In light of TalkTalk how do folk feel about the government’s surveillance legislation?

[Herr Tubthumper]

It's been demonstrated that commercial companies are unable to hold our data. So how you feel that the government will mandate that telecoms companies keep all our search info? And what happens when they inevitably lose this valuable and sought after info?

"The investigatory powers bill is expected to reintroduce a requirement that telecommunication firms retain records of sites accessed by their users, known as weblogs, for a 12-month period"


http://www.theguardian.com/law/2015/oct/30/telecoms-companies-to-retain-browsing-data-under-new-law

http://www.theguardian.com/technolo...ications-data-bill-honeypot-hackers-criminals

 

[Chicken Run]

I blame Thatcher & Blair

 

[JC Footy Genius]

The amount of data companies already keep about users is probably far more extensive than we realise. If government is going to make it mandatory then they should also stipulate minimum levels of security/encryption.

 

[Hampster Gull]

Some commercial companies, not all. But I suspect all are at risk. I would trust the government no more than a multi national. It does feel that we should be exploring minimum security standards and letting consumers know where companies sit vs that.

 

[peterward]

It's been demonstrated that commercial companies are unable to hold our data. So how you feel that the government will mandate that telecoms companies keep all our search info? And what happens when they inevitably lose this valuable and sought after info?

"The investigatory powers bill is expected to reintroduce a requirement that telecommunication firms retain records of sites accessed by their users, known as weblogs, for a 12-month period"


http://www.theguardian.com/law/2015/oct/30/telecoms-companies-to-retain-browsing-data-under-new-law

http://www.theguardian.com/technolo...ications-data-bill-honeypot-hackers-criminals

thats not the answer at all, snooping on private citizens in case of the odd random corporate attack.

The hackers wont always get caught, they'll be routing through TOR network, with encrypted routers etc.

The best answer is to have heavy fines on companies based on company size/profitability. Make the fine for their security systems being breached, so prohibitive it makes them spend a shed load on securing all data.

If their breached on numerous occasions, and can't ensure security or handle self policing. The government should have the power to enforce a leading 3rd party security company onto the corporation.

The Talk Talk CEO wasn't even sure, when first asked, if customer data was encrypted, ends up it wasn't.
And for that spying on all citizens would achieve nothing, but Talk Talk should have been severely financially reprimanded. And as they've previous, the government should impose a leading security company on them to clean up their act.

 

[glasfryn]

sadly even Tesco know what my cats eat

 

[Hampster Gull]

Theresa May is a authoritarian lunatic. She is determined to have every person in the UK watched and controlled - with ever increasing powers to incarcerate dissidents.

I can't help but fear that this is all a smokescreen, as Western governments are preparing for the inevitable social unrest as this economic system nears its end.

It will be here long after you are gone

 

[GingerBeerMan]

It's a worrying trend. The UK are heading down a dark path in terms of personal liberties. We need to be passing laws to make the internet secure, encrypted and private. The government SHOULDN'T know everything we do online, it's not their job. They SHOULDN'T be censoring what we see online either. The government have shown multiple times they're incompetent when it comes to handling private data, why would that change now?

We need the EU as it seems that's the only thing protecting our civil liberties right now.

 

[happypig]

I work for a (the) big telecomms company and data retention/storage is taken very seriously; for example all laptops are encrypted (whether there's commercially sensitive information on it or not) and if you plug in a USB drive, it's read-only unless you encrypt it). I've just done a security refresher training module, which everyone from me to the chairman has to do, and it's drummed home how important keeping data secure is.
I really hope that we don't get further regulated because of the sloppy practices of a tinpot outfit, I'd rather see them fined until their eyeballs bleed.

 

[Tony Meolas Loan Spell]

I dont have a problem with it personally.

 

[El Presidente]

I'd rather see them fined until their eyeballs bleed.

Highly unlikely giVen that the CEO of TalkTalk is

A Tory life peer
A former classmate of David Cameron
Married to a Conservative MP
A member of David Cameron's council of business advisors.

She was paid £6.8 million for her job last year, but doesn't even know whether TalkTalk encrypted their data. It's almost as if she was completely incompetent but was appointed due to her connections rather than ability to do the job.

 

[Herr Tubthumper]

I really hope that we don't get further regulated

Why not? From a public point of view I'd say this is absolutely paramount.

 

[beorhthelm]

She was paid £6.8 million for her job last year, but doesn't even know whether TalkTalk encrypted their data.

im not sure i excpect the CEO to know such matters. i would expect someone to and that person should have been more in the public. i found Hardings handling of this story refreashingly honest (to the point of overstating the impact), compared to typical data breach stories where theres evasion of questions and the issues. whats not appriciated by the public is theres no legal requiement to encrypt anything, just an obligation to keep data secure.

which of course they didnt, and for that they should be hauled over the coals. and there we need some more strict regulation, so that fines make it worth the cost of securing the data. companies rely on staff training, restricting USB etc, rather than apply actual security around their data systems, which is expensive and little understood at C-level. so yeah, its pretty bad timing for the police to asking for ISPs to retain data when one has just shown how well they take security.

 

[Herr Tubthumper]

im not sure i excpect the CEO to know such matters.

I would fully expect a CEO facing the media to know such matters. The fact she wasn't, at the very least, briefed about this particular issue speaks volumes about the company's overall attitude IMHO.

 

[El Presidente]

im not sure i excpect the CEO to know such matters. i would expect someone to and that person should have been more in the public. i found Hardings handling of this story refreashingly honest (to the point of overstating the impact), compared to typical data breach stories where theres evasion of questions and the issues. whats not appriciated by the public is theres no legal requiement to encrypt anything, just an obligation to keep data secure.

which of course they didnt, and for that they should be hauled over the coals. and there we need some more strict regulation, so that fines make it worth the cost of securing the data. companies rely on staff training, restricting USB etc, rather than apply actual security around their data systems, which is expensive and little understood at C-level. so yeah, its pretty bad timing for the police to asking for ISPs to retain data when one has just shown how well they take security.

I'm not sure everyone is as impressed by Harding as you are.

http://www.marketingmagazine.co.uk/...-boss-dido-hardings-utter-ignorance-lesson-us

 

[beorhthelm]

I'm not sure everyone is as impressed by Harding as you are.

i wouldnt say im impressed. the normal response is denial and general arse covering, at least they were upfront about this incident.

I would fully expect a CEO facing the media to know such matters. The fact she wasn't, at the very least, briefed about this particular issue speaks volumes about the company's overall attitude IMHO.

the problem is, with encryption in particular, its too complex to simply brief on. saying "dont know" was probably accurate, because some is and some isn't, some matters, some doesnt. companies wont encrypt lots of data as there is no need and little security from doing so. you could have your database encrypted, when you pull the data it has to be decrypted, so at that point data is exposed. hacking the website means you are likely able to pull data decrypted, so the problem is securing the interfaces that access the data, not necessarily the data itself (though important).

 

[Herr Tubthumper]

the problem is, with encryption in particular, its too complex to simply brief on. saying "dont know" was probably accurate,

I'm not sure you get it. This is a CEO, a handsomely remunerated CEO as well, who for whatever reason was the chosen public face of TalkTalk after a huge security disaster. And any fool could have told you that a question about encryption would come up. To simply say you don't know isn't good enough. Either swot up, or put the right person in front of the cameras. As I say, if this how casual they behave after this escapade it's no wonder the company has such shite security.

 

[beorhthelm]

I'm not sure you get it.

i do get it: their security is shite, and they dont encrypt lots of data. the answer was given because no one knew really, or couldnt give a clearer answer without a lot of technical details of databas schema, API, process models and so on, itself a security breach. yes the CIO should have been there in the press conferences too, the CEO isnt the best placed person in this situation.

 

[Herr Tubthumper]

i do get it: their security is shite, and they dont encrypt lots of data. the answer was given because no one knew really, or couldnt give a clearer answer without a lot of technical details of databas schema, API, process models and so on, itself a security breach. and yes the CIO should have been there in the press conferences too.

Interesting that you know, but she didn't.

 

[Super Steve Earle]

I really couldn't care less who knows my phone number, birthday, how often I phone my son or whatever. It's not long ago that we were handing out our bank details to the milkman, the local shop, the builder and every other Tom, Dick and Harriet on our cheques. I genuinely don't understand we people are so precious about data nowadays.

The only data I care about is my bank balance and that my bank prevents anyone else getting at it. If they fail, I am confident they will refund me promptly. So frankly, ain't that bothered.