The 'Gay Marriage' of Computer Security?
Reading Dale Carpenter’s post on Volokh,”Big win for SSM in Massachusetts,” I was struck by how similar his narrative is to my thinking around breach notice. He writes (and I emphasize):
What’s so striking about the vote today is how dramatically support for SSM has grown in the legislature (and in state public opinion polls) since the state supreme court ordered the recognition of gay marriages in 2004. Back then, before the state had any experience with such marriages, there was overwhelming opposition to the idea. Only about a third of the state’s 200 legislators fully supported gay marriage. The only real disagreement was whether the state should constitutionally ban both civil unions and gay marriages or just ban gay marriages. Opponents of gay marriage back then gambled that they could hold out for a broad ban — a tactical decision that cost them.
The delay … let the initial anxiety subside. More than 8,500 same-sex couples got married in the state with no obvious or immediate effect on Massachusetts families or existing marriages.
I think we’re seeing something very similar around broad breach disclosure. There was overwhelming opposition to the idea, but as it’s happening, and the initial anxiety is subsiding, we can have a much more rational discussion.