Yes, this is long. Maybe I really have sold my life and soul to corporate America, but I had to rant about this. This is all written from the point of view of a U.S. Citizen. If your country has laws guaranteeing certain rights or otherwise, good for you.
This is similar to people not trusting websites with their credit card data. The situation boils down to trusting a 19 year-old kid that might be selling drugs on the side or trusting a company that is required to adhere to strict cardholder data storage and transmission requirements. Shall we examine each scenario in more detail?
You’re at the bar having a drink, or at the local Chili’s eating a burger. It’s time to pay, so you plop down the credit card on top of the check and your server picks it up and walks off. After all, why pay with cash when you get 2% cash back from all restaurant purchases, or double the Skymiles on that American Express? You just handed your card to some kid that was hired without any sort of background check or character reference check, and trust him to swipe your card in the terminal and bring it right back. Will he? Of course he’ll bring it back – but he might also write down the name, card number, expiration date, and CCV2.
When you buy something with Amazon, however, the entire process is automated. In fact, with Amazon, I’d be willing to bet you
are the weakest link. You’re ready to check out after you found that new gadget or tool you want, so you pull your credit card out and type in the numbers. You click “purchase”, wait a few seconds, then see a screen thanking you for your order and telling you when UPS will drop it off. How many pimple-faced kids handled the card? Precisely zero. How many Amazon employees can see your credit card number? Probably zero. Your credit card number is encrypted from your computer to Amazon’s servers, and then kept in an encrypted format all the way to Amazon’s payment processor. The payment processor decrypts the card number, charges your card, and sends a transaction ID
back to Amazon so they can log the transaction. If Amazon wants to store the card number, they store a “token” in place of the card number, which only the payment processor knows how to turn back into the real credit card number.
Even further, I trust Amazon’s plethora of defenses they have in place more than I trust that random kid at Chili’s. Let’s say, however, that somehow Amazon was “hacked” and your credit card number was revealed to the whole world. Chances are there would be thousands or millions of other credit card numbers revealed too, and you would hear about it. Your bank would probably cancel your card and issue you a new one when they saw your card number was affected, and Amazon would contact you to let you know what happened.
You see, that grubby kid at the restaurant, were he to steal your card number, wouldn’t trip so many alarm bells that the restaurant would alert you and your bank would re-issue you a new card. Nope – it would be up to you to see that $55 tank of gas on your statement, or the $50 purchase a best buy, or God forbid, the $14,500 purchase outside of the country (although I bet you’d notice that more quickly than the tank of gas).
Does that mean I hand out my personal data online like candy? Absolutely not. Unless the vendor is a large, reputable company (for example, Amazon.com or REI.com, or even a larger store for a smaller market segment, say a well-known craft or hobby site) I tend to use PayPal instead of giving my credit card to the website. If PayPal isn’t an option, I make sure when I do enter my card data, I am on the payment processor’s website and not the online store’s website. I know many people might not know what to look for to tell the difference here, but typically the checkout page on the shopping cart for a smaller store will actually be on a different website (the payment processor’s website) that you are directed to. As long as I recognize the payment processor I know things are, relatively speaking, safe.
As scary as it is trusting computers and people you don’t see face-to-face with your personal data, often times it is safer. My social security number was sitting in my mailbox for 24 hours a week ago (it isn’t there anymore, so I hope the mail carrier took it and not the guy sticking Chinese takeout advertisements on the mailbox), and the post office has “lost” some important documents of mine in the past. Had I been given the option, I would have much rather put my social security number in a form on a webpage and clicked “submit”, but the IRS and banking regulations don’t allow that in the specific scenario I was dealing with. I don’t know my mail carrier, nor do I know the people who walk or drive up and down my neighborhood and could easily reach inside the mailbox. Going back to the ‘Larry Page snooping in your inbox’ topic, this is different because my snail-mail mailbox is fairly readily accessible by the 600,000+ residents in the county I live in. If my Gmail inbox were readily accessible by that many people (and full-access accessible like your real mailbox, not “keywords I might tend to use, without linking back to my name, address, social security number, and tax records” accessible), you can bet your last dollar I wouldn’t be using it as I do today.
Even if you still trust your mail carrier, the mail processors in the postal system, your neighbors, and the unknown people walking their dogs in your neighborhood every day, I hope you realize the paper copies of what you send end up in a digital database at the end of their dangerous journey through the post office, in the exact same place my data ends up in the split-second, encrypted journey through the internet when I submit my data through a web page. I choose to trust a digital system with plenty of encryption to go around over an outdated, bloated system that even advises against you sending cash through their service. If I can’t trust a $20 bill not to be taken, I don’t trust my SSN
, passport, birth certificate, or other important document not to be taken. Sure, neither method is perfect, and 2011 showed us that digital security measures are often laughable at best, but it ends in picking the lesser of two evils.
So come on – if you’re that annoyed that Google is looking at what is your inbox to show you more relevant advertisements, I think your priorities are a little out of whack. Google is in the business of advertising, not in the business of providing free, easy-to-use services like Gmail and web searching, because that is not a sustainable business. They are making money just like every other business; the cost to you is allowing them access to what you do on their services, and display advertising based on that. I’m ok with that; I would much prefer to see advertisements for REI and aviation products than lingerie and lipstick. If it is still unthinkable that Google looks at what you do on their services, then nobody is forcing you to use their email service. Same with Facebook; if the advertising and business model is unacceptable, then close your account (and please, don't parade your moral superiority for doing so. We don't care.) Yes, your data will still be there even when your account is closed, but you agreed to that term when you signed up, just like you agreed to the terms of your mortgage when you signed the paperwork.
There are plenty of excellent email services out there for a fee, but I bet you think it is your right
to have free email, and you don’t want to pay anybody for that. In today’s “give me, give me, give me NOW” society, I think the fundamental problem is we don’t realize the cost of what we’re given. Instead of paying for things in hard-earned (or hardly-earned, as the case may be) money, we are given things for free and expect to keep the same benefits as if we had paid for the product or service ourselves. We shouldn’t forget, however, that the rules of economics haven’t changed; both the consumer and the producer still operate on opportunity cost. In this case, it appears that Google does well to provide a plethora of services for no money upfront, and instead bank on the data you give them. It is your job as the consumer to weigh the cost of giving up money or giving up the privacy of what you search for on the internet and talk about in emails. Just because cold, hard cash is no longer involved doesn’t absolve you of the responsibility of making a decision on what you do.
The above post is my opinion. Don't like it? Don't read it.