Tens of millions of Americans have been affected by the theft of their personal information in the digital age. In a recent major data breach at Target stores, numbers and names were taken from about 40 million customers, and many millions more suffered compromises in other personal information such as email addresses or phone numbers.
The victims trusted their retail stores, their credit- and debit-card issuers, their banks, and security measures such as four-digit personal identification numbers, to protect their information.
At least the credit- and debit-card system was somewhat understood by those who suffered in the Target scam. Who understands the vulnerability of OpenSSL? This is a small piece of incredibly important software that is largely hidden from users. It protects encrypted data on Web sites. Remember that little padlock you saw when you typed in a credit card number? It meant “secure,” or safe, right? Wrong.
We’re tempted to say this ought to be a wake-up call, but we have already had so many wake-up calls. To put it bluntly: As a country and as a society, we have come to depend on a vast, interconnected system; if one small part fails, the impact is widespread. As noted in a forthcoming Atlantic Council report, the Internet was created to be based on trust, not security.
Finances, news and social media, medical systems, universities, science, transportation, energy flows, national defense and almost anything else you can think of depend on it.
Yet we continue to discover that it is vulnerable to theft, intrusion and disruption on an appalling scale.