Taking measure of the massive Equifax data breach: The post-mortem on Equifax's massive data breach is just beginning, and the incident—which exposed the personal information of as many as 143 million people—won't be soon forgotten. Equifax is also getting harsh grades for how it's handling the announcement of the breach, which it says it knew of in July.
The credit reporting agency is offering consumers a free year of identity theft protection services, but those affected still face significant risks to their credit. Overall, the matter is a boondoggle of massive proportions.
But the response should include much, much more than apologies and promises by Equifax to do better. In fact, the breach demands for a broad reasessment of how personal information should be viewed, handled and protected, says Constellation VP and principal analyst Steve Wilson.
"It's simply incredible that such important data could be exposed," Wilson says. "The economics of security would suggest that no company anywhere on the planet can be safe." Say the records are worth $5 each, which is actually a conservative figure for Social Security numbers and dates of birth, which are gold to identity thieves, he adds. That means the Equifax trove was worth up to $750 million. "We have to ask, what kind of security can safeguard an asset worth nearly a billion dollars?" Wilson says.
Knowledge-based authentication measures are dead, he adds. Rather, the world is headed toward an 'attributes economy,' where data provenance is what matters most: "How do you know it is real and current, and hasn't been stolen?"
There may also be a need for new jurisprudence over data. "It's not good enough that data brokers are left to their own devices like this," Wilson says. "In fact,we might call it market failure, given that these sorts of breaches are repeated, and clearly businesses don't seem to have adequate free market pressure to do better."
AT&T rolls out new IoT asset-tracking platform: Strategic partnerships are becoming de rigeur in the industry, and AT&T is no exception to the rule. This week the telco announced AT&T Asset Management — Operations Center, which is geared toward monitoring and managing large numbers of IoT devices.
While the service uses AT&T's Flow, a web-based development environment for IoT applications, it is relying on Microsoft Azure for infrastructure and a number of Microsoft services, including Cosmos DB and Power BI. Here are the key details from AT&T's announcement:
AT&T Asset Management – Operations Center enables a single IoT application, which supports multiple devices, communication protocols, networks and cloud environments. It comes with a built-in dashboard that lets customers tailor data visualization or use APIs to integrate it into existing enterprise systems. The solution supports a plug and play environment for configuring devices, sensors on device, grouping of assets by location and type, rules for alerts and reporting.
The platform will enter beta later this year. AT&T's announcement notes that it is the "first in a series of multi-market, multi-cloud reference solutions," which suggests that it and others will end up on the likes of Amazon and Google Cloud Platform at some point.
POV: AT&T made its announcement one day in advance of the Mobile World Congress conference in Barcelona. Much more IoT-related news should come out of the event. It's important to look at the current IoT market at a high level, says Constellation Research VP and principal analyst Andy Mulholland.
"We are entering into a new phase around where and how IoT fits into digital business and this autumn we can expect to see most, if not all, major technology vendors making both announcements of significant products and on their business positioning," he says.
Meanwhile, "Microsoft Azure's strategy of being the engine room to connect and process IoT devices and together with added-value services seems to be working as this announcement proves," Mulholland adds.
Advocacy group says proposed European copyright reform could hurt OSS: Last year, the European Union introduced a set of copyright reform proposals. Open source software advocates say that Article 13 in the proposals would prove particuarly problematic for OSS.
Article 13 calls for content-scanning measures to be implemented by "information society providers storing and giving access to large amounts of works and other subject-matter uploaded by their users," in order to prevent the misuse of copyright-protected material.
Open source software communities fit that description, but an imposition of "permanent compliance assessment" measures would be burdensome to the point of inhibiting innovation significantly, OpenForum Europe argues in a white paper:
This is usually a specialised acti vity, typically reserved only to software vendors for software included in their products, intended to assess the appropriate use of code, and respect for the applicable license terms and conditions. Such compliance is painstaking and expensive, and it includes extensive human assessment. Already a specialist consulting industry has grown up around such compliance assessment (such as BlackDuck, Nexb, and Triplecheck); moreover, it is not feasible fully to automate this activity or to apply it to any piece of content uploaded to a developer platform, ranging from source code to text, audio, video.
In practical terms this would be impossible, especially because automated detection mechanisms do not exist for software as they do for audio-visual material. Licence compliance problems exist even for big companies, let alone the small ones. The impossibility of applying such recognition measures to software, and the associated legal uncertainty, could undermine the distribution ecosystem.
POV: The European Parliament is still in session, and EuroForum Europe, along with other advocacy groups, is hoping to get their attention trained on Article 13 before the session ends. OSS advocates aren't the only constituency arguing against Article 13, with more general Internet privacy and freedom voices also in the fray. But OpenForum and its peers may have more luck than other groups, given the progressive stance most EU governments have taken toward OSS for years.