What It Might Take To Stop The Data Breaches

Sep 16, 2017
Originally published on September 17, 2017 10:42 am
Copyright 2017 NPR. To see more, visit http://www.npr.org/.

SCOTT SIMON, HOST:

There seems to be a new big breach of personal data every few weeks. But this latest case in which Equifax, the credit reporting agency, was hacked seems especially massive. The Social Security numbers, dates of birth and other personal information of 143 million Americans was potentially exposed. Zeynep Tufekci argues that the underlying problem isn't a technical failure; it's political. Zeynep's a contributing opinion writer for The New York Times. She joins us now from Chapel Hill, N.C.

Thanks so much for being with us.

ZEYNEP TUFEKCI: Thank you for inviting me.

SIMON: Since this hack was revealed, the Federal Trade Commission has announced an investigation. Equifax's stock price, I guess, has tumbled a bit. And last night, two Equifax executives stepped down. Do you think this means real change is ahead?

TUFEKCI: I would like to know the conditions under which they stepped down. Very often, the step down is riding into the sunset with tens of millions of dollars. When Yahoo had many really huge breaches under the tenure of their CEO Marissa Mayer - and she just stepped down this summer with about $200 million in total compensation. So that doesn't sound like a punishment to me. I would like to be punished that way.

(LAUGHTER)

TUFEKCI: I mean, I'm a former programmer. I'm pretty sympathetic to the idea that software will have bugs. But every time we hear of these breaches, most of the time, including in this Equifax case, it turns out that it was neglect and underinvestment. The problem that caused the breach was a software update that was available that they just did not implement.

SIMON: U.S. citizens don't feel that they've been dealt with fairly because of this breach.

TUFEKCI: And they have not been. Yeah, they have not been.

SIMON: Well - but what can they do about it? People don't even really do business, per se, with Equifax.

TUFEKCI: Right - because we are their product. We're not their consumers. We are not the - they are usurping our data. They're taking our data, and they're selling it to others. So they really don't care about us. And the automotive industry is a good example. They were dragged into regulation, and they were dragged into installing seatbelts and paying attention to car safety. And with much pressure, with much regulation, with much effort from consumers, they did. And it was good for the industry, too. It's a better industry, healthier industry right now. So this isn't going to work - I can't withdraw from Equifax. I didn't even have that right to do that. So this isn't going to work without some level of oversight, some level of regulation and some real, genuine accountability.

As I said, if a person - if the little guy makes a tiny mistake with a credit card payment, they suffer severe consequences. We need to have proportionate consequences for the company, for the people who oversee it and for the whole industry. And if those are not in place, the next company knows that they can just keep ignoring the security aspect; they can underinvest. Something happens, it's a few days of bad press. I talk to you; you talk to me. They go their merry way to their million-dollar retirement - at worst. And that's the worst that happens to them. I - the incentives are not aligned for them to protect us, and we need to change that.

SIMON: Zeynep Tufekci at the University of North Carolina, thanks so much for being with us.

TUFEKCI: Thank you for inviting me. Transcript provided by NPR, Copyright NPR.