Tuesday, February 10, 2009

Even More Limitations on Private Rights of Action

Previously, I've written about problems with protecting privacy through private civil suits, such as transaction costs, difficulty of proving damages, and a generally hostile court system. However, a recent breach notification by Geeks.com as indicated that even when those factors aren't present, people (or, in this case, businesses) still aren't that interested in enforcing their rights. The story, according to this article from Computer World is that the web site was victimized by an SQL injection attack, and the operators eventually entered into a settlement with the FTC wherein they agreed to undergo audits and not to make any further misleading claims about privacy. So far not particularly notable. However, as the article says, unlike most security breaches:

The breach was notable because the Geeks.com site prominently displayed a "Hacker Safe" seal provided to companies by McAfee Inc. as part of its ScanAlert vulnerability scanning service. However, McAfee officials said at the time that the Hacker Safe certification — since renamed McAfee Secure — had been withdrawn from Geeks.com on multiple occasions during 2007 after scans found vulnerabilities in its systems.

To me this is shocking. Not because a supposedly secure site was compromised, but because they were improperly displaying the "Hacker Safe" seal.

Where was McAfee?

Didn't it care about its good name? I would guess that Geeks.com would have taken down the "Hacker Safe" seal if McAfee simply asked them to. I doubt even a sternly worded letter would have been necessary. Still, if it had been, there are any number of attorneys who could have written it, and who would have been happy to go to court to get the seal removed if Geeks.com wouldn't take it down otherwise. Happily, the FTC stepped up in this case. However, it's a little surprising that they were the ones who ended up doing it, rather than the private actor who one would think would have had both the incentive and opportunity to have taken action earlier.

1 comment:

AMIT said...

Good information provided from you here.

Web hosting india