Want Personal Internet Security and Privacy? Go Estonian!

Ideas and Issues

141013_eresiden_zhitel_grazhdShreveport    Spam, phishing, and general garbage on the internet that comes banging on our in-boxes runs the gamut from the ridiculous to the sublime. I can’t declare it on any kind of income statement when looking at a bank for a loan, but from what I gather I have won billions of dollars in recent years, and it’s just waiting for me to collect it. I’ve had friends caught in foreign countries desperate to get home if I’ll just wire them some money to a Western Union in London somewhere. Over and over again I’ve had to let them down. And, of course I’ve been offered tons of just plan garbage from the scamsters. Sadly, no matter how jaded we become and savvy we think we are by not opening zip files, avoiding pdfs from strangers, and being eternally vigilant and wary, none of us are immune from letting our guards drop for a minute when we get an email from a friend and find ourselves almost opening it, and racing to escape before our computers are taken over and become enemies of the world.

I read Cyberphobia: Identity, Security, Trust and the Internet by Edward Lucas, a British security hound looking for a clue on what this is all about and what we can do about it. Lucas spends chapters basically detailing how great the internet is in a million ways and how completely screwed we are in almost every way you can imagine.

Lucas fashions a compelling tale of what should be obvious, but often forgotten about the internet and our relationship to the corporations that use it and the convenience it offers. In almost every other situation if we were robbed, there would be a criminal penalty and some corporate responsibility, particularly if we were robbed in their store. Somehow in the evolution of e-commerce we don’t hold the stores we’re buying from to the same standards about our information. We let them sell it. We end up with our credit cards and bank accounts hit due to their lax security around our data, and we suck up the loss, and they hire public relations firms. Lucas is no liberal about this stuff. He quotes another security guru approvingly on the recommendation that there potentially be criminal penalties, and at the least civil liability, for software errors. He likens it to Hammurabi’s principles in the first written legal codes that if a builder constructs a house which caves in on you, he should get the death penalty.

Since none of us or at least not enough of us to make a difference are going to create multi-level passwords, check the websites that will tell us when our data and email have been stolen, incidentally that’s a website called www.haveibeenpwned.com which is geek jargon for taken over, or use many of the other great suggestions he offers, so his best suggestion is that we become Estonians. Estonia is a small European Union country up there near Russia and past Poland, and Lucas believes they have it right. Part of the Estonian birthright is a digital ID consisting “of a card and two codes. One is used for identification…and the other for signing….The card, for most Estonians, is a small piece of plastic. It bears a public cryptographic key, based on the person’s name and date of birth…” and so forth, you get the picture. Best, according to Lucas, “Estonians own their own data. The information does not belong to the government.”

Even better since 2014 we too can be Estonians and are allowed as non-resident foreigners to apply for an Estonian ID card. Yes, this sounds crazy, but anyone from a country that doesn’t need a visa to travel there, and that includes Americas, are eligible to apply for about $75 bucks or so, which isn’t free, but might be cheaper than being ripped off in the new Wild West of the World Wide Web.