Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

more on MN GOP CD phones home]

From: Dave Farber <dave () farber net>
Date: Wed, 01 Mar 2006 14:26:35 -0500


-------- Original Message --------
Subject: Re: [IP] more on MN GOP CD phones home
Date: Wed, 01 Mar 2006 10:52:56 -0800
From: DV Henkel-Wallace <gumby () henkel-wallace org>
To: Robert Alberti <alberti () sanction net>
CC: David Farber <dave () farber net>
References: <4405DD3D.5080601 () farber net>

Actually, Robert (and Dave), it's not criminal nor, arguably, is it
even negligent.  Even spyware is being prosecuted for being
deceptive, not because it might leak private info.

Very very few developers understand how to even think about data
protection (and those who do still have a hard time securing
systems).  Furthermore there is not much culture of data protection,
and as we have seen lately, the tide has been going the opposite
direction even when it won't solve a problem (e.g. "security" cameras
or national ID cards).

I hate to advocate passing a law to solve a social problem, but this
is one that requires a statutory approach.  The few efforts in this
area have always been stymied by commercial marketing interests
claiming that commerce would grind to a halt.  I think it's
interesting to look at the existing examples to see that they don't
gum things up:

- European data protection rules and implementation, while far from
perfect, are quite effective and in my personal experience never
screwed up my daily life.

- If you've ever run a US business you'll see that companies bend
over backwards to enforce HIPPA rules.

- Banking is the most interesting.  US banks are required to enforce
various security rules to support the integrity of the banking
system.  On the other hand client privacy is not protected to the
same degree, and _that_ is where we see breaches.

I think the final example especially shows the value of the legal
approach.  But until then, there's really nothing to stop someone
lifting whatever they'd like.

-d


Date: Wed, 01 Mar 2006 10:52:38 -0600
From: Robert Alberti <alberti () sanction net>

[...]
Well apparently the place
where the data is sent is not secured... so by decompiling the Flash
program on the CD, you can trace down and access all the personal
information stored in the database.

This isn't merely criminal, it isn't merely negligence, it's
tar-and-feathers quality criminal negligence...


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: