I am not a member of Anonymous, but anyone in the information security field has followed them over the last 18 months as they grew from a general idea to launching DDoS attacks against corporations that did something they did not like, or like in the case of HBGary, did things that were ill advised. What is interesting though in that in an unsourced and unverifiable press release, Anonymous actually brings up something that does need to be discussed.
The idea of corporate responsibility for customer data is not a new one, we have tried to enact privacy barriers, but generally companies find some way around them, like the Sony hack with some 100+ million accounts compromised, or the IOS gathering of cell and wireless network data that when run through a geo-location service can show you and everyone else who has access to that device where you have been. We talk about data storage limits for what companies store on us as we surf the internet, or what monitoring or tracking that our ISP’s can and will do on where we go. Or the absolute wealth of data personal, somewhat private, and somewhat damaging that we leave on social networks.
At what point should we be having this discussion? As we reel from a wave of corporate hacks over the last year it might be a good time to do this now. We are increasingly at the mercy of the devices we carry around with us and the data that we share, knowingly or unknowingly to anyone with the ability to put all this together.
As we look at what the Michigan Police can do when they pull someone over and rip the data from their mobile devices, or copy entire computers for any reason we need to have this discussion. As the TSA and Customs can rip through any computer system you bring across the border, confiscate it if they want to, we need to have this discussion. As we leave tracks and trails across the internet, we need to have this discussion. With all the things we do with the liberating technology that the internet represents, we also need to be aware that we somewhat live in a fishbowl. What we do can be observed by many casual observers in companies and governments.
While the rest of the manifesto distance themselves from the Sony hack, there is always going to be something interesting that comes along with the things that people say. It might be time to have the discussion on the role of data, people, corporations, and governments. As we continue to go headlong into some of the coolest things on earth, it might be time to set up a new set of ground rules.
(Cross-posted @ Managing Intellectual Property & IT Security)