The Coming Privacy Panic

In his recent confirmation hearing for the Defense Secretary post, current CIA chief Leon Panetta commented that

the next Pearl Harbor we confront could very well be a cyberattack that cripples” America’s electrical grid and its security and financial systems.

I don’t think we would be taking to much risk to simply drop the ”very well” and definitively assert that will be the case.

Just glance at a handful of headlines from today and you can begin to see the rising global temperature around vulnerable systems and the data they hold. As details emerge related to the compromises at the IMF, Sony, Bethesda Software, the US Senate and Citi Group I’m struck by a few things.

First, these are just the attacks that are making the news. In the case of LulzSec these revelations seem to be for entertainment value. But, the others seem to only be hitting the headlines as the data being compromised becomes much more personal in its nature- bank transactions,  account numbers and in the case of the IMF- 

Because the fund has been at the center of economic bailout programs for Portugal, Greece and Ireland — and possesses sensitive data on other countries that may be on the brink of crisis — its database contains potentially market-moving information. It also includes communications with national leaders as they negotiate, often behind the scenes, on the terms of international bailouts. Those agreements are, in the words of one fund official, “political dynamite in many countries.”

Second, and perhaps building on the first, these attacks appear to be increasing in their sophistication. I can’t help but think that the real pros aren’t hitting the headlines, but there seems to be an increasing number of amateurs learning the craft. As they tinker in public they are able to spread the information they learn that much more quickly. What today may be done for vanity, can very easily turn into something darker and more lucrative at scale. As a consultant on the Citi breach notes “if you think financially motivated breaches are huge now, just wait another year.”

Finally, unlike Pearl Harbor, most of the attack targets are still unaware of who is doing the attacking. Each of the instances listed above seem to be littered with the term “unclear” As in, it’s unclear who was actually behind the attack. Or, it’s unclear what data was stolen. As Nick pressed with Sony’s Jack Tretton:

Q: Do you know who attacked Sony?
A: No. We still have no insights into who attacked us.

80 million compromised accounts later- no insights.

Its very likely that if we have a Pearl Harbor like threat to the United States it will not come from a single country but an “unclear” network banded together through purpose and technology yet distributed around the globe.

As I said a few weeks back, anonymity will continue to play an increasing central role in the future of the web. I also believe that as these attacks become more and more visible individual consumers will be forced to think seriously about the nature of their personal data and online personas. Security and privacy are sorely lacking from the vocabulary of the average facebook or twitter user. But as we paint a more complete pictures of ourselves and our lives online I can’t help but think we’ll long for the days when it was just advertisers that were looking to target us better.

There will be plenty of investment opportunity In the build up to the coming privacy panic. I’m still wrapping my head around what those might look like, but there’s an increasing amount of signal here worth exploring.