draft
Should
Congress be forced to make it illegal for corporations to grossly
fail to protect their customer's privacy? That of course should not
be necessary, because by 2017 we have had so many gross violations of
privacy due to corporate incompetence and since we are all aware of
foreign intelligence services as well as international crime
organizations working to collect such data (and other forms of IP) to
use against Americans, that even a stupid moron, yes, even an
American Corporation should know that they have a responsibility to
work with diligence and skill to protect their customers' data, in particular their customer's passwords.
So
what are we to make of the latest Verizon failure to (a) protect this
data and (b) when notified by an outside firm of this exposure of
customer data, failing to take the steps necesssary to protect the
data in a timely fashion?
The facts in the case are that Verizon did not discover the breach, an outside firm did. The problem was that a Verizon subcontractor had maintained a complete database of Verizon's wireless customers, their user ids, personal information and, crucially, their PINs / passwords, in a cloud file that was open for reading by anyone. How the subcontractor could have made such a mistake is unknown, but the responsibility does not lie with them, it lies with Verizon to see that their customer's data is secure.
The facts in the case are that Verizon did not discover the breach, an outside firm did. The problem was that a Verizon subcontractor had maintained a complete database of Verizon's wireless customers, their user ids, personal information and, crucially, their PINs / passwords, in a cloud file that was open for reading by anyone. How the subcontractor could have made such a mistake is unknown, but the responsibility does not lie with them, it lies with Verizon to see that their customer's data is secure.
But
even worse, is that when notified of the problem, it took two weeks,
from June 8 to June 22, to correct the problem. And furthermore,
correcting the problem was, in this case, relatively easy. You just
protect the file on the cloud (in terms of who has read access to it)
or you remove the file from the cloud. Now in the long run you may
have to do something more sophisticated to achieve some larger
corporate goal, but in the short run, just remove the file.
Since
Corporate America has failed to take the steps necessary to protect
Americans, it is up to Congress to improve the incentives to perform.
A simple and probably effective way to do this is to put the senior
executives of the corporation in prison for a period of correction,
so that they can learn new and better skills to help them fit into
society. I would think that a top executive, the CEO or COO, would
require a healthy 10 or 20 years in prison, except in extreme cases.
In
this case, though, a lesser penalty will probably be applied. The
senior executives will probably be forced to accept a pay raise and a
7 figure bonus. This is America after all.
Here
is a report on the Verizon data leakage
http://thehill.com/policy/cybersecurity/341655-massive-data-leakage-at-verizon
And my Facebook sarcasm is below:
And my Facebook sarcasm is below:
No comments:
Post a Comment