Bruce Schneier slams BitArmor guarantee

Money-back guarantee against data breaches a 'gimmick'

Bruce Schneier has rubbished a money-back guarantee by BitArmor

Security expert Bruce Schneier has described a money-back guarantee by encryption vendor BitArmor as "nothing more than a PR gimmick".

BitArmor announced a 'No-Breach Guarantee' on its DataControl encryption package in January. Users buying a three-year contract with Platinum-level support, and who applied updates within 90 days of their release, and still suffered a data breach, could claim their money back from the company.

However, an examination of the fine print revealed that the user would have to publically acknowledge the data breach, the refund would only be on the package itself, and the payout would be pro-rated against the length of the contract.

Schneier commented on the offer in his monthly Crypto-gram newsletter as he had been referenced by the company as a supporter of such an idea. He was less than pleased with this.

"Bottom line: PR gimmick, nothing more. Yes, I think software vendors need to accept liability for their products, and that we won't see real improvements in security until then," he wrote.

"But it has to be real liability, not this sort of token liability. And it won't happen without the insurance companies; that's the industry that knows how to buy and sell liability."

Manu Namboodiri, vice president of marketing at BitArmor, has defended the plan. "I think it is bad form for Bruce to ask for more responsibility from vendors and, when one does take on some responsibility, put them down heavily," he said.

"You say software vendors should take on real responsibility, but in the next statement you tell them to effectively become insurance companies. There obviously is a PR element to this, but without product capability to back it up, no company can do this.

"It would have been nice of you to have at least acknowledged that possibility, and asked insurance companies to step up instead of 'pooh-poohing' the whole thing."