Will the hacks keep coming?
Seven months ago, Facebook took out full-page ads in the U.S.’s and U.K.’s biggest newspapers vowing to protect users’ personal information, said Charlie Warzel in BuzzFeedNews.com. “If we can’t,” Facebook CEO Mark Zuckerberg wrote, “we don’t deserve it.” Yet here we are: Facebook revealed last week that a massive security breach had exposed the data of 29 million users. Hackers made off with the names and contact details, such as email addresses and phone numbers, of 15 million users. The cybercrooks looted not only those details from the other 14 million but also “invasively personal” information such as birth dates, cities of residence, location history, and recent search history. This hack “could haunt its victims for years to come,” said Will Oremus in Slate.com. The stolen data is “the kind of information that could be used to stalk someone, to harass them or their family, to answer the security questions that guard their online accounts, to deceive them by posing as someone they know, or to trick them into clicking a malicious link or disclosing sensitive information.” It’s a safe bet that those who took this data are not people you want “pawing through your personal life.”
The internet won’t get safer “without the government stepping in,” said Bruce Schneier in The New York Times. Attacks that expose information about millions of users—on Facebook, Yahoo, Equifax—have become “remarkable for how unremarkable they are.” We put up with it because, until now, the data that hackers got hasn’t threatened our lives. But there could soon be catastrophic attacks against the computers that “drive our cars, pilot our planes, and run our power plants.” The market can’t fix this—security is expensive, and tech companies prefer to spend their money on features users can see. So it’s up to Uncle Sam: Regulatory agencies must “penalize companies with bad security.” Hefty fines are needed to make “the cost of insecurity greater than the cost of security.” We should follow the European Union, which has already passed a comprehensive privacy law and is “now turning to security and safety.” The U.S. “can and should do the same.”
At this point, even Silicon Valley accepts that new regulations are coming, said Ina Fried in Axios.com. California passed a sweeping new data privacy law this summer, set to take effect in 2020, giving tech firms an incentive “to come to the table on federal legislation.” The goal of those companies has now “shifted from fending off regulation to helping craft something palatable.” That’s why they’ve stepped up their Washington lobbying operations, hoping that federal lawmakers can be persuaded to devise “rules that are more industry-friendly—that is, weaker—than Europe’s or California’s.”