Security Breach Notifications

tom_stockwell_2.jpg

Somebody Stop Them Please!

Jennifer McAdams at ComputerWorld wrote a story entitled "After a Data Breach: Navigating the tangle of state notification laws can be exasperating -- and costly ."  

According to the story, conflicting state notification regulations are causing headaches for companies that have suffered a security breach. These regulations are designed to let consumers know that their vital information -- information that they trusted the company to protect -- has been compromised. Many of the companies that experience such data breaches wish there were a single regulation for notifying their customers.

Alas! No such national regulation currently exists, and Congress doesn't seem inclined to take up the issue.

A new opportunity for a financial service! 

To my mind, this is a bit reminiscient of national/international debate over spam and computer virus infections and how our economy and political systems react to technological crime: Congress will ignore the issue until some highly visible security breach creates massive loss for thousands of citizens. 

By that time, however, there will be hundreds of Internet companies whose sole business is notifying customers that their security has been compromised. Microsoft will have already created a module within Outlook that will field these email notifications. 

Outlook in turn will be interfaced to QuickBooks, which will transparently send a notification to the various credit card companies to stop payment on all items that are not validated in its QuickBooks database. 

The credit card companies will offer a service to electronically reissue a new credit card, on the spot, which will be sent immediately by FedEx.  Of course, the consumer will be charged $5.00 for this service, and the credit card won't be sent to you immediately.  But you will have the choice to expedite the shipment of the new credit card by agreeing to a slightly larger fee fee of about $25.00.  Of course, these fees will be added on to the usual credit card statement automatically.

Security Breaches Fueling Detroit 

But that's not all.  You see, the increase in the number of these expedited security notification transactions will require FexEx to purchase a fleet of specially equipped vehicles from Detroit.  These vehicles will have direct links -- using Sysco routers attached to the cellular phone system run by ATT -- to the home office's data bridge to the issuing credit card company.  This will enable the messenger of the FedEx vehicle to receive immediate information about a consumer's need for a new credit card.  They will be radio dispatched to drive to the home or office of the consumer and create a new plastic incarnation of the credit card.  This service will reduce the turnaround time from security breach notification to new credit card from two weeks (normal FedEx ground delivery) to two hours.

Of course, this industry will solve the problem, without the need for new regulation.  And everyone will be happy, right?  Well, everyone except the consumer.

Consumer Response 

It seems likely that those tight-wad consumers will balk at the number of times they are charged for the notifications they recieve. They'll complain to their congressmen, who will promise to schedule hearings.

But by the time Congress gets around to addressing the security notification issue, this industry will be so embedded in the economy -- affecting the financial, transportation, communications, and manufacturing sectors of the economy -- that lobbyists will protest to any change in the status quo.  It will have become a political issue that divides left wing and right wing factions within the country.  How?

Congressional Action Required 

Left wingers will insist that the cost of security notifications should not be charged to consumers, but should be the responsibility of the companies that allowed the security breach to happen in the first place.

Naturally, this idea will never fly.  Right wingers will accurately point out that large sectors of the economy are now dependent upon the security notification industry, and that tax breaks for both the consumer and the company that caused the breach will remedy the problem.

Hackers? 

And what about the hackers that created the initial breaches?  

Over time, they'll be recognized as creative entreprenuers that have added untold billions to the global economy.  They will be major employers of programmers whose sole jobs are to break into companies and extract the information that fuels the industry.

Eventually, they'll become public companies themselves with high-profile CEOs.

Certainly, it's this kind of entrepreunerial spirit will foster a career in public office.

Or, if they're highly successful, they'll start a non-profit organization with designs on curing the world of some pandemic. 

No public interest is anything other or nobler than a massed accumulation of private interests.

Mark Twain 

 

 {mos_fb_discuss:24}

Education that consists in learning things and not the meaning of them is feeding upon the husks and not the corn.~ Mark Twain
© Copyright 2011, IT Incendiary