Should we make homeowners equally criminally liable when burglars break in? Certainly if the homeowner had been less lax or obtained more security, that burglary could have been prevented.
> Should we make homeowners equally criminally liable when burglars break in?
Aren't they? I've seen a lot of insurance cases being denied due to negligence. This might even happen if you let your bag lie around openly in your locked car.
Also, burglar victims tend not to cause further damage. And, if they do, the victims will be in trouble as well. At least in Germany, a stolen gun will cause you a lot of problems, unless you can prove that you stored it securely according to the national guidelines.
Your home was broken into and your jewelry stolen? No, you're not criminally liable for anything, you were the only victim.
Your home was broken into and they stole the stack of personal records for your small business' employees that you left sitting on the dining room table? Yes, you should be liable for that because you were not the only victim and those others were victimized due to your own negligence. The documents were not properly secured, was your home properly secured as well given the sensitive material you were housing there?
It doesn't have to be a binary thing either, there's nuance to it. A hacker steals unencrypted personal information off a server you didn't even password protect? You're more liable than a company that lost personal information that was strongly encrypted.
> Your home was broken into and they stole the stack of personal records for your small business' employees that you left sitting on the dining room table? Yes, you should be liable for that because you were not the only victim and those others were victimized due to your own negligence. The documents were not properly secured, was your home properly secured as well given the sensitive material you were housing there?
This is one of those ideas that seems to be made in good faith but ultimately harms the competition far more than it harms the industry leaders. Twitter can afford cameras and alarm systems for its data centers; I can’t. Twitter can afford to hire armed guards; I can’t.
The ultimate end result of a policy like this is that people will simply kill anyone trespassing on their property; after all, who knows what documents they may have seen or confidential records they may have exfiltrated. It’s way too heavy handed.
> The ultimate end result of a policy like this is that people will simply kill anyone trespassing on their property;
That will probably get you more jail time than whatever other liabilities you might have had, which realistically maybe would have just been civil anyway, were some policy like this to become real.
But put another way, in context of business collecting personal user data: if you can't secure it, don't collect it. If your business isn't viable then, well, tough shit.
Your comment just sparked an weird thought for me. We're all familiar with the adage that if a product is free, you're not the customer you're the product. In this Twitter breach, Twitter's customers were not harmed. However, the product was harmed.
