Interesting People mailing list archives
more on MN GOP CD phones home]
From: Dave Farber <dave () farber net>
Date: Wed, 01 Mar 2006 14:26:35 -0500
-------- Original Message -------- Subject: Re: [IP] more on MN GOP CD phones home Date: Wed, 01 Mar 2006 10:52:56 -0800 From: DV Henkel-Wallace <gumby () henkel-wallace org> To: Robert Alberti <alberti () sanction net> CC: David Farber <dave () farber net> References: <4405DD3D.5080601 () farber net> Actually, Robert (and Dave), it's not criminal nor, arguably, is it even negligent. Even spyware is being prosecuted for being deceptive, not because it might leak private info. Very very few developers understand how to even think about data protection (and those who do still have a hard time securing systems). Furthermore there is not much culture of data protection, and as we have seen lately, the tide has been going the opposite direction even when it won't solve a problem (e.g. "security" cameras or national ID cards). I hate to advocate passing a law to solve a social problem, but this is one that requires a statutory approach. The few efforts in this area have always been stymied by commercial marketing interests claiming that commerce would grind to a halt. I think it's interesting to look at the existing examples to see that they don't gum things up: - European data protection rules and implementation, while far from perfect, are quite effective and in my personal experience never screwed up my daily life. - If you've ever run a US business you'll see that companies bend over backwards to enforce HIPPA rules. - Banking is the most interesting. US banks are required to enforce various security rules to support the integrity of the banking system. On the other hand client privacy is not protected to the same degree, and _that_ is where we see breaches. I think the final example especially shows the value of the legal approach. But until then, there's really nothing to stop someone lifting whatever they'd like. -d
Date: Wed, 01 Mar 2006 10:52:38 -0600 From: Robert Alberti <alberti () sanction net> [...] Well apparently the place where the data is sent is not secured... so by decompiling the Flash program on the CD, you can trace down and access all the personal information stored in the database. This isn't merely criminal, it isn't merely negligence, it's tar-and-feathers quality criminal negligence...
------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on MN GOP CD phones home] Dave Farber (Mar 01)