Shostack + Friends Blog Archive


No Privacy Chernobyls

Over at the Burton Identity and Privacy Strategies blog, there’s a post from Ian Glazer, “Trip report from the Privacy Symposium,” in which he repeats claims from Jeff Rosen:

I got to hear Jeffery Rosen share his thoughts on potential privacy “Chernobyls,” events and trends that will fundamentally alter our privacy in the next 3 to 10 years.

I don’t believe it, and haven’t believed it in a long time. As I said in 2006, There Will Be No Privacy Chernobyl. There’s too much habituation, too much disempowerment, and too diffuse an impact of any given issue.

I’d love to have to eat those words. Rosen suggests five issues:

  1. Targeted ads
  2. Search term links
  3. Facebook
  4. The Star Wars kid
  5. Ubiquitous surveillance

Do you see any of these rising to the level of Chernobyl? Where you could stop the average person on the street in most of the developed world, ask a simple question, and not get a blank stare?

4 comments on "No Privacy Chernobyls"

  • Simson says:

    I agree. None of these rise to the “Chernobyl” level.
    Why not? Because they do not directly impact millions of people.
    So what would?
    1 – having $500-$999 withdrawn from 50 million bank accounts throughout the US in 3-5 innocuous transactions.
    2 – Having gmail’s search “fail open” so that any search done on Google turns up lots of private gmail email messages.
    3 – millions of cell phones going into “eavesdrop” mode, having the data archived, and having 1-minute segments of everybody’s ambient conversations (or cell phone conversations) sent by email to lots of other people.

  • Ted says:

    PRIVACY is done, and this is increasingly the expectation (see how kids deal with Myspace).
    The Chernobyl will come from some sort of computing infrastructure that goes down either accidentally or because it was attacked.
    The Day The Phones Stopped is a very, very old discussion of this.
    Adam, you remember from your scanning days that putting things online gives rise to unexpected outcomes. Richard Clark is a blowhard, but I expect that nobody knows how much stuff is online that shouldn’t be. But my guess is “a danged lot of stuff.”

  • Allan says:

    I would add: a large enough breach of authentication info such that the standard means of authentication become essentially worthless. This also requires a motive to exploit authentication systems across organizations, industries, etc. So either a new way to monetize massively parallel fraud, or a motivated attack.

  • Pete says:

    “I’d love to have to eat those words.”
    You don’t really mean that, do you?

Comments are closed.