What to do about data security?

As any good cryptologist or computer scientist will tell you, it is all but impossible to secure one's self against all attacks. Thus, it would be inappropriate to ever consider yourself or your data secure. However, you and the government can take measures to make sure that your data is as secure as it can be.

Suggested Laws

There is currently one bill before the Senate, S. 773, the Cybersecurity Act of 2009, which would create a Cybersecurity Advisory Panel and attempt to inform the public about cybersecurity issues. It is aimed more at education and training cybersecurity professionals than at punishing the offenders. Because criminal law is inherently reactive instead of proactive, this kind of law is likely to be helpful. However, the Cybersecurity Act also contains elements that may be objectionable. For example, it "appears to permit the president to seize temporary control of private-sector networks during a so-called cybersecurity emergency."

Additionally, this method is far from non-controversial. In 2005, the then-president of the Information Technology Association of America (now called TechAmerica) Harris Miller voiced his opposition to government regulation, saying that it would create a barrier to innovation. Because companies innovate faster than the law can keep up,

It would also be helpful to unify the notification laws discussed here. As it stands, although they are similar, the laws are difficult to unify. Should a security breach occur, the notification process may be so onerous that a company may forgo it and attempt to hide the breach.

Laws Can't Do It All

Desktop Security

Simply put, no matter how much we legislate, it will not be enough. It is simply impossible to create a completely secure system. The best thing to do to make sure your data is secure is to secure it yourself. Some service providers will allow you to completely encrypt your data before it leaves your computer and only allow your computer to access it. The problem with this plan is that it is difficult to access your data from any other computer or device without specialized software. You would therefore use some of the convenience and utility of the cloud. As with most things in the law, it's all a matter of balancing.

A user needs to be sure to pick a reputable service provider that will patch its systems for security updates quickly, and should pick a strong password or key. For more "self-help" information, see our page on this topic.