[LINK] SMH: '4800 Aussie sites evaporate after hack'

Roger Clarke Roger.Clarke at xamax.com.au
Wed Jun 22 10:42:13 AEST 2011


>On 22/06/11 09:29, Roger Clarke wrote:
>>  On the Whirlpool discussion forums, where there are over 60 pages of
>>  posts discussing the Distribute.IT hack, customers were livid at
>>  finding out their data was gone forever.
>>  "I think I'm in shock ... I have lost everything .... I couldnt
>>  possibly replicate all those years of work again ... my whole lifes
>>  work is gone down the drain," wrote one.


At 9:43 +0930 22/6/11, Brenda Aynsley replied:
>I have no sympathy for people who who find themselves in this situation
>and who havent done anything themselves to protect their investment.
>
>I remember years ago losing about 4 hours of work on a computer; that
>taught me to take responsibility for my 'valuable' data and to keep it
>backed up.  I now have a backup regime that I am happy with where the
>data I lose should disaster occur is within tolerable limits and it's no
>big deal to do the backups.
>
>what is wrong with people taking responsibility for backing up their own
>data?  In my view this is the first law of being a user of any computer
>device.  If you consider it of value, then treat it with the respect it
>deserves.

Under arrangements in the olden days, that worked.

But, with current outsourcing arrangements, there are many 
circumstances in which a customer is unable to perform their own 
backups.

For example, if a service has a front-end web-site that interacts 
with a DBMS backend, the customer is unlikely to have access to the 
DBMS and hence can't run scripts to periodically backup the database. 
Indeed there are many contexts in which the customer doesn't even 
have ftp-access to the directories containing the HTML, and hence 
can't even run scripts to periodically backup the web-site.

In effect, service-providers are not just tempting customers to 
delegate everything to the provider, but in many cases they're 
actually precluding customers from retaining any vestiges of control 
over their data and service.  It's called 'lock-in' and/or 'what the 
customer wants', depending on your point-of-view.

Hence my call for litigation to make abundantly clear to 
service-providers that with the authority they're creating for 
themselves comes responsibility, accountability, liability - and 
ultimately personal bankruptcy.


-- 
Roger Clarke                                 http://www.rogerclarke.com/

Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW
Visiting Professor in Computer Science    Australian National University



More information about the Link mailing list