2021]! CYBERSECURITY!FOR!IDIOTS! 175!
!
on!similarly!easy!cases!and!questions!will!generate!a!disproportion-
ately!large!benefit.
!The!country!needs!to!stringently!enforce!a!man-
ual!of!computer!security’s!basic!Defense!Against!the!Dark!Arts
!—a!
“Cybersecurity!for!Idiots.”
!Doing!so!makes!regulatory!action!easier!
to!predict!and!to!undertake.!It!helps!regulators,!especially!generalized!
ones,! avoid! mistakes! of! both! under! and! over-enforcement.! This! ap-
proach!is!especially!useful!for!areas!that!are!rapidly!evolving!in!tech-
nological!terms!or!in!terms!of!which!entities!have!jurisdiction!to!es-
tablish!rules!for!them.!And,!unfortunately,!terrible!security!practices!
are!rampant,!from!hard-coded!passwords
!to!unencrypted!data
!to!
elementary!mistakes!in!software!coding.
!
The!best!way!to!reduce!terrible!security!practices!is!for!generalist!
regulators,!like!the!Federal!Trade!Commission!(FTC)!and!state!attor-
neys!general,!to!adopt!an!approach!that!is!conceptually!similar!to!tort!
law’s!negligence!per!se!doctrine.!This!model!has!two!key!aspects:!it!
establishes!regulatory!floors!by!specifying!conduct! that! autom atically!
generates!liability,!and!it!draws!upon!expertise!external!to!the!regula-
tor!to!determine!those!floors.!To!be!clear,!the!Essay!does!not!propose!
employing!negligence!per!se!itself.!Tort!law!has!been!largely!a!disap-
pointment! in! addressing! cybersecurity.
! Instead,! it! employs!
“1234!@#$”)”).'See#generally'William'McGeveran,'The#Duty#of#Data#Security,'103'MINN.)
L.)REV.'1135,'1193–95'(2019)'(describing'security'“worst'practices”).'
'
.' Consider'the'widespread'attention'that'the'FTC’s'enforcement'action'against'
Wyndham,'for' abysmal' security'practices,'has'drawn.' See'Recent'Case,'FTC'v.'Wynd-
ham'Worldwide'Corp.,'799#F.#3d#236#(3d#Cir.#2015),'129'HARV.) L.)REV.'1120'(Feb.'10,'
2016);'Hurwitz,'supra'note' 19;'Woodrow'Ha rt zo g '&'D an ie l'J.'Sol o ve ,'The#FTC#as#Data#
Security#Regulator:'FTC'v.'W yndham'and#Its#Implications,'PRIVACY)&)SEC.)L.)REP.)(BNA),'
13'PVLR,)no.'15,'Apr.'14,' 2014,' at'1'(“In 'the'field'of'data'security'law,'hardly'any'case'
has'had'as'much'at'stake'as'Federal#Trade#Commission#v.#Wyndham.”).'
#
.# See#generally'J.K.)ROWLING,)HARRY)POTTER)AND)THE)CHAMBER)OF)SECRETS'(1998).'
'
.' Not'“Cybersecurity'for'Dum mies.”'“Idiots”'better'describes'the' entities'com-
mitting'these' errors.'Also,' the'author'is'not'eager'to'court'a'trademark'suit'from'the'
publishers' of' the' w ell-known' series' w ith' the' other' title.' See# ABOUT) FOR) DUMMIES,'
https://www.dummies.com/about-for-dummies'[https://perma.cc/T7CE-EXGR].'
#
.# See,#e.g.,#Dan' Goodin,'Hard-Coded# Key#Vulnerability#in#Logix# PLCs# H as# Severity#
Score# of# 10# out# of# 10,' ARS) T ECHNICA' (Feb.' 26,' 2021),' https://arstechnica.com /'
information- te chno logy /2 021 /02 /ha rd-co ded- key-vulnerability-in-logix-plcs-has'
-severity-score-of-10-out-of-10'[https://perma.cc/B3LG-L4TL].'
#
.# See,#e.g.,'Lily'H a y 'Newm a n ,'Clubhouse’s#Security#and#Privacy#Lag#Behind#Its#Ex-
plosive# Growth,' WIRED' (Feb.' 26,' 2021),' https://w ww.wired.com/story/clubhouse'
-privacy-security-growth'[https://perma.cc/8 C3 J-C8FJ].'
#
.# See,#e.g.,#Andy'Greenberg,'An#Absurdly#Basic#Bug#Let#Anyone#Grab#All#of#Parler’s#
Data,'WIRED' (Ja n.'12,'2021),'https://www.w ired.com / story/ pa rler-hack-data-public'
-posts-images-video'[https://perma.cc/YHN5-J9FH].'
#
.# See'generally#Michael'D.'Scott,'Tort#Liability#for#Vendors#of#Insecure#Software:#
Has#the#Time#Finally#Come?,'67'MD.)L.)REV.'425'(2008).'