Wednesday, September 11, 2024

Tech: How data leak lawsuits actually harm individuals

September 10—This week, I sit down with online security consultant Troy Hunt to talk about data breaches. Plus, Moore's law of transistors seems to apply to black hole detector tech, and schools are banning students' phones (or locking the devices in pouches). That and more below!

Ben Guarino, Associate Editor, Technology


Later this week I'll be publishing an interview with Troy Hunt, the online security consultant who runs the website Have I Been Pwned?, where you can check if your email has been compromised in a data breach. He and I discussed the recently revealed National Public Data (NPD) hack, which exposed millions of social security numbers, names, email addresses and other personal information. We also talked about what to do after an event like this, plus the generally grim state of these breaches. Here's a bonus bit of that conversation. –Ben

Over the summer, you wrote that victimized individuals can sometimes make things worse, specifically by pursuing class-action lawsuits against the companies that were breached. Could you explain your thinking there?

I feel as though that's a very American thing, class action lawsuits.

Sure
! [Hunt is based in Australia.]

The biggest sense I get from individuals is they want retribution and they want to punish the organization. I can understand that. Let's take the NPD thing: "You know, why in the hell do you have all of my data?"

The concern I have is I keep seeing lawyers drive the conversation very early on, because they're protecting the brand, they're protecting the shareholders, and inevitably they're protecting the executives. And a lot of it is because they get these spurious claims. …When you have these data breaches, if you start getting more spam, it's just spam. I hate spam with a passion, but it's not going to hurt me. (Second of all, the attribution of the source of spam is extraordinarily hard. All the sorts of data that was seen exposed in NPD have come out from all these other places as well.)

So the breached companies lawyer up.

It will cause them to tick every box and dot every I and cross every T. And that takes time… What happens is we get these long lead times between the incident and the disclosure [to individuals, which is written in] very carefully caveated language. So we don't really understand what's happened. And the plaintiffs end up with a few dollars. Literally. Maybe you can get a coffee. It's not even worth the return on investment.

When Drizly (an alcohol delivering company) was hacked, my university email was exposed. If I recall, I got a check in the mail for a buck or two.

Not enough to buy a beer!
How do you like today's newsletter? Let us know by emailing newsletters@sciam.com. We love hearing from you!

In Other News
Scientists Make Living Mice's Skin Transparent with Simple Food Dye

New research harnessed the highly absorbent dye tartrazine, used as the common food coloring Yellow No. 5, to turn tissues in living mice clear—temporarily revealing organs and vessels inside the animals

Do Phone Bans Help Students Perform Better in School?

As a result of phone bans, millions of students will stuff their phones into fabric pouches this fall

Black Hole Detectors Fulfill Moore's Law

A famous prediction that microchips improve exponentially over time can be applicable in unrelated developments, such as the technology used to discover colliding black holes

WHAT WE'RE READING
  • Science fiction writer Ted Chiang argues generative AI is unable to make art because it can't make interesting choices. | The New Yorker
  • Brazilian scientists are scrambling to stay connected after the country banned X (formerly Twitter). | Nature News
  • "YouTubers Are Almost Too Easy to Dupe."  | The Atlantic

From the Archive
Data Vu: Why Breaches Involve the Same Stories Again and Again

Data breaches involve the same old mistakes; we must break the cycle

Scientist Pankaj

Today in Science: Humans think unbelievably slowly

...