Hacker News new | past | comments | ask | show | jobs | submit login

Here's the thing. It takes one person. Just one. To ruin it for everyone.

That's why stuff like this exists.

So assume this happened to Amazon one time and cost them a ton of money.

Do they sit back and just hope it never happens again?

Do they somehow selectively choose which employees to monitor?

Don't get me wrong. I would love to live in a world where everyone can trust everyone else but that's a fairy tale.




But this applies to any sort of crime: there are limits to what is reasonable surveillance. Of course the legal system is different than what a private company does with its employees, but I think it’s useful to note that there are limits to how far we can go to catch these things.


I'm all open to hear other ways how Amazon could reliably stop employees from stealing data.


I've worked at places where data theft meant a spy was violating arms control treaties. You get access to the data you need, and every access and egress is logged. A keylogger is a frankly ridiculous solution to this problem.


Simply audit the events where data is accessed (they also suggest this in the article). What advantage does monitoring keystrokes give? This smells more like an attempt to detect unproductive workers to me.


> Simply audit the events where data is accessed....

That would be a sane approach. Indeed, if there's "data" to guard, then one just properly secures it and allocates access to it. If "theft" happens, then there's access log.

If data is ubiquitous that everyone should be able to access it, then it's hardly data to "guard". In any case, it makes more sense to monitor access to data, not just a sea of keystrokes... unless the concern lies with something other than the data.


This is impossible no matter how many safe guards you put up. Like keeping drugs out of prison.


They cannot and monitoring keystrokes won’t stop it either.


You gotta assume if someone is an engineer they can do some nasty stuff. The idea is there's professional etiquette and ethics. It's as easy as encrypting some code, downloading it as some image file, and running it through a benign sounding script. Keystroke monitoring is more likely to find you chatting with your SO than a breach.


This is exactly it. Even the best tools today cannot, and do not monitor all attack vectors.

If you can't trust someone to be an employee in a position where they have access to your systems, they should not be in that position.


That’s why your kids have cameras in each of their school bathrooms’ toilet stalls to catch the ones selling nickel bags. Or would if that were legal.

Normalizing the surveillance state is the chilling part. It’s just that the corporation is state entity, not the government.

To your point, the reason we have bad cops is that we have problem people that carjack, rape and the like, so we therefore have cops. If people really didn’t want bad cops, they wouldn’t crime.

But I doubt Amazon has lost much money from the looks of it.

Criminal insiders that prey on the customers are a more interesting target, but I suspect they are in different unmonitored areas.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: