Are We Ready For a True Data Disaster?

← Back to Stories (view on slashdot.org)

Are We Ready For a True Data Disaster?

Posted by timothy on Thursday May 27, 2010 @09:32AM from the no-no-no-no-and-no dept.

snydeq writes "Fatal Exception's Neil McAllister questions how long we can go before a truly catastrophic data disaster strikes. 'The lure of potential profits in the information economy, combined with the apparent ease with which data can be gathered and a lack of regulation, creates a climate of recklessness in which a "data spill" of the scale of the Deepwater Horizon incident seems not just likely, but inevitable.' Witness Google mistakenly emailing potentially sensitive business data to customers of its Local Business Center service, or the 1.5 million Facebook accounts and passwords recently offered up on an underground hacking forum. 'These incidents seem relatively minor, but as companies gather ever more individually identifiable data and cross-reference these databases in new and more innovative ways, the potential for a major catastrophe grows.'"

31 of 113 comments (clear)

Easy and Obvious answer by modmans2ndcoming · 2010-05-27 09:42 · Score: 4, Insightful

N-O.
We are never ready for any major disaster. It is silly to think we ever will be given our inability to agree on such major planning initiatives.
1. Re:Easy and Obvious answer by Monkeedude1212 · 2010-05-27 09:56 · Score: 4, Insightful
  
  I think more accurately, if we were prepared for it, it wouldn't be a disaster.
2. Re:Easy and Obvious answer by Afforess · 2010-05-27 10:42 · Score: 2, Funny
  
  No.
  If we were ready, no one would run stories on whether we are ready or not. Duh!
  
  --
  If our elected representatives no longer represent us, do we still live in a Democracy?
3. Re:Easy and Obvious answer by darkpixel2k · 2010-05-27 11:23 · Score: 2, Funny
  
  "What, exactly, constitutes a 'True Data Disaster?"
  Are we talking about a data leak that effectively kills a company's credibility dead?
  No, we're talking about a massive sunspot that destroys the interweb.
  
  --
  There's no place like ::1 (I've completed my transition to IPv6)
4. Re:Easy and Obvious answer by homey+of+my+owney · 2010-05-27 11:26 · Score: 2, Insightful
  
  I'm sorry, perhaps you need to qualify disaster. Prior to my reading this, I thought the 100 million (now estimated) accounts compromised in the TJX breach or the approximately 100 million in the Heartland Payment Systems breach, were just that - disastrous.
5. Re:Easy and Obvious answer by turbidostato · 2010-05-27 11:47 · Score: 2, Insightful
  
  "I'm sorry, perhaps you need to qualify disaster.
  A disaster qualifies itself by the loses it induces. Take an earthquake, a tsunami, a stock crash...
  "I thought the 100 million (now estimated) accounts compromised in the TJX breach or the approximately 100 million in the Heartland Payment Systems breach, were just that - disastrous."
  So you thought, uh? What exactly were the loses? Specifically, what were the loses for those responsible of the incident? Because if there were no loses, then there's no disaster. A nuisance or an incident, maybe, but not a disaster.
6. Re:Easy and Obvious answer by SEWilco · 2010-05-27 12:11 · Score: 2, Funny
  
  I think more accurately, if we were prepared for it, it wouldn't be a disaster.
  
  I'm ready. I have a very large stock of data dispersion chemicals.
Dataspill? by ChrisMounce · 2010-05-27 09:42 · Score: 5, Funny

The question is, will we go for a top kill on the data leak, or will we first attempt more risky solutions which profit the data miners? What kind of concrete do you use to seal a data leak? And what's the conversion factor between the scale of an oil spill and the scale of a data spill? In other words, how do we get from m^2 to BAU (Bad Analogy Units), so we can compare them?
1. Re:Dataspill? by K.+S.+Kyosuke · 2010-05-27 10:05 · Score: 4, Funny
  
  What kind of concrete do you use to seal a data leak?
  Data leaks are sealed by abstract, not by concrete. Interfaces, traits, the works.
  
  --
  Ezekiel 23:20
2. Re:Dataspill? by Monkeedude1212 · 2010-05-27 10:15 · Score: 2, Funny
  
  how do we get from m^2 to BAU (Bad Analogy Units), so we can compare them?
  Easy. We take a Car analagy, and use the units (CAU), divide by 1 Bad Analagy unit, leaving 1Car over 1Bad.
  Next, we know Microsoft is bad, and their current market cap is 227.86 Billion Dollars. One of the most popular cars to make fun of in Analogies is a Prius, so you can turn your 1 car into 49miles per galon. Gas is averagely priced at 3.1 dollars per gallon, so you can multiply the miles per galon by that amount to get miles per dollar. So we have 15.8 miles per dollar. Units cancelling out, we get about 14421518987 miles, converted to meters is about 23209185052614. (I should mention these are rough estimates.)
  Rooting that simply because I can, works out to be about 4817591 meters squared.
  Make sense?
3. Re:Dataspill? by ztcamper · 2010-05-27 11:58 · Score: 4, Funny
  
  I think top kill approach that involves strong EMP would work like a charm. Nuke it from orbit. It's the only way to be sure.
4. Re:Dataspill? by mcgrew · 2010-05-28 01:37 · Score: 3, Funny
  
  There's already a data disaster. I'm drowning in data! Somebody throw me a lifeboat, quick!
  *blurb blurb blurb blurb blurb blurb blurb blurb*
  
  --
  Free Martian Whores!
Facebook users? by dave420 · 2010-05-27 09:43 · Score: 3, Informative

I read that the facebook users in question seemed to be automatically-generated bogus accounts, if they ever existed at all.
1. Re:Facebook users? by seanvaandering · 2010-05-27 10:47 · Score: 3, Informative
  
  FTA:
  
  Facebook accounts are attractive because of the higher level of trust on the site than exists in the broader Internet. People are required to use their real names and tend to connect primarily with people they know.
  
  That's true for anyone who doesn't play games. For those who do play the games from Zynga and other gaming houses, you'd be amazed at what people will do to get to the next level, or getting that rare item. I play the games as well, but to keep the game essentially free, you have to add "neighbors" or your progression stalls. What's the solution? Join an "ADD ME" group, or check the gaming group and troll the comments, adding people every day.
  
  I'm not kidding when I say about 10% of my Facebook friends, actually know me, which makes my profile almost useless, unless you want to be Level 70 in Treasure Isle!
2. Re:Facebook users? by sjames · 2010-05-27 17:47 · Score: 3, Funny
  
  Just because the creator(s) of the accounts can't pass the Turing test doesn't mean they're bogus :-)
Nope...just consider IPv4 by bi$hop · 2010-05-27 09:43 · Score: 3, Informative

This topic has been covered on slashdot before, but running out of addresses will be a "data disaster" in its own right for many companies. Heck, even CNN is talking about it: http://www.cnn.com/2010/TECH/05/27/internet.crunch.2012/index.html?hpt=T2
Truly catastrophic data disaster... by Anonymous Coward · 2010-05-27 09:45 · Score: 5, Insightful

So I'm thinking about powerful solar flares wiping out all magnetic storage on the day side of the earth. Trillions of dollars in lost research data, crippled communications, you know, a catastrophe. Turns out this asshole is talking about compromised facebook pages.

Get a grip, drama queen.
1. Re:Truly catastrophic data disaster... by thms · 2010-05-27 10:18 · Score: 3, Insightful
  
  Now THERE is an argument for SSDs and punch cards if I ever heard one. And paper, there will always be paper.
  
  But the suns magnetic field can't just increase by a few orders of magnitude, so it has to be induced by a solar flare. A hemisphere sized geomagnetic storm however first has to hit the power lines quite hard to produce strong magnetic fields, and then humanity will have other problems.
2. Re:Truly catastrophic data disaster... by Yvanhoe · 2010-05-27 10:57 · Score: 4, Insightful
  
  There is an ongoing data disaster : infinite copyright. We are loosing all the collective memory of the 20th century, save for a few blockbusters and famous books. All these data are stored on fragile medium and are forbidden to distribute in order to save them. Oh, and it has happened already : the musicals of ye old late 19th century were already overprotected by copyright, and many were never "saved" into film in the beginning of the 20th century, not wanting to be pirated...
  
  --
  The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
3. Re:Truly catastrophic data disaster... by Anonymous Coward · 2010-05-27 13:46 · Score: 3, Informative
  
  Uhh, no. Unless SSDs are properly shielded (faraday cage), and EMP will fry just about every gate on the silicon chips. At that point, kiss your data goodbye and all server equipment for that matter!!!
  You may not have realized it yet, but a high altitude nuke over a city will fry just about every microchip in range. Ponder that for just a moment...
Cue Morbo by 0racle · 2010-05-27 09:45 · Score: 4, Informative

Ya, I sit every day in fear that one day my database systems will open up and spew ones and zeros all over gods creation, poisoning all nearby networks and data stores. Oh wait

INFORMATION DOES NOT WORK THAT WAY!

Article talks about things that already happen. He just tries to get page views by putting a stupid but referencing something completely different instead of what he is actually talking about, business continuity plans. He doesn't even seem to have any good insights on the matter either.

The only thing that it was missing was a reference to hurricane Katrina. Sorry, Neil McAllister, but you're apparently an idiot.

--
"I use a Mac because I'm just better than you are."
1. Re:Cue Morbo by lennier · 2010-05-27 11:13 · Score: 4, Funny
  
  Right, the minute the Cloud starts showing signs of sentience, we pump all of 4chan into it.
  Mind you there's a 50/50 shot that that's exactly what leads to Skynet vowing to exterminate us.
  
  --
  You are not a brain: http://books.google.com/books?id=2oV61CeDx-YC
2. Re:Cue Morbo by DiEx-15 · 2010-05-27 15:42 · Score: 2, Funny
  
  I guess since you use a Mac, you don't have to worry about such things..
OK. Can you say Hyperbole? by gbutler69 · 2010-05-27 09:57 · Score: 4, Funny

We're so desperate to suck the last gallon of oil out of the earth that we've reached our technological limitations and soon peak-oil will devastate the modern world and you have the gall to call data-loss a "DISASTER"! Perspective man. Perspective.

--
Over-the-top Response Guy! Giving "Over-the-Top Responses" since 1970.
The State of Data is Not Good by pankajmay · 2010-05-27 10:05 · Score: 4, Interesting
I will only partly agree with Mr. McAllister's assertion about the potential for catastrophic loss via an inadvertent leak. However, I do feel that much of this stuff go packaged as half-truths and half-fear mongering.
There are a few facets to the issue - let me try to dissect them:
- Immense amount of data being collected: Very true. Everyday people are generating information that when cleverly pieced together can unravel every minute of their life. However, the caveat is that there is such a huge amount of information. Today we are at a position where the inflow of data far exceeds our capacity to process it. Most regular people aren't interesting enough for someone to worth wading through the muck to piece together coherency. Yet, there are people who will be subjected to such attacks and hopefully they are already taking precautions. For the rest of us mere mortals, no matter how significant we think our precious little existence is, the fact remains that largely we are all mostly just statistical data points -- white noise.
  
  Just like in statistics -- corporations are not looking for a particular person, but they are trying to aggregate it all and derive a trend or more accurately a statistical model. And just like in statistics -- the outliers will stand out.
- The Valuable data is the Aggregate, not the actual data point: This is where the line becomes gray. Is it alright to zealously collect every dimension of data available to derive a meaningful aggregate? We are all understandably uncomfortable having our menial contributions, measured and carefully cataloged. However, if there is a way where important data about you is handled for only a brief while -- converted into something that retains the meaning of that data point but loses the association with you, I have a feeling then that would be classified as legal. Of course, active research is being done today in this area.
- Data is unduly important today because we have (stupidly) delegated our identity amongst few numbers: I heard on NPR yesterday about how people's health insurance is being stolen. And do you know why such a fraud occurs? Because, no one conclusively establishes the patient's identity. They just ask for the card and done. They don't ask the driver's license nor put a simple photograph of the patient on the file to check. We have done the same thing with other such numbers -- Social Security, Date of Birth have all been used conclusively to establish a person's identity. True - it may have been a simplifying solution when Computers were not advanced. But the real travesty is not the availability of our data out there - which in this modern age is inevitable -- but that we are not switching to more robust methods of establishing people's identity. One of the ways could be to check finger prints (finger print readers are mighty cheap) or other such biometric data that cannot be easily faked.
Until criminals discover databases. by khasim · 2010-05-27 10:24 · Score: 2, Interesting

Everyday people are generating information that when cleverly pieced together can unravel every minute of their life. However, the caveat is that there is such a huge amount of information.
-and-

I heard on NPR yesterday about how people's health insurance is being stolen. And do you know why such a fraud occurs? Because, no one conclusively establishes the patient's identity.
Now imagine a criminal organization that is interested in collecting that information and sorting it into personal profiles. Start with a database of social security numbers.
Now add enough detail to be able to get loans or credentials in the names of those people (with the aforementioned social security numbers).
It wouldn't take much processing power or storage.
It's not MY data, it's YOUR data by petes_PoV · 2010-05-27 10:54 · Score: 4, Insightful

The first thing we need to do is change some of the descriptions. My data is stored on my computers. If some personal information is stored on your computers, that's your data (even if it refers to me, or other people). And being your data, you are responsible for its safe keeping, its security and (as with oil spills) for cleaning up and making good any lapses it it gets out.
So, for example when a bank says that my identity has been stolen and my bank account drained, what they're really saying is some data they held became insecure and they let an unaurthorised (i.e. not me, or someone I have power of withdrawl to) person take it from them, and that lack of care on their part allowed someone to take money from them (but not from me).
it's only after these sorts of ownership and liability factors are widely accepted and written into law, that we can start to assign responsibility for information that people or organisations hold regarding us. I fully expect that once organisations are deemed liable for any damage or loss that occurs because they lose or fail to secure their data, the problems of identity theft, data loss and security will solve themselves.

--
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
1. Re:It's not MY data, it's YOUR data by AaronParsons · 2010-05-27 12:15 · Score: 2, Informative
  
  An anecdote:
  
  One day, my bank (Chase, for the record) started repeatedly threatening to shut down my account if I did not confirm that "suspicious activity" on my account was legit. I wasn't doing anything out of the ordinary. I started getting multiple threats a week, and when I once traveled and lost cell service for a week, they disabled my account.
  
  When I pushed them on the issue, they confessed that my account was on a list of potentially compromised accounts. They told me that some entity had called in to place it there, but they would not name names. This was an infuriating example of how far we are from being able to hold businesses accountable for data theft. They were not going to tell me about the potential ID theft until I threatened to close my account, and they allowed a business to (apparently) anonymously phone in cases of ID theft.
Offshoring by Travoltus · 2010-05-27 13:50 · Score: 2, Insightful

We farm the processing of a great deal of data to low-wage countries that don't even like us. To be managed by guys whose entire year's pay is the same as what you're paid for a week. Which means they are very easy to bribe. Oh and they also think we Americans are evil lazy shits who deserve the pain and suffering we get.
What I am saying is that a disastrous data breach involving millions of Americans' financial or medical data will happen more likely overseas than it will happen anywhere in the U.S. And when it hits you, you will have absolutely zero recourse. Of course, someone could show I'm wrong by explaining to us how the FBI can manage to arrest an identity thief in Bangalore...
So not only are we unable to agree on disaster planning, but the entire system is DESIGNED to provide fertile ground for a disaster.

--
--- Grow a pair, liberals... stop letting the Republicans bully you!
Re:Not Obeying The Law prevents data disaster by dyingtolive · 2010-05-28 00:51 · Score: 2, Interesting

The independents are hard to find.
By design even. Distribution is the primary thing that keeps the cartel's thumb pressed down upon artists. Pandora helps a lot, but lately they seem to be fallible even. I can't seem to get them to stop play Coldplay for example. I finally thought I voted down every Coldplay song in the collection, and then they started springing LIVE versions on me. I kind of thing they're getting paid to push it at this point.

--
Support the EFF and Creative Commons. The war is coming, and they're supporting you...
Re:Actually it'd be a good thing... by mcgrew · 2010-05-28 06:01 · Score: 2, Insightful

This would be like the biblical tower of babel falling and as a result this would help push us to our next stage of evolution.
Nope, it would be a de-evolution. It would set us back. If you realized how far we've progressed in the last fifty years (let alone the last 100) you'd understand this.
Should such a thing happen, then in order to just maintain some level of society, alot of dishonesty and deception will have to be put aside.
Oh, the naivete of youth! With such a disaster the dishonest among us would have a field day.

--
Free Martian Whores!