[129051] in cryptography@c2.net mail archive
Re: Surveillance, secrecy, and ebay
daemon@ATHENA.MIT.EDU (Sherri Davidoff)
Sun Jul 27 10:34:39 2008
Date: Sat, 26 Jul 2008 16:28:08 -0400
From: Sherri Davidoff <alien@MIT.EDU>
To: mab@crypto.com
CC: Cryptography <cryptography@metzdowd.com>
In-Reply-To: <F0B0C17A-2FA4-48B7-AE1F-84BF945AF67A@crypto.com>
Matt Blaze wrote:
> Once sensitive or personal data is captured, it stays around forever,
> and the longer it does, the more likely it is that it will end up
> somewhere unexpected.
Great point, and a fundamental lesson-of-the-moment for the security
industry. To take it one step further: The amount of sensitive
information an organization stores is roughly proportional to the number
of data leaks it initiates. We already know that information "wants" to
be free, and if you keep information around, sooner or later, it's going
to leak out. (There's probably some mathematical way to describe this
relationship.)
Rather than expecting companies to keep data totally secure and then
send apologetic letters when it gets lost, perhaps we should start
taxing companies in proportion to the amount of sensitive information
they store, and use that tax to assist victims of identity theft. This
would have the double benefit of giving companies immediate incentive to
reduce the amount of information they store, and would also provide
appropriate public funding for incident recovery.
Sherri
--
http://philosecurity.org
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
