IN A PERFECT WORLD security and screening procedures at all airports around the world would be the same, and uniformly applied to all travelers. Airport security agencies could always apply stricter measures of interrogation or screening as appropriate based on a tangible or suspected suspicion of travelers who may pose a risk to the safety of the other fliers.
IN THE REAL WORLD of course, this does not always happen, if at all. I am a frequent and diverse traveler, visiting at least 28 countries so far. I think that I speak for many travelers when I say that the most frustrating aspect of the security screening process is not the ridiculously invasive and inane measures of having us remove most of our clothes. Nor is it the ‘random’ screening of grandmothers and 5 year old kids that make people inwardly think that Osama Bin Laden would laugh himself silly over these ‘protective’ measures if he could witness what he hath wrought. No, I think what infuriates the traveler most, at least the seasoned ones who have some point of reference, is the real weakness of the procedures that are in place: inconsistency.
Now, I grudgingly concede that screening should be done in this day and age. I would even finally quietly submit to the partial disrobing that occurs in the most public of places, if only it was the same routine each and every time. For example, sometimes I have to take my little bag of 3 ounce toiletries (the ‘humiliation baggie’ as I call it) out of my suitcase, and sometimes I forget and it goes thru the scanner with no comment whatsoever. Sometimes I have to take my stainless steel watch off; sometimes I don’t. Sometimes I have to remove my belt; sometimes I don’t. Does the watch or belt represent a risk or not? Just tell us to do it every time or let us board a plane with at least an ounce of dignity remaining. You used to be able to put your shoes and coat in the same bin at screening, now I notice they are making you put your shoes right on the belt as it goes thru the scanner. (Are terrorists still trying to get on planes with explosives in their shoes?!? Hasn’t that ship left the dock? God forbid some dumbass terrorist tries to smuggle explosives on the plane in his underwear….ponderous what that might mean at screening…)
In every U.S. airport I have to remove my laptop out my bag before it goes thru the scanner; in most foreign airports, I don’t. In the U.S., you have to have a picture that matches the name on the boarding pass; in India, for instance, they don’t even ask you for I.D. when flying within the country.
So why the inconsistencies? I can’t imagine the TSA in its infinite wisdom has created the process by design to foil or catch bad guys. If anything, the haphazard application of the rules will only catch the stupidest of terrorists. I realize that the poor TSA employees in the airport are only following orders from above and have to deal with the wrath of the beleaguered travelers. Again, the concern from most travelers is that the procedures are more knee-jerk reactions to recent past threats and not proactive measures that are risk-based. The TSA should take note from the screening measures in Israeli airports. The Israelis do not try and mete out politically correct measures to everyone (grandmothers and 5 years) like we do here; instead they focus their efforts on the most likely suspects and focus energies on the targets that are most likely to try and do them harm – generally Arab males between ages 18-35. In other words, they are consistent. Does it work? The Israelis have not had any airline terrorist incidents since 1973. What do you think?
Sunday, May 31, 2009
Thursday, May 21, 2009
Lost my data? Oh, thanks for telling me!
IN A PERFECT WORLD if a company suffered a data or security breach or compromise, the company would have to notify only the customers it had in the state where the company was incorporated or was headquartered. Or, slightly more onerous, the company would notify all of its customers, but only according to the notification and disclosure law(s) (if any were in effect) within the state where the company was headquartered. The company would always disclose these infractions as it was in the best interest of both the company, by building good will with its customers, and good for the customers by making them aware of an untoward event that may make their financial life a bit less agreeable.
IN THE REAL WORLD of course this does not always happen if at all. In fact, as recently as 2003, before California SB 1386 (California Security Breach Information Act – the first of its kind) the facto procedures that companies followed if and when a breach occurred were generally up to the discretion of company management. And when did you ever remember receiving the kind of notification letters that you probably receive now a few times a year when a company either loses a laptop, backup tape, server, box of files, etc.?
As of this writing, there are 45 unique state breach notification laws that companies doing business in any more than one state must contend with. As my business associate Todd Ruback, a Privacy/Data Breach and Internet Attorney/CIPP at DiFrancesco, Bateman, Coley, Yospin, Kunzman, Davis & Lehrer, privacy/data breach and technology attorney at DiFrancesco, Bateman, Coley, Yospin, Kunzman, Davis & Lehrer likes to remind me, there are still companies – and not just small ones – that mistakenly believe that you only have to company with the breach laws of your state, regardless of where your customer base resides. Not true!
If it wasn’t for these laws, most breaches, compromises, or data lost by companies would go unreported. Companies were always frightened that disclosing this information would cause customers to lose faith and confidence in the company’s ability to protect the sensitive information with which it was entrusted. And they had good reason to be afraid. Historically, consumers would abandon any company that showed a blatant disregard for the protection of its customer’s data. Today, probably due to the overall plunge in customer service quality, and the public’s general acceptance of this dismal state of affairs, breach notices received in the mail today are treated a lot less interest than receipt of the new Victoria’s Secret catalog. And that is a shame because as much you would like it to, a sexy new swim suit won’t change your life for the better. However, one of these notices telling you that your personal and sensitive information has been lost and is now in the ether somewhere, may just change your life for the worse.
IN THE REAL WORLD of course this does not always happen if at all. In fact, as recently as 2003, before California SB 1386 (California Security Breach Information Act – the first of its kind) the facto procedures that companies followed if and when a breach occurred were generally up to the discretion of company management. And when did you ever remember receiving the kind of notification letters that you probably receive now a few times a year when a company either loses a laptop, backup tape, server, box of files, etc.?
As of this writing, there are 45 unique state breach notification laws that companies doing business in any more than one state must contend with. As my business associate Todd Ruback, a Privacy/Data Breach and Internet Attorney/CIPP at DiFrancesco, Bateman, Coley, Yospin, Kunzman, Davis & Lehrer, privacy/data breach and technology attorney at DiFrancesco, Bateman, Coley, Yospin, Kunzman, Davis & Lehrer likes to remind me, there are still companies – and not just small ones – that mistakenly believe that you only have to company with the breach laws of your state, regardless of where your customer base resides. Not true!
If it wasn’t for these laws, most breaches, compromises, or data lost by companies would go unreported. Companies were always frightened that disclosing this information would cause customers to lose faith and confidence in the company’s ability to protect the sensitive information with which it was entrusted. And they had good reason to be afraid. Historically, consumers would abandon any company that showed a blatant disregard for the protection of its customer’s data. Today, probably due to the overall plunge in customer service quality, and the public’s general acceptance of this dismal state of affairs, breach notices received in the mail today are treated a lot less interest than receipt of the new Victoria’s Secret catalog. And that is a shame because as much you would like it to, a sexy new swim suit won’t change your life for the better. However, one of these notices telling you that your personal and sensitive information has been lost and is now in the ether somewhere, may just change your life for the worse.
Subscribe to:
Posts (Atom)