Posted on Sat 27 September 2014

amateur IT

This is tagged as a ramble for a reason. I have a coherent point lurking in here somewhere, but it hasn’t surfaced yet.

Here in the middle of the twenty-teens, people and businesses seem to think that information is valuable. Address books, social networks, commercial transactions, financial records, web bookmarks and ebook bookmarks: the loss of some of these is more keenly felt than others, but they are all worth something beyond the tiny value of the disk space that they occupy. If that data is worth something, then it makes sense to spend some amount less than that to protect it.

How much?

Well, it depends. (I should get that on a t-shirt.) First, there’s a difference between the violation of privacy and the loss of access. If everyone can see your photos, that’s one thing, and having them all deleted permanently is the other.

Then there’s a scope issue. Your data isn’t always yours. Say you’re a social-science researcher who needs to keep the identity of participants in a survey secret. Suppose you have a mailing list for your poker buddies, and you happen to live in one of the twenty-odd states in which social gambling is illegal. (Or it’s legal in your state, but not in your friend’s state across the river.) In both of those cases, and many others, the value of “your” data isn’t the same as the value to you.

The value of data to you is the sum of the costs you would have to pay to address the consequences of the data’s loss or revelation.

These consequences can be unknowably vast. That’s not helpful, because it leads to multiplying an infinite value by an infinitesimal likelihood and getting any number you want. The consequences of revealing the passwords to your financial accounts approximate your entire net worth; the consequence of losing those passwords is probably a few hours of your life spent in talking to customer service workers. What’s the cost of revealing your Facebook password? (And are you sure it isn’t the same as any other password?)

The good news is that to protect against the loss of data (access, not privacy) there are effective, simple, and reasonably cheap methods. All of them boil down to the same two parts: make copies in different places. A good rule of thumb is to have three copies: the one you use, the one that is nearby but not in use, and then one which is far away.

When was the last time you made a backup of all your data? Do you even know how? I don’t. I only know how to make copies of the things that are on my computers and a few of the things that are in cloud services. Don’t let the best be the enemy of the good: make backups. The best backups are exact copies of everything. The worst backups are the ones that you’ve never done, and the next worst are the ones that you didn’t spot-check.

At this point you might be thinking that you’ve taken reasonable precautions and nobody can blame you if they don’t work out, because, after all, data security is not your job. (Unless it is, of course.)

Do you do your own plumbing? Do you re-wire your electrical systems? The expected standard of competency is plunging a toilet or replacing a dead bulb; for anything more complex, you call a professional and pay more money than you’d like, but much less than the potential costs of doing it yourself and failing.

One of the standards for being a competent adult is that you should recognize when you are in a hole. Then you can stop digging and ask for help.

But computers are cruelly seductive: you can do so much with them without actually understanding what’s going on inside that it is a natural mistake to believe that you know more than you do. A person who is truly incompetent is likely to believe that they have extensive abilities. In the other direction, people who are perfectly competent in other areas of life often view computers as mysterious and incomprehensible systems which cannot possibly be managed without wizardly expertise.

There is nothing quite so irksome as a person who is capable of learning but does not, unless it is a person who has not learned and thinks that they have.

© -dsr-. Send feedback or comments via email — by continuing to use this site you agree to certain terms and conditions.

Built using Pelican. Derived from the svbhack theme by Giulio Fidente on github.