What will the Sony data breach change? Probably nothing, possibly everything

Sure, we all feel uneasy about sharing sensitive data. Just not enough to stop doing it.

Content image

Now, a moment of tense silence following Sony’s massive data breach. In all, 77 million users had their personal data exposed to malicious hackers: names, addresses, email addresses, birthdates, passwords, logins, credit card numbers (encrypted?), and perhaps most disturbingly, security questions and answers, which could be used to gain access to any number of other online services, including bank accounts. After ordering a new credit card and scrambling to change passwords and settings on as many sites as possible as quickly as possible, what can an exposed PlayStation user do but hold their breath, sue Sony, and hope for the best?

While these nervous individuals ponder their fate, let’s consider a larger question: what does this mean for privacy itself?

I’ve often argued that privacy fears are overblown by the media—which is not to say that the public has nothing to fear, only that the public doesn’t really care. Yet. We all feel uneasy about how much data we’ve put out there, how much Facebook knows about our personal lives and how much Google knows about our email and search histories and how much Apple knows about our whereabouts. But until people suffer the consequences of all this over-sharing, we’ll continue to trade our data for neat and useful services. However, all it would take is one widely felt incident, one consequential exposure that people actually feel, either in their pocketbooks or in their pride—and the entire burgeoning industry around personal data could grind to a halt.

So is this the Big One? The Datapocalypse that will send us screaming to our bunkers, never to fill out a sign-up form again?  I’m not so sure.

While privacy watchdogs and infophobic legislators try to whip up a widescale public backlash, I predict that the system will absorb the damage from this massive security failure and the public will be largely unfazed. Cards will be replaced and lawsuits settled.  Some fraction of the 77 million exposed users will report a weird charge or two on their credit cards, and some of those claims will prove true.  The victimized will be compensated as soon as possible so that data-reliant industries can roll along as smoothly as possible.

Online services are not unlike insurance companies, banks, or credit card companies—they rely on the public’s trust. And just as the latter industries absorb fraud on a daily basis to protect their massive profits, so too will companies that store knowledge of our favorite ice cream flavours instead of our dollars.

Let me hedge my prediction by insisting on one exception: if the hacked data, instead of getting chopped up and sold off piece by piece on the online black market, were to be leaked online—if the hackers turn out to be info-anarchists rather than for-profit goons, if 77 million users end up exposed to the network effect of 6 billion humans who could mash up and exploit their data any way they please—then the resulting storm will change the online world forever.

[Photo by Flckr user DeclanTM]