Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Friday September 15 2017, @02:54AM   Printer-friendly
from the someone-always-pays dept.

Renowned security researcher Bruce Schneier has a story up on his blog On the Equifax Data Breach:

Last Thursday, Equifax reported a data breach that affects 143 million US customers, about 44% of the population. It's an extremely serious breach; hackers got access to full names, Social Security numbers, birth dates, addresses, driver's license numbers -- exactly the sort of information criminals can use to impersonate victims to banks, credit card companies, insurance companies, and other businesses vulnerable to fraud.

Many sites posted guides to protecting yourself now that it's happened. But if you want to prevent this kind of thing from happening again, your only solution is government regulation (as unlikely as that may be at the moment).

The market can't fix this. Markets work because buyers choose between sellers, and sellers compete for buyers. In case you didn't notice, you're not Equifax's customer. You're its product.

This happened because your personal information is valuable, and Equifax is in the business of selling it. The company is much more than a credit reporting agency. It's a data broker. It collects information about all of us, analyzes it all, and then sells those insights.

Its customers are people and organizations who want to buy information: banks looking to lend you money, landlords deciding whether to rent you an apartment, employers deciding whether to hire you, companies trying to figure out whether you'd be a profitable customer -- everyone who wants to sell you something, even governments.

It's not just Equifax. It might be one of the biggest, but there are 2,500 to 4,000 other data brokers that are collecting, storing, and selling information about you -- almost all of them companies you've never heard of and have no business relationship with.

Surveillance capitalism fuels the Internet, and sometimes it seems that everyone is spying on you. You're secretly tracked on pretty much every commercial website you visit.

Bruce continues with observations about the data gathering activities of such on-line behemoths as Google and Facebook, as well as companies as mundane as your cell phone provider. Sadly, massive data breaches such as what happened at Target, Home Depot, and Yahoo! gathered media attention for a while, but after a matter of time faded from public awareness and concern.

He suggests the only solution is government regulation. Maybe. But that also runs up against the problem of regulatory capture.

What, if anything, can be done? Mandate a minimum payment of, say, $100.00 to each person who had information disclosed? That would certainly boost a company's willingness to implement security best-practices.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Informative) by Anonymous Coward on Saturday September 16 2017, @04:39AM

    by Anonymous Coward on Saturday September 16 2017, @04:39AM (#568843)

    Maybe, maybe not. This 1995 Wired article is a cite in the Wikipedia for Equifax: Separating Equifax from Fiction [archive.org].

    At the beginning of the century, Equifax went by the more descriptive name of Retail Credit. By 1920, the fast-growing company had offices throughout the US and Canada; by the 1960s, Retail Credit was one of the nation's largest credit bureaus, holding files on millions of Americans. Each file was filled with facts: loans that hadn't been repaid, overdue credit card payments, and multiple address changes by people constantly trying to escape creditors. Other companies could access these files to decide who should be given loans, mortgages, and other kinds of credit. Without these credit reports, the company argued, how could you tell who was good for credit and who wasn't? Banks couldn't write mortgages. Department stores wouldn't be able to sell anything to anyone on credit.

    Emphasis mine. Apparently, Equifax is the company that moved congress to pass the Fair Credit Reporting Act:

    Retail Credit was about to computerize its files. "Almost inevitably, transferring information from a manual file nto a computer triggers a threat to civil liberties, to privacy, to a man's very humanity because access is so simple," argued [Columbia University Professor Alan Westin] in the Times. The effect, he continued, is that it becomes harder and harder for people to escape from the mistakes of their past, or to move in search of a second chance.

    Those hearings resulted in the passage of the Fair Credit Reporting Act in October [1970], which gave consumers rights regarding information stored about them in corporate databanks. Some observers believe the hearings prompted Retail Credit to change its name to Equifax in 1975.

    Modded you up earlier today without fact-checking! Looks like Westin's main argument wasn't even what happened here (according to Wired in 1995, anyway). Still agree with your sentiment, though. Credit needs to be able to exist without such centralized information warehousing.

    Starting Score:    0  points
    Moderation   +1  
       Informative=1, Total=1
    Extra 'Informative' Modifier   0  

    Total Score:   1