2015 should have been the end of Ashley Madison.
In August, the infamous “cheating website” was the target of a horrific cyber attack that led to the unprecedented leak of 33 million users’ information—including their names, email addresses, and passwords. The fallout was seemingly catastrophic: The leaks were allegedly linked to the suicides of multiple Ashley Madison users whose identities were “exposed” in the hack, including a Baptist minister in New Orleans, and numerous lawsuits were filed against the company.
But if they say that all press is good press, the hacks didn’t hurt business. In fact, they only helped. In the three days following the leaks, CNN reported that Ashley Madison actually added 400,000 users. CNN’s David Goldman argued that the surge was a blip, but the company recently reported that 4 million more have joined the site since the attack. As it stands today, Ashley Madison is actually bigger than ever.
How is it possible that a company can compromise the data of 33 million people and still turn a profit? The easy answer is that cheaters are going to cheat, but for a more telling rejoinder, just ask Target. The popular big box store was the victim of its own massive security breach in 2014. The credit card information of 40 million customers was stolen by hackers, but strangely, it didn’t deter shoppers. According to Time magazine, the retailer’s holiday revenue actually outpaced expectations that year by $14 million, with sales totaling $17.73 billion.
How is it possible that a company can compromise the data of 33 million people and still turn a profit?
In the past decade, these hacks have increasingly become the norm—from the 2014 hacks of Home Depot and Sony to reports from the Department of Health and Human Services that the health care information of 120 million Americans had been leaked in numerous breaches since 2009. That ubiquity breeds complacency: Customers don’t care about security, so much so that we’re willing to put ourselves continually at risk for future attacks, no matter how big the gamble.
You don’t have to follow the money to see that customers are awfully blasé about their privacy and the safety of their own data. In a 2014 poll from the Unisys Security Index, which surveys consumers about their behavior, 34 percent of respondents weren’t worried at all about about whether hackers could access their online transactions. Those numbers increase dramatically when surveying millennials: According to a 2014 report from TrackVia, 60 percent of digital natives the company polled weren’t worried about their mobile security—such as when using smartphone applications.
I’m one such millennial, and I’m just as guilty as the rest. In July, I wrote about Venmo, a peer-to-peer mobile payment application plagued with security issues, advocating that users uninstall the service. I made plans to delete it after writing the piece, but I never got around to it, simply because Venmo is nothing but a drop in the bucket. Currently, eight apps on my phone are linked to my credit card, and I regularly use my card to make purchases on Amazon, as well as a number of other online retailers.
I’ve so gotten used to putting myself at risk for identity theft that when I thought someone hacked my Uber last week (it was just a glitch), I was barely upset by it. I was more bothered by the fact that I really wasn’t bothered at all.
Although many cite the signing of the PATRIOT Act following the Sept. 11 attacks as shifting expectations of our own privacy, the Atlantic’s Gregory Ferenstein argues that Americans have always accepted the idea that someone might be listening to our calls. “Time and time again, with the invention of new technologies, humanity has opted for low cost, convenience, or fame over privacy,” Ferenstein writes. In the 1940s, party lines became popular as a cheap alternative to more expensive private lines. Residents of an apartment complex, for instance, might share a single phone line, meaning that eavesdropping was a fact of life.
If companies are relying on consumer will to force their hands into creating more secure network, things are unlikely to change.
The same is true both for customers’ personal privacy, as well as the entire cybersecurity industry. Venmo users would rather keep their accounts active (after all, everyone’s doing it!) than be burdened with the inconvenience of carrying cash or splitting a bill at the restaurant the old-fashioned way. Humans are notoriously bad at calculating long-term risks—customers are driven to do what feels simpler today than what might be less of a headache in the long run.
And companies like The Home Depot and Sony think the exact same way. While they have long known that security is a problem, there’s been little incentive to invest in fixing it. “The industry remains reluctant to spend the money needed to upgrade their aging equipment—especially in the absence of much pressure from the U.S. government, regulators or shareholders,” according to Reuters.
If companies are relying on consumer will to force their hands into creating more secure network, things are unlikely to change. Although CNN’s David Goldman argues that the Ashley Madison suits are a major turning point—and might force other businesses to take privacy more seriously—others say the cases are likely to go nowhere fast. Ashley Madison had long warned users about security risks, and Match.com beat similar lawsuits on the grounds that it disclosed the potentiality for hacks in its service agreement.
If precedent and the current state of privacy culture is on privacy’s side, I wouldn’t be surprised to see Ashley Madison—and similar sites—continue to grow in 2015. We can point the finger at cheaters for their seemingly insatiable desires, but all we really have to blame are ourselves.
Nico Lang is a Meryl Streep enthusiast, critic, and essayist. You can read his work on Salon, Rolling Stone, and the Guardian. He’s also the author of “The Young People Who Traverse Dimensions” and the co-editor of the bestsellingBOYSanthology series.