No Privacy Chernobyls
Over at the Burton Identity and Privacy Strategies blog, there’s a post from Ian Glazer, “Trip report from the Privacy Symposium,” in which he repeats claims from Jeff Rosen:
I got to hear Jeffery Rosen share his thoughts on potential privacy “Chernobyls,” events and trends that will fundamentally alter our privacy in the next 3 to 10 years.
I don’t believe it, and haven’t believed it in a long time. As I said in 2006, There Will Be No Privacy Chernobyl. There’s too much habituation, too much disempowerment, and too diffuse an impact of any given issue.
I’d love to have to eat those words. Rosen suggests five issues:
- Targeted ads
- Search term links
- The Star Wars kid
- Ubiquitous surveillance
Do you see any of these rising to the level of Chernobyl? Where you could stop the average person on the street in most of the developed world, ask a simple question, and not get a blank stare?
I agree. None of these rise to the “Chernobyl” level.
Why not? Because they do not directly impact millions of people.
So what would?
1 – having $500-$999 withdrawn from 50 million bank accounts throughout the US in 3-5 innocuous transactions.
2 – Having gmail’s search “fail open” so that any search done on Google turns up lots of private gmail email messages.
3 – millions of cell phones going into “eavesdrop” mode, having the data archived, and having 1-minute segments of everybody’s ambient conversations (or cell phone conversations) sent by email to lots of other people.
PRIVACY is done, and this is increasingly the expectation (see how kids deal with Myspace).
The Chernobyl will come from some sort of computing infrastructure that goes down either accidentally or because it was attacked.
The Day The Phones Stopped is a very, very old discussion of this. http://www.amazon.com/Day-Phones-Stopped-Ringing/dp/1556112866
Adam, you remember from your scanning days that putting things online gives rise to unexpected outcomes. Richard Clark is a blowhard, but I expect that nobody knows how much stuff is online that shouldn’t be. But my guess is “a danged lot of stuff.”
I would add: a large enough breach of authentication info such that the standard means of authentication become essentially worthless. This also requires a motive to exploit authentication systems across organizations, industries, etc. So either a new way to monetize massively parallel fraud, or a motivated attack.
“I’d love to have to eat those words.”
You don’t really mean that, do you?
Pete