Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Thursday January 11, @08:14AM   Printer-friendly
from the A-stitch-in-time-saves-nine dept.

The BBC reports that the Information Commissioner’s Office has fined a company, “Carphone Warehouse”, (a retailer of cell phones) £400,000 (about $540,000 dollars) over “systemic failures” which allowed hackers to gain access “to personal data of more than three million customers and 1,000 employees.”

According to the BBC: “The Information Commissioner, Elizabeth Denham, said: ‘A company as large, well-resourced, and established as Carphone Warehouse, should have been actively assessing its data security systems, and ensuring systems were robust and not vulnerable to such attacks.’ “

Should the U.S. Government enact fines and other measures against companies that fail to implement “rudimentary, commonplace measures" for security?


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 2, Insightful) by rylyeh on Thursday January 11, @08:54AM (4 children)

    by rylyeh (6726) Subscriber Badge <reversethis-{moc.liamg} {ta} {htadak}> on Thursday January 11, @08:54AM (#620850)

    Yup!

    --
    don’t tell nobody, but I swar ter Gawd thet picter begun ta make me hungry fer victuals I couldn’t raise nor buy—
    • (Score: 1) by Barenflimski on Thursday January 11, @09:37AM

      by Barenflimski (6836) on Thursday January 11, @09:37AM (#620862)

      That is a great outcome. There needs to be some pressure to secure things. We lock our warehouse doors, why not the doors to the nerve center?

      I do worry about the pendulum, as lawsuits are filed over the simplest mistakes, possibly even a patch someone didn't apply for some reason that makes sense.

    • (Score: 4, Funny) by c0lo on Thursday January 11, @10:24AM (2 children)

      by c0lo (156) Subscriber Badge on Thursday January 11, @10:24AM (#620872)

      Nope. Regulation eats babies, kill puppies and skin cats.
      More regulation will eat more babies, kill more puppies and skin more cats.
      Something-something nanny state.

      Ah sorry, just in case... (GRIN)

      • (Score: 0) by Anonymous Coward on Thursday January 11, @09:36PM (1 child)

        by Anonymous Coward on Thursday January 11, @09:36PM (#621108)

        Did the Market replace you with khallow when we weren't looking?

        • (Score: 2) by c0lo on Thursday January 11, @11:36PM

          by c0lo (156) Subscriber Badge on Thursday January 11, @11:36PM (#621180)

          Did the Market replace you with khallow when we weren't looking?

          The other way 'round. It was me that replaced khallow when you (and him) weren't looking.

          Ummm... let us note (grin) I'm not pretending I'm doing a great job
          (doing that would be contrary to my purposes)

  • (Score: 3, Insightful) by Anonymous Coward on Thursday January 11, @09:44AM (2 children)

    by Anonymous Coward on Thursday January 11, @09:44AM (#620866)

    This is in the same category as companies dumping their costs on society such as pollution. They take the profits and leave society to deal with the costs.
    Pollution is an easy example, but poorly protected large databases of everyone and everything is also a societal cost. Next are IoT devices with broken security models and a bunch of other consumer items and services.

    Or to put it in a car analogy: Company adds an entertainment system with wifi to its car, but does not separate it from critical components. The thing has poor or no security, gets hacked and causes car crashes. Having them repay the car is one things, but all time lost from the ensuing traffic?

    You can argue it's the hackers fault, and I would also agree to that, shared blame/responsibility. But when you start creating high value targets for criminals, such as banks, jewelry stores, large databases, the reasonable expectation is that you invest in its security.

    • (Score: 5, Insightful) by Wootery on Thursday January 11, @11:12AM

      by Wootery (2341) on Thursday January 11, @11:12AM (#620883)

      This is in the same category as companies dumping their costs on society such as pollution.

      Correct. It's what economists call an externality - others bear the cost, so it introduces perverse incentives. Another example is the banker who stands to get a big bonus with a high-risk investment, but who won't lose anything if it falls through.

      Related: Eben Moglen's interpretation of privacy as ecological, rather than a transactional. [snowdenandthefuture.info]

      You can argue it's the hackers fault, and I would also agree to that, shared blame/responsibility.

      'Fault' refers to more than one thing, here. Of course the attacker is to blame for attacking, but there's a duty on the part of the car company (in your example) to make a product that is fit-for-purpose. Security is a big part of that. Negligence is morally condemnable.

      To put it another way, the car company is not a morally blameless victim. Another hypothetical for contrast: If you walk down a dark alley in a high-crime neighbourhood and you get mugged, then your behaviour was unwise, but not morally condemnable. Only your attacker's behaviour is morally condemnable. Not so in the car example, where the car company made the decision to be negligent, which is in itself condemnable.

    • (Score: 0) by Anonymous Coward on Thursday January 11, @11:24AM

      by Anonymous Coward on Thursday January 11, @11:24AM (#620891)

      Pollution is a good analogy to privacy violation, thank you.

      Glad to see the UK making a good decision.

  • (Score: 1, Insightful) by Anonymous Coward on Thursday January 11, @11:16AM

    by Anonymous Coward on Thursday January 11, @11:16AM (#620886)

    That's a nice word. It sounds so benign.
    Like someone forgot something.
    Not like someone allowed a database with millions of entries containing personal information to be copied...repeatedly. ..

  • (Score: 1, Informative) by Anonymous Coward on Thursday January 11, @11:50AM (2 children)

    by Anonymous Coward on Thursday January 11, @11:50AM (#620898)

    ... so, the ICO considers that in the UK, one person's data is worth about half a crown.

    • (Score: 3, Funny) by WizardFusion on Thursday January 11, @01:05PM (1 child)

      by WizardFusion (498) Subscriber Badge on Thursday January 11, @01:05PM (#620915) Journal

      ...and here I was thinking I was worthless.

      • (Score: 3, Funny) by tibman on Thursday January 11, @07:03PM

        by tibman (134) Subscriber Badge on Thursday January 11, @07:03PM (#621039)

        That half a crown is just an average.. : P

        --
        SN won't survive on lurkers alone. Write comments.
  • (Score: 3, Funny) by MichaelDavidCrawford on Thursday January 11, @05:21PM (1 child)

    Just ask realDonaldTrump.

    --
    "You, Michael David Crawford, you are helping to destroy America."
    -- Anonymous Coward
    • (Score: 2) by Wootery on Friday January 12, @10:28AM

      by Wootery (2341) on Friday January 12, @10:28AM (#621328)

      I guess he's on holiday again.

  • (Score: 0) by Anonymous Coward on Thursday January 11, @06:38PM

    by Anonymous Coward on Thursday January 11, @06:38PM (#621025)

    "Should the U.S. Government enact fines and other measures against companies that fail to implement “rudimentary, commonplace measures" for security?"

    sure, right after they fix all their own shit. the irs alone "loses" ~20 billion a year to "fraud". that's just like some scumbag loser debt collector calling to give you shit because some string of dumbass companies let some dumbass thieves steal "your identity" and then some dumb ass paycheck loan company loaned money to them. @#%$ all these @#%$^ and the dumbass slaves who whine for the incompetent criminals in government to save them. if consumers are too stupid to not do business with these stupid #$%^ companies then they deserve to be robbed blind.

(1)