Compromise, Loss, Exposure, and Disclosure

Does Chris Walsh need a trim for all his hairsplitting? ;-)

I have been taken to task by Emergent Chaos for my use of the term "lost" instead of "compromised" with respect to Privacy Rights Clearinghouse’s tally for data breaches.

[It is particularly telling when people pull out a dictionary to make a semantic argument and don't note that "compromise" has about a dozen definitions and "lost" has over 30 (depending on how you count).]

First, let me say that I am changing the word in my previous post to make Chris happy and because I agree that "compromised" is a better word in this case. However, I am surprised that Chris finds his definition of compromise satisfying. Since it makes "compromise", "expose", and "make vulnerable" all synonymous. It is clear that he was reaching in that regard. With that definition, I would suggest that ALL credit cards (1.3 billion Visa cards in 2004) have been "compromised." Why doesn’t the Privacy Rights Clearinghouse list those?

Second, I note that Chris didn’t bother to actually pull out the definition of "lost" to contrast with compromise. That is because "lost" has many definitions (according to his reference) that are extremely close to the meaning of "compromised" and are certainly much closer as used colloquially in the security world than "exposed" and "vulnerable" are.

Finally, Privacy Rights Clearinghouse doesn’t seem to care about the distinction. They make liberal use of the word "breach" which is clearly not in the spirit of Chris’ explanation and imply some comfort with Attrition.org’s data loss database.

You only need to ferret out this one line to have your answer to my original question:

"Sure, there may only have been a confirmed loss of 260K records."

So, either Privacy Rights Clearinghouse needs to increase their number into the billions or reduce it to 60 million. It is really that simple.

1 comment for “Compromise, Loss, Exposure, and Disclosure

  1. Chris
    January 22, 2007 at 11:38 am

    I picked the meaning for “compromise” that made sense.

    I agree that “lost” is an imprecise term. In the digital realm, it is a terrible word, since I can have an exact copy of your data, and leave you with the original. Have you “lost” anything? I’d say so.

    Anyway, it’s time to get precise about this stuff. As I promised at the end of the post you are reacting to, I will be getting even more pedantic and hair-splitting soon.

Comments are closed.