Big companies that hold personal information of their client base have an inherent duty to protect this information properly. It is utter nonsense to claim that this is not possible - it is entirely possible. But when constructing a huge edifice of systems it is very hard to see potential bugs and entry points.
But an intrusion of this nature reveals a company is an emperor with no clothes. It is an absence of infrastructure methods and good practise as well as planning for intrusions. So many big companies executive boards do not understand how technology can protect them or where their risks lie.
"No system is infallible" followed by challenges to prove everyone wrong is not the solution to this huge problem. Sequestered validation services and heavy encryption of personal details is.
The opaque and ridiculously complex terms and conditions you sign AFTER purchase to protect such companies from their own failures is highlighted by this and similar incidences. The worst is obviously what we do not know and hiding behind lawyers is simply the wrong security policy.
Sony Playstation Hack
Who is at fault, and why?
Millions of Sony users will blame the company for inadequate protection of personal data. A class action suit is most likely impossible as a remedy, it achieves very little. That is why we have extensive terms and conditions, to protect corporate interests from predatory attacks.
Sony will blame the hackers for stealing their assets. 80 million online paying customers can expect a marketing onslaught. Using this data for criminal purposes is too obvious, short term and risky.
Legally and obviously the people at fault here is you and me. We must act to say no to unreasonable terms for software use. The law should protect you. It can not. Neither can many of the monolithic companies that sell stuff online. It is traditionally an anarchistic arrangement - you feel secure because nearly everyone on the web is equally at some risk so it is normally bad luck if you get hit with a virus. But the systematic theft of a user base is the fault of the law.
The law must keep up with the environment in which it operates. How? By regulating the big companies so they can not escape change due to the nature of their contracts with their consumers they so carelessly betray. The law must enforce certain checks and measures - the banking industry has learned the value of iron bound security, and now the globalised business needs to invest in the minds of clever security designers to foil attempts to steal their IP and their customers.
Instead of encouraging the politicians to talk about practical measures, the media tend to highlight the horror of credit card theft. They are just bits of plastic with numbers on them and the banks could be regulated into instantly replacing all Sony users with new numbers for their accounts.
So many applications rely on email as a valid point of contact. Until Google is raided at least gmail is pretty much that. Unless you type in the wrong address, you can still be fairly certain of a private channel without much effort.
Sony really should have protected their user information with better security design.
No comments:
Post a Comment