourite naughty movies is one thing and obviously that’s out there on the embarrassment scale, but then there’s discussions that start to put you at legal risk. The selling of offensive tools to Sudan has made a lot of headlines, less so the jokes about having privacy researcher Christopher Soghoian assassinated. That sort of thing can turn land people in serious hot water, even though they may have expected the communication to remain private.
So all this got me thinking – how much content do I personally have digitised that would make me squirm if it was made public? Sure, I don’t want things like financial records or personal family photos leaked online but that’s more because I don’t particularly want to share them as opposed to them causing me any great deal of embarrassment or legal trouble. But there must be something – many things – in the two decades worth of bits and bytes I still have floating around. I’m fortunate enough to have reached adulthood by the time the web landed in the mainstream and there were no camera phones around until many years after that which may have otherwise recorded my misdeeds, but there must be something.
So I’ll leave you with that thought – what might you have that would make life uncomfortable if disclosed? It could be a good time for a bit of digital housekeeping…
