Rick Falkvinge: Ashley Madison: When will privacy breach liability be taken as seriously as other safety breach liabilities? New column on Privacy News.
In the wake of the Ashley Madison privacy breach, people have killed themselves. This is a breach that should be no different from a breach of any other safety promise from a vendor: it has been the case for years that when privacy is breached, people die. It has just happened in remote areas where the Western world can drone people based on surveillance data without news crews reporting much about it. With people dying from the Ashley Madison breach, the very real fallout from privacy breaches becomes more visible and tangible.
People in the privacy sphere have long talked about how data breaches aren’t solely the fault of a “rogue hacker”, as mainstream media (with a considerable vested interest in the matter) like to put it, but also a matter of following best privacy practices and having solid security engineering. If you don’t build a bridge to best practices, people die. If you don’t build a computer system to best practices, people die. Why is it the vendor’s fault in one case, but not in the other?
When somebody kicks their sneakers at the concrete base of a building and it collapses from the soft impact of an ordinary kick, we don’t blame the person kicking (the “hacker”). We blame the constructors who obviously tried to get away with cornercut cheap substandard engineering. Why isn’t this also the case with software engineering and sensitive databases containing private data?
Privacy is safety.
A privacy breach should be considered as serious as any other safety breach. http://ow.ly/Rx4Uy