Stories
Slash Boxes
Comments

SoylentNews is people

Politics
posted by Fnord666 on Monday April 08 2019, @08:04AM   Printer-friendly
from the accountability-is-for-suckers dept.

Submitted via IRC for Bytram

Elizabeth Warren wants jail time for CEOs in Equifax-style breaches

In 2017, criminals stole the personal data of about 143 million people from the credit rating system Equifax. It was a huge embarrassment for the company and a headache for the millions of people affected. Equifax's then-57-year-old CEO Richard Smith retired in September 2017, weeks after the breach was discovered, with a multi-million dollar pay package.

Massachusetts US Senator turned Democratic presidential candidate Elizabeth Warren wants to make sure that CEOs who preside over massive data breaches in the future don't get off so easily. On Wednesday, she announced the Corporate Executive Accountability Act, which would impose jail time on corporate executives who "negligently permit or fail to prevent" a "violation of the law" that "affects the health, safety, finances or personal data" of 1 percent of the population of any state.

A CEO could get up to a year in prison for a first offense. Repeat offenders could get three years.

The penalty only applies to companies that generate more than $1 billion in annual revenue—Equifax had $3.4 billion in revenue in 2017. It also only applies to companies that are either convicted of violating the law or settle claims with state or federal regulators. Equifax may qualify on this score, too, since the company signed a consent decree with state regulators last year.

With that said, it seems that most data breaches probably wouldn't trigger criminal penalties under the proposed new law. A CEO would only face jail time if a data breach was the result of illegal activity by the company and if prosecutors can show that the CEO was negligent in failing to prevent it. And under current law, merely being the victim of a data breach isn't a crime.


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 0) by Anonymous Coward on Monday April 08 2019, @09:44AM (2 children)

    by Anonymous Coward on Monday April 08 2019, @09:44AM (#826103)

    We all know what's going to happen next

    • (Score: 0) by Anonymous Coward on Monday April 08 2019, @09:51AM (1 child)

      by Anonymous Coward on Monday April 08 2019, @09:51AM (#826105)
      • (Score: 2) by SpockLogic on Monday April 08 2019, @12:12PM

        by SpockLogic (2762) on Monday April 08 2019, @12:12PM (#826114)

        1. Arrest the lying little shit.
        2. Sell tickets to the perp walk.
        3. PROFIT.

        --
        Overreacting is one thing, sticking your head up your ass hoping the problem goes away is another - edIII
  • (Score: 2, Informative) by Anonymous Coward on Monday April 08 2019, @10:26AM (18 children)

    by Anonymous Coward on Monday April 08 2019, @10:26AM (#826107)

    Accountability of CXOs is never going to happen because corporations and their lobbyists make large financial contributions, and sometimes even write new legislation and amendments to bills under consideration.

    Politicians are not going to bite the hand that feeds their campaigns. Politicians are beholden to the mighty dollar over all other things and that will never change (because corporate interests will never let it change).

    • (Score: 1, Interesting) by Anonymous Coward on Monday April 08 2019, @11:30AM (10 children)

      by Anonymous Coward on Monday April 08 2019, @11:30AM (#826110)

      People are so dumb... They get confused by one layer of misdirection.

      What is a corporation? A group of people paid the government for access to a special legal system so they can't be held fully accountable for the actions of that organization.

      Why is the government selling this access to begin with? Once you have your answer you'll see why this next idiotic idea from a US presidential candidate will never happen. Everything I am hearing from Democrat candidates is idiotic totally misunderstanding the world type stuff, like they are strawmen for Trump to knock down.

      • (Score: 0) by Anonymous Coward on Monday April 08 2019, @11:34AM (9 children)

        by Anonymous Coward on Monday April 08 2019, @11:34AM (#826111)

        And oh, I see the loopholes are coming pre-carved out now, and with an automatic expiration date due to inflation too. So stupid...

        • (Score: 1) by khallow on Monday April 08 2019, @12:18PM

          by khallow (3766) Subscriber Badge on Monday April 08 2019, @12:18PM (#826115) Journal

          I see the loopholes are coming pre-carved out now

          Welcome to necessary regulatory conditions for healthy business to exist. Not getting arrested because politicians are flaky is one of those conditions.

        • (Score: 4, Interesting) by bradley13 on Monday April 08 2019, @12:21PM (7 children)

          by bradley13 (3053) on Monday April 08 2019, @12:21PM (#826117) Homepage Journal

          This. Just from TFS it is entirely clear that no one could every be successfully jailed through this law. So: it's pandering to the masses - "look, we are going to hold upper management responsible!" - when, in fact, this bill would never accomplish any such thing.

          Anyway, while I'm not a fan of the CxO level of large companies, this isn't entirely fair. One disgruntled employee in the right place can cause a massive data breech, theirs d*mn all that person's manager can do about it, and this would then tie the company up in court for years defending its CxOs. Especially given all of the subjective factors mentioned in TFS (e.g., define "negligent").

          To my mind a far better approach is to define objective fines that are levied, based on objective evidence. Who cares why a data breech occurred - fine the company based on the amount and sensitivity of the data. If the breech was due to a disgruntled employee, the company can go after them.

          --
          Everyone is somebody else's weirdo.
          • (Score: 3, Interesting) by Anonymous Coward on Monday April 08 2019, @12:29PM (1 child)

            by Anonymous Coward on Monday April 08 2019, @12:29PM (#826120)

            Fines? No, why should the government get paid when there is a breach? If anything I'd expect more breaches somehow facilitated by the government.

            The victims should be able to get paid something on the order of $1-10k each for something like equifax. Basically a real solution would pave the way for successful lawsuits in these circumstances.

            • (Score: 0) by Anonymous Coward on Monday April 08 2019, @08:35PM

              by Anonymous Coward on Monday April 08 2019, @08:35PM (#826356)

              Hah, exactly. I was going to ask if this law is going to apply to, oh, the head of the OMB as well.

          • (Score: 5, Insightful) by Immerman on Monday April 08 2019, @01:33PM (4 children)

            by Immerman (3985) on Monday April 08 2019, @01:33PM (#826139)

            >One disgruntled employee in the right place can cause a massive data breech,

            If that's the case, then so could one criminal employee, and the company's security is obviously negligent. You would never allow your valuable trade secrets to be so easily stolen, so why is it acceptable for customer data?

            And fortunately there's an easy solution for most companies: don't store the data in the first place - you can't have a data breech if you don't have the data.

            • (Score: 0) by Anonymous Coward on Monday April 08 2019, @04:51PM

              by Anonymous Coward on Monday April 08 2019, @04:51PM (#826236)

              And fortunately there's an easy solution for most companies: don't store the data in the first place - you can't have a data breech if you don't have the data.

              Congratulations! You win the internet for today! Go grab yourself a sugar cookie.

            • (Score: 3, Funny) by Sourcery42 on Monday April 08 2019, @05:39PM (2 children)

              by Sourcery42 (6400) on Monday April 08 2019, @05:39PM (#826264)

              I, for one, typically do not store data in my breeches, but to each his own ;)

              • (Score: 3, Funny) by bzipitidoo on Monday April 08 2019, @05:49PM (1 child)

                by bzipitidoo (4388) on Monday April 08 2019, @05:49PM (#826271) Journal

                Oh? Where are your gonads and all the DNA data they contain? Wait, I get it-- your significant other keeps them in a box. I'm sorry.

                • (Score: 2) by DeathMonkey on Monday April 08 2019, @07:14PM

                  by DeathMonkey (1380) on Monday April 08 2019, @07:14PM (#826331) Journal

                  Once more unto the breech! But, y'know, just for the fun of it and between consenting adults.

    • (Score: 4, Insightful) by DeathMonkey on Monday April 08 2019, @05:02PM (4 children)

      by DeathMonkey (1380) on Monday April 08 2019, @05:02PM (#826245) Journal

      Accountability of CXOs is never going to happen because corporations and their lobbyists make large financial contributions,

      Wrong.

      Accountability is never going to happen because of REPUBLICANS. The end.

      • (Score: 2) by Booga1 on Monday April 08 2019, @05:22PM (3 children)

        by Booga1 (6333) on Monday April 08 2019, @05:22PM (#826254)

        What I see here is a win for both parties.

        Democrats get a win by making a proposal that sounds like it would be tough on "evil corporate shenanigans."
        Republicans get a win by fighting back and stopping "critically flawed legislation" that wouldn't have passed anyway.

        Democrats get to say, "We were so close! See why you need to vote for us?"
        Republicans get to say, "That was a close one! See why you need to vote for us?"

        • (Score: 4, Insightful) by DeathMonkey on Monday April 08 2019, @05:28PM (2 children)

          by DeathMonkey (1380) on Monday April 08 2019, @05:28PM (#826258) Journal

          And? They are both trying to implement the policies they believe in.

          Now, as a voter, you get to choose which policy most closely aligns to your beliefs and vote for the people trying to implement it.

          What you don't get to do is simply proclaim that both sides are the exact same when the actions they are taking are the exact opposite.

          • (Score: 2) by Booga1 on Monday April 08 2019, @08:12PM

            by Booga1 (6333) on Monday April 08 2019, @08:12PM (#826350)

            I've made no such claim "that both sides are the exact same."
            Perhaps I could have phrased it better, but I don't think they're trying to implement anything in this particular case. This is showmanship and hand-waving legislation at its best.
            I don't believe that either side thinks this has any traction to become law. The proposed law is simply for show and both sides get to make themselves look good. It's a farce.

          • (Score: 1, Insightful) by Anonymous Coward on Monday April 08 2019, @09:26PM

            by Anonymous Coward on Monday April 08 2019, @09:26PM (#826373)

            And? They are both trying to implement the policies they believe in.

            No, they're not, because the Republicans don't believe in anything except money, and the majority of Democrats are the same. Corporate Democrats like Cory Booker, Kamala Harris, Kirsten Gillibrand, and worse are the cancer plaguing the Democratic party, and they need to be primaried out of office in favor of progressive candidates who don't accept corporate bribes to even have a chance of saving it. The Republican party, on the other hand, is entirely hopeless.

            Now, as a voter, you get to choose which policy most closely aligns to your beliefs and vote for the people trying to implement it.

            That assumes the US is a democratic republic, when in fact it functions as more of an oligarchy. Maybe if we had instant-runoff voting and various other democratic reforms, things would be different, but that's not the case yet. Any country that forces people to choose a lesser evil is not democratic at all and will do very poorly at reflecting the actual policy positions of The People.

    • (Score: 3, Touché) by DeathMonkey on Monday April 08 2019, @05:07PM (1 child)

      by DeathMonkey (1380) on Monday April 08 2019, @05:07PM (#826247) Journal

      Politicians are not going to bite the hand that feeds their campaigns.

      Less than 1% of Warren's campaign money comes from corporations. [washingtonpost.com]

      If anything, she would be biting the hands of the millions of small contributors if she DOESN'T go after corporations.

      • (Score: 0) by Anonymous Coward on Tuesday April 09 2019, @03:41AM

        by Anonymous Coward on Tuesday April 09 2019, @03:41AM (#826542)

        Yeah, about that ... even if Warren becomes president she'll still need the House and the Senate to vote in favor of biting the hand that feeds their campaigns.

  • (Score: -1, Flamebait) by Anonymous Coward on Monday April 08 2019, @01:24PM (3 children)

    by Anonymous Coward on Monday April 08 2019, @01:24PM (#826136)

    I propose a law jailing law school graduates, who claim racial preference for employment, when they are not qualified to do so. I'll call it "Pocahontas' law".

    • (Score: 1, Informative) by Anonymous Coward on Monday April 08 2019, @03:26PM (2 children)

      by Anonymous Coward on Monday April 08 2019, @03:26PM (#826198)

      ^^ We call this whataboutism.

      • (Score: 4, Interesting) by Anonymous Coward on Monday April 08 2019, @04:08PM (1 child)

        by Anonymous Coward on Monday April 08 2019, @04:08PM (#826217)

        Then I'll give you a real whatabout to chew on: If your physician's office breaches your personal information....

        The civil penalty tier system for healthcare organizations is based on the extent to which the HIPAA covered entity was aware that HIPAA Rules were violated. The maximum civil penalty for knowingly violating HIPAA is $50,000 per violation up to a maximum of $1.5 million per violation category.

        https://www.hipaajournal.com/civil-penalty-for-knowingly-violating-hipaa/ [hipaajournal.com] and countless other places.

        Employees can be personally held liable for breaches to the same tune. There is the possiblity of jail time for violators.

        Now, why exactly do you think that FICO, Equifax, TransUnion, and Experian should be held less liable than your family physician should be?

        • (Score: 0) by Anonymous Coward on Tuesday April 09 2019, @01:20AM

          by Anonymous Coward on Tuesday April 09 2019, @01:20AM (#826480)

          Now, why exactly do you think that FICO, Equifax, TransUnion, and Experian should be held less liable than your family physician should be?

          Because there has been a proven history of companies discriminating against people due to their medical history. Whereas for most situations (except for the already illegal crime of identity theft) most of the people who would discriminate against you for a credit score would already request you give that score to them anyway.

          Admittedly both would have a pretty large impact, but which do you think would have more of an impact and/or be harder to say:

          "Mr. Employer/Insurance Underwriter/Credit Card Company, I'm $40,000 in debt, have no idea how to pay it back, and am living paycheck to paycheck."

          "Mr. Employer/Insurance Underwriter/Credit Card Company, over the past decade I have been seriously sick for on average of a 25 days each year, and I have a 10% chance of getting diabetes and a 5% of having a heart attack in the next 10 years."

          I think there should be more scrutiny and punishment for these breaches of security as well. However, let's not conflate shooting a wolf near your farm (endanger species, bad) with shooting a rhino for ivory (very endangered, very bad).

(1)