Rich Santalesa, a programmer turnedwriter and lawyer, brought an interesting turn of events to my attention last week. We need to pay heed:
通常,诉讼人必须遭受伤害 - 臀位会根据安全漏洞中发布的信息导致他们的身份盗窃或其他欺诈活动。
这意味着,如果您破解了,如果个人身份的信息被释放,淘汰,潜逃,等等。这也意味着,如果您相信目前我们大多数人被黑客入侵的公理,我们将征询诉讼。
The C guys—CIOs, CISOs and CEOs—are now potentially on the hook even if nothing happens to stolen data. Didn’t find it on TOR or on the WeirdWebs? No matter. Article III standing means an elevated worth to assets in your organization. Can you use those assets to inflate your network, or are the assets a contingent liability to your bottom line?
I’m not a CPA or a lawyer, and I can’t answer either question with any value to you, kind reader. Instead, consider your newly minted status as future member of some future class of litigants.
Will this improve systems security?
There arises a question: Is this a good or bad thing for people, who are like sheep to slaughter when it comes to protecting their personal information? For the people, it’s a great thing. It’s also good for lawyers.
But will it make the urgency to secure systems even more prominent? Yes, at least I certainly hope so. I’m not trying to make security products, software vendors and consulting firms rich. Really. But they are corporations, and they won’t be goaded into action until it hurts the bottom line.
I wish it were possible to make the decision also transferrable to the U.S. government, which leaks data like a sieve and no one seems to care. The thoroughly hacked government OPM database is only the most prominent that we’ve seen, and that the various Democratic databases were cracked like an egg is yet another total embarrassment and reason to distrust government in general, and party IT specifically. That IT people should fall on their swords is, of course, out of the question—until they become personally liable or we can post their heads on the fence at 1600 Pennsylvania Blvd. in Washington, D.C.
I'm reminded of the sad comedy ofF Troop, a bunch of misfits trying to fight each other. CEOs, like government officials in charge of data protection, have proven themselves to be bunglers when it comes to security. Their care for the personal assets of others to be ostensibly under their protection is abysmal. They don't care, and this new liability suddenly gives nexus for a reason to really care: those people whose data was compromised have been injured, whether there's a specific fraud or theft associated with the data loss.
Indeed there are those who do care, do try their best, and they've been defeated in spite of incredible diligence because zero-days, mistakes and accidents do happen. I understand these. I've been making big mistakes in computing for three-plus decades. But there are those who really don't care, weren't diligent, weren't tenacious and didn't really think it was a big deal when assets in their care were absconded. They now have a new obstacle: Article III status as a federal litigant.