![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
osewalrusNew working hypothesis. If correct, the entire concept of market incentives for privacy needs to be substantially altered. Not that creating such a market is impossible er se, but the belief that disclosure and consumers can "vote with their feet" is provably invalid because the rational consumer -- like the rational car buyer -- must assume that the device is or will become a "privacy lemon" rather than a "privacy creampuff."
Not gonna bother to unpack that unless someone is actually interested. But I need to park it somewhere or two weeks from now I'm going to be looking for the stupid scrap of paper.
Not gonna bother to unpack that unless someone is actually interested. But I need to park it somewhere or two weeks from now I'm going to be looking for the stupid scrap of paper.
no subject
Date: 2018-02-09 02:45 pm (UTC)There's a big problem: the industry does not generally know how to build secure systems, where secure is minimally defined as "gives only the appropriate information to the right people, and does not give inappropriate information to anyone". There are special cases which may be secure, but most complex systems which make general security claims are not.
We can improve incentives: for instance, a bank could guarantee that no inadvertent disclosure of your information would put you at risk of more than $100 loss in the same way that unauthorized credit card use tops out at $50. But the fact of the matter is that the bank would not have any particular internal assurance that they were doing things correctly.
New salescritters occasionally contact me in my $work capacity, making assurances about how secure their cloud environments are. I ask them if they are willing to indemnify us for the complete value of loss of information, assuming that the loss is their fault. New salescritters are sure something can be worked out, and bring in their lawyers... who need about fifteen seconds to say no, not a chance. So we don't increase our attackable surface, and remain hunkered down trying to do the right thing.