Wednesday 2012-04-11

Dataloss DB provides an online record of discovered data theft and losses. As you can see from the above chart, the volume has been steadily increasing.

How damaging are these in actuality? Unless someone gets your social security number and enough information to answer credit history questions, these incidents don't usually result in permanent loss of wealth.

However, we're all creatures of habit. Our priors / assumptions / beliefs seem fairly static over time, and most of the changes that do occur seem determinable from our relationships with the people around us.

From an info-war perspective, an attacker who knows your priors and can influence the information you have available will be able to shape your decisions and take advantage of them. Given a war scenario, you would then want to prevent enemies from A) discovering information about you, and B) presenting information to you.

The entire industry (advertising) is predicated on a 2% success rate, and Google made its fortune by increasing that to 3%. It's still a 97% failure rate.
-- Shane Green at Stanford

In modern consumer societies, most people don't feel like they're being taken advantage of, though. They just wonder where all their money has gone, and end up blaming whomever/whatever scapegoats our media perp-walks in front of us.

Of course, info-wars expand beyond just the normal competitive world of commerce. For example, compare the stories of chromatic and _why the lucky stiff: we don't know the reasons _why felt he needed information security. All we know is that someone came to the aid of _why's enemies, tying everything together for them. And to further damage _why's position, Annie Lowrey wrote a widely distributed article which treated _why as circus freak to be poked and prodded.

Chromatic has so far done a better job of maintaining his identity, however since he's using an obvious pseudonym (lol. maybe he's changed his name to chromatic ;), he's making his personal info-war harder to fight. How many people out there are using normal-sounding pseudonyms in society and running all their anonymizable expenses through either cash or credit tied to an LLC?

To make a final point regarding info-wars, consider the following thought experiment:

Assume there is a Heaven, and that people there can and do talk amongst themselves.

  1. Do you think a lot of the 18 and 19 year soldiers who have died fighting our wars are there?
  2. Do you think a lot of the politicians who pushed their countries into wars are there?
  3. Say you were a young soldier in Heaven, and your leaders never showed up; how would you feel?
  4. After talking with people there and hearing the fullness of some lives; how would you feel?
  5. If those soldiers had a chance to live again, do you think many would happily go to war?

Regarding info-wars, we seem to consistently underestimate their prevalence and the stakes. Consequently, we fail to respect the information defenses of others.