The Flowing Candy Bees

Question for the reader (both of you): what, in your wildest imagination, is the worst, most sensational privacy-related disaster that can befall a single individual? I’m thinking of making this a homework problem for my security engineering class.

This was brought to my mind by a recent panel discussion on privacy at Princeton University.

Prof. Ed Felten (see his blog, Freedom to Tinker) recently moderated a panel discussion on privacy at Princeton University. The panelists were Princeton alumni, working for various major tech corporations. Their views on privacy were a bit corporate, in some subtle ways. Superficially they were all for stronger privacy. One fellow from a major software vendor wanted a strong federal law dictating rules for handling private information—but I suspect what the software industry really wants is a new law that overrides existing state laws. Not only would this make compliance far easier, but it would give the industry one last chance to set the rules.

Here’s a more subtle example: the panelists all agreed that companies fear the inevitable “Exxon Valdez” of privacy disruption—the massive screw-up that will one day enrage the public, and create a national emergency. But what would that be? An audience member asked what could possibly comprise such a monumental disaster. One panelist said, “have you ever been a victim of credit card fraud? Well, multiply that by 500,000 people.”

This is very corporate thinking: take a loss and multiply it by a huge number. Sure that’s a nightmare scenario for a bank, but is that really a national crisis that will enrage the public? Especially since cardholders are somewhat sheltered from fraud. Also consider how many people are already victims of identity theft, and how much money it already costs. I don’t see any torches and pitchforks yet.

Here’s what I think: the “Exxon Valdez” of privacy won’t be $100 of credit card fraud multiplied by a half million people. It will instead be the worst possible privacy disruption that can befall a single individual, and it doesn’t have to happen to a half million people, or even ten thousand. The number doesn’t matter, as long as it’s big enough to be reported on CNN, and then people think it will happen to them too.

We have a saying in security: “More people are killed by pigs than by sharks.” Meaning, we tend to fear things that statistically will never happen to us, while we never think about more common threats. So a man in Kansas will set up a “danger room” in case a terrorist attack covers half the continental United States, but he’ll drive 80mph in the rain on bad tires. The media exacerbates this because rare events are very newsworthy. For that reason, actual numbers or odds don’t matter. It will matter to the entity that has to pay for the damage, but public fear or outrage isn’t so much a function of volume.

So back to the question: what is the worst, the most sensational privacy disaster that can befall an individual—that in a batch of, oh say 500-5,000 people, will terrify the general public? I’m not thinking of a disaster that is tangentally aided by a privacy loss, like a killer reading my credit card statement to find out what cafe I hang out at. I’m talking about a direct abuse of the private information being the disaster itself.

This entry was posted on Wednesday, June 7th, 2006 at 1:42 pm and is filed under Crypto and policy. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.