Recently, my wife and I bought a new house. As anyone who has gone through the mortgage and home-buying process knows, it is a months-long endeavor requiring you to fill out endless reams of paperwork and essentially bear your financial soul to complete strangers. Looking back, it seems odd that, in an age of prominent identity theft risks, you would be so open with your sensitive personal data. But you endure the process anyway because the possibility of compromised data is outweighed by your desire for the thing you are purchasing. In effect, you put a price on your security. For me, that price is one house.
Now, this is not to say that my realtor or mortgage lender are untrustworthy people who are going around selling my financial data to the highest bidder or leaving it unsecured for any hacker to pick through. But all companies are vulnerable to data breaches, and most experts acknowledge that it is only a question of when, not if, you will be attacked, regardless of what security measures are in place. The only way to be safe is to share nothing, but that won’t get you the house, car or job that you want. You have to make compromises.
Not all levels of compromise are the same, however. I’m the type of person who shreds any document that contains personal information, uses different passwords for every online account and stays vigilant for any phishing attempts to obtain my information. I don’t even like to enable location services on my phone or sign in to Candy Crush (or whatever the latest smartphone game is) for fear that some entity will somehow use that information against me.
But many other people don’t have the same personal security standards. Studies show that people often use ridiculously common passwords that only make it easier for hackers to break in to their accounts. According to cybersecurity firm SplashData’s 2014 list of the worst passwords, complied from more than 3.3 million leaked passwords, “password” and “123456” are the most used and have been in the top two since the company’s first report in 2011.
Other security gaps abound. A recent SailPoint survey revealed that 56% of people reuse passwords for personal and corporate applications and, on average, only use three different passwords for all of their accounts. One in seven would even sell their password to a third party—some for as little as $150. It takes a house for me to share my data, but some people would do it for the cost of a microwave.
In the wake of so many well-publicized data breaches, it seems illogical that people would be so lax about their data. Breach fatigue could be causing them to tune out the reports, but it certainly can’t be due to a lack of awareness about the risk. You would think, then, that this behavior would stop.
But what if that’s not the problem? What if we’re really witnessing an evolution of the concept of privacy? Perhaps the reason people devalue their personal information is because they see more value in the convenience, accessibility and improved Candy Crush experience that they gain by being open with it. Maybe for a generation conditioned by social media sharing, the price of security has gone down and personal data is becoming another negotiable commodity available for trade if the right offer comes along.
On the surface, this sounds problematic, but to play devil’s advocate, it might not be so bad. If information is freely available, then it is less valuable to hackers. After all, why steal something if it is already free? Selling your password for $150 could actually end up being a case of charging too much.