Imagine that Silicon Valley’s nightmare comes true: The bubble bursts. Unicorns fall to their knees. The tech giants that once fought to attract talented developers with mini-golf and craft beer scramble to put out fires.
This is the setting of a cyber-doomsday scenario developed by researchers at Berkeley’s Center for Long-Term Cybersecurity and published last month. They gamed out five different scenarios based on current trends in online security—and this one is by far the most alarming.
If stock prices plunge, the researchers ask, what will be left of the Facebooks and Twitters of the world? Like a broken-down car that can only be scrapped for parts, the only thing worth salvaging from the shells of former tech companies may be user data.
In their report, the researchers imagine a slow start to the tailspin that eventually leads to the collapse of our current Internet Age. It starts with a disillusionment with Silicon Valley (“When did we stop trying to change the world and instead just make indulgent products for rich 30-year-old singles?”) and subsequent developer exodus to Asia. Europe starts regulating technology even more aggressively, and investors start rolling their eyes at buzzwords like “innovation.” Finally, some outside event—a revolution overseas, a contentious election—shakes up markets, and the collapse begins. Stock prices soon fall by 90 percent.
Desperate companies will resort, if they can, to selling the detailed data they’ve meticulously collected about their users—whether it’s personally identifiable information, data about preferences, habits, and hobbies, or national-security files. That data, formerly walled-off and spoon-fed only to paying advertisers, would be attractive to both licit and criminal buyers. Easily searchable datasets could generate new innovations and investments—but it would be difficult to know who’s buying up sensitive datasets, and why.
If contracts and privacy policies prevent a floundering company from selling user data, there’s still another way to profit. Most privacy policies that promise not to sell user data include a caveat in case of bankruptcy or sale. In fact, a New York Times analysis of the top 100 websites in the U.S. last year found that 85 of them include clauses in their privacy policies like this one from Facebook:
If the ownership or control of all or part of our Services or their assets changes, we may transfer your information to the new owner.
This is the virtual equivalent of a beater getting hauled to the junkyard. If a Facebook-like social media company can’t legally sell off its data, then it may just sell itself in order to cut its losses. Among the post-crash rubble, the principal value that a potential buyer might see in snapping up the company is its data. It’s like an acquisition hire, but for a huge and detailed dataset.
This wasn’t the FTC’s first such intervention, either: In 2000, the commission sued a website called Toysmart.com for deceptive data practices. That case is what led many companies to add language about selling data to their privacy policies in the first place.
It’s one thing for federal regulators to keep an eye out for consumer data when a big retailer or tech company folds every few years. But in the event of a crash, it’s unlikely the FTC would be able to keep up with the sheer number of previously overvalued data-rich companies offering themselves up for sale. If that’s the case, the post-bubble technology industry will take your data down with it as it slips beneath the waves.