Comment by spwa4
20 hours ago
You don't seem to realize the difference between those 2.
> The way to fix it is to empower one government agency to do aggressive pentesting against every other agency, hospitals, banks, infrastructure, and big corporations, with salaries matching the private sector. Impose ...
And now you've got private people empowered to attack specific government officials. In fact, that's their job. Btw: you forgot to specify "in public", and that needs to be how it works, otherwise it will just result in officials attacking this security agency. Oh, AND you're giving government officials an obvious point of attack: "salaries matching the private sector".
> Forget compliance checklists, KPMG "audits" and all that crap, just have government-sponsored hackers trying to get into everything like an attacker would.
You mean forget the way even the dumbest of the dumb can "provide security"? Do you think government officials in France got their position based on their IQ?
Of course this is the only way it can work, but this needs a very un-French form of government to get it to work.
> this needs a very un-French form of government to get it to work
I'm usually not one to defend french culture, but i believe your interpretation is wrong. What went wrong in this case is the americanization of the french administration: make everything complex, remove all local government branches and workers who can help you, remove every sensical administrator from their position, ignore all the privacy laws that were passed after Vichy and the nazi/IBM databases, "just make all the NUMÉRISATION".
The french government didn't have a proper national ID system until the nazi administration (Vichy) who invented the CNI and the Ausweis. There was strong sentiment against this well into the 70s and the Loi Informatique et Libertés, and it's only the more recent startup generation that started undoing all our ancestors hard fought battles against data collections/centralization.