Sunday, September 18, 2011

When will they ever learn?

If there's one lesson in terms of scandal management that everybody seems to agree on, it's that the initial crime or screw-up isn't nearly as fatal as the cover-up which follows.

Why is this so difficult for people to learn? And in this day and age of transparency, why isn't it more patently obvious that the truth is going to get out, sooner or later?

Our latest contender for the crown prize in idiotic crisis management is DigiNotar. A Certificate Authority located in the Netherlands, DigiNotar is one of the trusted firms that is supposed to guarantee the integrity of information on the internet. One would think that this awesome responsibility would weigh heavily on those who carry it, and would cause them to think through their "what if" scenarios very carefully.

Or then again, maybe not. As you already know if you follow this type of tech news, DigiNotar was hacked, and hacked badly. I don't really blame them for this. Internet technology is a massively complicated affair, and people are notoriously susceptible to social engineering. So I think any firm is susceptible to being hacked (though I do scratch my head and wonder what they were thinking when they set their production admin password to "pr0d@dm1n"). But once this happened, one would hope for just a trace of transparency and accountability. Warn the world of what has happened. Recall the tainted certificates. Put an immediate halt on issuing new certificates until you've figured out the full extent of the problem and figured out how to fix it. And no, I don't mean just changing a stupid password to one marginally less stupid - we need a complete technology and process overhaul.

But DigiNotar failed at each of these tasks, and has thus been removed from the trust of all the major browsers. Barring having their corporate headquarters get struck by an asteroid made of platinum, they're out of business. Some of their competitors who were also hacked took full responsibility and disclosed everything, and will likely emerge stronger and more trusted than ever.

Some day, people will learn. But it's apparently not this day.

No comments:

Post a Comment