The Technology Liberation Front - Latest Comments in The Technology Liberation Front » Archive » Lost Laptop Follies, Part 4

Re: The Technology Liberation Front » Archive » Lost Laptop Follies, Part 4

False Data — Tue, 13 Feb 2007 09:41:29 -0000

It's not a technical problem--many operating systems have had file system encryption for years--it's a social and legal one. There's been considerable discussion of a related issue, liability for software bugs, on Bruce Schneier's blog. I'm not yet convinced a liability rule is the right answer for software bugs because software engineering is still such a young field. On the other hand, I can see a stronger argument in favor of liability for data loss because, at least with lost laptops, effective and fairly inexpensive methods of preventing it already exist. It may make sense to let customers and citizens hold corporations and governments liable for the consequences of negligently losing their sensitive data. Of course, if we did that we should also let the corporations and governments turn around and recover whatever they can from the people who intentionally misuse that data.

Re: The Technology Liberation Front » Archive » Lost Laptop Follies, Part 4

Steve_R — Tue, 13 Feb 2007 08:24:47 -0000

Forbes Magazine, Sept. 7, 2006, ran an article: "Laptop Hall of Shame". While this article details, as you note, government laptop faux pas; it also goes into detail concerning the lack of corporate data laptop security. Robert Ellis Smith, of Forbes, wrote: "The monthly newsletter I publish, Privacy Journal, reported 24 serious instances of Social Security numbers and other sensitive data compromised through stolen or lost laptops in 2006. The newsletter called it the "Lost or Stolen Laptops Hall of Shame." And we still have four months left in 2006. There were at least ten incidents during the final four months of 2005. All these incidents involved companies that handle personal information routinely. (Apparently too routinely!)" (emphasis added) Clearly, the lack of security is not just a government problem, it is a universal problem. In developing a policy responsive to this issue we need to also acknowledge in any proposed policy the failure of corporations to take proactive action.

Re: The Technology Liberation Front » Archive » Lost Laptop Follies, Part 4

Luis Villa — Mon, 12 Feb 2007 22:07:33 -0000

Sigh. I'm going to have to say this every time you bring this up:

(1) most corporate data collection is not voluntary; people are regularly horrified when they realize how much data corporations have on them. C'mon- the US government goes to credit agencies now to find out about us, not the other way around.

(2) the reaction of most businesses to this problem has not been head-rolling, but coverups, or firing of the little guys who lost the laptop and not the CTOs who made the bad decisions about data security. It is nice to assert that such things happen more reliably than in government, but it is just an assertion.