Wednesday, July 12, 2017

Verizon Data Leakage, Should Congress Act?

draft

Should Congress be forced to make it illegal for corporations to grossly fail to protect their customer's privacy? That of course should not be necessary, because by 2017 we have had so many gross violations of privacy due to corporate incompetence and since we are all aware of foreign intelligence services as well as international crime organizations working to collect such data (and other forms of IP) to use against Americans, that even a stupid moron, yes, even an American Corporation should know that they have a responsibility to work with diligence and skill to protect their customers' data, in particular their customer's passwords.

So what are we to make of the latest Verizon failure to (a) protect this data and (b) when notified by an outside firm of this exposure of customer data, failing to take the steps necesssary to protect the data in a timely fashion?

The facts in the case are that Verizon did not discover the breach, an outside firm did. The problem was that a Verizon subcontractor had maintained a complete database of Verizon's wireless customers, their user ids, personal information and, crucially, their PINs / passwords, in a cloud file that was open for reading by anyone. How the subcontractor could have made such a mistake is unknown, but the responsibility does not lie with them, it lies with Verizon to see that their customer's data is secure.

But even worse, is that when notified of the problem, it took two weeks, from June 8 to June 22, to correct the problem. And furthermore, correcting the problem was, in this case, relatively easy. You just protect the file on the cloud (in terms of who has read access to it) or you remove the file from the cloud. Now in the long run you may have to do something more sophisticated to achieve some larger corporate goal, but in the short run, just remove the file.

Since Corporate America has failed to take the steps necessary to protect Americans, it is up to Congress to improve the incentives to perform. A simple and probably effective way to do this is to put the senior executives of the corporation in prison for a period of correction, so that they can learn new and better skills to help them fit into society. I would think that a top executive, the CEO or COO, would require a healthy 10 or 20 years in prison, except in extreme cases.

In this case, though, a lesser penalty will probably be applied. The senior executives will probably be forced to accept a pay raise and a 7 figure bonus. This is America after all.

Here is a report on the Verizon data leakage


No comments:

Post a Comment