[Dataloss] Suggestion for changing status quo on data losses

security curmudgeon jericho at attrition.org
Fri Aug 1 20:48:15 UTC 2008 

: In light of the exemplary work the people behind this listserv do, and 
: the educational service they provide, I would like to suggest taking 
: this a step further so we can stem this deluge of data losses we are 
: subjected to every day.

While we certainly appreciate the compliments and like to think we do good 
work, please remember that we're volunteers and do this in our spare time. 
There is also a big difference between 'hobbyists' and 'lobbyists'.

: I propose that attrition.org make up a dedicated list of every US 
: Senator and Congressman, and email them every single data- loss 
: announcement.

The list of Congress critters and their e-mail addresses is easy to get, 
there would be no need for us to maintain or research such a list.

http://www.senate.gov/general/contact_information/senators_cfm.cfm
http://www.webslingerz.com/jhoffman/congress-email.html

: However, if this listserv notifies every US Senator & Congress person 
: about every breach that we see, then they/their staffers can hardly 
: claim they didn't realize how bad the situation is.  The once a year 
: report put out by the FTC is good for soundbites, but the daily reports 
: of the losses ought to shake them up.  If not, I suggest letting them 
: know with your vote this November. (I intend to).

Voluntarily subscribing every Congress person to our mail list would 
violate the spirit of attrition.org and move dangerously close to the 
world of unsolicited spam. While the mails would be related to current 
issues and just the type of thing you write your represenation about, 
flooding them with this list and the discussions that occur would likely 
piss them off, not endear them to caring about dataloss issues.

In my opinion, to do this correctly would involve someone drafting a 
well-written form letter that list subscribers could use to send to their 
own representative. One page, cite the issue, quote some statistics, say 
it affects them (faster way to make them care) and then to 'fix it'. Of 
course, 'fixing it' is generally a myth as there isn't a simple to 
implement solution to stop dataloss.

Again, thank you for the praise, but please remember that we're stretched 
thin between attrition.org, datalossdb.org and osvdb.org and those pesky 
day jobs and significant others. It would be extremely helpful if more 
people would spend fifteen minutes a week updating those sites with us, or 
contributing to new ideas like this one.

Jericho
attrition.org staff

More information about the Dataloss mailing list