Vorige week raakte bekend dat bij de hack van kredietbeoordelaar Equifax de data van 143 miljoen Amerikaanse burgers gelekt werden. Dat is ongeveer 44 procent van de bevolking. In een uitgebreide post op zijn blog schrijft Bruce Schneier dat Equifax zeker niet de laatste van dit soort gigantische datalekken zal zijn. Zo lang er geen nieuwe wetgeving komt die bedrijven bestraft voor het slecht beveiligen van hun data, zal dit blijven gebeuren. De reden daarvoor is simpel. “In a system of surveillance capitalism, you’re not Equifax’s customer. You’re its product.”
The companies that collect and sell our data don’t need to keep it secure in order to maintain their market share. They don’t have to answer to us, their products. They know it’s more profitable to save money on security and weather the occasional bout of bad press after a data loss. Yes, we are the ones who suffer when criminals get our data, or when our private information is exposed to the public, but ultimately why should Equifax care?
Market failures like this can only be solved through government intervention. By regulating the security practices of companies that store our data, and fining companies that fail to comply, governments can raise the cost of insecurity high enough that security becomes a cheaper alternative. They can do the same thing by giving individuals affected by these breaches the ability to sue successfully, citing the exposure of personal data itself as a harm.
— lees verder bij Schneier