Comments on: Lost Laptop Follies, Part 4 http://techliberation.com/2007/02/12/lost-laptop-follies-part-4/ The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology. Thu, 28 Aug 2008 13:32:23 +0000 http://wordpress.org/?v=2.6 By: False Data http://techliberation.com/2007/02/12/lost-laptop-follies-part-4/#comment-37140 False Data Tue, 13 Feb 2007 14:41:29 +0000 http://techliberation.com/2007/02/12/lost-laptop-follies-part-4/#comment-37140 It's not a technical problem--many operating systems have had file system encryption for years--it's a social and legal one. There's been considerable discussion of a related issue, liability for software bugs, on Bruce Schneier's blog. I'm not yet convinced a liability rule is the right answer for software bugs because software engineering is still such a young field. On the other hand, I can see a stronger argument in favor of liability for data loss because, at least with lost laptops, effective and fairly inexpensive methods of preventing it already exist. It may make sense to let customers and citizens hold corporations and governments liable for the consequences of negligently losing their sensitive data. Of course, if we did that we should also let the corporations and governments turn around and recover whatever they can from the people who intentionally misuse that data. It’s not a technical problem–many operating systems have had file system encryption for years–it’s a social and legal one. There’s been considerable discussion of a related issue, liability for software bugs, on Bruce Schneier’s blog. I’m not yet convinced a liability rule is the right answer for software bugs because software engineering is still such a young field. On the other hand, I can see a stronger argument in favor of liability for data loss because, at least with lost laptops, effective and fairly inexpensive methods of preventing it already exist. It may make sense to let customers and citizens hold corporations and governments liable for the consequences of negligently losing their sensitive data. Of course, if we did that we should also let the corporations and governments turn around and recover whatever they can from the people who intentionally misuse that data.

]]> By: False Data http://techliberation.com/2007/02/12/lost-laptop-follies-part-4/#comment-52321 False Data Tue, 13 Feb 2007 14:41:29 +0000 http://techliberation.com/2007/02/12/lost-laptop-follies-part-4/#comment-52321 It's not a technical problem--many operating systems have had file system encryption for years--it's a social and legal one. There's been considerable discussion of a related issue, liability for software bugs, on Bruce Schneier's blog. I'm not yet convinced a liability rule is the right answer for software bugs because software engineering is still such a young field. On the other hand, I can see a stronger argument in favor of liability for data loss because, at least with lost laptops, effective and fairly inexpensive methods of preventing it already exist. It may make sense to let customers and citizens hold corporations and governments liable for the consequences of negligently losing their sensitive data. Of course, if we did that we should also let the corporations and governments turn around and recover whatever they can from the people who intentionally misuse that data. It’s not a technical problem–many operating systems have had file system encryption for years–it’s a social and legal one. There’s been considerable discussion of a related issue, liability for software bugs, on Bruce Schneier’s blog. I’m not yet convinced a liability rule is the right answer for software bugs because software engineering is still such a young field. On the other hand, I can see a stronger argument in favor of liability for data loss because, at least with lost laptops, effective and fairly inexpensive methods of preventing it already exist. It may make sense to let customers and citizens hold corporations and governments liable for the consequences of negligently losing their sensitive data. Of course, if we did that we should also let the corporations and governments turn around and recover whatever they can from the people who intentionally misuse that data.

]]> By: Steve R. http://techliberation.com/2007/02/12/lost-laptop-follies-part-4/#comment-37139 Steve R. Tue, 13 Feb 2007 13:24:47 +0000 http://techliberation.com/2007/02/12/lost-laptop-follies-part-4/#comment-37139 Forbes Magazine, Sept. 7, 2006, ran an article: "Laptop Hall of Shame". While this article details, as you note, government laptop faux pas; it also goes into detail concerning the lack of corporate data laptop security. Robert Ellis Smith, of Forbes, wrote: "The monthly newsletter I publish, Privacy Journal, reported 24 serious instances of Social Security numbers and other sensitive data compromised through stolen or lost laptops in 2006. The newsletter called it the "Lost or Stolen Laptops Hall of Shame." And we still have four months left in 2006. There were at least ten incidents during the final four months of 2005. All these incidents involved companies that handle personal information routinely. (Apparently too routinely!)" (emphasis added) Clearly, the lack of security is not just a government problem, it is a universal problem. In developing a policy responsive to this issue we need to also acknowledge in any proposed policy the failure of corporations to take proactive action. Forbes Magazine, Sept. 7, 2006, ran an article: “Laptop Hall of Shame”. While this article details, as you note, government laptop faux pas; it also goes into detail concerning the lack of corporate data laptop security. Robert Ellis Smith, of Forbes, wrote: “The monthly newsletter I publish, Privacy Journal, reported 24 serious instances of Social Security numbers and other sensitive data compromised through stolen or lost laptops in 2006. The newsletter called it the “Lost or Stolen Laptops Hall of Shame.” And we still have four months left in 2006. There were at least ten incidents during the final four months of 2005. All these incidents involved companies that handle personal information routinely. (Apparently too routinely!)” (emphasis added) Clearly, the lack of security is not just a government problem, it is a universal problem. In developing a policy responsive to this issue we need to also acknowledge in any proposed policy the failure of corporations to take proactive action.

]]> By: Steve R. http://techliberation.com/2007/02/12/lost-laptop-follies-part-4/#comment-52320 Steve R. Tue, 13 Feb 2007 13:24:47 +0000 http://techliberation.com/2007/02/12/lost-laptop-follies-part-4/#comment-52320 Forbes Magazine, Sept. 7, 2006, ran an article: "Laptop Hall of Shame". While this article details, as you note, government laptop faux pas; it also goes into detail concerning the lack of corporate data laptop security. Robert Ellis Smith, of Forbes, wrote: "The monthly newsletter I publish, Privacy Journal, reported 24 serious instances of Social Security numbers and other sensitive data compromised through stolen or lost laptops in 2006. The newsletter called it the "Lost or Stolen Laptops Hall of Shame." And we still have four months left in 2006. There were at least ten incidents during the final four months of 2005. All these incidents involved companies that handle personal information routinely. (Apparently too routinely!)" (emphasis added) Clearly, the lack of security is not just a government problem, it is a universal problem. In developing a policy responsive to this issue we need to also acknowledge in any proposed policy the failure of corporations to take proactive action. Forbes Magazine, Sept. 7, 2006, ran an article: “Laptop Hall of Shame”. While this article details, as you note, government laptop faux pas; it also goes into detail concerning the lack of corporate data laptop security. Robert Ellis Smith, of Forbes, wrote: “The monthly newsletter I publish, Privacy Journal, reported 24 serious instances of Social Security numbers and other sensitive data compromised through stolen or lost laptops in 2006. The newsletter called it the “Lost or Stolen Laptops Hall of Shame.” And we still have four months left in 2006. There were at least ten incidents during the final four months of 2005. All these incidents involved companies that handle personal information routinely. (Apparently too routinely!)” (emphasis added) Clearly, the lack of security is not just a government problem, it is a universal problem. In developing a policy responsive to this issue we need to also acknowledge in any proposed policy the failure of corporations to take proactive action.

]]> By: Luis Villa http://techliberation.com/2007/02/12/lost-laptop-follies-part-4/#comment-37138 Luis Villa Tue, 13 Feb 2007 03:07:33 +0000 http://techliberation.com/2007/02/12/lost-laptop-follies-part-4/#comment-37138 Sigh. I'm going to have to say this every time you bring this up: (1) most corporate data collection is not voluntary; people are regularly horrified when they realize how much data corporations have on them. C'mon- the US government goes to credit agencies now to find out about us, not the other way around. (2) the reaction of most businesses to this problem has not been head-rolling, but coverups, or firing of the little guys who lost the laptop and not the CTOs who made the bad decisions about data security. It is nice to assert that such things happen more reliably than in government, but it is just an assertion. Sigh. I’m going to have to say this every time you bring this up:

(1) most corporate data collection is not voluntary; people are regularly horrified when they realize how much data corporations have on them. C’mon- the US government goes to credit agencies now to find out about us, not the other way around.

(2) the reaction of most businesses to this problem has not been head-rolling, but coverups, or firing of the little guys who lost the laptop and not the CTOs who made the bad decisions about data security. It is nice to assert that such things happen more reliably than in government, but it is just an assertion.

]]> By: Luis Villa http://techliberation.com/2007/02/12/lost-laptop-follies-part-4/#comment-52319 Luis Villa Tue, 13 Feb 2007 03:07:33 +0000 http://techliberation.com/2007/02/12/lost-laptop-follies-part-4/#comment-52319 Sigh. I'm going to have to say this every time you bring this up:<br><br>(1) most corporate data collection is not voluntary; people are regularly horrified when they realize how much data corporations have on them. C'mon- the US government goes to credit agencies now to find out about us, not the other way around.<br><br>(2) the reaction of most businesses to this problem has not been head-rolling, but coverups, or firing of the little guys who lost the laptop and not the CTOs who made the bad decisions about data security. It is nice to assert that such things happen more reliably than in government, but it is just an assertion. Sigh. I’m going to have to say this every time you bring this up:

(1) most corporate data collection is not voluntary; people are regularly horrified when they realize how much data corporations have on them. C’mon- the US government goes to credit agencies now to find out about us, not the other way around.

(2) the reaction of most businesses to this problem has not been head-rolling, but coverups, or firing of the little guys who lost the laptop and not the CTOs who made the bad decisions about data security. It is nice to assert that such things happen more reliably than in government, but it is just an assertion.

]]>