Has the war started here?

[ST Gui]

Who decides what "adequate" security is?

You imply there's no real or minimum responsibility to for a site to afford security. There are no guarantees. But there needs to be oversight. Because there's no absolutely secure oversight then just don't worry about it?

Your solution is penalizing the victim.

And there are times that's absolutely appropriate. It's certainly more effective and realistic than declaring the death penalty for hackers. Who decides what hackers get the death penalty? We don't do much with it for murderers. But sure – we can get it for hackers.

If your kid leaves your car unlocked and someone steals your camera or laptop without breaking in do you not see that as a fail in his part? No because "they" probably would have broken in anyway? You leave your keys in the IGN and somebody steals it – not your fault right? Just make a police report and notify your insurance company. Of course being an honest person you'll tell both about leaving the keys in the IGN. I didn't think so. You leave your toddlers with the baby sitter and when you get home the kids are gone because the sitter didn't lock the door while cruising the 'Net? That's ok? A garage fails to lock up and your car is stolen or vandalized and it's your problem because you don't have insurance? You don't lock your house doors because someone can kick in most residential doors even with deadbolts properly installed? Don't you think your surgeon should have graduated from an accredited medical school? Yes trained experienced surgeons have nicked an artery or amputated the wrong limb. There are no gauntness. But the odds of something bad happening are generally reduced by actually completing a qualified medical education.

Sometimes blaming the 'victim' is appropriate because the 'victim' has responsibilities that were ignored. Yes at some point a hacker will exceed the limits of current security protocols. That a different story.

Nothing I said implied anybody be held responsible for a force overwhelming state of the art security. It will happen. But there are many things a company should to do protect data. Some breaches have found customers passwords and other info stored in plan text. There are two types of security — proactive and reactive. If a company isn't proactive when they should have been they should be held accountable. If a company doesn't react when breached they should be held accountable. And don't wait a year to tell us your company has been breached.

If I use 1234 and password for my passwords and my data is stolen that's on me because I could have used a strong 26 character password. My financial institution uses 1234 or password to access their servers – I'd say they failed to do their job.

Anybody who accepts and stores our information should be held responsible for taking reasonable efforts to protect it from hacking. How would you feel if your financial institutions used http instead of https.

I'm more comfortable with somebody like a State AG checking out a company's security than I am having anybody trying to implement the death penalty for hacking. I am a big proponent of capital punishment but it's not something I throw around lightly.

 

[Al st1100]

I'm more comfortable with somebody like a State AG checking out a company's security than I am having anybody trying to implement the death penalty for hacking. I am a big proponent of capital punishment but it's not something I throw around lightly.

Wait, you want your State AG to check company's security? The guy who eliminated cash bail and knows nothing about any kind of security?... When I stop laughing I'll finish my chain of thought...it might be a while

 

[ST Gui]

Wait, you want your State AG to check company's security?

You need to parse more accurately.

 

[Chris09]

I think that since almost everyone needs a smart phone combined with [what I think at least is] the fact that there is an infinite amount of cheap processing power available to create a software representation of everyone, innumerable times over, that it isn't much of a task after that to connect those machine addresses to those data files. Then, it's another easy task to match those files with others and build it out. Pretty simple really and we know it's all being done between taking our smart phone with us in our smart car to the gas station and then the grocery store.
The second layer of vulnerability and the one that slam dunks any notion of personal identity protection is the credit card I'm using. Seems almost tailored to the places I like to buy stuff and offers various discounts and points so on, almost too good to be true.

 

[rwthomas1]

...but you're here, aren't you?

Is this considered social media? I dunno how that's judged. I figured Facebook, Instagram, X, TikTok was social media. But hey, what do I know?

 

[rwthomas1]

You imply there's no real or minimum responsibility to for a site to afford security. There are no guarantees. But there needs to be oversight. Because there's no absolutely secure oversight then just don't worry about it?

And there are times that's absolutely appropriate. It's certainly more effective and realistic than declaring the death penalty for hackers. Who decides what hackers get the death penalty? We don't do much with it for murderers. But sure – we can get it for hackers.

If your kid leaves your car unlocked and someone steals your camera or laptop without breaking in do you not see that as a fail in his part? No because "they" probably would have broken in anyway? You leave your keys in the IGN and somebody steals it – not your fault right? Just make a police report and notify your insurance company. Of course being an honest person you'll tell both about leaving the keys in the IGN. I didn't think so. You leave your toddlers with the baby sitter and when you get home the kids are gone because the sitter didn't lock the door while cruising the 'Net? That's ok? A garage fails to lock up and your car is stolen or vandalized and it's your problem because you don't have insurance? You don't lock your house doors because someone can kick in most residential doors even with deadbolts properly installed? Don't you think your surgeon should have graduated from an accredited medical school? Yes trained experienced surgeons have nicked an artery or amputated the wrong limb. There are no gauntness. But the odds of something bad happening are generally reduced by actually completing a qualified medical education.

Sometimes blaming the 'victim' is appropriate because the 'victim' has responsibilities that were ignored. Yes at some point a hacker will exceed the limits of current security protocols. That a different story.

Nothing I said implied anybody be held responsible for a force overwhelming state of the art security. It will happen. But there are many things a company should to do protect data. Some breaches have found customers passwords and other info stored in plan text. There are two types of security — proactive and reactive. If a company isn't proactive when they should have been they should be held accountable. If a company doesn't react when breached they should be held accountable. And don't wait a year to tell us your company has been breached.

If I use 1234 and password for my passwords and my data is stolen that's on me because I could have used a strong 26 character password. My financial institution uses 1234 or password to access their servers – I'd say they failed to do their job.

Anybody who accepts and stores our information should be held responsible for taking reasonable efforts to protect it from hacking. How would you feel if your financial institutions used http instead of https.

I'm more comfortable with somebody like a State AG checking out a company's security than I am having anybody trying to implement the death penalty for hacking. I am a big proponent of capital punishment but it's not something I throw around lightly.

If you think dragging a CEO into court and having a jury decide on whether the choices his company made with regard to cybersecurity were appropriate enough I've got a large bridge to sell you. The courts are a joke. A while you make some valid points there exists a huge grey area in "how much is enough". From what I can tell, virtually nothing is done to track the hackers and mete out any justice at all. So the only real answer is to simply avoid the situation as much as possible.

 

[ST Gui]

The courts are a joke. ...there exists a huge grey area in "how much is enough".

As to your first point I agree. That's become even more blatant recently. But it's what we have. So we do the best we can and try to make it better. Or live with it and say nothing.

As to your second point "how much is enough" is a gray area that has to be considered when crafting any law. They come in all sizes but ignoring an issue seldom makes it go away or correct itself. Too many people pay a huge price when they're not just victims of fraud but of identity theft. CEOs and or their employees shouldn't get a pass if they've been lazy with security.

CEOs and their ilk go to jail (no not enough of them) for embezzlement. That hurts the company and brand. It's time culpable people go to jail for hurting their customers. Past time actually. But I'm not holding my breath.