Let’s turn the TalkTalk hacking scandal into a crisis
Yesterday’s Observer column:
The political theorist David Runciman draws a useful distinction between scandals and crises. Scandals happen all the time in society; they create a good deal of noise and heat, but in the end nothing much happens. Things go back to normal. Crises, on the other hand, do eventually lead to structural change, and in that sense play an important role in democracies.
So a good question to ask whenever something bad happens is whether it heralds a scandal or a crisis. When the phone-hacking story eventually broke, for example, many people (me included) thought that it represented a crisis. Now, several years – and a judicial enquiry – later, nothing much seems to have changed. Sure, there was a lot of sound and fury, but it signified little. The tabloids are still doing their disgraceful thing, and Rebekah Brooks is back in the saddle. So it was just a scandal, after all.
When the TalkTalk hacking story broke and I heard the company’s chief executive say in a live radio interview that she couldn’t say whether the customer data that had allegedly been stolen had been stored in encrypted form, the Runciman question sprang immediately to mind. That the boss of a communications firm should be so ignorant about something so central to her business certainly sounded like a scandal…
LATER Interesting blog post by Bruce Schneier. He opens with an account of how the CIA’s Director and the software developer Grant Blakeman had their email accounts hacked. Then,
Neither of them should have been put through this. None of us should have to worry about this.
The problem is a system that makes this possible, and companies that don’t care because they don’t suffer the losses. It’s a classic market failure, and government intervention is how we have to fix the problem.
It’s only when the costs of insecurity exceed the costs of doing it right that companies will invest properly in our security. Companies need to be responsible for the personal information they store about us. They need to secure it better, and they need to suffer penalties if they improperly release it. This means regulatory security standards.
The government should not mandate how a company secures our data; that will move the responsibility to the government and stifle innovation. Instead, government should establish minimum standards for results, and let the market figure out how to do it most effectively. It should allow individuals whose information has been exposed sue for damages. This is a model that has worked in all other aspects of public safety, and it needs to be applied here as well.
He’s right. Only when the costs of insecurity exceed the costs of doing it right will companies invest properly in it. And governments can fix that, quickly, by changing the law. For once, this is something that’s not difficult to do, even in a democracy.
Another mermaid
Dockside, Copenhagen. But not the famous original.
Quote of the Day
“Those who surrender freedom for security will not have, nor do they deserve, either one.”
― Benjamin Franklin
The ghost city
London as seen through the ‘eyes’ of a car equipped with laser scanning. Creepy but oddly compelling.
From the New York Times.
The end of private reading is nigh
This morning’s Observer column about the Investigatory Powers bill:
The draft bill proposes that henceforth everyone’s clickstream – the URLs of every website one visits – is to be collected and stored for 12 months and may be inspected by agents of the state under certain arrangements. But collecting the stream will be done without any warrant. To civil libertarians who are upset by this new power, the government’s response boils down to this: “Don’t worry, because we’re just collecting the part of the URL that specifies the web server and that’s just ‘communications data’ (aka metadata); we’re not reading the content of the pages you visit, except under due authorisation.”
This is the purest cant, for two reasons…
I give up
To MI5 with love
The Economist‘s succinct summary of the draft investigatory Powers bill:
The government has been caught between the civil-liberties lobby and the intelligence agencies, with much dancing back and forth in the press over the past few weeks, but has come down on the side of the spies. It is in agreement with the public: a recent YouGov poll found Britons think spies should be given more powers (perhaps reasoning that Tesco knows more about them than MI5 ever will). Though civil-liberties groups, empowered by the information leaked by Edward Snowden, are louder than ever, the government has decided to speak for its intelligence agencies, who cannot speak for themselves.
I agree with everything here, except the last clause. Clearly the Economist hasn’t been reading the right-wing press, or listening to the spooks’ charm offensive on the media in the months leading up to publication of the draft bill.
US foreign policy in a nutshell
From Bill Moyers:
“ISIS is seen in Washington as a grave terrorist threat with the potential to knock over the unpopular and unstable regimes of the Middle East (i.e., our client states) like bowling pins. Yet the Washington Consensus sees as the key to defeating ISIS the undermining of the regime of Bashar al-Assad, ISIS’s principal military enemy. If a US general in 1942 declared the only way to defeat the Wehrmacht would be for us to fight Nazi Germany and the USSR simultaneously, he would have been committed to a lunatic asylum.”
Quote of the Day
“Vous êtes Anglais?” a French journalist asked Samuel Beckett. “Au contraire,” replied the Irishman.
Stacy Schiff in the NYRB.