Data insecurity is a major, widespread problem. It’s difficult to navigate the Internet without the vague worry that some of your information or your activity will end up in the hands of someone you’d rather not have access to such details, especially as leaks of data from major corporations and government agencies become frequent, almost routine. But are there some data breaches that could actually accomplish something good for society?
The thought experiment is particularly relevant now, since the hacking and subsequent data breach of Ashley Madison, a dating website for people in committed relationships to find accomplices for extra-marital affairs, has started some interesting conversations. The hackers behind Impact Team revealed the email addresses associated with some 30 million accounts registered to the website. Among them are the addresses of as many as 15,000 federal workers and active duty military members, plus the addresses of a number of public figures.
But as Fletcher Babb reports for VentureBeat, the breach hasn’t yet done much beyond shaming “an already disgraced reality TV star and a low-level GOP wonk.” We haven’t learned too much so far. “People love to cheat, people don’t know how to cover their tracks, companies treat our personal data with a worrying disregard. No surprises here.” No one knows who’s behind Impact Team, or what their motivations are, though they seem to take issue with Ashley Madison’s morals and business practices. But Babb jokes that if the hackers decide to strike again, they could aim much higher than a site like Ashley Madison.
What if hackers leaked a company’s entire pay structure — via a trove of data scraped from TriNet, Zenefits, or ADP — to provide a much clearer look at wage disparity, gender discrimination, and executive bonuses than companies’ half-hearted diversity reports have ever offered?
What if they accessed and leaked transaction data from Super PACs, which can raise unlimited money but aren’t legally obligated to reveal their donors, to make public the “super-wealthy names behind these anonymous P.O. boxes, and why they’d prefer to not have their name tied [to] these huge donations” routinely made during presidential election season? Finally, and as Babb notes, “most improbably” of all, what would happen if hackers erased information on student loans “for millions of people crippled by debt”? What would happen if all of that information simply disappeared?
In the midst of the fallout after the Ashley Madison breach, users whose email addresses were revealed are now being publicly accused of cheating. It’s not hard to imagine how a data breach could reveal information that might, in some way, be beneficial to reveal, just as it’s easy for someone with no involvement in the Ashley Madison incident — except for an idle curiosity — to imagine that it’s right, in some way, for people who cheated or considered cheating to be found out. But as the Internet gawks over the continually-unfolding details of the Ashley Madison breach, there’s an important line that needs to be drawn: the line between the bad behavior of governments and corporations versus the bad behavior of private citizens in their private lives.
Sure, a data breach that reveals the extent of pay inequality at Silicon Valley’s top companies, or sheds some light on whose money is funding presidential hopefuls’ campaigns would be worth knowing about and worth reporting on. But when breaches like the Ashley Madison incident spill the messy details of regular people’s lives all over the Internet, does society, at large, reap the same benefits? And if so, does the societal benefit of having such information made public excuse the illegal activity that made it so?
The problem is that the Internet doesn’t have the maturity to look away, so hackers will continue to uncover the private details of people’s lives and post them online for the world to gawk at and gossip about. The same thought experiment of imagining data breaches that could produce some good outcomes could easily turn up situations with much thornier consequences. What if hackers with a misplaced sense of moral superiority released a list of people who donated to organizations working for still-controversial causes like abortion, or tapped into hospitals’ records to wrongly stigmatize those who sought treatment for mental health conditions or sexually transmitted diseases? These examples seem extreme, but illustrate that the details of people’s private lives are better left private. They also make it clear that championing the cause of “good” data breaches could quickly get out of hand.