The banality of the Equifax breach

But here’s the strange thing: In light of all the bad things that have happened on and around Facebook in recent years, this kind of betrayal feels low-key. That’s how bad things have gotten with online security in general, and with Facebook in particular. Compared to facilitating the large-scale extraction of user data, running illegal and discriminatory advertising, sharing user information with Chinese electronics manufacturers, expediting election interference, exposing content moderators to gruesome imagery, sowing dissent to the point of violence, and even just building an estranging record of human lives, letting someone scurry around your account for a while seems maybe not so bad.

Don’t misread me: It is bad. But it feels less bad than it once would have. Hacks and breaches have become so commonplace that the public is beginning to acclimate to them. When the Sony Pictures data breach took place in 2014, it was widely covered as a major industrial and political event. Journalists even trawled through the data released by it, perhaps somewhat improperly, because it seemed newsworthy to cover the goings-on of wealthy, powerful Hollywood executives. The Target and Home Depot hacks of 2013 and 2014 felt more personal, but also easier to manage: Just get a new credit or debit card. After the Ashley Madison hack in 2015, everyone realized that they were as vulnerable as the power players, and they started to worry. Last September, after the Equifax breach exposed more than half of Americans’ most sensitive personal information, I compared the feeling of being impacted by a data breach to a malaise of everyday life, like traffic or errands.

Then the Cambridge Analytica revelations arose, and the ongoing foreign meddling in global politics appeared to have a real, measurable impact on the outcome of elections, including the 2016 U.S. presidential election. In the grand scheme of things, someone looking at your hidden photos or private messages or group postings feels lower-stakes.

Welcome to the age of privacy nihilism.

It’s not, of course. All of this is part of a bigger tide that washes heaps of data ashore, then deposits it like silt for anyone to find, pocket, and exploit. Defects are to be expected from time to time, but users should nevertheless expect that Facebook does everything it can to safeguard the information people share with it.

The problem is, eventually it becomes impossible to keep up. Facebook is a huge company that manages data for billions of people all around the globe. It is an appealing target for attack and is therefore under constant bombardment. Security becomes an arms race, and every remedy introduces a new potential weakness. Mark Zuckerberg’s appeals to artificial-intelligence solutions to hacking, abuse, disinformation, and other vexations amount to magical thinking. The same computational facility that makes it possible to scale an online business to billions of users across the globe, the thinking goes, should make it possible to automate its management.