Everything is broken... This post on the Internet security problem has been getting a lot of attention. I think it overstates the case just a bit – but only just a bit. The situation really is pretty bad.
On the other hand, one could write similar essays about the disaster that is our highway system (with over 40,000 people killed every year in the U.S. alone), or the union/criminal symbiosis in our big cities, or ... any number of other things. We live our lives surrounded by incipient disasters, and somehow we muddle through. The pattern that repeats across all these things is a simple one: things get worse and worse until it compels action, and then we take action to reduce the problem to a livable level. I'm confident the same thing will happen with Internet security one of these days. The precipitating events may be quite painful, though.
Bruce Schneier articulates the most plausible course to a solution that I've heard: to make the companies that keep our data financially liable for the consequences of the theft or misuse of that data. This is the same general system that makes products relatively safe: if you buy some shoes that cause your feet to turn permanently purple, the manufacturer (and likely the reseller) are liable for damages – you can sue them, and if your cause is just (and your feet a sufficiently bright purple), you'll likely win monetary compensation. That's not true today for security breaches – but if it were true, as Schneier eloquently argues, then we'd start seeing a lot better security being implemented...
No comments:
Post a Comment