BreachExchange mailing list archives
Re: rant: Abandon Ship! Data Loss Ahoy!
From: "Allan Friedman" <allan_friedman () ksgphd harvard edu>
Date: Thu, 20 Mar 2008 10:13:08 -0500
On the public policy issue, I agree. If you want companies to disclose the exact circumstances around a breach (exact technical details), there will have to be a shield that prevents plaintiffs attorney's from using the information in lawsuits.
You highlight an interesting trade-off. It may be the case that more disclosure would reduce incentives to prevent future breaches, depending on how we understand the problem. A standard policy tool for enforcing maximum diligence is the threat of lawsuits, massive ones that can wreck a corporation. If we follow this liability argument (as advanced by Schneier and other scholars of the economics of information security) then making concessions to corporate defendants can impede the end goal of less data retention and greater data protection. If we don't think we're ever going to get there, then more data about breaches for the purposes of research is clearly the greater good. This is a very interesting dynamic. I'll have to think about how to model it... Allan Friedman PhD Candidate, Public Policy Kennedy School of Government Fellow, Center for Research in Computation and Society School of Engineering and Applied Sciences Harvard University _______________________________________________ Dataloss Mailing List (dataloss () attrition org) http://attrition.org/dataloss Tenable Network Security offers data leakage and compliance monitoring solutions for large and small networks. Scan your network and monitor your traffic to find the data needing protection before it leaks out! http://www.tenablesecurity.com/products/compliance.shtml
Current thread:
- rant: Abandon Ship! Data Loss Ahoy! lyger (Mar 18)
- Re: rant: Abandon Ship! Data Loss Ahoy! Jamie C. Pole (Mar 18)
- Re: rant: Abandon Ship! Data Loss Ahoy! Mark Simon (Mar 19)
- Re: rant: Abandon Ship! Data Loss Ahoy! Adam Shostack (Mar 19)
- Re: rant: Abandon Ship! Data Loss Ahoy! Klein, Jonathan (Mar 19)
- Re: rant: Abandon Ship! Data Loss Ahoy! Adam Shostack (Mar 19)
- Re: rant: Abandon Ship! Data Loss Ahoy! Klein, Jonathan (Mar 19)
- Re: rant: Abandon Ship! Data Loss Ahoy! Allan Friedman (Mar 20)
- Re: rant: Abandon Ship! Data Loss Ahoy! Adam Shostack (Mar 20)
- Re: rant: Abandon Ship! Data Loss Ahoy! James Ritchie, CISA, QSA (Mar 20)
- Re: rant: Abandon Ship! Data Loss Ahoy! Adam Shostack (Mar 20)
- Re: rant: Abandon Ship! Data Loss Ahoy! James Ritchie, CISA, QSA (Mar 20)
- Re: rant: Abandon Ship! Data Loss Ahoy! Adam Shostack (Mar 20)
- Re: rant: Abandon Ship! Data Loss Ahoy! Mark Simon (Mar 19)
- Re: rant: Abandon Ship! Data Loss Ahoy! Tracy Blackmore (Mar 20)
- Re: rant: Abandon Ship! Data Loss Ahoy! Chris Walsh (Mar 20)
- Re: rant: Abandon Ship! Data Loss Ahoy! Kevin McPoyle (Mar 20)
- Re: rant: Abandon Ship! Data Loss Ahoy! Jamie C. Pole (Mar 18)
- Re: rant: Abandon Ship! Data Loss Ahoy! Eric Nelson (Mar 20)
- Re: rant: Abandon Ship! Data Loss Ahoy! Kim Zelonis (Mar 19)