Friday, March 30, 2007

Did we waste too much time last week blaming TJX for the dark side of the Information Age?

With the (estimated) 45.7 million records being compromised in the TJX breach, everyone seems focused on placing blame on the retail industry.

We seem to quickly forget that others, including institutions of higher learning, the financial services sector and even the government have been compromised pretty frequently, also. And even though massive data-breaches facilitated by hackers makes good press, the truth is that information is stolen on a less newsworthy basis, daily.

Brad Dorfman (Reuters) might have put it all in perspective when he wrote:
Consumers who want to be sure about protecting their personal data and preventing identity theft might need to pay solely with cash, shun retailer loyalty programs and only make returns when they have a receipt.

They might also need to stop paying taxes, serving their country and getting an education (my emphasis).

Brad's story about why retailers are one (my emphasis) of the targets, here.

Meanwhile the retail and financial services industries seem on the verge of fighting a battle of who should be (financially) responsible for all of this. Of course in the bigger picture, I can think of a few other industries to push the blame towards, also.

We spend a lot of effort and resources trying to spread out the financial burden of information theft. While this might be enabling some of those concerned (industries starting to point fingers) to keep writing the costs of information theft off, it isn't stopping very many of the facilitators.

I sometimes wonder how much better we might be off if we went after the facilitators more aggressively? Resources to do this are minimal and if you don't believe me ask any victim, who tried to get something done with their individual case. Even better, ask someone who has the unfortunate job of trying to help some of these victims.

Until we make stealing information harder to do and start punishing the facilitators, problems associated with the dark side of the information age are probably going to continue have a ever growing financial burden.

In the criminal world, the 45.7 million compromised records, were yesterday's opportunity. What opportunity are they exploiting right now?


Anonymous said...


EXACTLY. That's what I've been saying for years. We don't do nearly enough to aggressively pursue computer criminals.

Part of the problem is that police departments on the local and state level don't have the resources and training to really get deep into going after hackers, cybercriminals, etc. And at the federal level, the emphasis seems to be much more on spying on honest citizens than going after real criminals--at least in this era of the PATRIOT Act.

As long as the gray/black market sees that there is no real incentive to stop, they will keep on with their business, and the involved industries will continue playing the blame game.

Martin H. Bosworth (MyPublicInfo) (ConsumerAffairs.Com)

Jeremy said...

There is another problem in that we can more effectively secure many of the systems in place, but it comes at a cost of end-user experience. Take the ATM card for example: a hexadecimal system for pin codes would be infinitely more secure while only adding 6 more characters to a keypad, but it would make it prohibitively more difficult for the common person to remember. Additionally, the most insecure point on all of our systems are with the end user and their passwords on their systems, or these laptops left in taxis or on the bus -- data stored there is less secure and more easily accessed than if it were permanently kept on servers, but then it takes extra steps for the user to access and use the data for a job or make a purchase.

In short, I think the solution starts with educating the end users on data security and building with them a desire to protect their own information.

voir_dire said...

I tried exposing the alleged fraud that is presently happening with a series of websites engaged in research and essay writing. These websites are operated by Ukrainians but under American domain registries.
The authorities (at least those I coordinated with) seem to be uninterested because according to them they are on tight budgetary constraints.
So I suppose we will just allow these people another two years again to scam the rest of us.
More details at: