Permit me to digress for a moment for something far more important than anything digital. I say a prayer for the people of Umpqua, Oregon, and for all the victims of our lack of resolve as a nation to end the problem of mental illness coupled with access to firearms.
May they find both peace and justice, and may we all stop perceiving this as just another news cycle to process.
Amid this greater and darker reality, it is a bit more difficult to do a thousand words on identity theft and data breaches. But in the name of all those who have been affected or impacted by leaders who are already pelted numb by repetitious headlines about the same bad news, over and over, I proceed.
As a people, we have a problem. When we are faced with an epidemic whose solution stares us in the face, yet that solution makes us itchy or uncomfortable, or forces us to concede we no longer live in the ideal sitcom world of the 1960s, we do nothing.
Inevitably in online newsrooms, someone gets assigned to cover the “hacker stories.” I know. I’ve done the assigning before.
The “hacker stories” are the inevitable pieces, some of them long and journalistically detailed, outlining the sad and pathetic lives of the perpetrators, the false causes they prop up for themselves, and on more than one occasion, the makes and models of cars they drive.
For a television tech show in Colombia a few years ago, I was asked my opinion of why malicious users do this (I refuse to call them “hackers,” in deference to an earlier era when that moniker was worn with pride). For a moment, I was tempted to say, it’s the easiest way for an unskilled person to get his biography printed in an online paper.
The real reason is more obvious, and that’s the one I went with instead. It’s so obvious, that I’m embarrassed that the network introduced me as a “technology expert.”
We see all the American Western movies where the bandits blow up the vault with dynamite. And we bristle with excitement at the boldness of the bad guys’ actions.
But what if the scene were set up where the money was bundled in ribbons and laid out on a table, guarded by a protective sign that said, “Other People’s Money! Do Not Touch!”
Imagine the security camera footage capturing the people resisting temptation. The amazing story that footage would reveal would be of the majority of folks who would take the sign literally and walk away.
Of course, theft — like any other form of terrorism — need not be perpetrated by a majority to be effective.
There’s usually someone who will try the time-worn excuse that it isn’t really theft if acquiring the goods is as simple as walking up and taking it. It is a pathetic falsehood whose corollary, startlingly, is actually true: It isn’t really security if the true key to protection is a device we are unwilling to use.
The real reason for this, I said, is because Americans are unwilling to implement a national personal security code. We have the key. We won’t use it.
Enough Dynamite There, Butch?
The acquisition of data about individuals, or at least about accounts that appear to be representing individuals, is ridiculously simple. If a scriptwriter were to see how it’s really done, it wouldn’t be worth writing a movie about.
Unless, of course, you’d like to produce a documentary about a society that allows itself to be pelted into submission by repeated instances of bad news.
When we publish stories about the absorption of personal data from first-, second-, third- and a couple of fourth-party sources, we conveniently distance ourselves from the scene, as if we’re watching a movie and the setting is the Old West rather than today.
But this is a publication ostensibly about the technologies for delivering something called “customer experience.” So let us be honest with ourselves for once and declare up-front that we, the experience providers, are the ones actually doing the collecting.
We are the bankers in this screenplay. We talk about “customer journey mapping” — a process which, inseparably, requires the collection of data about customers. We collect personal information.
Many of us comply with government mandates and regulations. It’s fair to say we all think we take customers’ security seriously.
Yet we work with tools that are capable of aggregating personal information from outside sources, social media feeds, customer support tickets, subpoenas, arrest records, dental records.
And in the right hands, which we believe our own hands to be, we call them tools of protection, of security, of peace of mind, something we have the right to own. In the wrong hands, we know in the back of our minds, these are assault weapons.
We need to step back from our positions of safety for a moment and imagine this scenario as if we were watching our digital domains from above, from security camera footage.
Personal information is being Ping-Ponged about the Internet, like loose bills blowing in the wind from an open vault lying in the street. Big data analytics can absorb it, condense it, MapReduce it and Spark it into something that looks enough like people to be treated as legitimate.
Then we express shock, shock, when an app taps into it all and exploits people’s privacy for the amusement of others. As if the tools we use are only dangerous in the “bad guys’” hands.
If we are truly to become “customer-obsessed” in our businesses and business practices, then we must value what our customer values. First and foremost, our customers value their identities.
We need to elevate the discussion of customer security to a level where we appreciate it to the same degree that the customer appreciates it. It needs to become, for us, what it is for them:
Hail Estonia, Land of the Free
There are countries where this is being done. National digital identity is a reality in Estonia, for nearly all of its citizens. Estonians’ Mobile-ID numbers are used for bank transactions, commercial agreements and voting.
Estonians are overwhelmingly happy with the results, and the European Union is upholding Estonia as a model not just for digital identity, but for averting a major crisis in the face of opposition.
The American discussion about digital identity immediately gets tangled into a wrestling match over immigration and citizens’ rights. Indeed, immigration poses a problem for America that it does not pose for Estonia. (Yet.)
The immigration digression gives us an opportunity to wrap ourselves warmly in our flag, and pretend our constitution protects our civil right to inactivity.
For just a moment — not permanently, just for now — we need to stop being Americans. We need to put ourselves in our customers’ places, at the muzzle end of history.
For now, we need to be Estonians. We need to be Fergusonians, Columbinians and Umpqua, Oregonians.
We need to do what we say we do when we map the customer journey: put ourselves in the other person’s shoes. We need to realize that the co-conspirators in all theft of the other person’s rights are those who refuse to use the key for its obvious purpose.
Scott M. Fulton, III is the author of this document, and is solely responsible for his content.