[Dshield] Another VA laptop missing.....

Kenton Smith listsks at yahoo.ca
Wed Aug 9 17:33:10 GMT 2006


The only problem with this is that you still have the credit agencies. They don't seem to have any incentive to keep this private data secure. So yes, your solution does keep inept agencies like the VA from handling all this, but there still need to be some serious penalties put in place for companies and organizations that fail to handle the data properly.

Kenton

----- Original Message ----
From: Anonymous Squirrel <anonymous.squirrel at gmail.com>
To: General DShield Discussion List <list at lists.dshield.org>
Sent: Tuesday, August 8, 2006 2:34:02 PM
Subject: Re: [Dshield] Another VA laptop missing.....

Maybe securing access to the records is not a good a solution as securing
the use of the credit records; in other words, no credit checks can be run
unless a unique, verified permission is received from the individual for
each credit check.

That solution avoids the specter of criminal penalites for actions where
criminal intent is not present, it avoids the economic cost of trying to
secure like data over a huge number of storage and processing facilities
(and comm lines), and it avoids the inevitable failures in the protective
strategy.  Finally, it avoids the current hysteria which equates the loss of
a laptop with X numbers of individual's SSNs with a fraud against each of
those individual.  The only downside I can see is that life will be harder
for those who want to close deals by pushing credit to those who may not be
able to handle it anyway.  And that isn't so bad.

Cheers.

On 8/8/06, Frank Knobbe <frank at knobbe.us> wrote:
>
> On Tue, 2006-08-08 at 10:57 -0500, Allen Mundt wrote:
> > [...]  If credit card
> > companies or larger financial institutions were held pecuniary liable,
> > the problems would be fixed in about 6 months.
>
> Doubtful since those fines would just be budgeted and result in higher
> fees for the consumer.
>
> No, what we need are *criminal* penalties (European Data Directive
> anyone?)
> Once executives can no longer get away on those violations, but will
> have to serve time, then the security efforts may increase in favor of
> the consumer.
>
> Regards,
> Frank
>
> --
> It is said that the Internet is a public utility. As such, it is best
> compared to a sewer. A big, fat pipe with a bunch of crap sloshing
> against your ports.
>
>
>
> _________________________________________
> Learn from the founder of DShield how to secure your Internet presence
> with Linux, Apache, MySQL, PHP.
>
> Las Vegas, Oct. 2nd-6th 2006
>
> Details: http://www.sans.org/ns2006/description.php?tid=433
> (Brochure Code: ISC)
>
>
>
>
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:
> http://lists.dshield.org/mailman/listinfo/list
>
>
>
_________________________________________
Learn from the founder of DShield how to secure your Internet presence with Linux, Apache, MySQL, PHP.

Las Vegas, Oct. 2nd-6th 2006

Details: http://www.sans.org/ns2006/description.php?tid=433
(Brochure Code: ISC)




_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see: http://lists.dshield.org/mailman/listinfo/list





More information about the list mailing list