SoylentNews is people
SoylentNews
from the unencrypted-in-a-list-on-the-interwebs dept.
The Federal Communications Commission plans to halt implementation of a privacy rule that requires ISPs to protect the security of its customers' personal information.
The data security rule is part of a broader privacy rulemaking implemented under former Chairman Tom Wheeler but opposed by the FCC's new Republican majority. The privacy order's data security obligations are scheduled to take effect on March 2, but Chairman Ajit Pai wants to prevent that from happening.
The data security rule requires ISPs and phone companies to take "reasonable" steps to protect customers' information—such as Social Security numbers, financial and health information, and Web browsing data—from theft and data breaches.
"Chairman Pai is seeking to act on a request to stay this rule before it takes effect on March 2," an FCC spokesperson said in a statement to Ars.
The rule would be blocked even if a majority of commissioners supported keeping them in place, because the FCC's Wireline Competition Bureau can make the decision on its own.
Source: ArsTechnica
(Score: 5, Interesting) by VLM on Monday February 27 2017, @01:18PM (5 children)
Probably the link you want for the R+O is
https://www.fcc.gov/document/fcc-adopts-broadband-consumer-privacy-rules [fcc.gov]
and around page 102 of the rendered PDF in paragraph 248 you'll see the whole thing was meaningless and toothless to begin with.
Its a giant wordy bucket of CYA that boils down to you're going to accept more responsibility but we're not going to help at all nor will we set any standards, we'll just send out some fines and I'm sure things will take care of themselves.
The clickbait sites are implying there was actual protection and security provided rather than content free doubletalk and endless CYA. If there were actual protection and security provided by something else, then it would be a shame if it got flushed, but this is no loss.
Its very unprofessional of the FCC. I deal with them on the RF side and there, they are very professional. They don't issue crap like "operate your transmitter within some reasonable parameters" and then randomly issue NALs for $10K because your second harmonic was 50 dB down but the field office agent felt like you can do better at 60 dB but nothing is written anywhere and there's no standard to follow and to make it even worst imagine this is a century ago so there are no numbers and you're getting NALs because the agent thought the engineer should try harder and thats as specific as they can get. I can assure you the FCC usually isn't as unprofessional as this rulemaking, and its a good sign that they yanked it for being crap. Since they're kinda talking about themselves you can't expect them to say they yanked it because its crap, so we get this very corporate tap dancing justification. But trust me, for an FCC publication this was scraping the bottom of the barrel and nobody lost anything when it was trashed.
A crappy SN car analogy is getting a ticket for reckless driving and going to court and the cop can't remember what was reckless about it other than he felt like giving a ticket that day, whereas maybe the actual crime was driving while black, or he doesn't like teenagers or illegals, or who knows. Depending on your jurisdiction the cop may or may not get away with that.
The general flavor I get is this is stereotypical result of putting info security under IT under the accounting bean counters who came up doing audits and the last innovation in bookkeeping fraud happened before Jesus in Rome or at most maybe before Columbus in Italy and since then there's been nothing technologically interesting other than playing games with respect to speed and quantity. So it blows their minds that they can't issue a declaration of "GAAP compliance" because the "GA" Generally Accepted doesn't exist and the threat profile is under continuous change due to new technological problems. Nothing has changed in balance sheet auditing since my grandpa was doing it before the depression, sonny, what do you mean there isn't "the procedure" for total spectrum infosec protection or that things change?
It would be good if the FCC released a R+O on this topic that contained actual content and guidance and measurable metrics, in other words the opposite of the R+O they trashed. I'm not sure its technologically possible in 2017. I don't know when infosec will be as "boring" and documented and predictable as SOx compliance. The closest analogy I can think of that has paperwork and doesn't see hopelessly incompetent would be some DoD "cybersecurity" roles. I'm not sure if applying DoD regulations meant for Army guys to a civilian ISP is very realistic but it might be the best chance.
Its probably a dumb idea in general and "we" would be better off fixing the problem at a different level, such as never transmitting HIPPA categorized data in an ISP sniffable manner, for example. I have an electric powered garage door opener and I pay the electric company to power my garage door opener but the electric company does not have root access to my garage door opener nor do they play audio spam commercials by inserting them in the AC power stream while my garage door opens nor do they sell garage door opening logs to corporations and criminals (often the same thing) or any of that stupid stuff. The problems you're seeing "with ISPs" is a symptom of problems elsewhere best fixed elsewhere and then the ISPs can take care of themselves.
(Score: 1, Interesting) by Anonymous Coward on Monday February 27 2017, @01:26PM (2 children)
Gee, I think you might have something useful in this word salad. Can you take a few extra minutes and summarize your points, without all of the editorial and randomness?
(Score: 3, Touché) by VLM on Monday February 27 2017, @01:41PM
No, because I just summarized a 200 page R+O by a factor of 200 to 1 if not more, and going to 2000 to 1 is going to make it even more unreadable not better, meanwhile a clickbait site linked to in the article is already misleading people a bit so it would be foolish to trust my summary without verification anyway. This is one of those things where if you're not willing to read a lot (like my nearly illegible scratchings, or better yet the original 200 page R+O) then its the wrong discussion to get into.
Even worse this isn't in isolation, its kinda back and forth and if you'd like a military analogy some really dumb orders were issued and then countermanded by the issuer before implementation when it was realized how poorly written the orders were. Folks are trying to spin that into all manner of "the war is lost" "workers of the world unite" "this is why we must have the two minutes hate against Trump" all of which is interesting and somewhat predictable but not really on topic.
(Score: 2) by art guerrilla on Monday February 27 2017, @01:45PM
toe-may-toe, toe-mah-toe...
actually, i came here to praise vlm, not to bury vlm...
thought it was interesting insight (and modded same), and not that hard to follow; besides, i like sidebars and paranthetical remarks and such...
not sure what to think of the 'doing security at another level' idea, as i am not that kind of nerd; but it also does not seem unreasonable to require ANY bidness -and especially an ISP- to do more than lip-service to minimal security procedures to prevent your data from being low-hanging fruit ripe for the picking...
however, assuming it was basically a bullshit regulation with bullshit enforcement, then the less of that, the better; false security is worse than no security, i guess...
(Score: 3, Touché) by Runaway1956 on Monday February 27 2017, @02:49PM
Great post. You made sense of a lot of crap for me. Thanks, man. Sorry I've used all my mod points already!
(Score: 1) by moondoctor on Monday February 27 2017, @03:27PM
>in other words the opposite of the R+O they trashed. I'm not sure its technologically possible in 2017.
This is the real issue that needs addressing. Honestly? It stumps me. Something vague enough to cover unforeseen technological advances and not legislate specific technologies, yet hard enough to be effective seems close to impossible. We need the most powerful ethical, legal and technological minds working together on this stuff. (Hard to type that without laughing at how ridiculous it sounds in 2017) Those guys are busy making bank, though. The full scope and implications of technology is hard to understand for even the most tech-savvy of us. (Musk seems to get it pretty good, but he still says stupid shit now and then) The gubmint fumbling around in the dark is super sketchy. Having an anti-science and anti-expert vibe in DC is like throwing gas on the fire.
When you factor in how fast technology moves and how slow government moves it gets real interesting real quick.