89 comments

[ 2.0 ms ] story [ 139 ms ] thread
> Worse… access to ALL of this information was given to certain foreign contractors, some of whom were in China.

Pretty sure this is unproven and, regardless, had nothing to do with the hack.

But it has everything to do with the security of your information.
I'm not sure if it was edited, but reference to China has now gone.
Yes, it was silently edited, which is not a particularly classy move.

I think this whole "foreign contractors" angle is sourced to a single anonymous ex-contractor speaking to Ars. Even if true, I don't think there's any evidence it has anything to do with this hack.

Hi author here. Thank you for pointing this out and sorry, I meant to mention that I edited it.
No worries, I'm definitely guilty of quickly editing my own comments to phrase them better :)

I still feel like I'm a little lost in the essay, though. It's easy to say that all data requires senior people to sign off before data can be decrypted. But that sounds really hard to implement and even harder to legislate. What specifically are you asking for? What am I supposed to be asking my representative to do?

Does anyone know if the OPM's data included Global Entry?
I don't, but the NYTimes says this:

> Every person given a government background check for the last 15 years was probably affected, the Office of Personnel Management

http://www.nytimes.com/2015/07/10/us/office-of-personnel-man...

Not sure if Global Entry / NEXUS is considered a background check, since they are certainly less intensive than the one done for a security clearance, but it doesn't sound good.

Exactly why is $AUTHOR so sure it was a foreign power that hacked OPM? Which proof can $AUTHOR provide besides unfounded rumours? It's just too simple.
The author of the post isn't variable.
(comment deleted)
I am not sure what is actually the worst thing we learned here, that this many people were hacked or this percentage is/was employed by the US government
It's not just those employed. A family member of mine has a security clearance, and let me know that I'd be one of the 20 million with my SSN exposed, since I was one of the people the government checked on when doing his clearance.
And DOB of your family member, unless the forms have changed. Also (not related to your family), when you're trying to identify yourself on the phone to a credit card or bank (etc.) because you are starting with them or "lost your password", they usually quiz you - almost all of the questions can be answered if you know the previous addresses.
This is what needs to change. Personal trivia can no longer serve as proof of identity. We need to make the personal data useless for identity thieves.
I wish alternative strategies like "stop having the government collect and store information" would be considered in these situation.
> I wish alternative strategies like "stop having the government collect and store information" would be considered in these situation.

I don't think nixing collection for background checks is viable, though limiting the scope (EDIT: both of data collected and the scope of applications for which government background checks are mandated) might be.

Similarly, limiting both the scope of data retained and the duration for which it is retained from such checks after the decision they support is made might be viable, though there are costs (among other things, to the accountability of government decision makers) as well as benefits to that.

This is the only real solution, as it directly addresses the real problem: interdependence. As Dan Geer described[1] the problem:

    ... risk is a consequence of dependence.  Because of shared
    dependence, aggregate societal dependence on the Internet is not
    estimable.  If dependencies are not estimable, they will be
    underestimated.  If they are underestimated, they will not be made
    secure over the long run, only over the short.  As the risks become
    increasingly unlikely to appear, the interval between events will
    grow longer.  As the latency between events grows, the assumption
    that safety has been achieved will also grow, thus fueling increased
    dependence in what is now a positive feedback loop.  Accommodating
    old methods and Internet rejectionists preserves alternate, less
    complex, more durable means and therefore bounds dependence.  Bounding
    dependence is *the* core of rational risk management.
In software we've had to face this problem of expanding complexity and interdependency so often we have numerous names for the problem like "spaghetti code" and "DLL hell". Numerous techniques have been invented to try and mitigate dependency problems (e.g. "information hiding" with functions and classes, UNIX-style problem separation and component reuse). With Rust, we have even designed an entire programming language with complicated and usual memory management features, with the goal of eliminating some types of interdependent pointer semantics. Even with all that effort, the good designer knows to ask the question "Did we really need to depend on $LIBRARY?".

Unfortunately, there are may other areas of our society that are just starting to learn about complexity at this scale, and do not understand why it might be an absolutely terrible idea to replace an old system that worked with a new piece of software that creates a dependency on the internet. There will be a lot of people that end up having to learn the hard way why it might have been a bad idea to change a security problem form "lock it in a thick-walled room behind a lot of people with guns" into something that probably reduces to Halting Problem.

[1] http://geer.tinho.net/geer.blackhat.6viii14.txt

Exactly. For us who worked on the big software projects, it's something we think of all the time, with the extremes:

- blindly making all class members private, most of the code is the burocracy and a little or even wrong job being done.

- allow everybody access to everything, a mess for the other aspects of brittleness.

Actively maintaining the balance is the hard problem which has to be done all the time as the requirements change all the time, but the task worth doing.

Is it sad that because I have worked on government systems in the past that this does not surprise me at all?

It makes me mad, but it is not at all surprising. The negligence on government software is crazy. That is on top of the regulations that basically don't allow developers to use new/open source technology.

While new technologies wouldn't have prevented this by themselves, they might have made it easier to encrypt data so the devs would have said, "oh yeah we can do that". Or they might have had defaults that prevent simple things like cross site scripting.

Spot on, most software gets disapproved simply for being open source or liberally licensed. Although recently I've found that it's easier to get open source software on my computer if I can prove that it already exists somewhere else on our network (i.e. we use Redhat servers which come with Python pre-installed after I pointed that out getting Python on my personal box wasn't much of an issue)
... Because the government is keeping everyone insecure so they can hack other nations and themselves?
7% of American't were not "just hacked"[1]. Perhaps the HN title should be changed to avoid misleading users herein.

The title is very much click bait.

1. https://en.wikipedia.org/wiki/Hacker_%28computer_security%29

I downvoted you because you need to support your claim. 21 million Americans had their personal information compromised. That's 7% of the ~300M population. Summarizing that state of affairs as "7% of Americans were hacked" seems reasonable to me.
While I do appreciate your honesty (re: downvote), gaining access to my information isn't intrinsically hacking[1]. Hacking might be the means of gaining the information. In this case, hacking did take place, but not the hacking of 21 million Americans, rather on some government servers. I've added citation to my original comment.

Anyway, it doesn't matter because the OP was flagged into oblivion.

1. https://en.wikipedia.org/wiki/Hacker_%28computer_security%29

> gaining access to my information isn't intrinsically hacking

Perhaps not, but saying "I was hacked" is a commonly used colloquialism that means, "My supposedly secure personal information was compromised."

But I guess it's a moot point now.

(comment deleted)
99% were hacked the last decade, along with most of the rest of the world, by an US government agency. If people didn't care about that, why you expect sympathy for this one?
Hack me twice, can't get hacked again, right?
(comment deleted)
I'm always amused by these "here's how to protect data better" articles, because today's security is tomorrow's joke, and that's how we got here with the OPM hack.

The only way to get ahead of it is to make it so that all private data is public and thus devalued. Privacy creates liability. Visibility creates value.

The problem we have right now is the idea that one entity should have domain over any information. That's what we need to get over. It should be shared- all of it, from bank security cameras down to what you're doing in the shower. When all surveillance is shared, you find that people suddenly get a lot more tolerant, because throwing stones in glass houses isn't helpful.

The Earth is a closed system. We have finite, shared resources. Privacy creates the fiction that it's not a closed system. You think that's how the space station works? Is that how you want it to work? No, you want cameras on everything, because if someone decides to experiment with the CO2 scrubbers, it affects everyone.

The same is true here on Earth. We're now in an age where one person or company or government can single-handedly change the habitability of the entire planet, such as Exxon did in the 80s. That's dangerous.

And meanwhile, there's incredibly valuable, life-saving services and conveniences we can all enjoy if we are open with all our surveillance data. How many lives could be saved or improved if we all had a smartwatch measuring our vitals and our food intake and toilet waste were monitored? That one change could single-handedly resolve most of our healthcare issues in the US.

What we really need instead of privacy is complete visibility coupled with a code of conduct that emulates the benefits we expect from privacy. Just because we can see everything doesn't mean we have a right to bother people with what we know. That's the issue we need to address. By all means, check out whomever in the shower, but that doesn't give you a right to interfere with that person's life by commenting on their genitalia. That's the key ingredient we're missing from the privacy conversation. We like privacy because we equate it with civility and thus freedom.

If someone doesn't know something, then they can't make you miserable with it. But that doesn't really work anymore. Even if someone doesn't know something, big data techniques can interpolate what it is they're not supposed to know. What you're really signing up for with "privacy" is granting visibility to only a privileged few- the spy agencies, the multinational companies, the hackers, and anyone willing to pay for the information.

Everything you said is correct.

Where can I find like-minded people that understand the sustainability of total transparency? I've been struggling to find such a community for years.

The article's title was just edited[1] to read, "Data on 7% of Americans Was Just Hacked, Now What?".

This is apparently a living document.

1. http://webcache.googleusercontent.com/search?q=cache:WKgL8jW...

Yes, I responded to your helpful feedback. Thank you.
Thanks, Ryan. Despite the fairly negative nature (calling it "click bait") of my prior request, you took it for its objective value. That was pretty big of you.
Why is everyone so shocked? Has anyone ever talked to a friend that works for the Federal govt.? They are well known to be completely incompetent when it comes to technology. Even the DoD, which gets billions of dollars for cyber defense, often doesn't do things right.

How can you expect the Fed. Govt. to handle things competently when some of the best paid private contractors F' things up too. Security is hard.

What IS a bit surprising is not the fact that they were hacked, but that they actually found out they were hacked. From what I understand, the Fed. Govt. has lost even more important data (like designs for weapon systems), and not even realized it till like years later when the technology shows up in foreign weapons.

Maybe some parts of the government aren't competent but the NSA is pretty good at what they do.
Pretty good at the surveillance side, but evidently not so good at their other mandate, which is to help the rest of the government secure their stuff.
Even the NSA isn't perfect though. Don't forget that Snowden managed to steal hundreds of thousands of documents, and the NSA doesn't even know exactly WHAT he got or not...
the NSA doesn't even know exactly WHAT he got or not...

Or so they say.

> Even the DoD, which gets billions of dollars for cyber defense, often doesn't do things right.

They're paying Microsoft millions to support XP right now.

They had some warning long ago about XP's EOL. I mean, really.

I don't see that as a problem. At all. The US government (NSA, CIA, etc) has files on most of the people on the planet (including close spying of most governments, politicians and important corporations worldwide). I don't see how somebody else having 20 million records on US people would change anything.

On the other hand, if personal and important information about the activities (behind the curtain) of all those politicians, banksters and big corporations, american or not, was accessible to the public, perhaps things would change.

That somebody else could be someone who tries identity theft, or worse. And information about state actors has been published, that's what the WikiLeaks case is all about. I don't think it had the effect you might hope for but just because the government acts badly doesn't mean they're the worst predators out there.

We also live in a world of industrial espionage. What if someone in this list is the CEO of multibillion corporation with a serious health problem that he/she kept secret. You publish the health records and the stock tanks. Or someone who works as a contractor for the army. There are nightmarish scenarios of what could be done with all that kind of information. There are even fingerprints in there.

Except that what leaked out is the background checks of almost all of the people that have a security clearance. There's a lot potential for someone to use that information to blackmail ("I'll tell your wife about that affair you had 10 years ago") or socially engineer (pretend to be someone else) their way to the very secrets this process is supposed to protect.
And at least links to all their family, friends and associates. Making those people targets for further data theft.
If it's such a big deal to loose / get the data stolen. Should you have been storing it in the first place ? And if you do really need it, like fingerprints, start by using a hash. The other data you wish to keep are current data (not history): ssn, address, family(maybe you should be able to opt out of that, but risk them no getting contacted in certain situations) Medical records? Have a standard form that list anything important: allergies, blood-type. Well that's my (maybe naive) view on it.
(comment deleted)
I am so happy this is happening !

I always felt cryptography was treated as a back room kind of operations. We are all so busy making iOS apps. The real computer science has always taken a back seat.

Hopefully MORE such breeches occurs and investment in security recieves the kind of investment and respect it deserves.

We are all so focused on this MBA growth bullshit. Time to do some real computer science !

I remember reading about how openSSL had like one programmer and he used his own funds.

It's embarrassing that we let this shit happen. this is why I think cs needs some form of labour union ( like the brotherhood of teamster, I didn't know truck drivers got better wage than half of us ) the wages keep on dropping and we have no say in where to divert investment.

How do you think labor union would have helped in the openSSl case?
Labour unions are know to manage and divert investment for the common good for a field.

They help enforce regulations and prevent random programmers from doing something stupid.

IN the case of openSSL. Even though we all collectively know how important security is for the Internet in general, it would be hard to convince investors to fund something that is a collective good with long term potential.

Right now except for EFF, no one is voicing the concern about encryption. And it's all programmers collective fault for letting this happen.

I understand the general appeal, what I was wondering is the specific mechanism that would work to help case like openSSL (if anything, I can see it hurting the effort, as you said, "stopping programmer from doing something stupid"). I'm more worried that labor union will be doing things more in the veins of RIAA and MPAA: seemingly good for short term of the field, but completely stupid in the big picture.
I think a democratically elected face for programmers would be a good thing.

Right now there are major problems surrounding IT, while we are forced to work on marginalized things. Meanwhile foreign private contractors get the govt deal since they are the "cheapest". Remember healthcare.gov, how does a country with the best programmers make such blunders ??

It will be expensive to increase training, provide certifications for security and create a open industry around security. But cyber security is as much or more important than other forms of defence. The reason for myopia is because its not as cool. Imagine if some spy infiltrated and stole physical copy of all the records of Govt personnel ??

Can a price be put on it ?

Unions and professional associations can mandate standards, and enforce use of those standards in contracts. Look at the bar for the legal profession, or the liability associated with a PE stamp.

The software world consists almost exclusively of at will employees and 1099 contractors. They ship whatever slop management demands, and have no recourse.

Yeah, look at the bar. Have the guys behind Prenda Law been disbarred yet?
It really is one of those bizarre things. I can't quite figure out how there's so much money in technology, and yet some common and ubiquitous (and crucial!) open source projects are so incredibly underfunded. There has to be a better solution to this?
I don't think I can agree with you, actually knowing some of the people that have had their information exposed, and I think it's pretty heartless to "be glad" that people are getting screwed over.
Of course, its horrible this happened.

But I have seen people treat computer security is some sort of joke.

I think it unacceptable this happened, but the US govt hasn't paid much attention securing itself from cyber attacks while spending billions on NSA wiretapping.

It's similar to the banking fraud. People in power need to taken accountable for not taking their jobs seriously.

and the realistic in me believes its impossible to make the people in power listen without some reasonably horrible thing from happening - things need to get worse before it gets better. Remember the amount of money the govt poured into the Iraq war due to the "perceived" threat.

But hey - they erase their disks 7 times and spike them before they throw them away - so we are safe now.
93% later we'd be able to stop worrying about hacking and love the open Internet.
Does anyone know if this affects immigration records, as I'm pretty sure they collect fingerprints and such?
This might well be the dumbest thing i've ever said on the internet, but extrapolating from "data on 7% of americans just got hacked" to the premise nothing is actually secure

a) What would happen if we embraced this and just made all information freely available?

b) Is one of the likely/possible end or transitional states of the human race, all information being freely available and presumably along with it, a more enlightened approach to dealing with it?

c) Are there any good sci-fi books where this is explored?

Interesting idea.

I think in a hypothetical situation where everyone had total info awareness you could make it work. If somebody uses your info to steal your identity or something, you'd know who it was and they would open themselves up to reprisal. Some equilibrium would be reached.

In the real world though, releasing 'everyone's' data wouldn't really do anything to protect any given person if somebody wanted to specifically target them and you also wouldn't know who perpetrated it so really you have a system in place that rewards the bad actors.

The 7% of Americans in question are a big, big deal. In an old-school Cold War context, this sort of thing would be considered nothing short of apocalyptic.

To answer your question, check out David Brin's original writings on "The Transparent Society." If this material were to be leaked in public, it would almost constitute a field trial of his thesis. It would take a serious act of restraint on the Federal government's part not to pull the plug on the whole Internet, or at least every plug they can reach.

Why don't you post your private bitcoin keys for your wallets, if you have any. Just to put your money where your mouth is.
You may need to reread the comment
You do realize that private keys only make sense as a security mechanism when kept secret, right? This system was never meant to work in a transparent environment, and using that as an argument against that proposed environment is flawed.

Should we not colonize Mars because airplanes don't work there?

a) would be a terrific outcome for future historians.
I've been a big supporter of total transparency for a while now. I probably have a hundred posts and comments about this very topic on HN and Reddit alone. My experience is that most people won't even consider the idea. Those who don't just assume it's trolling usually ask the same question: "Post your name, address, email address, phone number, social security number, credit card number, passwords here." and they believe it constitutes a valid argument. That's laughable.

Privacy only rewards liers and cheaters, and generally unreliable people. It leads to a world where kids tell their teachers what they want to hear, where politicians tell the population what they want to hear, where job candidates tell the interviewer what he wants to hear. You can't cheat, lie, manipulate and generate bullshit? Sorry, but that's an handicap in today's society.

We live in a world where it's expected of people to keep secrets and conceal the truth. It's your job to keep your house keys safe, keep your password safe. Wear clothes, makeup, wigs, get plastic surgeries if you need to. Never talk about your flaws, only share successes. You can't ask for help publicly, that would reveal you're imperfect. Keep it in, live in the closet. Oh, and be a white male.

Don't forget, one picture of you being drunk or smoking a joint, and your political carrier is over. I mean, the absence of such a picture would convince anyone that such a thing never happened.

The correlation between reality and what's publicly available is so ridiculously thin, that nobody really knows what truth is. And that's a bit scary.

I see people avoid using smartphones because "NSA". I see people browsing behind 7 proxies. I see people wasting considerable amount of time setting up encryption on everything they touch. Better delete my Facebook account right?

We will never win this race. It's unsustainable to try to keep that much information private. Technology favors entropy. It's time to embrace transparency.

>We will never win this race. It's unsustainable to try to keep that much information private. Technology favors entropy. It's time to embrace transparency.

How much transparency are you advocating for?

Privacy isn't just about protecting secrets. For instance, it can be inferred that married couples have sex in their bedrooms. That's not a secret. But if you ask them if you can plant a camera in their bedroom for the purposes of recording their sex lives, they would most certainly reject.

Are you advocating for transparency for facts, or transparency on everything?

> But if you ask them if you can plant a camera in their bedroom for the purposes of recording their sex lives, they would most certainly reject.

Of course they would reject. They've been brainwashed to think this is bad. And so was society. That will have to change.

I'm advocating total transparency. Everything.

When my sickly widowed grandmother makes a fruit cake for me, and asks me if I like it, I tell her yes. In your world, I'd have to tell her no. That's total transparency.

If people were truly good, total transparency would happen naturally. People wouldn't keep secrets because that's simply not the right thing to do. But that doesn't happen. People don't always do the right thing, and forcing total transparency won't stop that.

You could make the same arguments for having locks on doors. It would be nice if we lived in a society where we did not need them. When we have that society, we will have transparency too, but until then, I'm keeping my doors locked and my information encrypted.

You think that's optimal to lie to your grandmother?

People will stop lying when honesty and trust becomes the currency. And it will.

Thee is a change to western society that has been happening, but it is not the zero-privacy dystopia you are advocating for. The west is rather quickly transforming from a guilt bait's social norms from the guilt society[1] into a face (or shame) society[2].

> People will stop lying

I don't[3]. I already have a hard enough time remembering everything, and lies would only add to the crap I have to remember. Please don't assume everybody lies OR that "not lying" is anything close to the same set as "no privacy". Just because I tell the truth doesn't mean I don't maintain privacy for a variety of reasons.

The zero-privacy society you are advocating for has real world consequences to thing like racism, LGBT issues, and the like. Assuming that people wouldn't behave in these antisocial ways is delusional at best, because it presupposes that people act anywhere close to rationally. Wore, you have to remember that modern technology means that anything recorded sticks around ~forever. You are advocating for a society where people dig up ancient skeletons in someone's close just because they can. This is not hypothetical - an obvious example are the people in ?chan culture where bored teenagers SWAT[4] people "for the lulz"[5] It is laughable to think that that this kind of behavior will magically go away with more cameras.

In a society where every mistake you have ever made is recorded and available for critique is a society with extreme risk-avoidance (ass-covering) policies. The closet thing to this totally-open society we have today are the extreme forms of Calvinism (xian strict predestination) and the perverse incentive it creates to cover up and ignore problems.

Above all that, though, is the effect a lack of privacy has on experimentation and innovation: when people know they are being watched, they tend to not take risks or do things that make them stand out too much. This isn't just a Human behavior, either, as most mammals have similar reactions. You seem to see this effect as a good thing, while ignoring that private experimentation is a key part of how children grow and learn. Even into adulthood a lack of privacy raise stress and other mental health problems.

In a few hundred years, if society has learned to handle race, sexuality, poverty, mental health, and many of the other problems that cause the animosity, hatred, and violence we see today, we might be able to consider a are more open society. Until that time, an "open" society has real consequences for a lot of people. If you want to make such a future happen faster, I suggest you spend your efforts on actually trying to fix some of these problems, instead of assuming that everybody lives in a similar situation to your so you can pretend that hatred, racism, sexism, are just "brainwashing" that will magically go away if we could just get a camera into every bedroom.

[1] https://en.wikipedia.org/wiki/Guilt_society

[2] https://en.wikipedia.org/wiki/Shame_society

[3] I will add that while I have never had to test the extreme limits of "not lying", I have walked away from a job over a "lie or street" situation ( http://c2.com/cgi/wiki?LieOrStreet ).

[4] https://www.youtube.com/watch?v=TiW-BVPCbZk

[5] http://knowyourmeme.com/memes/i-did-it-for-the-lulz

You won't have to remember that people cheat or lie. The currency system takes care of it.

Lying is a crime. Refusing to communicate is an hindrance. Fortunately, the incentives for being transparent will far out-weight any benefit privacy could provide.

Privacy is why racism and LGBH issues exist in the first place. Tolerance sets in very quickly when constantly exposed to reality.

Likewise, privacy sustains the need to hide skeleton in the closet and conceal past mistakes. When everyone is exposed, it just becomes commonplace and they're not that remarkable anymore. If anything, it will be easier to understand why and how mistakes happen, and we'll be able to reduce their occurrence significantly. Today, the worst problems/mistakes are those people are working the hardest to conceal. Don't you see how that's a problem?

Privacy doesn't cure the underlying fear of being exposed. It gives you a sensation of safety in a society that's inherently broken. No wonder shameless people are so successful. Privacy, again, is the cause of that imbalance. Get rid of privacy, and people will start accepting the imperfect person they are.

I'm not advocating a complete switch today. I need people to understand that privacy is not a sustainable long-term solution, and that we need to make important changes to society that will facilitate the eventual switch to total transparency. It's not like you have a choice, transparency will be imposed on you whether you want it or not. The sooner you take steps to facilitate and embrace the switch, the easier and smoother the process will be.

A good analogy for that is fossil fuel. I don't suggest that everyone switch to electric cars today, but we have to take steps to prepare for an eventual switch. Like privacy, we can only use so much fossil fuel before it's gone.

Tolerance sets in very quickly when constantly exposed to reality.

Alternatively, those who are unacceptably different to the majority are exterminated. I don't think I like that.

>That's laughable.

How is it laughable to expect you to practice what you preach? Particularly given your very next sentence in which you state privacy only rewards liers and cheaters, and generally unreliable people. You leave no room there for the possibility that privacy is anything but an immoral act.

So which is it? are you a liar, a cheater, and generally unreliable, or do you simply, rationally not want people to empty out your bank account?

Explain your hypocrisy and maybe people will take you more seriously. If it's simply a fact that there is no system of absolute transparency in place and, currently, privacy has practical value then that would seem to contradict the absolute terms in which you frame your own narrative. Would it not be better to recognize that there are situations for which personal privacy can have benefits to society and not look forward to throwing the baby out with the bathwater?

There is a big difference between a world in which privacy is difficult and one in which it's impossible by mandate. Advocating the latter as being not only good, but inevitable, sounds fascistic, because it would have to be forced onto people, and maintained by violence. I will never voluntarily choose to live in such a world, so someone will have to make it illegal to put locks on my doors and passwords on my personal accounts. They will have to force me to live in a world where the choice to do otherwise is impossible, because that kind of a system isn't necessarily an inevitable outgrowth of technological progress.

I'm being extremist for the sake of argument and consistency. I don't recommend you go out and live a completely transparent life today when the rest of society is not ready. So many things in today's society rely on some expectation of privacy, which currently makes the transition impractical. An example of that is private key cryptography.

Although not very good at it, my purpose here is to bring awareness to the unsustainable nature of privacy, and demonstrate some benefits of transparency. I want people to adopt a long-term outlook and eventually reach these conclusions themselves. I've been thinking about that a lot, playing the devil's advocate for both sides, and I honestly can't see anything good coming from this reliance on privacy. I have some trouble understanding how that's not obvious to more people.

Many people on HN are looking for problems to solve, but have trouble finding them. I've often claimed that problems are some of the easiest things to find, and I'll show you an example here. Privacy is like a band-aid. It doesn't solve the underlying cause of problems. It just makes the problem go away, out of sight out of mind. It quickly became the go-to way to fix non-trivial problems, usually through some kind of law enforcement. Exactly like SOPA/PIPA, patents, copyrights, and censorship in general. I don't know why these things have different names, because they're all exactly the same things. And I mean exactly.

When privacy is hypothetically removed, people come up with a ton of potential problems. Private key encryption is one of them ("people will know your password"). The business opportunity here would be to to allow authentication, prevent fraud, and maybe secure systems without the use of password or secret keys. I said "maybe" because we probably should re-evaluate the concept of private property in the first place (which could reduce our reliance on security, for example).

I'm not throwing the baby out with the bathwater. If you understand privacy as being intrinsically valuable, then it might look like it. But my argument goes beyond that. My claim is that privacy has no intrinsic value, and is actually evil. I'm not giving up on privacy because it's too hard, I'm actively trying to get rid of it. Even if we had some magic that would lead to perfect security and privacy, I would advocate against it.

Let's make something else clear. I value freedom enormously, and I'm strictly opposed to coercion. Nobody will be forced to be transparent if they decide not to. They can build their houses out of tin if they don't want people to spy on them using thermal vision. You will be allowed to lie if you want. The only difference, is that people will remember that you lied, or didn't cooperate into sharing valuable facts, and that will hurt your reputation. In a future where your reputation is everything, you will have difficulty finding people that will trust you and accept to do business with you. Selfishness, while a totally legal choice, likely won't be rewarded.

Can you explain why asking you to be transparent about your personally identifiable information is laughable?

Also: privacy isn't about reward and personal power, it's about reducing risk - specifically, the risk that those with power over you are able to manipulate your future in ways you cannot defend against.

There is a distinct difference between the reward and the risk mitigation that privacy can bring, and I fear that's the aspect of the argument that you will never understand.

> Are there any good sci-fi books where this is explored?

Marshall Brain's Manna[0]. It goes into the recursive effects of "anytime anyone accesses information, that access is publicly logged" as well.

Though in my view the story hasn't held up very well over the past 12 years, compared to great scifi with similar tropes, such as Egan's Permutation City[1] or older Stephenson. In some ways that's due to a less intense writing style; in other ways it's due to parts that have essentially come true, making them seem retrospectively like "bad scifi".

Egan's description of mind-merging in Closer[2] might also be of some interest, as it explores the conceptual overlap between intimacy and real-time mutual information access.

[0] http://marshallbrain.com/manna1.htm

[1] https://en.wikipedia.org/wiki/Permutation_City

[2] http://eidolon.net/?story=Closer&pagetitle=Closer&section=fi...

" What would happen if we embraced this and just made all information freely available?"

Included in that 7% of the OPM data theft: Intelligence applications, their private data (names, DOB, medical & psych evaluations), interviews of referees, personal information and possibly assessments.

This is a serious breach.

(comment deleted)
So wait a minute. Why couldn't this have been the NSA? I'm sure the NSA has no automatic right to at least some of that data. And if they're investigating someone (or everyone), breaking in would be their style, right?

Wouldn't it be really valuable to them to zip together what they already have, and what's in the OPM data, to create more links and associations?