Hacker News new | ask | show | jobs
by mannykannot 3108 days ago
> You do know it is impossible thwart all data breaches right?

As RcouF1uZ4gsC's proposal contains measures to be taken when it happens, I strongly suspect that he does, in fact, know that.

> Zero-day attacks are still bound to occur... Geniuses are on the offensive side.

Most of the breaches have required neither of these. The goal is to improve the practice of security to the point where the only successful attacks would require both.

> No company in the right mind would agree to pay a tax when the inevitable happens.

You have a very unconventional idea of how companies generally operate.
1 comments
pmc1 3108 days ago
> I strongly suspect that he does, in fact, know that.

His proposals imply that he does not in fact realize that zero-day attacks occur. Negligence is one thing, but having state of the art security systems and still being punished for a breach is another thing. A state sponsored group with enough time and money can repeatedly infiltrate a system. A tax certainly wont solve the problem

link
majormajor 3108 days ago
I think you're missing the point entirely.

If your business is such that a tax penalty on a breach would make you no longer able to afford to do business, then you have two options: 1) don't store the data in the first place - your risk no goes to 0 2) scrap your business plan as the cost of holding the data given the impossibility of preventing every breach is greater than the economic value it would generate

Today you don't have to really think about what the cost of losing the data is because your portion of it is 0. That's stupid. It's like every startup deciding to include a new type of coffee machine that includes a small nuclear reactor - sure, we can't prevent all possible disaster scenarios, but the marketing people and data people REALLY LIKE having this type of coffee available, and the government isn't giving us any reason NOT to have it, so why not?!

So if a tax either makes you put money aside to account for the risk, or shuts down a bunch of frivolous examples of personal data collection, it's solved a huge part of the problem.

link
mannykannot 3108 days ago
You are using rare, worst-case events to, in effect, excuse the currently abysmal state of security. When we have reached the point where zero-days account for almost all the remaining successful attacks, we can revisit the question.
link