What is the real problem with the AshleyMadison data breach?
Well, let me start with what problems I do not have with the whole debacle.
First off, it is not what the purpose of the site was.
If you feel you must do what the site was promoting and enabling, that is your choice.
Until it starts to affect me and my family, it is your life and family you may be destroying, but it is still your choice regardless if it is good or bad. Thankfully, in theory, we are all beings capable of free thought and opinion.
Secondly, it is not the fact that a data breach happened.
As the number of data breaches increases day after day, these announcements are getting to the point of who’s on the list of data breaches today? It is unfortunately getting less and less shocking that data may not, or most likely, had not been protected appropriately.
So what is it already?!
The main problem I am having with the data breach at AshleyMadison is the reaction by the database ( and some of the security) community.
There was some general disgust that it occurred, but as noted before, it is becoming such a common place situation that the “awe” factor is not there as much anymore. It seems that the subject of the data is of more important than the data itself.
That isn’t really the issue though. The issue is more the attitude that it is somehow acceptable, almost appropriate to take this data and use it for demos and analysis because it is a large set of data that can be used for showing various methods with BI and even in handling the scale of data in various systems. After the first data release I started to see a lot of discussions and questions about how to get the data and use it.
“Yay! Lots of data to play with!”
Those looking to get a copy of the breached data were not looking to use it for personal gain, or blackmail and the like (as far as I know). This was to use that data as a large data set for demos online and during in-person presentations.
The problem with this is that it is not ‘publicly’ available data. It was data that was obtained illegally. It is data of a very sensitive nature that is leading people to kill themselves and also for blackmail that could lead to the former.
There was a distinct lack of feeling for the victims, replaced with an attitude of “Yay! Lots of data to play with!”
Even prominent members in the SQL Server community seemed very excited to get their hands on the mass amounts of data being made available that they could use to see interesting demographics, charts, graphs, and analysis.
I get it, it is real data on a very touchy subject. It could make for very interesting demos and presentations.
But it isn’t right.
That is my issue. Our job is to be protectors of the data, and ultimately those whose information it is.
Why are any data professionals getting excited about getting their hands on this data? I feel I would seriously question the true motives of anyone that is going and grabbing this data to use in any presentation, even if the data is scrubbed. If you are just going to scrub the data, you could make it up in the first place.
By not respecting the data, you are ultimately failing to respect the very people whose data was stolen and whose lives may be destroyed.
Why propagate this further?
Do the right thing.
Use legally obtained large data sets for demo and experimentation, or even make your own.
Don’t rely on and subsequently promote the activities that occur with breaches such as the one recently with AshleyMadison.
[divider_top][icon_box icon=”users” title=”Who is Chris Bell?”]
Chris Bell, SQL Server MVP, MCSE & MCITP, is a 20 year veteran of using Microsoft products & SQL Server to create solutions for businesses, organizations and individuals. Chris speaks, blogs, writes articles and makes media of all kinds regarding SQL Server at WaterOxConsulting.com. Chris is also the founder of WaterOx Consulting, Inc. which features SQL Server consulting services, training and the FREE sp_WOxCompliant compliance check script for your SQL Server environment.
Click here to contact Chris or to follow him on twitter. [/icon_box]