In April, it was widely reported that Shadow Brokers had captured a suite of NSA hacking tools. Less than a month later, supercharged by state-sponsored malicious software, ransomware went totally mainstream, and RaaS (ransomware as a service) became an accessible thing. Last week, it was quietly reported that a perhaps comparably serious data breach occurred. And now, the clock is ticking.
If you are a registered voter in the US, your data is almost certainly out in the wild now
This has been sort-of true for a long time. But until recently, all of the little tidbits of info that a person generated in the course of doing everyday life were scattered across a bunch of different little databases. Over the last few years, technological advancement has made it easier and easier to combine these databases, connect the dots, and produce very detailed pictures of individual persons and what makes us tick.
In fact, our personal data profiles have been commercially available at relatively low cost for at least the past year. For example, the company IDI "combines public records with purchasing, demographic, and behavioral data" to deliver these profiles to anyone willing to pay for them. At this point, whole industries are increasingly reliant upon the ease with which such finely-grained consumer data can be set to the task of turning a profit.
Unfortunately, consumer data is just the tip of the iceberg with this thing. Media empire oligarchs like billionaire Robert Mercer have been building the virtual infrastructure necessary to combine consumer profiles with political identities and military psy-ops in order to swing elections. What manner of database makes swinging an election into a feasible thing for a media empire? Precisely the manner of database that an RNC contractor recently plopped onto the public internet.
The exposed data included: "date of birth, home and mailing addresses, phone number, registered party, self-reported racial demographic, voter registration status ... as well as "personal details, backgrounds, and political behavior".
Already, such information is used by big companies and political actors in rudimentary ways - mostly, to personalize messages and run targeted propaganda campaigns. The details of your digital profile may determine whether or not you receive a robocall, see anti-immigrant 'news' in your Facebook feed, receive a given class of spam in your email inbox, and so forth. None of these things are that big of a deal. But what happens when the same data that makes them possible becomes accessible to every scammer, spammer, ideologue, political tyrant, religious zealot, jilted lover, bigot, mercenary, business rival, activist, and prankster?
What happens is a bunch of weird and unpredictable stuff.
Some of it will probably be funny. Some of it will probably be very costly. Some might be tragic. There is really no way to know for sure. I mean, this data could be used to target marginalized persons for violence or harassment, or used to hold corporate decision makers and corrupt public officials individually accountable for the impacts of their actions. It could be used by charitable organizations to find fitting recipients for philanthropy, or by criminal gangs to find new exploitable recruits. The point is, as this information gets bought and sold, passed around, added to, and generally made easier and easier for anyone with an internet connection to sort through and effectively query, it becomes more and more likely that some people will look for, find, and act on the recently exposed information.
So, if the leak of NSA hacking tools took less than a month to substantively contribute to a ransomware epidemic, how long will it take for the exposure of the personal details of more than 60% of the US population to translate into one or more big, disruptive events? Personally, I suspect the answer is between two and four months. Regardless, it seems we are now truly entering an era of radical transparency, for better or worse.
And then ... who knows?