The BBC reports that the Information Commissioner’s Office has fined a company, “Carphone Warehouse”, (a retailer of cell phones) £400,000 (about $540,000 dollars) over “systemic failures” which allowed hackers to gain access “to personal data of more than three million customers and 1,000 employees.”
According to the BBC: “The Information Commissioner, Elizabeth Denham, said: ‘A company as large, well-resourced, and established as Carphone Warehouse, should have been actively assessing its data security systems, and ensuring systems were robust and not vulnerable to such attacks.’ “
Should the U.S. Government enact fines and other measures against companies that fail to implement “rudimentary, commonplace measures" for security?
(Score: 2, Insightful) by rylyeh on Thursday January 11 2018, @08:54AM (4 children)
Yup!
"a vast crenulate shell wherein rode the grey and awful form of primal Nodens, Lord of the Great Abyss."
(Score: 1) by Barenflimski on Thursday January 11 2018, @09:37AM
That is a great outcome. There needs to be some pressure to secure things. We lock our warehouse doors, why not the doors to the nerve center?
I do worry about the pendulum, as lawsuits are filed over the simplest mistakes, possibly even a patch someone didn't apply for some reason that makes sense.
(Score: 4, Funny) by c0lo on Thursday January 11 2018, @10:24AM (2 children)
Nope. Regulation eats babies, kill puppies and skin cats.
More regulation will eat more babies, kill more puppies and skin more cats.
Something-something nanny state.
Ah sorry, just in case... (GRIN)
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 0) by Anonymous Coward on Thursday January 11 2018, @09:36PM (1 child)
Did the Market replace you with khallow when we weren't looking?
(Score: 2) by c0lo on Thursday January 11 2018, @11:36PM
The other way 'round. It was me that replaced khallow when you (and him) weren't looking.
Ummm... let us note (grin) I'm not pretending I'm doing a great job
(doing that would be contrary to my purposes)
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 3, Insightful) by Anonymous Coward on Thursday January 11 2018, @09:44AM (2 children)
This is in the same category as companies dumping their costs on society such as pollution. They take the profits and leave society to deal with the costs.
Pollution is an easy example, but poorly protected large databases of everyone and everything is also a societal cost. Next are IoT devices with broken security models and a bunch of other consumer items and services.
Or to put it in a car analogy: Company adds an entertainment system with wifi to its car, but does not separate it from critical components. The thing has poor or no security, gets hacked and causes car crashes. Having them repay the car is one things, but all time lost from the ensuing traffic?
You can argue it's the hackers fault, and I would also agree to that, shared blame/responsibility. But when you start creating high value targets for criminals, such as banks, jewelry stores, large databases, the reasonable expectation is that you invest in its security.
(Score: 5, Insightful) by Wootery on Thursday January 11 2018, @11:12AM
Correct. It's what economists call an externality - others bear the cost, so it introduces perverse incentives. Another example is the banker who stands to get a big bonus with a high-risk investment, but who won't lose anything if it falls through.
Related: Eben Moglen's interpretation of privacy as ecological, rather than a transactional. [snowdenandthefuture.info]
'Fault' refers to more than one thing, here. Of course the attacker is to blame for attacking, but there's a duty on the part of the car company (in your example) to make a product that is fit-for-purpose. Security is a big part of that. Negligence is morally condemnable.
To put it another way, the car company is not a morally blameless victim. Another hypothetical for contrast: If you walk down a dark alley in a high-crime neighbourhood and you get mugged, then your behaviour was unwise, but not morally condemnable. Only your attacker's behaviour is morally condemnable. Not so in the car example, where the car company made the decision to be negligent, which is in itself condemnable.
(Score: 0) by Anonymous Coward on Thursday January 11 2018, @11:24AM
Pollution is a good analogy to privacy violation, thank you.
Glad to see the UK making a good decision.
(Score: 1, Insightful) by Anonymous Coward on Thursday January 11 2018, @11:16AM
That's a nice word. It sounds so benign.
Like someone forgot something.
Not like someone allowed a database with millions of entries containing personal information to be copied...repeatedly. ..
(Score: 1, Informative) by Anonymous Coward on Thursday January 11 2018, @11:50AM (2 children)
... so, the ICO considers that in the UK, one person's data is worth about half a crown.
(Score: 3, Funny) by WizardFusion on Thursday January 11 2018, @01:05PM (1 child)
...and here I was thinking I was worthless.
(Score: 3, Funny) by tibman on Thursday January 11 2018, @07:03PM
That half a crown is just an average.. : P
SN won't survive on lurkers alone. Write comments.
(Score: 3, Funny) by MichaelDavidCrawford on Thursday January 11 2018, @05:21PM (1 child)
Just ask realDonaldTrump.
Yes I Have No Bananas. [gofundme.com]
(Score: 2) by Wootery on Friday January 12 2018, @10:28AM
I guess he's on holiday again.
(Score: 0) by Anonymous Coward on Thursday January 11 2018, @06:38PM
"Should the U.S. Government enact fines and other measures against companies that fail to implement “rudimentary, commonplace measures" for security?"
sure, right after they fix all their own shit. the irs alone "loses" ~20 billion a year to "fraud". that's just like some scumbag loser debt collector calling to give you shit because some string of dumbass companies let some dumbass thieves steal "your identity" and then some dumb ass paycheck loan company loaned money to them. @#%$ all these @#%$^ and the dumbass slaves who whine for the incompetent criminals in government to save them. if consumers are too stupid to not do business with these stupid #$%^ companies then they deserve to be robbed blind.