Renowned security researcher Bruce Schneier has a story up on his blog On the Equifax Data Breach:
Last Thursday, Equifax reported a data breach that affects 143 million US customers, about 44% of the population. It's an extremely serious breach; hackers got access to full names, Social Security numbers, birth dates, addresses, driver's license numbers -- exactly the sort of information criminals can use to impersonate victims to banks, credit card companies, insurance companies, and other businesses vulnerable to fraud.
Many sites posted guides to protecting yourself now that it's happened. But if you want to prevent this kind of thing from happening again, your only solution is government regulation (as unlikely as that may be at the moment).
The market can't fix this. Markets work because buyers choose between sellers, and sellers compete for buyers. In case you didn't notice, you're not Equifax's customer. You're its product.
This happened because your personal information is valuable, and Equifax is in the business of selling it. The company is much more than a credit reporting agency. It's a data broker. It collects information about all of us, analyzes it all, and then sells those insights.
Its customers are people and organizations who want to buy information: banks looking to lend you money, landlords deciding whether to rent you an apartment, employers deciding whether to hire you, companies trying to figure out whether you'd be a profitable customer -- everyone who wants to sell you something, even governments.
It's not just Equifax. It might be one of the biggest, but there are 2,500 to 4,000 other data brokers that are collecting, storing, and selling information about you -- almost all of them companies you've never heard of and have no business relationship with.
Surveillance capitalism fuels the Internet, and sometimes it seems that everyone is spying on you. You're secretly tracked on pretty much every commercial website you visit.
Bruce continues with observations about the data gathering activities of such on-line behemoths as Google and Facebook, as well as companies as mundane as your cell phone provider. Sadly, massive data breaches such as what happened at Target, Home Depot, and Yahoo! gathered media attention for a while, but after a matter of time faded from public awareness and concern.
He suggests the only solution is government regulation. Maybe. But that also runs up against the problem of regulatory capture.
What, if anything, can be done? Mandate a minimum payment of, say, $100.00 to each person who had information disclosed? That would certainly boost a company's willingness to implement security best-practices.
(Score: 4, Insightful) by meustrus on Friday September 15 2017, @05:43PM (1 child)
One could imagine a future in which large data brokers like this are regulated by a large federal bureaucracy like the SEC. Lots of complicated reporting, tons of overhead, new partnerships between regulators and the regulated, and most importantly the codification into law of current shoddy business practices. Yeah, I'm sure that what we really need is to let this industry continue as-is, but with a federal bureaucracy bolted onto the side.
Or we could just take a good look at this activity, determine that it has zero economic value to anybody, and simply ban it. No government bureaucracy required. Lenders won't have as much insight into whether you will pay your bills, but we did just fine before this service was available. And maybe without the false sense of security these credit scores provide, lenders will start looking more at concrete factors like how much money you make and what responsibilities will make it painful for you to renege on the debt.
We didn't need Equifax to buy homes in 1955 and we don't need it now. #MAGA
If there isn't at least one reference or primary source, it's not +1 Informative. Maybe the underused +1 Interesting?
(Score: 1, Informative) by Anonymous Coward on Saturday September 16 2017, @04:39AM
Maybe, maybe not. This 1995 Wired article is a cite in the Wikipedia for Equifax: Separating Equifax from Fiction [archive.org].
Emphasis mine. Apparently, Equifax is the company that moved congress to pass the Fair Credit Reporting Act:
Modded you up earlier today without fact-checking! Looks like Westin's main argument wasn't even what happened here (according to Wired in 1995, anyway). Still agree with your sentiment, though. Credit needs to be able to exist without such centralized information warehousing.