Schneier: Make Banks Responsible for Phishers

abgillette writes "Writing for Wired News, security guru Bruce Schneier says that the only way to stop phishers and identity thieves is to make financial institutions solely responsible: "Push the responsibility -- all of it -- for identity theft onto the financial institutions, and phishing will go away. This fraud will go away not because people will suddenly get smart and quit responding to phishing e-mails, because California has new criminal penalties for phishing, or because ISPs will recognize and delete the e-mails. It will go away because the information a criminal can get from a phishing attack won't be enough for him to commit fraud -- because the companies won't stand for all those losses.""

idealism, security, convenience

[circletimessquare]

idealists, listen up: you can't have it both ways

you can't have robust security and easy convenience at the same time

you can have one, or the other, or a half-hearted mix of both that satisfies no one (like we have now), but that's it

if you understand this, then fine

but what i don't want to see is the usual suspects railing about the rise of big brother, and, at the same time, railing that bank customers should make their banks the masters of their personal information to conveniently protect them from themselves

if you are asking for banks to control your personal information, make sure you know what you are really asking for and the ramifications of that: becoming a ward of the bank, giving the bank the keys to your life, asking for big brother to enter your life

maintain some logical consistency in your worldview and study all the ramifications before you idealistically ask for everything, even for things, if you thought about it, wind up contradicting each other

such as ironclad security and superconvenience

as a segue, we can talk about privacy idealists too: sometimes, you have to drop your pants to do some kinds of business in this world, if you know what i mean