Posted by:
admin
16 years ago
Mordaxus at Emergent Choas has an inciteful post on how the government can protect people from identity theft.
I can think of a situation we need protection from. Here is a scenario. Let us take the case of a lender, Larry. We need a law to make it so that if Larry lends money to Alice, he cannot try to collect it from Bob. That's all we need. If we have that, we'll have all the legal protection we need to solve identity theft.This is an interesting idea, but I fear that it is too simplistic. I suspect that this is the current law. The problem is really the burden of proof. Currently, Bob has to prove to Larry that he did not borrow the money. Larry gets to put all sorts of nastiness onto Bob's credit report that Bob will never be able to get off. Bob can sue Larry, butas mordaxus points out, the way to change the business practice is to make it not worthwhile, which means a class-action lawsuit.
I don't know much about the law, but I would much rather have a successful class action law suit change the business practice than have more regulation. Regulation would be unlikely to work, IMO. I submit CAN-SPAM as an example. The problem with tort law as a solution is that we don't really know if it works. Almost all settlements are subject to confidentiality, and it is unclear if they result in a change of business practices.
A lawyer who has been good at getting industries to change their practices is Elliot Spitzer. I wonder why an aggressive state attorney general hasn't taken a whack at this? On the other hand, while Spitzer got the big music companies to agree to stop paying radio stations to play their songs, there is still only crap on the radio.
The best solution would be an free market solution. Please place you suggestions in the comments. There is one example of a regulation the did work, in my opinion: The Do Not Call List. We never get telemarketing calls anymore. So, if you are bothered by the amount of unsolicited credit card offers you get, you can opt out by calling 888-5-OPT-OUT (888-567-8688) or by going to https://www.optoutprescreen.com/
Share on Twitter Share on FacebookRecent Posts
- Blast-RADIUS attack
- The latest WiKID version includes an SBOM
- WiKID 6 is released!
- Log4j CVE-2021-44228
- Questions about 2FA for AD admins
Archive
2024
2022
- December (1)
2021
2019
2018
2017
2016
2015
2014
- December (2)
- November (3)
- October (3)
- September (5)
- August (4)
- July (5)
- June (5)
- May (2)
- April (2)
- March (2)
- February (3)
- January (1)
2013
2012
- December (1)
- November (1)
- October (5)
- September (1)
- August (1)
- June (2)
- May (2)
- April (1)
- March (2)
- February (3)
- January (1)
2011
2010
- December (2)
- November (3)
- October (3)
- September (4)
- August (1)
- July (1)
- June (3)
- May (3)
- April (1)
- March (1)
- February (6)
- January (3)
2009
- December (4)
- November (1)
- October (3)
- September (3)
- August (2)
- July (5)
- June (6)
- May (8)
- April (7)
- March (6)
- February (4)
- January (427)
2008
- December (1)
Categories
- PCI-DSS (2)
- Two-factor authentication (3)
Tags
- wireless-cellular-mobile-devices (7)
- Two-factor authentication (10)
- Wireless, cellular, mobile devices (6)
- NPS (1)
- Phishing and Fraud (111)
- Active Directory (1)
- pam-radius (3)
- privileged access (2)
- Cloud Security (10)
- Mutual Authentication (60)
- Web Application Authentication (1)
- Authentication Attacks (99)
- pci (50)
- Security and Economics (97)
- WiKID (133)
- pam (2)
- VPN (1)
- Installation (2)
- RADIUS Server (1)
- Open Source (64)
- Tutorial (2)
- Strong Authentication (35)
- Information Security (137)
- Transaction Authentication (13)
- Miscellaneous (100)
- Linux (2)
- transaction-authentication (6)
- Two Factor Authentication (254)