Thank you for the feedback. I generally don't post, so this helps me learn the rules & etiquette.
- At a minimum, their should be a penalty that grows from the time the breach was learned to when they disclose it publicly.
- There should also be penalities for not being transparent about what exact data was leaked for what users.
Social Security Number - SSN is similar to a password- you want to keep it hidden, and if it leaked, you should change it. However, we can't change it. Perhaps it should be considered more as a password?
User Data Rights - People should know what personal data companies have on them. A good example of this is Equifax storing peoples home addresses- this could be disclosed. On the other hand, a it is probably fine to exclude other types of data, such as an advertiser storing your zip code- people probably don't care as much.
- Should people have a right to have certain kinds of data (e.g. SSN) removed from websites?
Adoption from USA Nutrition Label - Is it a good idea to mandate companies disclose the security they use? For example, at one time reddit had their passwords stored as plaintext and they got hacked. Disclosing basic security hygiene (e.g. password storage) somewhere standardized in the website would make it much less outrageous.
Technology Improvement - Certain technologies enable hackers more than others. SQL seems to enable a lot of hacking. Should we discourage it?
- Get rid of Intel ME technologies - https://schd.ws/hosted_files/osseu17/84/Replace%20UEFI%20with%20Linux.pdf
- Get rid of Intel hidden instructions - https://www.youtube.com/watch?v=KrksBdWcZgQ
- Get rid of Simon and Speck - https://www.reuters.com/article/us-cyber-standards-insight/distrustful-u-s-allies-force-spy-agency-to-back-down-in-encryption-fight-idUSKCN1BW0GV
- What is "best for National Security" is actually worst for our own. It feels like people don't have a democratic say in the right balance either.
(edit trying to figure this formating out)