You are viewing a single comment's thread from:

RE: Why I'm in Favor of the EU Cyber Resilience Act and You Should Be Too

in #cybersecurity8 months ago

"2. Security patching support for the lifetime of the product"

What immediately occurs to me is that this is inadequate for many products that involve biometric information. 23 and Me has just had hackers offer up it's datahoard. $1000 for 10,000 records of a group listed. Some of the records are of extremely wealthy and powerful people. The life of this product can be considered instant, however, and the 'product' the information delivered to customers as to their genetic origins. The lifetime of the DNA, however, is longer than the lives of the customers, because it affects their children, their relatives, and even their larger ethnic group, many of whom long outlive the specific customer.

Security patching isn't available for biometric data. The Russian Federation has just had it's records hacked, and many peoples medical information is on offer. Anyone that used their retinal scans, fingerprints, or other biometric data as some form of ID is now able to be spoofed by hackers, and they can never, ever change their biometric data, which will forever be linked to whatever crimes hackers spoof the owners of biometric data did. I don't seen any improvement in the situations of these people, from this regulation and I think that is a urgently needed matter.

Also, who will hold governments, not private companies accountable? I hesitate to even speculate what information 5 eyes governments have on their subjects, or how valuable it could be to blackmailers, competitors, or enemies of theirs. What good is this regulation if it does nothing at all to curb tyrannical governments acquisition of such data from private companies? Are companies compelled to indemnify their customers against being tortured as a terrorist by their government security forces? Excluded from private clubs for their genetic background, or being outed as a snitch and gutted by criminals? How will this regulation help them afflicted with private surveillance for sale to the state, as many companies, like Goolag, Fakebook, and Twatter today do?

Even the most mercenary of Black Hat hackers, like the ones selling data from the hacks I mention above, are less harmful than governments that buy data from companies that sell it voluntarily. Do companies have to reveal to their customers they have sold them out, rather than been hacked? Yahoo! famously just gave up it's customers to the NSA some years ago. Would this have helped them if Yahoo! did that today?

Thanks!

8 months ago in #cybersecurity by
$0.00
    Reply 2
    Sort:  
  • Trending
    • [-]
     7 months ago  

    Visibility is the first step towards accountability. This regulation will help drive that accountability at the most senior level, which should motivate change in a positive direction. It is just another step on the journey, not crossing the finish line.

    [-]
     7 months ago (edited) 

    It is a step forwards in that regard, but the caprice of data fiduciaries is unconscionable IMHO.

    Thanks!

    $0.10
    • Past Payouts $0.10
    • - Author $0.05
    • - Curators $0.05
    1 vote
    Reply