Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Security Makes Me Sick

    By
    Jim Rapoza
    -
    March 13, 2006
    Share
    Facebook
    Twitter
    Linkedin

      Imagine you went to a restaurant for dinner and became violently ill. After a little investigation, you find out that some of your food was uncooked, that the salad was prepared with a knife that had been used to cut raw chicken and that the mayonnaise in the dressing had been kept in a broken refrigerator.

      With all this information, you would think that youd have a pretty good case to get compensated for your medical bills and lost workdays—and that the restaurant would be in pretty big trouble with the health inspectors.

      But youd be wrong. Instead, the restaurant would defend its actions, saying, “Hey, we did cook your food; we just didnt cook it enough. And the cook did wipe the raw chicken knife before making the salads, but it was on his apron. And, oh, yeah, the regulations say only that we have to put the mayonnaise in a refrigerator; they dont say anything about the refrigerator actually working.”

      Even worse, the authorities would agree, basically saying that the restaurant doesnt need to prepare food safely; it need only make a token attempt to do so.

      /zimages/1/28571.gifClick here to read about how to stop security leaks before they start.

      Imagine the outcry if something like this happened? I can already see the coverage on my local TV news: “Local judge says its OK for restaurants to poison you. Full story at 11.”

      But when it comes to securing your personal data, a judge has basically decided companies can do the bare minimum or less when it comes to data safety and get away with it.

      As detailed in an article on the SecurityFocus Web site (www.securityfocus.com/ columnists/387), a recent Minnesota court case involved a consumer whose personal financial information was lost by the company that handled his student loan.

      It turned out that this company let an analyst load detailed—and unencrypted—information about more than 500,000 loans onto a personal laptop and bring it home.

      It was no surprise that the analysts laptop, along with the personal financial data of all those loan customers, was stolen.

      After the company informed customers about the data loss, one decided to seek reparations for the time and money he lost—as well as the fear that was caused—as a result of the companys negligence. So he sued.

      Now, its not that this person didnt win that bothers me. Its the grounds on which the judge dismissed the case. The judge basically decided the loan company didnt really need to have good security as long as it had policies stating that it cared about security.

      The judge also said it didnt matter that the data on the laptop wasnt encrypted because the pertinent law (the Gramm-Leach-Bliley Act) doesnt specify that data must be encrypted. In fact, as the SecurityFocus article points out, the law doesnt require that any specific security procedures be taken—only reasonable measures (which, I guess, means a user name of “admin” and a password of “password”).

      So, even though the loan company failed to meet even the most basic requirements for securing vital customer data, the judge decided it had done plenty and dismissed the case.

      This relates to past columns Ive written about the dangers involved when judges and politicians who know nothing about technology make decisions that have long-lasting and negative consequences for all technology.

      Under the strict letter of the law, the judge probably made the right decision. Thats because decisions such as this are based essentially on whether the defendant was doing what its peers typically do.

      In fact, according to several studies in the last year, there are still more companies trying to get by with the security bare minimum than there are companies that take security seriously. So, based on the standard by which the judge was deciding the case, the loan company didnt do much worse than the average company.

      As if no-responsibility software licenses werent bad enough, we consumers now have to face the fact that the companies that hold our personal data can lose it negligently and not have to face any repercussions.

      And you know what? That just makes me feel sick.

      Labs Director Jim Rapoza can be reached at [email protected].

      /zimages/1/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Avatar
      Jim Rapoza
      Jim Rapoza, Chief Technology Analyst, eWEEK.For nearly fifteen years, Jim Rapoza has evaluated products and technologies in almost every technology category for eWEEK. Mr Rapoza's current technology focus is on all categories of emerging information technology though he continues to focus on core technology areas that include: content management systems, portal applications, Web publishing tools and security. Mr. Rapoza has coordinated several evaluations at enterprise organizations, including USA Today and The Prudential, to measure the capability of products and services under real-world conditions and against real-world criteria. Jim Rapoza's award-winning weekly column, Tech Directions, delves into all areas of technologies and the challenges of managing and deploying technology today.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×