What will the Sony data breach change? Probably nothing, possibly everything - Macleans.ca

What will the Sony data breach change? Probably nothing, possibly everything

Sure, we all feel uneasy about sharing sensitive data. Just not enough to stop doing it.


Now, a moment of tense silence following Sony’s massive data breach. In all, 77 million users had their personal data exposed to malicious hackers: names, addresses, email addresses, birthdates, passwords, logins, credit card numbers (encrypted?), and perhaps most disturbingly, security questions and answers, which could be used to gain access to any number of other online services, including bank accounts. After ordering a new credit card and scrambling to change passwords and settings on as many sites as possible as quickly as possible, what can an exposed PlayStation user do but hold their breath, sue Sony, and hope for the best?

While these nervous individuals ponder their fate, let’s consider a larger question: what does this mean for privacy itself?

I’ve often argued that privacy fears are overblown by the media—which is not to say that the public has nothing to fear, only that the public doesn’t really care. Yet. We all feel uneasy about how much data we’ve put out there, how much Facebook knows about our personal lives and how much Google knows about our email and search histories and how much Apple knows about our whereabouts. But until people suffer the consequences of all this over-sharing, we’ll continue to trade our data for neat and useful services. However, all it would take is one widely felt incident, one consequential exposure that people actually feel, either in their pocketbooks or in their pride—and the entire burgeoning industry around personal data could grind to a halt.

So is this the Big One? The Datapocalypse that will send us screaming to our bunkers, never to fill out a sign-up form again?  I’m not so sure.

While privacy watchdogs and infophobic legislators try to whip up a widescale public backlash, I predict that the system will absorb the damage from this massive security failure and the public will be largely unfazed. Cards will be replaced and lawsuits settled.  Some fraction of the 77 million exposed users will report a weird charge or two on their credit cards, and some of those claims will prove true.  The victimized will be compensated as soon as possible so that data-reliant industries can roll along as smoothly as possible.

Online services are not unlike insurance companies, banks, or credit card companies—they rely on the public’s trust. And just as the latter industries absorb fraud on a daily basis to protect their massive profits, so too will companies that store knowledge of our favorite ice cream flavours instead of our dollars.

Let me hedge my prediction by insisting on one exception: if the hacked data, instead of getting chopped up and sold off piece by piece on the online black market, were to be leaked online—if the hackers turn out to be info-anarchists rather than for-profit goons, if 77 million users end up exposed to the network effect of 6 billion humans who could mash up and exploit their data any way they please—then the resulting storm will change the online world forever.

[Photo by Flckr user DeclanTM]


What will the Sony data breach change? Probably nothing, possibly everything

  1. The fact that the public is blase about the risks of sharing personal data does not mean that the media is exaggerating the problem. Just as we expect elected officials to exercise their judgement at times instead of governing by opinion poll, the members of the news media are allowed to use their intelligence as well to choose to consider issues as serious – whether it is computer security or global warming.

  2. I hope at the end of the day that this does what it should do – Cause all online vendors to take a good hard look at how they handle and store customer data, and make improvements where necessary. Ideally, our online data should be safer in the long term because of incidents like this.

    We're still in the toddler stage of our global online lives when you think about it. We still have a lot to learn about managing privacy vs convenience vs criminal behavior.

    Sony learned a hard lesson this week (we hope). The internet and online commerce isn't going away, so we just have to learn from our mistakes and get better at it, private citizens as well as corporate entities.