TigerLeaks

I also live in 340 Scully Hall, my Frist mailbox number is 4495, and I am a mechanical engineering major getting two certificates. According to Dan Li ’11, this information is readily available to the public, and his exposure of how simple it is to extract information from the LDAP system has many people concerned about the safety of their personal information.

I was somewhat surprised by the fact that there is a record somewhere of who among us forwards e-mails to Gmail, but I was more surprised by the reactions of some of my peers. Some people shrugged it off as an acceptable hazard of the Internet age, but many people were up in arms about what they saw as the University’s being careless with the security of our identities. However, I think that their indignation is misdirected. The real problem is that we operate on the assumption that our information is completely safe — and that credulity can be more insidious than a porous security system.

In the article “Li ’11 exposes gap in online security,” Li is quoted as saying that he made this opening apparent “to illustrate (by way of exaggeration) the kinds of malicious things one can do with this data.” I think that the more appropriate reaction to this revelation is to think about how to protect our identities in an age where we really cannot protect our information. We can’t try to anticipate and block the growing network of paths through which a person can obtain our information, because our efforts will be in vain.

If the idea of someone finding out that your Gmail address is mrs.timberlake@gmail.com keeps you up at night, picture this: Your Google search history is recorded, even when you clear it from your computer. If you have a Google account, this history is indelibly linked to any other information your account contains, which may include a phone number or address depending on which other features you use. With this information, Google follows you around the Internet with its ads that are specifically tailored to the type of person you are statistically most likely to be, based on the content of your searches, the history of your site visits and any other information it picked up from your Internet use. And if you have a Facebook account, that information can be included as well, along with a network that helps further pinpoint your demographic details. Blaming LDAP is futile — we have to realize that Li’s project only scratches the surface. We’re vulnerable in a million other ways.

While it is somewhat unsettling to know that our information is there for the taking, and that in the faceless world of the Internet our identity is only protected by a few firewalls, we have to realize that the problem we have now is not whether outsiders can get to our information, but what we can do when they do get it. Even if we opt out of public displays of our information, that protection can only go so far. Many identity thieves have a working knowledge of the Internet that gives them the ability to hack into most of the places our information might be stored. Maybe the strange person you met on the train won’t be able to find out where you live, but as the recent drama with WikiLeaks has shown, not even information that requires government security clearance is really safe.

Li’s project was illuminating because it was a stark look at the discrepancy between what we imagine our online security to be and how effective it actually is, but I think it would be irresponsible to think that the danger has passed if the University changes what is available through LDAP. LDAP is just one of the many virtual places that store information on each one of us. This issue is just a taste of what goes on in the world beyond the Orange Bubble, and we won’t always be able to e-mail someone to get the problem fixed.

Taking institutional steps to keep information from being too exposed is a good idea, because recovering from identity theft is still a time-consuming and stressful process for the victim. Ultimately, though, the onus is on us to take charge of our own identities. While paranoia is unnecessary, it is helpful to monitor our accounts, check credit card statements and always assume that any information we give out can be found if someone tries hard enough.

True privacy doesn’t seem to exist anymore, as much as we cling to the idea, but that’s a tradeoff that might be worth making. Being linked to the Internet means that we have access to people and places all over the world — something that would have been unimaginable just 20 years ago — but we need to remember that this accessibility also means that people in the world have access to us.