Over the past few weeks, I've received a ton of email and comments in response to my argument that those who produce slipshod code should be held legally accountable when damage results. Although I generally don't like to feed the trolls, many of the responses I received fit a certain pattern, so I thought I'd take this opportunity clear the air -- and offer a challenge to readers.
One of the most common reactions to my appeal for accountability is that any type of government regulation is a horrible, terrible thing. I was called a "liberal" in some comments and far worse in email. First, why do some people seem to think that "liberal" is an epithet? Second, I hate the "nanny state" concept and generally lean toward the Republican side of things. (Well, I did before the Republican party turned into a clown car. I'm an Eisenhower Republican.)
Regular readers of this blog know how much time I've spent railing that the law and legislatures just don't get technology and how detrimental that fact is to IT. Read anything I wrote about the Terry Childs case for umpteen examples. If anyone out there understands just how much the law needs to catch up to technology, it's Terry. Nonetheless, I don't think that companies can continue to store sensitive personal information in the digital equivalent of a wet paper bag without penalty.
I'll put it to you this way: While the government can definitely do the wrong thing (you need look no further than the debt ceiling circus), it can also do things very right. Personally, I like the fact that I don't have to take my life in my hands when I buy a steak from the store. Thanks, USDA!
So while I'm no fan of government interference and stifling regulation, something must be done. It's clear this isn't going to take care of itself.
And that segues to my second point. Many people commented on how storing hashed strings is barely more secure than plain text. Many even pooh-poohed using several levels of hashing. To them, and to anyone, I hereby issue a challenge.
Observe this string: