Comments on: Profits more important than security http://www.mckeay.net/2008/04/21/profits-more-important-than-security/ The views of one man on security, privacy and anything else that catches his attention Thu, 24 Jul 2008 09:29:30 +0000 http://wordpress.org/?v=abc By: Ben http://www.mckeay.net/2008/04/21/profits-more-important-than-security/#comment-1663 Ben Mon, 21 Apr 2008 15:40:11 +0000 http://www.mckeay.net/2008/04/21/profits-more-important-than-security/#comment-1663 Businesses (in the US) aren't properly incentivized to protect their customers. They have incentive to protect themselves and the data sensitive to their operations (what I call "functional" and "proprietary" data), but they currently have no reason to protect their customers or their customers' data (what I call "personal/private" data). For ISPs, who are often in a monopoly, or very small oligarchy, this problem is even worse. When you have to choose between cable and telephone, neither of which have a history of caring what the customers think because they lack real competition, then nothing like this is surprising in the least (as you point out). I'm afraid that the only solution to this problem will be legislative action, and we all know how good the government is at legislating technology issues. ;) I blogged about this about a month ago here: http://www.secureconsulting.net/2008/03/unbalancing_the_equation_to_ac.html Businesses (in the US) aren’t properly incentivized to protect their customers. They have incentive to protect themselves and the data sensitive to their operations (what I call “functional” and “proprietary” data), but they currently have no reason to protect their customers or their customers’ data (what I call “personal/private” data). For ISPs, who are often in a monopoly, or very small oligarchy, this problem is even worse. When you have to choose between cable and telephone, neither of which have a history of caring what the customers think because they lack real competition, then nothing like this is surprising in the least (as you point out).

I’m afraid that the only solution to this problem will be legislative action, and we all know how good the government is at legislating technology issues. ;) I blogged about this about a month ago here:
http://www.secureconsulting.net/2008/03/unbalancing_the_equation_to_ac.html

]]>