Tailpipe emmission standards

Posted Dec 5, 2013 15:20 UTC (Thu) by raven667 (subscriber, #5198)
In reply to: Tailpipe emmission standards by nye
Parent article: Geer: Trends in cyber security

The US standards from the early '90s started requiring particular technologies, to cut down on gasses that the high temp, high compression, lean burning, 50 mpg cars of that era were making, which is inflexible as engineers found several ways to solve these problems that they weren't allowed to use. One big thing is to put more gas in the engine at startup so that comes out in the exhaust and burns in the catalytic converter to warm it up, which is terrible for fuel economy. Thats how we ended up going from Geo Metros to GMC Suburbans.

Tailpipe emmission standards

Posted Dec 5, 2013 16:53 UTC (Thu) by mathstuf (subscriber, #69389) [Link] (2 responses)

> started requiring particular technologies

And that, IMNSHO, is the (main) problem: legislating solutions rather than results :( .

Tailpipe emmission standards

Posted Dec 5, 2013 20:33 UTC (Thu) by dlang (guest, #313) [Link] (1 responses)

> And that, IMNSHO, is the (main) problem: legislating solutions rather than results :( .

and what makes you think that lawyers and politicians are going to do any better of a job legislating how computers should be secured than how to build cars?

that's the real problem with calls to require that only 'qualified' or 'good' people connect to the Internet.

Tailpipe emmission standards

Posted Dec 5, 2013 22:16 UTC (Thu) by mathstuf (subscriber, #69389) [Link]

I…agree? Legislating "how" (the solution) is usually a bad path. What you want is to expect results from things while also keeping an eye on the methods to make sure that the best reason for that path is better than "the ends justify the means". I think I would impose HIGH fines (proportional to company size and amount of data) for security leaks by companies. Ramp them up if the company isn't disclosing breaches in reasonable timeframes[1]. The problem is that fines are too low for companies to justify security because it's not *their* data and PR is such an ephemeral thing for those too big to fail.

[1]Apparently JP Morgan lost ~465,000 (pre-paid) CC numbers in July and it's only public[2] now because they couldn't "rule out the possibility that some card holders' personal data may have been accessed" instead of being proactive and saying "we've had a breach and your number may have been leaked" in, say, August.
[2]http://arstechnica.com/security/2013/12/hack-on-jpmorgan-...