I really enjoyed the thrust of Vote Positively With Your Pocketbook, over at Emergent Chaos.
Basically, he builds on the notion of the power of a “consumer” revolt. Then he argues that the answers aren’t boycotts, but taking your spending power somewhere else. His argument, which I whole-heartedly agree with, is that if you don’t like the RIAA, then don’t boycott CDs for a weekend, but shift to online music or something else. The point is subtle, but important – if you don’t take an action that has an adverse economic impact, your message or dissatisfaction will not likely be heard. If you keep spending your hard earned money at the place you are unhappy with – can you really be that unhappy?
Don’t get lost in the semantics on this one. I think the solution to the breaches we keep reading about is the same. We seem to be up in arms over the spate of breaches at TJX…. then we immediately wonder why nothing was done and if they get a pass on this one.
Well, i have more to say, but I think the punchline is the consumers have to vote. DSW breaches, they continue. Choicepoint breaches, they continue. TJX breaches, they continue. Why? Do consumers actually care?
See, I think that the “scale” of the problem is so large that we, as consumers, don’t know what to do. The average consumer doesn’t have the “time in seat” or experience to consider the implications. They know what they read. They feel outraged and helpless. Or they are apathetic, because “what else can they do?” So unless we guide them to proper action, nothing will change.
I was watching a local business show yesterday (which in Albany, NY, is truly something to experience). Anyway, they have a group called the GenNeXt council (and I catch hell for Security 2.0??). So they have two people on at the end of the program opining how great the local economy is (it isn’t) and how wonderful for our generation (again, I don’t see it) – then they issue this warning “It will go away if you don’t get involved. So… get involved!” I almost threw something at the TV. And you have to understand, I’m not like that.
But to tell me to “get involved” and not give me options, so me how or otherwise guide me? How absurd. Now, with me, I’m the sort that doesn’t really want to be guided. Hey, if I was, would I be a ‘catalyst’ — probably not. But give me something… and I can choose to follow, adapt or do something else.
How many times have you plain said “give me feedback” – to get nothing. But if you hand someone a page – they rip it to shreds with ideas? We are all easier to react to an idea, to a concept, to _something_ in front of us.
Well, it’s no different when it comes to discussing security and the actions we want people to take. As I write my book, “Into The Breach: Why Corporations Fail to Protect Sensitive Information – and What Can Be Done About It” — I am working to explain an approach that any business can use to reduce their risk of breach. At the same time, I am working to develop a toolkit for consumers; they need some guidance on HOW to take ACTION when their information has been breached.
If we don’t hold people accountable and demonstrate our disappointment in a way they understand (hit them economically) – then change is less likely. But just *telling* people to boycott or to change won’t work. Afterall, if people want cheap clothes, TJX is still a good option, right? We don’t change behaviors with words. We have to explain processes and lead the way.