This morning we recorded a podcast posing the question “can legislation solve cybercrime?” Well, The Senate Judiciary Committee seems eager to play a part, passing a measure yesterday attempting to thwart computer attacks.
Measure S.1151 sets a national standard for data breach notification, replacing the various state initiatives already in place. It also makes concealing data breaches against the law, and toughens penalties on hacking attempts on critical infrastructure.
The bill, known as the Personal Data Privacy and Security Act of 2011, is the latest in a raft of legislation being proposed, a response to vociferous constituency complaints that companies weren’t doing enough to protect their personal data. Recently the headlines have been full of data breach incidents, and internet users are asking Washington to take action.
Public pressure for rapid legal action on subjects as complex as cybercrime and data theft is as predictable as it is fraught with growing pains. These are very complex, multi-faceted issues which defy over-simplified sound bites which have become so common. It’s as if internet users want a big red button labeled “fix”, preferably effective immediately, and that will still allow easy access and not disrupt their daily online habits. In reality, this will be a long process, involving players and vectors that haven’t even been designed yet. I can’t imagine trying to explain Twitter to my grandmother in 1995…a long and daunting conversation she’s not likely to either find important or remember. Cybersecurity adoption will only increase rapidly when people start to feel the pain, not when they read an article or hear about it from some far-flung place like Capitol Hill. Some will be proactive, but en masse people tend to respond much more rapidly to bad personal experience than the greater good of the world, but such is life. I still wish there were a full day’s nutrition in a tall mocha, but alas, there may still be some vegetables involved somewhere.
Author Cameron Camp, ESET