Surveillance, secrecy, and ebay
Sherri Davidoff
alien at MIT.EDU
Sat Jul 26 16:28:08 EDT 2008
Matt Blaze wrote:
> Once sensitive or personal data is captured, it stays around forever,
> and the longer it does, the more likely it is that it will end up
> somewhere unexpected.
Great point, and a fundamental lesson-of-the-moment for the security
industry. To take it one step further: The amount of sensitive
information an organization stores is roughly proportional to the number
of data leaks it initiates. We already know that information "wants" to
be free, and if you keep information around, sooner or later, it's going
to leak out. (There's probably some mathematical way to describe this
relationship.)
Rather than expecting companies to keep data totally secure and then
send apologetic letters when it gets lost, perhaps we should start
taxing companies in proportion to the amount of sensitive information
they store, and use that tax to assist victims of identity theft. This
would have the double benefit of giving companies immediate incentive to
reduce the amount of information they store, and would also provide
appropriate public funding for incident recovery.
Sherri
--
http://philosecurity.org
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list