There Will Be No Privacy Chernobyl
Ed Felten asks:
What would be the Exxon Valdez of privacy? I’m not sure. I don’t think it will just be a loss of money — Scott explained why it won’t be many small losses, and it’s hard to imagine a large loss where the privacy harm doesn’t seem incidental. So it will have to be a leak of information so sensitive as to be life-shattering. I’m not sure exactly what that is.
(“The Exxon Valdez of Privacy.”) Privacy advocates have been waiting for this for a long time. It’s important to remember that the Exxon Valdez followed Silent Spring by nearly 30 years. The environmental movement had time to evolve memes. Privacy still has many meanings. The parade of breaches or overflows hasn’t done it, despite medical data, financial data, and just about anything you can imagine being leaked.
This past weekend, I was speaking to a vet friend, and he didn’t care about the VA leak. He said that military SSNs are so public anyway, you’d drive yourself nuts worrying.
Part of the problem is that alternatives are hard. Consumers can’t switch to hydro for their credit. (How’s that for mixing a metaphor?) Background checks are being made a liability issue, despite the base rate fallacy and their general failure modes. Driver’s licenses are being made machine readable.
We’re not going to have a privacy Chernobyl.
Your vet friend may not know that medical diagnosis codes were reportedly included in the stolen information.
An ugly but possible scenario is that the crooks with the records start making phone calls like “Send $5,000 to this Western Union office in Belarus, or we’ll show your employer proof you have PTSD and we’ll tell him that means you could gun down everyone in the office at any minute”.
There are plenty of employers who get all their medical news from TV and would fall for that. Part of the reason we have privacy, after all, is to protect against being damaged by the ignorant.