Forum latest

"new paper suggests that hackers have become the folk devils of computer security"
Written by Daniel   
Thursday, 15 March 2007 07:21
Breaches of personal data: blaming the myth and punishing the victim
ARS Technica
By John Timmer | Published: March 14, 2007 - 06:10AM CT

A study that will appear in the Journal of Computer-Mediated Communication later this year analyzes failures to secure computerized personal records. One of its authors, Phil Howard, was kind enough to provide Ars with a draft copy of the paper. The analysis suggests that both the public understanding of these leaks and the legislative response to them are focusing on the wrong targets.

The study used press reports to identify incidents in part because there is no centralized reporting mechanism, and in part because many of the incidents have not resulted in prosecutions. The authors did require independent verification of incidents, and used the lowest figure for the number of records compromised when reports did not agree. Even by these conservative standards, the results were enormous: over 1.9 billion records exposed, or an average of 9 records for every American citizen.

That figure is almost certainly an extreme underestimation. State laws requiring a reporting of personal information loss only came into effect within the past three years. Almost certainly as a result, there were more reported incidents in 2005 and 2006 than all the previous years combined.

The researchers separated the incidents according to a number of criteria, including the cause (hacker, lost hardware, etc.) and the organization that did the losing. Their analysis suggests that we're both misidentifying the cause of the losses, and incorrectly targeting our legislative responses accordingly.
Hackers: the security folk devil

In a recent dissection of the connection between gaming and violence, the term "folk devil" was used to describe something that can be labeled dangerous in order to assign blame in a case where the causes are complex and unclear. The new paper suggests that hackers have become the folk devils of computer security, stating that "even though the campaign against hackers has successfully cast them as the primary culprits to blame for insecurity in cyberspace, it is not clear that constructing this target for blame has improved the security of personal digital records."

Part of this argument is based on the contention that many of the criminal groups that engage in illicit access to records are culturally distinct from the hacker community and that the hacker community proper is composed of a number of subcultures, some of which may access personal data without distributing it.

But, even if a more liberal definition of hacker is allowed, they still account for far less than half of the data losses. The report states that "60 percent of the incidents involve missing or stolen hardware, insider abuse or theft, administrative error, or accidentally exposing data online.".... Much More!

Discussion in the Forums. 


See also

None found.

Hardware | Windows | Linux | Security | Mobile Devices | Gaming
Tech Business | Editorial | General News | folding@home

Forum | Download Files

Copyright ©2001 - 2012, AOA Forums.  All rights reserved.

Alliance of Overclocking Arts

Links monetized by VigLink

Don't Click Here Don't Click Here Either