Using Our Brain (a Reflection on FaceApp and Harry Potter)
The summer is full of important dates, from national holidays to family vacations to birthdays and anniversaries big and small.
In a few short days, one such birthday is coming up—an event noted and even celebrated by people across the globe. I’m speaking, of course, about July 31—Harry Potter’s birthday.
In considering the legacy of the Harry Potter stories, there are many lessons for the IT practitioner. Examples include:
- The importance of robust physical security of our most precious on-premises assets, like data and philosopher’s stones
- The need for security protocols to detect and trap bugs within the system
- How a strong core team with diverse skills can help overcome threats both big and small
But one lesson stands out for me, here in the days after news broke about the latest internet fiasco, FaceApp. I’ve written before about the many poor choices made by social media companies and app developers – especially when it comes to security, privacy, and transparency. On a personal note, because of those concerns, I left the Facebook platform completely about a year ago.
With those two things out in the open, I’d like to suggest that, of all the Harry Potter characters, it’s the humble but capable Mr. Weasley who exemplifies both how we got to this point, and how we might make better choices in the future.
As for how we got here: of all the people we meet in the Potterverse, it’s Arthur Weasley who most strongly embraces technology. From his tricked-out Ford Anglia to his willingness to try using “stitches” as part of his recovery from a near-fatal snake bite, Arthur’s enthusiastic openness to innovation and alternative solutions puts him on the cutting edge within the wizard community.
But, as his obsession with collecting plugs (and his fascination with things that run on “eckeltricity,” as he calls it) shows, he often doesn’t fully understand how the technology he’s so captivated by works. I’m sure anyone who has worked on a help desk for more than 15 minutes can tell similar stories.
While this lack of understanding doesn’t lead to any serious consequences for Mr. Weasley—and thankfully, the same can be said for most end users in most organizations on most days—we who work in the IT trenches can certainly see where the dangers lie. And it explains how FaceApp, and similar breaches over the past few years, happen; and keep happening; and happen seemingly overnight (I say “seemingly” because FaceApp itself has existed since 2017 and this was not its first controversy). Like Arthur Weasley, some folks are open to new things, and willing to enthusiastically embrace advances allowing them to live on the cutting edge. But their lack of familiarity with the underlying technology causes them to misunderstand the risks.
And all of this leads up to why I think it’s so wonderfully ironic for Mr. Weasley himself to give the simple, yet effective lesson on how to keep our digital lives safe in these uncertain times.
“What have I always told you? Never trust anything that can think for itself if you can’t see where it keeps its brain?”
J.K. Rowling, Harry Potter and the Chamber of Secrets
After discovering how his daughter has been pouring out her heart (and, it turns out, her life essence) all year to a sentient diary possessed by an evil wizard, Mr. Weasley offers up the commonsense rule we all should keep in mind when considering installing a shiny new app; clicking the funny online survey to see which type of dog you are; or tapping the mesmerizing button offering a download of the movie not yet out of theaters.
It’s why understanding where “it” keeps its brain—whether the “it” in question is an app or website or vendor—is so important. As we saw with Cambridge Analytica; Google listening to audio recorded by Google Home devices; weather apps selling user data to the highest bidder; a Facebook API bug exposed photos of 6.8 million users; and now this latest issue with FaceApp, there is no reason to expect the industry to finally step up and be more careful.
For those reading this and fretting over whether it’s too much to ask simple end users to become expert technologists, I would underscore how the FaceApp issue wasn’t even where or how the data—the “brain”–was being kept. It was in the terms of service.
What I’m talking about is more than another case of the adage “if it seems too good to be true, it probably is.” It’s also the reality that (as another adage goes) “If you’re not paying for it, you’re not the customer, you’re the product.”
So, even if the end user can’t determine where it keeps its brain, we must always remember we know where WE keep OUR brain, and we should use it conscientiously before adding the next shiny new eckeltricity plug app, to our collection.