Hacker News new | past | comments | ask | show | jobs | submit login

Correct me if I'm being overly cynical, but this is an oft-repeated truism that is as useless as "the only winning move is not to play." It's technically the truth, but what are we supposed to do, revert all information systems to non-electronic media? What is the intended takeaway from this statement? If anything, it absolves data security efforts of responsibility by pointing out that there's always a chance of data breach as long as there is data.

That's trivially true, but the proper response to bad security is good security, not shutting down the whole system.






They did not have to take a picture of that many travelers in the 90s (let alone social media which did not exist) and it wasn't less secure either. They probably never considered if their program is any useful or if it creates more harm than good.

I'm no fan of modern security theater but the number of plane hijackings and bombings in the 90s compared to today would seem to indicate that at least some good comes of it.

Found this source because I was curious the same https://aviation-safety.net/statistics/period/stats.php?cat=...

source?

Hijackings were pretty much a daily thing (or three times daily thing) for decades.

Although until 9/11 the intent usually was either to get to a non extradition country, or demand something from some nation state primarily.

The source above shows a clear decrease in airline fatalities through the years but I suspect that’s due more safety improvements through autopilots, better sensors, and more redundancy than the decrease in hijackings.


You are vastly over-exaggerating. According to https://aviation-safety.net/statistics/period/stats.php?cat=... , even when limiting to the period between ~1970 and ~2003, it is about 2 per month on average. The total sum of fatalities is just over 1000 people.

This is nothing to justify the massive surveillance.


I wasn’t trying to justify the mass surveillance and I totally read that table wrong, woops! That’s a brain fart ;-).

1. Do not collect unnecessary information.

2. Delete information after use.


This will only happen when information becomes a liability.

Reasonable GDPR

Except for simply not collecting the data, the only other option is making the cost of retrieval be equivalent or greater, irreducibly, to the expected value of keeping it.

Approximately, the digital equivalent of having a human rifle through filing cabinets to get to that one folder that is actually important.

To this day, the only reliable way to achieve this has been printing things on paper, especially if put in individual folders do that even OCR efforts take some human work.

Time spent by human hands are, in a way, the only somewhat fair currency to measure privacy in.


The objective afaiu was to expedite entry into the country by creating a database of faces and personal identity information. And that's a great objective.

But often the risk of personal harm outweighs the benefits. And in the case of digital assets the question is when, not if this personal data will be exfiltrated. And when it is, that is often more inconvenient than any potential convenience benefits.


I am not going to speak for the OP, but the way I would read it is, don't keep centralized pot of gold,aka centralized servers, don't do dumb lazy things aka plain text passwords, etc, don't collect all that extra data, store data with good encryption,don't trade short term convenience for long term harm , FWIW, my personal view is that we should keep pushing for both , less data and more security for the little data we allow our governments or private companies to collect

there are ways to store this information without storing the photos. Developing signatures which are stored and discarding the photos, for example. Consider how a site like haveibeenpwned works.

The photos themselves are pretty useless anyways. A database of images will only ever be searched by an ML algorithm for which signatures should be good enough anyways, or manually, based on highly specific timestamps, by some form of police.


> an oft-repeated truism that is as useless as "the only winning move is not to play"

Not sure why you see that as useless; it's basically the moral takeaway from Hamlet. There are many situations where it's best to not join in 'the game'.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: