2012 Olympics Security to be Chosen by Sponsorship

denebian devil writes "In an Editorial/Blog at ITPRO, Davey Winder writes of a keynote speech at Infosecurity Europe by Member of Parliament Derek Wyatt. In this speech, which was about the IT security demands of running the 2012 London Olympics, Derek Wyatt MP dropped the bombshell that IT Security at the Olympics will hinge not on which companies show themselves to be the best in their field or to have the technology that best meets the needs of the Olympics, but rather on whether or not the companies were a 'major sponsor' of the Olympics. So who has bought their way into being the security experts of choice, and with whom our security and that of the visiting millions will rest? Visa."

Re:Duh, it's the olympics.

[Rasit]

Salt Lake City cleared all of the homeless out of their downtown area prior to the Olympics, and they still haven't returned in the numbers they were in before. I don't know what they did with all of them,[...]

They were relocalised to a sunny vacation spot. Nothing else happened to them, the fact that the local schools was sold some very cheap steak around that time is completely coincidental.

Now stop asking questions about it or you will wake up with a goat head in your bed. (The mafia outsourced the horse head department to Sony)

Re:Millions of infections

[plover]

I still maintain that Visa is responsible for killing advances in credit security, rather than their current wrong-headed PCI approach to "enhance" them.

A decade ago, Mastercard came up with the Secure Electronic Transaction (SET) protocol. This protocol cryptographically ensured the security of credit card data, and was designed to be implemented in hardware at the retailers. Each one of those PIN pads is capable of participating in the SET protocol.

Visa killed it, because it rendered them irrelevant.

Visa itself isn't a credit lender. Visa is a commercialized industry group, very similar to the RIAA, providing a common badge to paste on the front of thousands of banks, and a common mode of operation for those banks. When you get a Visa card, it looks and acts like any credit card from any of the member banks. That's important because you (and the merchants you shop at) trust that if your card has a Visa logo that it will be honored. Back in the late 70s, that was vitally important because most credit commerce was conducted off-line. But now that we have ubiquitous electronic networks and everyone authorizes credit cards before accepting them, that logo means almost nothing. Now, it's a question of "does the merchant trust that they'll get paid?" The Visa logo lets the cashier know that his store does (or does not) trust the bank on the other end of the transaction. It assures the merchant that yes, this Visa member bank will pay them. But with a fully online transaction, the payment could happen automatically and securely. The merchant wouldn't care where the card came from, since the authorization went directly to the customer's bank, and their bank transferred their money instantly before the customer even walked out the door. There would be no need for intermediaries to skim their transaction fees for operating a special bank-only network, as the secured transactions themselves could take place over any public network.

This would have killed Visa. Instead, they swept SET under the rug and we've been dealing with phony cards and ID theft ever since. Now, they have a program called PCI-CISP, and it's used by Visa to deflect the blame to the merchants for leaking stolen data.

Re:Duh, it's the olympics.

[Bazman]

Plenty of shooting on US tv. Its called 'The News'.

Re:Ah, Smell that?

[profplump]

Apparently you've never employed anyone, or been a member of a partnership. Employees and partners aren't slaves or children, and their boss can't control all their actions. Therefore their boss should not be held accountable for all their actions.

Let's say Joe from IT uses his access to the business systems to get the backup encryption key and then steals one of the archived DB backup tapes. When he gets home he extracts a list of credit card numbers and sells or uses them. In this scenario the business policy provided reasonable protection of the credit card numbers -- the business systems were secured from general access and the tapes were encrypted. But Joe used the access he was necessarily granted to do his job to violate the trust of his employer and steal credit card numbers. Why should the CEO be personally liable?

Or for a small-business example try this one: you and your partner start a business. You hire skilled and reliable workers, you do good work, and your customers love you. Everything is going great and you land a big contract. Then your partner takes all of your liquid assets including the contract payment and skips town. Your business now has no cash to complete the contract or issue a refund, and you didn't do anything wrong, other than trust your partner -- should you lose your home because your business partner turned out to be a thief?

There are scenarios where the directors or owners should be held accountable; any time that the management of a company makes decisions that hurt people though direct action or negligence they should be held accountable. And contrary to your apparent belief it is possible to sue the directors and owners of a company personally in any case where they were actually at fault. It's just not possible to sue them personally in cases where they were not at fault, and there are socially valid reasons for making that distinction.