9 Ways Disconnecting Doesn't Make You Any Safer
Is being off-the-grid more secure for your identity?
Jan. 13, 2013 — -- intro: A funny thing happened on my way from Los Angeles to Washington, D.C. this week, I found myself on a flight without Wi-Fi. The prospect of being unplugged for more than four hours on a flying machine without the ability to communicate with (or distract) colleagues, with zero information from the outside world -- let's just say I almost lost it.
I had two newspapers and a book by my favorite fiction writer, Vince Flynn, but I was not connected. And somehow, the thought of being alone (even though I was on a full flight) for a large chunk of time was daunting. And, let's face it, the fact that we've all become so co-dependent -- with freaking MACHINES -- is kind of pathetic. But here we are.
The irony is that it's only when you are suddenly disconnected that you realize how pervasive digital connectivity really is. So I tried to think of the true impact. There were so many implications to being offline and relatively isolated at an altitude of 37,000 feet, and they all centered around the security of the no-tech environment.
quicklist: title: No shoppingtext: It's never a great idea when flying because some clever soul sitting a few seats away could be soaking up your information, or even setting up your computer to be his or her own personal information transmitter.
quicklist: title: No online bankingtext: (Again, not a smart idea at 37,000 feet -- see above) No logging into my accounts, no chance of them getting hacked by lack of security on my end.
quicklist: title: No email
text: It greatly reduces the risk of being phished or spear-phishedexposing my contact list to hijacking or subjecting my computer to compromise and turning me into yet another component of a botnet or a spaminator.
quicklist: title: Keeping my cell phone turned off and in my pocket
text: That meant I wasn't leaving my smartphone in the back of a taxi, on the top of a toilet-paper dispenser in a bathroom stall or anywhere else someone might grab it and crack my (very crackable) code -- gaining access to my most meaningful contacts or garnering some tasty tidbit of my Personal Identifying Information (PII), possibly the missing link in my life puzzle needed to convince someone at a bank or car dealership that an identity imposter was me.
quicklist: title: Since I am using my laptop as I write this...text: An identity thief's field of dreams turns less cheery, because it is (a) in my possession and thus (b) not laying about tantalizingly unattended in the back of my car or on an airport terminal lounge seat screaming (did I mention the wailing toddler in the seat just in front of me?), "Please steal me!" Obviously, and most importantly, my Wi-Fi receiver is turned off.
quicklist: title: I've got my wallettext: I can take it out to check that the limited number of credit and debit cards I carry with me are all there. Incidentally, there is no Social Security card in there. I know my number, and no one else should have such an easy way to get that vital piece of information. (This lack of card is to protect me from waving it around the plane like that Lifelock guy -- daring my fellow passengers to "make my day" by trying -- and presumably failing -- to steal my identity.)
quicklist: title:I don't need a document shredder. text: All my personal documents that contain sensitive information are either at my office or at home under strict security protocols. Yes, I am -- as the chairman of a company in the privacy business -- completely paranoid.
quicklist: title: The lively 12-month-old sitting next to me
text: (a fellow conspirator of the child in front of me)... is probably not a state-sponsored hacking drone, so I think my electronic devices and the sanctity of my writing is fairly secure. (See above, re: paranoia.)
quicklist: title: No Facebook.text: I'm not a fanatic (sorry, Zuck), but if I were, it would be impossible to alert any lurking "frenemies" to the fact that I am away from home.
That said, before I declare victory regarding the fortress-like nature of my identity management skills, I must take a moment to reflect upon my various exposures.
Despite my best efforts to stay under the personal data radar, sites like Spokeo possess information about me that they have gleaned and scraped from various public sites and/or filings that haven't been properly redacted by government authorities who have a long and sullied history of defending consumer privacy. (Let's not forget South Carolina's Department of Revenue.) I can monitor it, but it's beyond my control to some extent.
My personal identifying information almost certainly can be found in hundreds of databases, and I have no way of knowing about it. One of them may have already been compromised -- it could be as simple as someone selling a list to a third party. Enterprising individuals and syndicates are undoubtedly hoarding facts and probabilities about me that will determine whether or not I become the victim of a crime despite my best efforts to protect myself.
When and where this disaster will strike is a mystery, but it's only a matter of time. In the past year, I have had several credit cards compromised and replaced by credit card companies. In one case, the 16 digits from my card were illegally recorded, either by a data processing device or a website I visited. According to Privacy Rights Clearinghouse, hundreds of databases containing millions of records were compromised in 2012 alone.
Identity Theft 911. His experience as former director of the New Jersey Division of Consumer Affairs gives him unique insight into consumer privacy, legislation and financial advocacy. He is a nationally recognized expert on identity theft and credit.