18/01/11/0149257 story
posted by martyb on Thursday January 11, @08:14AM
from the A-stitch-in-time-saves-nine dept.
The BBC reports that the Information Commissioner’s Office has fined a company, “Carphone Warehouse”, (a retailer of cell phones) £400,000 (about $540,000 dollars) over “systemic failures” which allowed hackers to gain access “to personal data of more than three million customers and 1,000 employees.”
According to the BBC: “The Information Commissioner, Elizabeth Denham, said: ‘A company as large, well-resourced, and established as Carphone Warehouse, should have been actively assessing its data security systems, and ensuring systems were robust and not vulnerable to such attacks.’ “
Should the U.S. Government enact fines and other measures against companies that fail to implement “rudimentary, commonplace measures" for security?
(Score: 0, Redundant) by rylyeh on Thursday January 11, @08:54AM (2 children)
Yup!
(Score: 1) by Barenflimski on Thursday January 11, @09:37AM
That is a great outcome. There needs to be some pressure to secure things. We lock our warehouse doors, why not the doors to the nerve center?
I do worry about the pendulum, as lawsuits are filed over the simplest mistakes, possibly even a patch someone didn't apply for some reason that makes sense.
(Score: 2) by c0lo on Thursday January 11, @10:24AM
Nope. Regulation eats babies, kill puppies and skin cats.
More regulation will eat more babies, kill more puppies and skin more cats.
Something-something nanny state.
Ah sorry, just in case... (GRIN)
(Score: 1, Insightful) by Anonymous Coward on Thursday January 11, @09:44AM (2 children)
This is in the same category as companies dumping their costs on society such as pollution. They take the profits and leave society to deal with the costs.
Pollution is an easy example, but poorly protected large databases of everyone and everything is also a societal cost. Next are IoT devices with broken security models and a bunch of other consumer items and services.
Or to put it in a car analogy: Company adds an entertainment system with wifi to its car, but does not separate it from critical components. The thing has poor or no security, gets hacked and causes car crashes. Having them repay the car is one things, but all time lost from the ensuing traffic?
You can argue it's the hackers fault, and I would also agree to that, shared blame/responsibility. But when you start creating high value targets for criminals, such as banks, jewelry stores, large databases, the reasonable expectation is that you invest in its security.
(Score: 2) by Wootery on Thursday January 11, @11:12AM
Correct. It's what economists call an externality - others bear the cost, so it introduces perverse incentives. Another example is the banker who stands to get a big bonus with a high-risk investment, but who won't lose anything if it falls through.
Related: Eben Moglen's interpretation of privacy as ecological, rather than a transactional. [snowdenandthefuture.info]
'Fault' refers to more than one thing, here. Of course the attacker is to blame for attacking, but there's a duty on the part of the car company (in your example) to make a product that is fit-for-purpose. Security is a big part of that. Negligence is morally condemnable.
To put it another way, the car company is not a morally blameless victim. Another hypothetical for contrast: If you walk down a dark alley in a high-crime neighbourhood and you get mugged, then your behaviour was unwise, but not morally condemnable. Only your attacker's behaviour is morally condemnable. Not so in the car example, where the car company made the decision to be negligent, which is in itself condemnable.
(Score: 0) by Anonymous Coward on Thursday January 11, @11:24AM
Pollution is a good analogy to privacy violation, thank you.
Glad to see the UK making a good decision.
(Score: 0) by Anonymous Coward on Thursday January 11, @11:16AM
That's a nice word. It sounds so benign.
Like someone forgot something.
Not like someone allowed a database with millions of entries containing personal information to be copied...repeatedly. ..
(Score: 0) by Anonymous Coward on Thursday January 11, @11:50AM (1 child)
... so, the ICO considers that in the UK, one person's data is worth about half a crown.
(Score: 2) by WizardFusion on Thursday January 11, @01:05PM
...and here I was thinking I was worthless.
