Monday, November 4, 2013

Big Data Breaches And The Status Quo

Last night I was doing what I often do; checking that I'm not caught up in a data leak/breach.  My attention last night wasn't on Bell Canada or Rogers or any of my usual suspects - it was Adobe.

Now, I'm not going to link to the breached data, but anyone that wants to go looking for it will find it easy enough. When I found a way to search it, I went trawling through it looking for my details.  What I found was not my details, but one of two distant relatives who have the same name as each other - so this morning a quick Facebook post located the correct one and he was alerted to change his password.

Normally, I found myself having to do this in a somewhat covert manner - the law in most countries is wholly out of date where technology is concerned, so I often conclude before I start that someone somewhere looking at leaked data to see if they're affected is most likely to be told that this is tantamount to handling stolen properly, regardless that your intent to see whether the data has your lost property in it. 

This brings me to my point I want to raise:  why do we still treat people who are potentially the victims as the criminals?

I've said many times that the law is normally comically out of date with technology and the judicial system is a circus, but we hurtling very fast into a scenario where we are not just living with out technological pants down, but the legal system is actively giving us wedgies every time we try to correct the position we get put in.

What I think needs to be done is when a breach happens of sufficient magnitude, say 10 million records or more, the authorities set up a notification/search service to allow us to find out exactly how we are affected, as the status quo is clearly backwards.

What we have right now just isn't helping us.