App Security Project Reacts to Outabox Hack
For Immediate Release
Contact: Kara Zupkus, (224) 456-0257
Washington, D.C. – The App Security Project of the Taxpayers Protection Alliance Foundation (TPAF) is responding to yesterday’s news that third-party IT vendor Outabox, which provided identity-verification services to Australian hospitality venues, fell victim to a data breach, potentially compromising the data of more than a million customers. A website purporting to belong to the hackers has threatened to release these records and claims the victims include senior government officials.
TPAF policy analyst David McGarry offered the following comment:
“The Outabox hack gives the lie to the dubious claim that third-party services nullify the privacy risks that are inherent to age and identity verification. The fact remains that aggregating user data – especially sensitive, personal user data – provides attractive targets for cybercriminals, leading invariably to data breaches. As an international cadre of experts has acknowledged, there is no existing technology that is widely applicable, sufficiently reliable, and privacy-protective.
“In recent years, a loud chorus of voices has advanced the claim that technology has advanced and that jurisprudence ruling online age-verification mandates to be an unconstitutional burden on adults’ online speech rights is obsolete. This is nonsense, as privacy and free-speech advocates have argued ad nauseum. The risks attending age verification remain dire, and the rock-solid precedent courts have set on these matters remains valid. Government attempts to condition access to fundamental speech rights on Americans’ acquiescence to privacy-violative verification regimes violate the First Amendment many times over.
“Nonetheless, lawmakers in Washington, D.C. and in statehouses have persisted in advancing age-verification mandates. While generally well-intentioned, these proposals fail to grasp the basics of the technologies they seek to regulate. Lawmakers should learn from other countries’ mistakes, not attempt to codify those mistakes in U.S. statute.”
Published on May 2, 2024