http://www.finextra.com/fullstory.asp?id=13952 US consumers want companies fined for security breaches
The majority of US consumers want to see criminal charges levied against companies that fail to protect their personal data, as one in five individuals admit falling victim to identity theft. ... snip ... part of this is the risk proportional to security post that i frequently repeat http://www.garlic.com/~lynn/2001h.html#63 part of the issue is that these tend to not be security *integrity* breaches that threaten the companies involved. these tend to security *privacy* breaches that threaten the customers, where (static) personal data can be used in account and/or identity fraud. In some cases, as little information as a valid account number is sufficient to generate a succesful fraudulent transactions. I had provided a motherhood statement for the x9.99 financial standards privacy standard .... something to the effect that most *privacy* security tends to require a rethinking of the security landscape .... since these security threats aren't directly against the institution, they are against customers of the institution (unless the gov. can translate such *privacy* breaches into direct threats against the institution in the form of fines or other regulatory/legislative action). somewhat related post http://www.garlic.com/~lynn/aadsm19.htm#47 the limits of crypto and authentication --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
