and say they do make it illegal for state entities to pay ransoms... then what? what is going to happen when a ransom attack does happen? they contact the fbi... great... now what? how do they get their data back? what obligation does the fbi have to tracking down the gang and getting the data back? what's the time line?
see... the issue i see with making it illegal for state entities to pay ransoms is that you tie the hands of the victim without any guarantees that law enforcement will help and help in a timely manner. i see this as a lose, lose situation.
The point is that there's no incentive for hackers to target state entities.
Hackers can target state entities for other reasons, but no rational hacker would do it for the ransom, since there won't be any ransom paid.
The FBI can simply say "We'll never catch the hackers, but if you pay them you'll go to jail". It accomplishes the same goal of reducing the reward for hacking to zero.
It seems this law is intended to benefit those with the most resources to implement the best security, leaving smaller businesses to pretty much pound sand.
We have arrived at why "a pretty basic backup" is no longer feasible for...any business. A hard sell for a four person business with no dedicated IT team.
Sure, but to a general at HQ, 1 dead soldier is better than 10. The policy is devastating to that 1 soldier (and family), but that's not enough reason to adopt an opposing policy that would save the 1 but kill the 10.
Similarly, I can appreciate the logic in making American companies less likely to be targeted by ransom hackers, even if it means some companies are hit harder in the short term.
You've made the implicit assumption that it is acceptable and desirable for the government to sacrifice some companies to save some others. I'm not so sure that's the government's business, and it sounds a lot like a taking to me. Perhaps it is acceptable in the era of Kelo.
OK, fair, although even with the example public goods listed in that Wikipedia page their provision in reality still does end up supporting certain companies and harming others - e.g. if I'm in the business of selling air purifiers, government efforts to reduce air pollution are going to negatively impact my sales.
I totally agree that government policy can shape the market, and my issue is not at all with that happening as a by-product of public goods, but only when it is a direct and deliberate action.
Got it. I think where I lost you was in your use of "picking companies out" - I didn't realize that you meant only intentionally as opposed to incidentally.
see... the issue i see with making it illegal for state entities to pay ransoms is that you tie the hands of the victim without any guarantees that law enforcement will help and help in a timely manner. i see this as a lose, lose situation.