Everybody’s private information would be worth a different amount if you were talking sheer economic value. A poor persons would be very little, a rich person would be worth very much.
I'm talking about the lawyers who initiated, orchestrated, and covered all costs associated with the class action lawsuit.
They typically get ~30% of the announced settlement. The headline figure in this case was $5M, so the lawyers likely got ~$1.5M.
That has nothing to do with the worth of each victim's information.
However, an institution like an university requires a bit more, like a copy my ID or a photo. And based on their attitude, I'm sure they'll get hacked sooner or later. Their IT is either outsourced or understaffed and of mediocre quality. The fact than noone broke in (?) is because nobody cared that much.
The US banking system has some blame here as well, just knowing someone’s bank account details shouldn’t let anyone transfer money out of it. IBAN system is quite good at this, that people just share their account numbers with each other and even some merchants like restaurants accept payment through IBAN.
It's also about the number of applications being made across the campus, so I don't know how much a handful of people can review or improve things. Every department and school has multiple applications written by students or enthusiastic faculty members, or purchased from various vendors.
Seeing an environment like this, one could quickly assume, somehow correctly, they're just hired to be the neck to hang, and not make much changes.
A tangent, but I had the same thing with my university. I wonder how common this is, and if google is the common thread...
"Tír gan teanga, tír gan anam"
This is a public University, they likely outsource some of their IT and somewhere a data breach happened. This data breach apparently affected all employees and students/former students. The faceless "they" the author is blaming in all likelihood was effected more drastically than him.
The 30 dollars is not a payment for the data. It is a compensation for the damages, something which the author admits are likely zero, as previous data breaches already impacted him more drastically.
What should the university have done? 30 dollars seem reasonable for the damage caused.
They should have not collected any more data than they needed, deleted the data they had the instant it wasn't absolutely required, and securely stored all data they truly had to retain. It really isn't that hard to do those things, it's just harder (and more expensive) than not giving a shit, but universities (and just about everyone else hoovering up your private data) just don't give a shit about you and they know they'll get away with it when their negligence/incompetence results in a breach.
The fact that in this instance the breach may have also impacted some of the same people who decided to be so massively irresponsible doesn't change anything.
If I was (and have been) subject to a data breach, I can guarantee the damages involved are not zero. Even if no specific fraud has taken place (yet).
Time is money.
Planet money did a a great segment on how these work and why America is set up this way. I learned a lot about it. You should definitely take a listen[1]. If you aren’t on Apple then search “What to do when you’re in a class action?” And find the podcast (not the summary article).
1: https://podcasts.apple.com/us/podcast/planet-money/id2907834...
"IF YOU DO NOTHING
Get no benefits. Give up your rights to sue the University over the legal claims in this case."
Let's say someone offers $X, and in return they post on a public website your name, address, date of birth, Social Security number and employer. Not a lifetime feed, but a single snapshot of this information taken between 4 and 36 years ago, to match the details of this university leak. Maybe some additional info like what grades you got, but not your financial or health history. This offer is made to all adult Americans.
What would X need to be? I suspect the vast majority of Americans accept this at $10,000. And a very significant number take it at $100, or in return for access to a trendy new social network or a discounted television or similar.
I'd take this offer for some five figure sum, which would not be a life changing amount to me. It's a complicating factor that SSNs are traditionally a vector for fraud, but that would go away once people take this offer.
So from your perspective, the net value of the information is negative. Very negative in most cases.
The power of this model is the adversarial aspect. If there's 2 stores, especially online, and store A knows this info it can be 10% more expensive and grow faster than store B. Which means stores can't choose not to pay, it's a losing proposition and these businesses will die if advertising works even a little bit.
This aspect is why Google, and everyone, want AI to "fight" over everything: the adversarial aspect. Because for any particular purpose, OCR, or even making entire movies, there's a level of AI that's "good enough". Google or Facebook might reach that level 6 months earlier than everyone else (I would have said 10 years earlier 5 years ago, but even OpenAI's advantage has has shrunk to 2-3 months now, so I feel 6 months is generous), and I'm sure that'll be a good business ... for 6 months, if done well. But if you can create a fight where the best AI wins, then AI is worth the highest amount anyone will offer ...
If it does significantly boost the amount of money spent and thus the velocity of money, should governments consider publishing everyone's PII as a way to stimulate economic growth?
That's why Google is receiving more money than the information is worth.
Fullz + Passport/DL + Selfie: $80 – $150
disclaimer: I work in tech/trend analysis
Paying for a wrongful action is taking reponsibility and compensating. But also "for the damage they caused" - what's the damage if the info is already out there?
> The basic problem is that they do not care about us.
True, of course, but the basic problem is different - "apology" costs more due to the way the legal system is set up, "nothing more". Otherwise you'd get your empty apologies left and right, though strang that you value that more than compensation. Empty words cost even less than $30 (unless, of course, there is a system to make them legally potentially cost more)
What I mean is that for an institution of higher education and intellectual research, the bar for ethical action should be higher. An apology (with guarantees and plans for improvement with oversight) is better than put a low price and call it cost of doing business. The damages or negative consequences are going to happen no matter what as information is already out there.
My point is not about the money that as person I would get or not. My personal private information is mine and should be protected and the law require that. If anyone consider that it is worthless or not is irrelevant. And because the affect does happen on a scale. This breach for example affect probably close to 200k or more (maybe much more).
My point is we shouldn't normalize that, just if "corruption" is widespread in a place then we should fight it not just say this is how things works. Same thing should happen here. And we should hold people responsible for the decisions liable. This way the simple decision of ignoring cybersecurity or outsource to the lowest bidder suddenly becomes unattractive.
Also I don't understand the logic is that because I got "abused metaphorically" before then it is not a big deal if this happens to me again. Why do we accept this in such case and not in others? And actually in my particular case, the university breach was probably the first breach of my personal information (others happen later). why would that change anything?
Who is the highest paid state employee in Minnesota? Hint: he works for umn.edu … [1]
Who controls the largest budget at umn?
Who drives the largest revenue for the state university program and hires and fires the other highest paid employees of the state?
I am sorry to say that your expectations of the sports media enterprise that happens to also be a university are misplaced.
Big conference universities are development leagues for the NFL and that is where expectations for behavior should be calibrated.
[1] PJ Fleck - $7M annual salary in 2025.
How when this is a 0 price of doing business? And there is a plan: "the University has increased its vigilance in securing information that it maintains", after all "The safety and privacy of all members of the University community are a top priority" https://system.umn.edu/data-incident (this is from 23, not 21). And I'm sure there is some admin position for "oversight"! So if you're after empty words, they have those in spades! And would add the apology you requested if not for the extra legal cost, so I don't see how any of that is better.
> Also I don't understand the logic
Because you've perverted the logic from into some vague metaphorical abuse that can harm every time it happens.
> Why do we accept this in such case and not in others?
We don't because settlements such as this do not depend on whether the info is already public, so you get paid regardless. But also because in such case there is no harm (info is already public), and in other cases there is.
> why would that change anything?
for the exact same reason - because harm depends on the first publishing and you were talking about compensating for harm
It is my opinion that, as with anything that can be copied infinitely for free, his (and my) personal information is worth $0.
This would include all software, every movie, song, book, photograph, and TV show available anywhere. I'm glad that the rest of society has decided to place the value of those types of things a little higher than you do.
The multi-billion dollar a year industry of buying and selling our most personal data only exists because that data isn't worthless. It's extremely valuable, even yours, and the fact that others are using it will end up costing you again and again throughout your life, often monetarily.
Weirdly enough, the people who were most vocal about this so called "Free Market" were the people who tried to defend their ability to make money from things that can be copied infinitely with almost zero overhead.
This isn't an opinion on whether or not digital media should be free, it's a statement about digital media being completely incompatible with outdated economic theories.
The person you're replying to may actually believe that his personal information should be worth $0. The only reason it's not is because it can be used for targeted advertising and a bunch of even more horribly dystopian purposes.
So, the fact is you're both correct. Personal data should be worthless (in fact, it should be only available with the permission of the "person") if not for bad actors profiting from the purchase and sale of this data.
The broken economic theories of free market economics state that digital media should be worthless, except that current laws and regulations extend out-dated intellectual property laws to protect incumbent distributors and rights holders (this only rarely actually protects the creators of the media). The idealistic goal of the creators profiting from their creations has been corrupted beyond recognition.
Basically, the things you both are discussing are both nuanced and broken. They exist outside of the context you're putting them in.
This is such a willfully ignorant take, it’s wild. Anyone who has a cursory understanding of game theory can see that if this were true a simple recursion would occur:
1. Everyone would pirate movies/tv/books. 2. There would be $0 in producing media. 3. Significantly less media would be produced. Anything capital intensive would be gone. 4. Demand for anything that could be produced would skyrocket. Imagine putting together a blockbuster film when the world hasn’t seen one in a century. 5. People would pay money for the product of 4.
Just because we can get something for $0 doesn’t make it worth $0. I could enslave my neighbors and make them work for me, that doesn’t make human labor worth $0.
People should exchange money for digital goods. That money should go primarily to the creators of those goods. None of this is happening very much, and it's actually moving in the wrong direction.
We’re actually largely in agreement, especially about content creators deserving compensation and the fact that distribution is vacuuming up most of it.
I realize I’m responding to an account created four minutes ago but… the output of nearly all work done on a computer meets this criteria. Is all work done on a computer worth $0 in your view?
Yes. Also, this website is very pro-piracy, which means they generally agree with me. (Saying this last part because by mentioning the age of my account it seems you're accusing me of being a troll,)
However I can think of plenty I’d do with the model weights for ChatGPT, Claude or Gemini. Can’t you?
I can go on with hundreds of examples. The Waymo source and models, as another example. Enumerating everything would detract from the message so I’ll stop here.
You piqued my interest. I’d like to learn more about that.
That's how people gave their privacy away to apps - they've realized this is the best deal they can get for it. Conversely, when the court tries to estimate what is the financial impact of such a leak, there's not much to base it off.
I've just finished The Age of Surveillance Capitalism and it's ridiculous how Google et Al were able to profit from these scraps we gave them. So maybe the value could be higher?
I wonder how much things would cost if we cut out the entire multibillion dollar advertising industry and just paid for things directly.
Edit: iirc that was about $750
They valued it in terms of legal fees and possible "compensation" (yay dad is dead but we got 5k), no lawsuit and your value is exaclty zero.
I mean, I put a price on the value of my own life, and even on the value of the life of my children. Hence why I'll take a car trip instead of always aiming to fly on a commercial common carrier, even though the latter would be safer.