4

In cybersecurity, we have a subject called "security theater" which means implementing a feature that only looks like a real security mechanism but doesn't do anything literally.

Is it against the law for, let say, a company to implement a layer of security which is indeed nothing but a theater (in both deliberately and indeliberately cases)?

It gives false confidence for the users of the system thinking their data are protected by the machine while it's not.

Amirreza Nasiri
  • 143
  • 7

1 Answers1

6

Given that obscurity is not security, the company potentially exposes itself to claims of:

  • Misrepresentation under consumer protection laws, or even fraud (things that you sell are not quite what you claim they are, and you know it)
  • Negligence (people rely on your goods/services to be secure as per your claim but you take this very lightly and they get burnt).
Greendrake
  • 28,487
  • 5
  • 71
  • 135