Slashdot Mirror
Are We Ready For a True Data Disaster?
snydeq writes "Fatal Exception's Neil McAllister questions how long we can go before a truly catastrophic data disaster strikes. 'The lure of potential profits in the information economy, combined with the apparent ease with which data can be gathered and a lack of regulation, creates a climate of recklessness in which a "data spill" of the scale of the Deepwater Horizon incident seems not just likely, but inevitable.' Witness Google mistakenly emailing potentially sensitive business data to customers of its Local Business Center service, or the 1.5 million Facebook accounts and passwords recently offered up on an underground hacking forum. 'These incidents seem relatively minor, but as companies gather ever more individually identifiable data and cross-reference these databases in new and more innovative ways, the potential for a major catastrophe grows.'"
N-O.
We are never ready for any major disaster. It is silly to think we ever will be given our inability to agree on such major planning initiatives.
The question is, will we go for a top kill on the data leak, or will we first attempt more risky solutions which profit the data miners? What kind of concrete do you use to seal a data leak? And what's the conversion factor between the scale of an oil spill and the scale of a data spill? In other words, how do we get from m^2 to BAU (Bad Analogy Units), so we can compare them?
I read that the facebook users in question seemed to be automatically-generated bogus accounts, if they ever existed at all.
This topic has been covered on slashdot before, but running out of addresses will be a "data disaster" in its own right for many companies. Heck, even CNN is talking about it: http://www.cnn.com/2010/TECH/05/27/internet.crunch.2012/index.html?hpt=T2
Wow this copypasta is pretty old to be bashing Katz.
So I'm thinking about powerful solar flares wiping out all magnetic storage on the day side of the earth. Trillions of dollars in lost research data, crippled communications, you know, a catastrophe. Turns out this asshole is talking about compromised facebook pages.
Get a grip, drama queen.
I spilled hot grits down my pants this morning and when I flinched from the pain, I accidentally emailed a photo of a nude and petrified Natalie Portman to everyone in the company.
Ya, I sit every day in fear that one day my database systems will open up and spew ones and zeros all over gods creation, poisoning all nearby networks and data stores. Oh wait
INFORMATION DOES NOT WORK THAT WAY!
Article talks about things that already happen. He just tries to get page views by putting a stupid but referencing something completely different instead of what he is actually talking about, business continuity plans. He doesn't even seem to have any good insights on the matter either.
The only thing that it was missing was a reference to hurricane Katrina. Sorry, Neil McAllister, but you're apparently an idiot.
"I use a Mac because I'm just better than you are."
If we had all the security and privacy elements in place that we should, there would be no such thing as a "data disaster". There's no real limit to the degree to which we can secure personal (or other) data, if we actually put some effort into it. We just don't right now, because it's not on enough peoples' radars yet. Once the girl you met in the bar last night cares enough about her privacy to use, say, Diaspora*, then there won't really be such thing as a privacy disaster, because everything will be cryptographically secure between parties, and there won't be the Facebooks of the world out there with huge repositories of unencrypted personal data. Right now she doesn't.
There's also a truly mindboggling amount of irresponsibility on behalf of the various financial institutions of the world (and the like), for most of the same reasons. Nobody cares enough to do security or privacy the right way. Yet.
Google, for whatever reason, CRASHES.
Given that 99% of personal computer users, don't backup their data, imagine the panic.
IMAGINE a Senate committee to "investigate" the crash. IMAGINE the government propaganda.
Yours In Astrakhan,
Kilgore Trout
In the spirit of letting no crisis go unused, we should have a new privacy law crafted and ready to pass when the next Data Valdez strikes.
The Patriot Act was mostly a pre-existing fairlyland wishlist for law enforcement that was sitting on the shelf when 9/11 struck.
I don't know if pro-privacy advocates are that organized, but EFF and others should have legal language already formed into a bill, IMHO.
movie where the premis is they need to transfer a few billion in cash.
The reason being that electronic banking had become to easy to break.
While the movie was bad, the premise is interesting.
The Kruger Dunning explains most post on
that's why we use distributed systems.
The Kruger Dunning explains most post on
Don't you think the governments already have enough data to count as a catastrophic, worldwide privacy breach with as much as they can cross-reference? Don't tell me that certain three-letter folks can't also just talk to their contacts inside Google/Facebook/Skype/etc and get whatever info they might not already have.
The only difference is that it's not a for-profit corporation with that amount of reach into the data, it's the for-power structures.
Are you insured against the risk of volcanos? The center of our planet is just one big ball of pissed off magma. Eventually, it could all come out and destroy your way of life. Just like that topical natural disaster.
- J. Johnson, Volcano Insurace Salesman
...Yep!
My identity was comprised once, and since then I've hardened my security and never put all of my financial eggs in one basket.
I host my own data in an encrypted online backup, and make quarterly physical encrypted backups (stored in two cities 1,300 miles apart). Several trusted parties each have a piece of the keys.
Hell, I was stranded in the Canadian wilderness for 3 months in the winter (-40 degrees) and survived that quite easily.
I crave this world wide total data disaster! (Which will never happen.) It would give us the chance to start this mess all over and do things right (no more Patents! Yay!) I'd finally be able to use my own damn code!
That which doesn't kill me makes me harder, better, faster, smarter...
We're so desperate to suck the last gallon of oil out of the earth that we've reached our technological limitations and soon peak-oil will devastate the modern world and you have the gall to call data-loss a "DISASTER"! Perspective man. Perspective.
Over-the-top Response Guy! Giving "Over-the-Top Responses" since 1970.
There are a few facets to the issue - let me try to dissect them:
Just like in statistics -- corporations are not looking for a particular person, but they are trying to aggregate it all and derive a trend or more accurately a statistical model. And just like in statistics -- the outliers will stand out.
I'd figure it be a series of data centers blown up by some event, but in the summary it hints at identity theft. I'm not sure if any data that can be taken that easily in so large amounts can qualify as a disaster.
I don't think I even own or have any data that could undergo a disaster. The worst that could happen is that my work computer gets misplaced or destroyed somehow, but it's almost all backed up somewhere else, so no disaster, not even a personal one.
My private data, well, what I haven't backed up, I can recreate. And I haven't willingly leaked any personal info online, despite the trend. Even so, is losing your Facebook page, or even millions of people losing their social webpages really a disaster?
I honestly don't care about stocks, btw. It seems they're all in it to squeeze the most out of the system, not to benefit the general economy. If they crash and burn, meh.
We are all God's parents.
The quick-drying kind, that's useful for custom-fitting a pair of "shoes".
Cheers,
"What in the name of Fats Waller is that?"
"A four-foot prune."
Every time ANY "disaster" hits there will always be people who want to use it as an analogy for something else.
And those people usually have no idea what they're talking about.
But they use the current disaster to grab headlines.
Blue penis pills will start posting on fb profiles everywhere! Oh the horror!
-and-
Now imagine a criminal organization that is interested in collecting that information and sorting it into personal profiles. Start with a database of social security numbers.
Now add enough detail to be able to get loans or credentials in the names of those people (with the aforementioned social security numbers).
It wouldn't take much processing power or storage.
... to have a data disaster happen, one that was not recoverable.
This would be like the biblical tower of babel falling and as a result this would help push us to our next stage of evolution.
It is society, population that pushes us to resolve bigger and bigger social problems.
What we need is a global data disaster effecting everyone, including military.
Such as what a massive solar flare could cause.
Should such a thing happen, then in order to just maintain some level of society, alot of dishonesty and deception will have to be put aside.
So much so that we'd be forced to develop better means of communication containing inherent verification.
Tower of babel, but of a different nature and different solution.
Fry: "Bender what's wrong?!"
Bender: "It was horrible ones and zeros everywhere, and I think I saw a two."
Fry: "Its OK Bender there's no such thing as two."
There is far too much redundancy. So much data unwittingly gets duplicated by one way or another that I doubt we would ever face such a disaster.
I'm god, but it's a bit of a drag really...
So, for example when a bank says that my identity has been stolen and my bank account drained, what they're really saying is some data they held became insecure and they let an unaurthorised (i.e. not me, or someone I have power of withdrawl to) person take it from them, and that lack of care on their part allowed someone to take money from them (but not from me).
it's only after these sorts of ownership and liability factors are widely accepted and written into law, that we can start to assign responsibility for information that people or organisations hold regarding us. I fully expect that once organisations are deemed liable for any damage or loss that occurs because they lose or fail to secure their data, the problems of identity theft, data loss and security will solve themselves.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
If I have to start over at level one again my girlfriend will KILL me!!
sig loading.......
Got my bunker filled with canned food, fuel, ammo and shotguns. Now I just need to wait untill the data zombies stop roaming Earth.
I can't really think of many examples, and the article certainly doesn't provide any examples.. Not even a "worst case scenario" type of doomsday prophecy. And only one of the things I can think of amount to a "leak"...
If all the worlds' financial data suddenly became truly public, or disappeared entirely (they amount to the same thing, either was they would have to start all over) could be bad, I suppose.. at least for a lot of people. Good for others.
If all of the weapons data in the US ("ICBMs for Dummies" "The Complete Idiot's Schematics for Nuclear Weaponry") the things could get ugly in a hurry.. Either that, or everyone would have nukes, and we would be back into the MAD scenario... or they would simply lose all effectiveness as a threat,since everyone had them...
Windows was released years ago and we managed to survive. What can be worse?
... and every PXT a goatse.
Now that would be a catastrophe.
You are not a brain: http://books.google.com/books?id=2oV61CeDx-YC
The UK's tax office lost 2 discs containing the entire country's child benefits database. 3 years later, it seems that it didn't get into the hands of fraudsters.
http://en.wikipedia.org/wiki/Loss_of_United_Kingdom_child_benefit_data_(2007)
Frankly, I celebrated. It was largely because of this that the average Brit became opposed to the NuLabour's attempt to build Stasi 2.0.
I've always been curious as to how the world would behave if it lost the Internet for a while. A lot of people I work for go spastic if they lose their connection for more than an hour, I can't imagine what they would do if they lost it for a week.
Despite the fact the Internet was conceived of as a decentralized network, it's actually quite centralized. It would only take a few well placed attacks to bring it to its knees. Think of the Northeast Blackout of 2003. That wasn't even an attack, that was just some overgrown trees.
Bibo Ergo Sum.
You see, we've been preparing for that since a long time ago. The day we all lose our valuable data, we just need to pay a reasonable amount of money to all those cybercriminals who hack our systems and steal our data in exchange for a ransom. See? With enough money, the system works!
Are we going to lose all the great music that was made in the last third of the 20th century? NO, Because hundreds of millions of people refuse to obey the law as brought down from Mt. Sinai by the RIAA. By making millions of bootleg illegal MP3 copies of the our generation's music, we ensure that it will be around through any data disaster that could befall any centralized data storage depository.
The more widespread data is; the more protected that it is.
It's the culture of the 'greatest generation' that's going to disappear. The people who were born in the first third of the 20th century and lived their lives trusting their culture to corporate jerkoffs. Heard any great music from the 1930s or 1940s lately? It's quite possible that you never will. No one's collecting it. No one's preserving it. No one's copying it. No one's distributing it. When the vinyl from that time all chips, breaks, and wears out, the music of that era is gone.
If you want to protect your data, copy it, bury it, review it, play with it. But for god's sakes, don't encrypt it
.. that we don't know what data we do have, what data we should have, why we have it, what we want to do with it. Data itself is the problem we are collecting collating, storing this crap, if I collect and store enough tires they will eventually catch fire and burn things and poison people, I done know how you really go about estimating the cost of what has already happened, which seems to me to be disastrous, but things like 10 million CC number released, or 10's 100's of millions of Social security/bank account numbers (or sub. for which country you want) released are causing giant disruptions to people individual lives and costing who knows how much in fixing, just as a small example, I had a friend that had his credit score wreaked because of an unsolicited CC that was never activated but charged a something like $2 fee (which it was not supposed to), which was of course never paid since he was completely unaware of it and more than a year, many e-mails and phone calls and lots of straight out frustration an misery it was finally fixed what is that 50? 100? hrs of peoples wasted time and that was a simple billing error never mind a full on identity theft or any number of thousands of other problems erroneous or stolen/posted in to open information can cause to individuals (primarily the ones who pay the cost of these problems) if you want to count it in purely dollar cost my bet is we have already had hundreds of disasters that equal or exceed DWH, certainly on a personal level the level of disaster about to be experienced by the residence of the coast has been exceeded many many times world wide, but it is more diffuse and so less noticeable. I can't list all of the potential problems and people who should be here don't need me to tell them.
Data + Human = TONFO It's the only way to be sure
Sorry wait I'm not a web 2.0 weeny "I say we take off and nuke it from orbit,... its the only way to be sure.."
Besides I didn't RTFA
We farm the processing of a great deal of data to low-wage countries that don't even like us. To be managed by guys whose entire year's pay is the same as what you're paid for a week. Which means they are very easy to bribe. Oh and they also think we Americans are evil lazy shits who deserve the pain and suffering we get.
What I am saying is that a disastrous data breach involving millions of Americans' financial or medical data will happen more likely overseas than it will happen anywhere in the U.S. And when it hits you, you will have absolutely zero recourse. Of course, someone could show I'm wrong by explaining to us how the FBI can manage to arrest an identity thief in Bangalore...
So not only are we unable to agree on disaster planning, but the entire system is DESIGNED to provide fertile ground for a disaster.
--- Grow a pair, liberals... stop letting the Republicans bully you!
biometrics is harder to maintain than one would think (and therefore harder to use). in my experience, once enrolled onto a system, BOTH, a system hardware change and a system SOFTWARE change, can corrupt the file(s) holding the biometric data. The fix is easy for me, -just turn off the biometrics BEFORE making such changes. But for Jane and Joe user, who don't understand how or why to control 'automatic up-dates', biometrics become just too much to deal with. (this is posted before I look at anything already posted below the post it is attached to)
cjacobs001
A true 'data disaster' would have to be defined to include: 1) loss of data (including minor and major losses)[data is gone]. 2) loss of integrity of that data [the current data cannot be authenticated]. 3) loss of use of the data, even temporarily [loss of access]. 4) loss of the confidentiality of the data [unauthorized exposure of the data, including unauthorized capture]. 5) Unauthorized USE of the data. --->> whether the loss is for an individual or a larger organization can not be a consideration in the definition. the definition would include such loss as may caused, directly or indirectly, by authorized possessors of the data AND unauthorized possessors of the data. Data Disaster. HOW TO PREVENT DATA DISASTER . . should be a topic
cjacobs001
Does this story set some type of record for the number of icons that appear with it?
There is no real legal right to privacy, in the US at least, and IMO that is a good thing. There is nothing about you or me that is very unique and worth hiding. For the mere issue of people being embarrassed by their own actions or existence it is not worth removing all the great uses of collected data. Obviously collecting publicly exposed data is different than invading a user's personal space. If I take a photo of someone on the street it's okay. If I sneak into their bedroom it's not. If I pick up their unencrypted data it's okay. If I break into their network it's not. If I record everything a user is publishing about themselves when they visit my website it's okay. If I use a security hole to install a keylogger it's not. It's a pretty obvious line. The more data people will expose the better services they will get. For example by collecting data from all visitors to my website I can analyze what users from a given region during a given time of the year are most likely to be looking for. If I pull the weather information for users based on their location I can go further and suggest products based on the recent weather. If it's unseasonable cool this year the system can say "Hey usually I'd suggest swimsuits but it's still cool this year so I'll suggest long sleeved tees." Consumers love that kind of service but it happens because we collect and analyze data about all our customers. In today's paranoid environment with people screaming about privacy and copyright could services such as Google even have been created? I think they'd quickly be sued out of existence. Innovation should not be a victim of frightened idiots. I think it's completely stupid that we don't have a national id. For example I've been fighting with the IRS for years now because either they made a typo at some point or someone stole my identity (but only for taxes?) and used my SSN. I've jumped through hoop after hoop trying to prove I'm really me. Last year I finally got them to except my letter from the Social Security office that I am me and they finally sent me a small portion of the tax refunds they owe me - this year I've again received nothing as they seem to again be in doubt if I'm really me. I haven't moved, they can call my mother, I have a driver's license, etc but none of that helps. They should require taking unique identification, fingerprints and DNA at least, when issuing a SSN and forever after be able to verify who you are. I'd go as far as issuing everybody a unique mailing address, phone number, and email address with their unique id so they'd have a known point of contact for life. All other endorsements such as credit cards, drivers license, insurance, etc should just be data attached to your unique id.
At what price learning? At what cost wisdom? The price is a man's peace of mind, and the cost is his life.
Anyone without backups today is crazy. I switched my laptops to SSD and all other systems are at least RAID 1, all backup to NAS (that is again RAID), and critical data gets backed up remotely. If we didn't have such crappy bandwidth here in the US I'd say everything should be remotely backed up (encrypted and saved to the cloud). I think it's only a matter of time before the average home has it's own cloud server. Something that securely stores and backs up data both locally and remotely as well as offering additional processing power to mobile devices (laptop, tablet, phone) on demand. My local disk is really little more than a data cache to enable faster access and occasionally leaving the network. Already becoming reality in many businesses although it's still a rough do-it-yourself solution to a large degree.
At what price learning? At what cost wisdom? The price is a man's peace of mind, and the cost is his life.
I've known some people who I would swear would have problems passing the Turing Test.