Comments on: European Legislation Might Outlaw Security Tools

By: Emmanuel Carabott

Emmanuel Carabott — Tue, 17 Apr 2012 08:22:54 +0000

The problem here is that when one legislation fails, a new one, which is generally worse then the previous one, starts almost immediately.

We need to succeed every time and they only need succeed once. The odds are that eventually all the legislations being pushed, for no matter how bad they are, will pass and that is what really worries me.

By: Emmanuel Carabott

Emmanuel Carabott — Tue, 17 Apr 2012 08:20:51 +0000

@Rebecca,

I am afraid I disagree with you. Making the company accountable of crimes committed by the employee, even if unaware of such crimes, is dangerous. Only total monitoring and control can ensure a company detects such illegalities. Think about it – an employee can send an email with malicious links, or social engineering attacks. How can you prevent that? Monitor and block any outgoing email until a person reads and approves it. How can you prevent an employee for committing a crime through a phone call? Not allowing personal mobile phones and having someone listing on every phone-call with the ability to stop the call at the instant a crime starts to be committed is really the only way. To do such things would make the work environment way too hostile and oppressive which will, in turn, create disgruntled employees that are yet another security risk. This will reduce productivity, increase cost and increase the security risk. All in all it will just create negativity with nothing really positive coming out of it.

Bottom line, security needs to be a balance between mitigating a certain level of risk and personal freedom. If the consequence of that mitigation failing is increased, the whole equation will lean towards the need to mitigate more and more risk. This is both more expensive and oppressive.

By: Rebecca Jane

Rebecca Jane — Mon, 16 Apr 2012 13:46:03 +0000

I think it is just right to make the company accountable for any employee involved in any illegal access of data. It is the company’s responsibility to impose to its employees their rules in handling data within and outside its system. With this, the company will be more strict and watchful on every person within the organization. There has to be loyalty check every now and then. In the long run, it is the company that can benefit for always being on the lookout. Also, the workers play their part by being cautious whenever dealing with the company’s both internal and external network.

Then both parties can work hand in hand as a team to counter any illegal acts and attacks on their network.

By: Bill Trombley

Bill Trombley — Sat, 14 Apr 2012 13:10:59 +0000

You bring up a fantastic point about the knives, no pun intended, but wasn’t there a legislator in the UK who actually wanted to uniformly dull knives to prevent such a thing from happening? It’s the same with any “tool” legislation, and I’m amazed at the brazenness at which these bills and whatnot continue to be proposed. Hopefully, history repeats, somebody stands up and says “actually, we need these things, how about tougher regulation on those who do harm rather than the means by which they do it” and we can actually progress as a species instead of completely ruining our best lines of defense.