There have been a few stories recently about a survey of about 2000 millennials in the US and UK about whether they trust their government’s data security. About 22% said they had little or no trust. This has been presented as somehow shocking and I’m not sure why. I’m notoriously paranoid but it seems foolish to assume that governments are somehow better at security than companies that do it for a living. And we know that companies who do this for a living are being breeched all the time.
Indeed, the same survey showed that 61% had little or no trust in social media platforms and 38% said the same of retailers.
It would be interesting to know why. My speculation is that it’s probably complicated. I suspect a number of elements are at play, including:
- Some people tend to mistakenly think that companies have selfish motives while governments do not. This is a dangerous attitude. Governments are by their very nature self-interested and even democracy doesn’t come close to guaranteeing that those interests do not conflict with those of their citizens.
- Some people feel that the government needs to know all about them in order to do its job of providing us with various services and accept that they’ll do as good a job as anyone else of looking after it. Personally, I’m deeply suspicious of a model that requires our data without justifying it or allowing us to choose what can and cannot be seen or control how it is used.
- Some people don’t want to think how bad it would be if (by which I mean when) that data is stolen, so willingly place their heads in the sand. This is understandable; privacy issues can be overwhelming and it’s comforting to feel that someone better informed is looking after it for us.
- Lots and lots of people feel that if you’ve nothing to hide, you’ve nothing to fear. They are wrong: everyone has something to hide because there’s always someone who can exploit the data we don’t think we need to hide. Efforts to demonstrate this to people tend to fail (at least, when I do it). I think those efforts tend to come across as paranoid, perhaps because of the point above.
There’s other stuff, but the list is already long enough. All the reasons to trust one’s government seem to be bad (pictured). I have little or no trust in my government’s data security for two broad reasons:
- There’s no reason to believe that their security-fu is better than anyone else’s and they are the biggest target possible, with the greatest possible gain for successful attackers.
- They do not always act on our behalf. They pander to ignorance in the guise of protection. They don’t really have a choice because their competitors are doing it too. Data usage will creep. Surveillance will increase whether we like it or not, whether the threats used to justify it are real or not.