Senate Introduces Strong Privacy Bill

amigoro writes "US Senators introduced a bill that better protects the privacy of citizens' personal information in the face of data security breaches across the country. Key features of the bipartisan legislation include increasing criminal penalties for identity theft involving electronic personal data and making it a crime to intentionally or willfully conceal a security breach involving personal data."

A little late isn't it?

[AltGrendel]

I thought that horse was already out of the barn.

Re:A little late isn't it?

[mr_matticus]

A few horses are out of the barn, but that doesn't mean someone shouldn't close the gate to keep the rest in.

Re:A little late isn't it?

[mfh]

I thought that horse was already out of the barn.

I'm sorry to inform you, sir, that your horse had to be sent to the glue factory. Please sign here.

Re:A little late isn't it?

[VirusEqualsVeryYes]

That's very profound and all, but given their track record, more than likely they'll go back to bickering over abortion and global warming as the rest of the horses jump the fence.

Re:A little late isn't it?

[TheMeuge]

I am just wondering when there will be a bipartisan legislative effort to institute mandatory minimums for violation of the constitution by congress or the executive.

Re:A little late isn't it?

[mr_matticus]

Are you saying that the US government has jumped the shark?

Re:A little late isn't it?

[UbuntuDupe]

The problem is that closing the gate (passing the law) is most likely an excuse not to pursue the horses (spammers) that have already escaped (violated users' privacy), even though previously existing lassos (laws) are sufficient to capture (prosecute) them.

Close the gate, sure, but don't disband the posse that's going after the horses!

Re:A little late isn't it?

[gEvil+(beta)]

I am just wondering when there will be a bipartisan legislative effort to institute mandatory minimums for violation of the constitution by congress or the executive.

Oh c'mon! Where are they 'funny' moderations when they're needed?

Re:A little late isn't it?

[Captain+Splendid]

Are you saying that the US government has jumped the shark?

Yes, it has.

Re:A little late isn't it?

[Lord+Ender]

You're out of touch.

The constitution is not some sort of binary comparison test. It must be interpreted. If such a law were in place, it would be used as a political weapon more powerful than impeachment. It could shut down government entirely. If one party were to gain control of the Supreme Court, they could imprison their opponents to prison.

No, that's a terrible idea you have.

Re:A little late isn't it?

[bberens]

You're out of touch.
If such a law were in place... [it] could shut down government entirely.
Hmm, tell me more of this government shutting down science.

Re:A little late isn't it?

[TheMeuge]

If such a law were in place, it would be used as a political weapon more powerful than impeachment.

And here I was trying to think of whether garlic or a silver bullet would do it.

Re:A little late isn't it?

[jafac]

....your horse had to be sent to the glue factory....

With a monthlong stop, along the way, at a bestiality-porn movie studio.

Re:A little late isn't it?

[falconwolf]

Are you saying that the US government has jumped the shark?

Government is the shark!

Falcon

Re:A little late isn't it?

[cavefrog]

I am just wondering when there will be a bipartisan legislative effort to institute mandatory minimums for violation of the constitution by congress or the executive.

I'm not clear on this: Do you mean "minimum punishment for violations", or "minimum number of violations required to be committed"?

Re:A little late isn't it?

[pbaer]

"Violation of the constitution" is such a vague phrase. The constitution was written to be a living document that is not immutable. So to prove that their was a violation of the constitution it would basically have to be a supreme court case, as you are setting precedence for the entire country. Since that would have to be done for every single case even if the accused turns out to be innocent, you end up wasting much of the justice's time. I know you want a reason to punish Bush, but this really isn't the way to do it. Bills for improved transparency would be a better solution.

Re:A little late isn't it?

[faolan_devyn_aodfin]

>>I thought that horse was already out of the barn.

Sounds like someone needs to zip their pants.

Re:A little late isn't it?

[faolan_devyn_aodfin]

Yeah, it's a living document which makes it all the more right for me to say that my ancestors who legally owned slaves and were able to brutally whip them to death just for looking at the foreman the wrong way or getting sick on the job as being right. After all the Negroid race was on 3/5 of a person.

Oh wait... it said they get 3/5 representation in the government (Prior to later Amendments to fix this disgusting hole)! Yeah, living document... morality depends on the culture of the times. Why don't you go as the survivors of the Holocaust if they feel the same way about what is right varying from one time and culture to another? Murder is murder, rape is rape, and tyranny is tyranny. To create these false "yes, but..." standards is just ridiculous.

Yes, there are grey areas of morality but when it comes to government and giving it more power you can bet that it is generally a bad thing. If you don't believe me then when not compare hom many people were murdered by common criminals and how any were murdered by "The State" "for the better good". The numbers do not even compare. I just wish people would quit using this "living document" theory as a way to expand the government's power to protect us from criminals when it is a simple observation that it is government that is the greatest criminal of all.

So does this mean...

... that you have to disclose each time a clients personal data is stored on/accessed from a computer running windows?

wait a minute, I'm confused

[jimstapleton]

Isn't this the Republicans domain, increasing privacy?

Aren't the Democrats in power now in congress? Didn't the opposite happen with the Reps?

When did hell freeze over, and why wasn't I informed.

I swear US politics is such a screwed up thing, and it just keeps getting worse.

Re:wait a minute, I'm confused

[mr_matticus]

If by 'screwed up' you mean 'fluid and dynamic,' then yeah, I guess it is.

Look at it this way: would the Republicans ever punish big business for being inept?

Of course the Democrats would be the ones to put this bill on the table; they're not communists. Hell, most of them aren't even liberals, but they have no problem sticking it to corporate America when it suits them.

Re:wait a minute, I'm confused

[db32]

No no no, this is business as normal. Current "Republicans" are for increasing big business and Democrats for big government. Penalties against business for screwing the citizen is typically left of the Republican agenda these days. As a (mostly) Republican I am more upset that the "Republicans" in power right now really have nothing to do with what Republican ideals are supposed to be, and rather amused that the Democrats took so many seats by basically running on traditionally Republican ideals.

I am actually kind of curious on how this will jive with earlier reports of government agencies paying data miners and theives for personal information as part of the "OMFG everyone is a terrorist!" spying programs.

Re:wait a minute, I'm confused

[jimstapleton]

but Republicans aren't just increasing big business, they are increasing big government too...

But I see you point, that does make it clearer. We still have a pretty screwed up government.

Re:wait a minute, I'm confused

[SwedishPenguin]

Where have you been for the past few years? Republicans are very much in favor of invasion of privacy.
This is the party in favor of extending the invasions of privacy in the "Patriot act" and refused to even consider launching an investigation into Bush's warantless wiretapping.

Re:wait a minute, I'm confused

[gbulmash]

Isn't this the Republicans domain, increasing privacy?

Are you being sarcastic?

The Republicans have always positioned themselves as champions of law and order, and their favorite tool for it is intelligence gathering. Things like the Patriot Act as well as the warrantless wiretapping controversy just prove that out.

Both parties like to pick and choose which civil liberties they defend and which ones they attack in the name of fighting crime. While the Republicans are big on intelligence gathering at the expense of our right to privacy, the Democrats are big on gun control at the expense of our right to bear arms.

Re:wait a minute, I'm confused

[jimstapleton]

"Didn't the opposite happen with the Reps?" I believe I said.

I had the last couple years covered, if not explicitly.

Re:wait a minute, I'm confused

[db32]

Exactly, the current crop of Republicans are failing absolutely to hold to any kind of Republican values. True Republican values does not involve this twisted religious bent on things, it advocates personal responsibility, no nanny state crap, no blame society crap. You screwed up making yourself poor by signing a 20% interest rate payday loan and Rent-to-own contracts to live above your means...not my problem to bail your ass out. (Now the fact is, most of the poor are poor by choice doing stupid crap like this and its a failure of the education system not teaching financial responsibility, the gap between rich and poor wouldn't be growing nearly as fast and eliminating the middle class if everyone didn't buy all their wizbang-gottahavits on credit...when it was normal to save for years for a house/car/stuff the gap was much smaller and the middle class was much larger)

Additionally traditional Republican values want lowered taxes (the current crop pay lipservice to this with tax cuts), but the financial responsibility part of low taxes involves less spending. Leaving the war out since that is a twisted mess of a wreck to begin with, we can see the bloat in HomeSec, TSA, and other such nonsense. Our state sponsored paranoia is costing us billions. Ironically the current Republicans bitch about how we are all doomed because the Democrats will break the bank on social programs, but as much as I disagree with most of those programs (ain't the governments problem, and sure as shit ain't mine, why should I have to pay taxes because some fat bastard needs a quadruple bypass that he can't afford because he eats McDonalds 18 times a day) at least they have more of a positive impact on society as a whole vs x-ray scans, anal probings and other such nonsense every time I go through an airport.

All in all the traditional Republican is more concerned about making the people take care of themselves instead of the government doing everything. This includes heathcare, legislating morality, church and state issues, the whole nine, ideally are handled outside of the government and outside of the federal budgets. This also includes not being Team America World Police. I can't figure out if I got modded as flamebait for making a joke about Republicans protecting big business or saying that I am mostly Republican (I am guessing the latter since this is /.)

Re:wait a minute, I'm confused

[jimstapleton]

A bit of a side track, but not everyone who is poor is there because they were lazy or irresponsible. I'll grant you, there are plenty as bad or worse than you described, but there's plenty who have just had "hard luck".

I'm all for 'working to earn your keep', but there are plenty of rich people who didn't earn their riches, and plenty of poor people who had been responsible, did more than their fair share, and just ran into bad luck.

Re:wait a minute, I'm confused

[db32]

Republicans these days favor the Big Brother spy on everyone method to law and order

Democrats these days favor the Nanny state censor everything method to law and order

The people these days favor whatever party makes them most scared of the consequences of disagreeing

We see a huge swing right with "Fear the boogey man!" and now that we have seen the consequences we are swinging left we are back to "Hell no we won't go!". Whole nation of extremists.

Re:wait a minute, I'm confused

So in other words you are totally in favor of vastly increasing school budgets and college scholarships to correct the mistakes of the educational system, as well as helping out those people who are already screwed because education failed them? Yes, increase spending! (Just be sure that you have the money: i.e. you're going to need more taxes)

As for said fat bastard who needs a quadruple bypass, I'm sure he can sue McDonalds for the money instead of using tax money. Clearly a good thing.

As for flamebait it was probably more the tone of your post. You came off as contrary and sarcastic, and insulted both republicans (as they stand now) and Democrats (as they were 10 years ago). Saying you're a republican is probably worth a -1 pretty fast, but I find that usually (especially if you are in the first few posts) that'll quickly be over-ridden by positive mods if you have anything constructive to say. Next time just say "I'll probably get modded down for this" or "I have karma to burn, so..." to be sure you end up with positive mods.

I like the idea of a stupidity tax, don't get me wrong, and I hate paying peoples' way in the world because they make stupid mistakes, but sometimes the only way a person can get a place to live at all is to agree to the insane interest rates of loan sharks. If no bank will give you money because you don't have a job or that job doesn't pay enough... you still need a place to live.

Re:wait a minute, I'm confused

[db32]

Well to be honest, it boils down to the whole make lemonaide thing. A great number of filthy rich folks spent some years living out of the back of their van eating day old donuts from dumpsters. Now there certainly are some people who really just did get the short end of the stick, but generally speaking here in America there really is more than enough opportunity to get yourself out...just is a matter of how much effort it will take. Now I also support the inheretance tax because that right wing "the farmers will lose farms" shit is a load of horse crap and they have been unable to produce one single example of a family actually losing their land, however, hundreds to thousands of examples exist of rich overprivlidged spoiled brats never working a day in their life because they get to inheret billions and not lose a cent.

Re:wait a minute, I'm confused

[WhiplashII]

when it was normal to save for years for a house/car/stuff the gap was much smaller and the middle class was much larger

I wonder how much advertising/marketing had to do with this. After all, marketing has changed from "explaining how you fill a need" to "create a need and then fill it". Should marketing to certain segnments have government oversight?

(I'd say no - any government oversight is bad oversight by definition, but as you say the problem is education - and these people are getting their education from marketing departments...)

Re:wait a minute, I'm confused

[aborchers]

"the poor are poor by choice doing stupid crap like this and its a failure of the education system not teaching financial responsibility"

Huh? Is it the poor's fault or the educational system's fault?

Re:wait a minute, I'm confused

[db32]

When was the last time you saw a successful business man or someone wealthy teaching financial responsibility in the education system? Before college level you are lucky to see any of that kind of stuff even mentioned, and if it is, it is done by a wage slave teacher struggly on crappy pay. Now granted, in college it tends to be different and you do tend to get alot more successful business types involved, but that kind of financial education needs to start very young. If you start saving at 16 instead of 26 that has a HUGE impact. Compound interest is an amazing thing. The earlier you start, the less you have to put away each month, and at the end of 20+ years its almost and order of magnitude in difference.

It is a system of the blind leading the blind. Years ago at my high school when they signed a huge contract with Pepsi to put in vending machines...they bought a damned score board for their uber important state champion football team. The parents almost stormed the gates when they found out their children might have to 'pay to play' football. With that kind of money they could have done any number of things to bolster education, but nope, flashy bling and pride won that day.

Re:wait a minute, I'm confused

[Evilest+Doer]

I wonder how much advertising/marketing had to do with this.

That's a very good point. A lot of people do try to live outside their means. Plus, there are other factors which affect everyone, housing being the most obvious one. One of the key factors in the astronomical housing prices in places like the SF Bay area, DC metro and so on is the ready availability of credit. If it were not so easy to get mortgage, especially the more ridiculous ones like the interest-only or the negative amortization loans (in which you don't even pay off the interest acrued each month!), people would have said "I can't possibily pay any more" a lot sooner. Then, the market would simply have risen more sanely and not overextended so much.

When it comes to stupid people screwing themselves up by buying expensive cars and other things they can't afford, that's one thing. But, stuff like this allows stupid people (or at least people not very good with money) to immediately and directly affect me and people who have good sense with money. I may be careful and not buy outside my means, but "outside my means" becomes narrower and narrower in terms of housing due to the conditions created by the desperate and the greedy.

Re:wait a minute, I'm confused

[rkanodia]

Silly aborchers. If the poor hadn't stupidly CHOSEN to be born poor, then they'd be able to afford a private education!

Re:wait a minute, I'm confused

[aborchers]

Ah, that clears it all up. Thanks!

Re:wait a minute, I'm confused

[hcdejong]

the gap between rich and poor wouldn't be growing nearly as fast and eliminating the middle class if everyone didn't buy all their wizbang-gottahavits on credit...when it was normal to save for years for a house/car/stuff the gap was much smaller and the middle class was much larger

There are two factors at work here: people buying on credit and working themselves into a hole is one. But the gap is also influenced by the growing difference in income between low-wage and high-wage jobs.

Fix it the right way

Why isn't it fixed the right way? If the use of Social Security numbers by non-government agencies was ended then much of this would fix itself. Each company would likely pick a different number/id for each individual and it would partition the information. Then, stealing a single number wouldn't give you access to an entire individual.

Re:Fix it the right way

[jimstapleton]

I don't think people would go for that. Most people wouldn't want a different number for:

1) Their "normal" bank
2) Their mortgage lender
3) Each of their credit cards (if they have any)
4) Their employer
5) Their school/university
6) The credit report companies(?)

And the credit report companies wouldn't want that confusion either, nor would the government. It'd be too confusing to figure things out. In the latter cases, it make tax avoidance much easier, and probably make the IRS even bigger, as if it wasn't overstuffed as it is.

Re:Fix it the right way

[mwilliamson]

The SSN should be only considered as a gov't assigned userid. The government should now issue everyone in the USA a password and provide a government sponsored pluggable authentication system anyone could use for their company. Those using this system to authenticate customers would fund it. Password reset would be available at SSN offices only with verified photo ID. Lets end this bullshit once and for all and empower the end user to protect their identify credentials via at least a password, maybe even a RSA dongle.

Re:Fix it the right way

[Silver+Sloth]

Err... We Brits have exactly that. If you hack one of my bank accounts you haven't hacked them all. There is no reason for any one of my credit cards to know, or have anything in common, with any of my other credit cards. It works fine for us, we're not confused, credit report agencies work as well here as they do anywhere, and tax avoidance isn't a particular problem

I am not a number, I am a free man!

And long may it remain that way.

Re:Fix it the right way

[Ihlosi]

I don't think people would go for that. Most people wouldn't want a different number for:

It's a perfectly workable approach in much of the civilized world. It's just that the US doesn't really care about that.

Re:Fix it the right way

[Dachannien]

That isn't the solution either. Instead, credit-issuing agencies should be required to verify requests for credit lines before approving them.

Re:Fix it the right way

[Slithe]

I thought we had different numbers for different systems. My bank account number is not the same as my credit card number (regular or medical), and both my SSN and my School ID are different as well.

Re:Fix it the right way

[Silver+Sloth]

You'll lose your geek credentials if you don't recognise the quote!

Re:Fix it the right way

[nasor]

A much better solution would be for companies to simply stop pretending that knowing a social security number somehow magically proves that you are who you claim to be.

Re:Fix it the right way

[digitig]

You're not free, you don't even have a constitution in which said freedoms would be granted.

The constitution is not an issue; there are lots of other things our government can ignore instead.

In our case, said freedom is granted by virtue of the UK being a party to the International Covenant on Economic, Social and Cultural Rights, the International Covenant on Civil and Political Rights, and various other treaties deriving from the Universal Declaration of Human Rights. As the Perl man page says, "There's more than one way to do it".

You're a royal subject, property of her Majesty the Queen of England.

A royal subject yes. Although ISTR a test case a few years ago that determined minors to be the property of the House of Lords, I don't think the Queen's ownership of her subjects has ever been tested (or even asserted) in law.

Re:Fix it the right way

[Cyberax]

Have you TRIED to do this? I'm working on a project which uses SSNs as user identifiers in automatic biometric door locks. We know that it is way too insecure, but there's no other good way (no, we can't use smart cards for access control).

Users either too stupid to use something else or just plainly REFUSE something different from SSN. We tried to use phone numbers as IDs, and we still get tons of support calls from users who change their phone number and expect our system to magically pick up this change. Yes, people are that stupid.

The entire SSN system is a hack.

SSNs should be public info, not a closely guarded secrets. It's quite a good identifier but SUCKS as authenticator. Something like government-issued smart cards would be MUCH better.

Re:Fix it the right way

[trianglman]

Actually, in America, we already have that too. I have a bank account number, a mortgage account, credit card numbers, a number my employer uses, when I was in school I had a student ID, etc. The thing is, here in America, there is also this other number that gives a person just as much access to all of this information. If that were removed then, as the GP says, we wouldn't have nearly the issue we do today.

Re:Fix it the right way

[trianglman]

Why are you using SSNs and biometrics, you already have all the identifier you need in the biometrics. If you need to give the users something else to identify themselves with let them set a password or issue a unique ID of your own. Using something like an SSN that can be used for any number of other things is a privacy issue that needs to be stopped dead, now. Unless you are trying to keep track of every single taxpayer in America, there is no reason to use the number that was created just for that purpose.

Re:Fix it the right way

[Cyberax]

Biometric data from cheap devices can be used only for authentication. I.e. to confirm that a user with ID 12435478 is really the user with ID 12435478.

And people just can't (or don't care to) remember anything other than their SSN. We allow them to use any identifier in place of SSN if they wish but most people just don't care.

Re:Fix it the right way

[trianglman]

The fact that you allow another form of ID number than SSNs is a step in the right direction. As long as that policy is clearly communicated to the end users, it is the users own fault if their other private information is compromised. However, in most instances like the one you describe, there either is no other alternative identification number allowed, or users aren't told that they can use something else.

Re:Fix it the right way

Brilliant idea. Then to steal someone's identity, you'll need to know their SSN and guess or social-engineer their password, and your ID will be infallibly proven...

Yeah, that'll be secure.

Re:Fix it the right way

[Petrushka]

you don't even have a constitution

Boy, Slashdot really does need a "-1, Wrong" mod option. Here's an introduction, albeit far too brief. Now, if you were to say, "the UK constitution doesn't come in sound bytes", that would indeed be true. But I guess you're only interested in sneering and mocking, not in accuracy.

sucker.

See?

Re:Fix it the right way

[mpe]

I don't think people would go for that. Most people wouldn't want a different number for:

1) Their "normal" bank

So is it impossible in the US for people to have more than one bank account? (Including with the same bank.) Do married couples get a special SSN for a joint account. What about power of attorney, executors of wills, etc?

2) Their mortgage lender

Ditto

3) Each of their credit cards (if they have any)

AFAIK even US credit cards use standard 16 digit numbers.

4) Their employer

How common is employer deduction of income tax in the US.

And the credit report companies wouldn't want that confusion either, nor would the government. It'd be too confusing to figure things out.

Odd how credit reporting companies appear to work fine without this. As do most of the world's governments...

Re:Fix it the right way

[mpe]

Have you TRIED to do this? I'm working on a project which uses SSNs as user identifiers in automatic biometric door locks. We know that it is way too insecure, but there's no other good way (no, we can't use smart cards for access control).

Dosn't sound like the biometrics are especially good if you need an identifier.

Users either too stupid to use something else or just plainly REFUSE something different from SSN. We tried to use phone numbers as IDs, and we still get tons of support calls from users who change their phone number and expect our system to magically pick up this change.

Have you tried printing the number on a card? If they are really that stupid how do they manage to make "support calls"?

SSNs should be public info, not a closely guarded secrets.

In practice they already are...

It's quite a good identifier but SUCKS as authenticator.

So stop using them as an authenticator.

Something like government-issued smart cards would be MUCH better.

You'd still have the same problem. Actually you'd probably have a worst problem, due to a combination of government both wanting to abuse such a system whilst being completly incompetent.

Re:Fix it the right way

[strider44]

Then as soon as you use that password with one bad company your entire life can be stolen even worse than it is with the SSN. It's a password so obviously it was you who bought the car in California even though you live in New England. I don't think your security system is very well thought out.

Re:Fix it the right way

I don't think people would go for that. Most people wouldn't want a different number for:

We already havethat. Your credit card # |= your second CC # |= your checking account number |= your telephone number |= your insurance policy number. But linking all of these to your SSN makes it moot in the end.

Re:Fix it the right way

[falconwolf]

I don't think people would go for that. Most people wouldn't want a different number for:

1) Their "normal" bank
2) Their mortgage lender
3) Each of their credit cards (if they have any)
4) Their employer
5) Their school/university
6) The credit report companies(?)

And the credit report companies wouldn't want that confusion either, nor would the government. It'd be too confusing to figure things out. In the latter cases, it make tax avoidance much easier, and probably make the IRS even bigger, as if it wasn't overstuffed as it is.

I've already had a bunch of numbers besides my ssn. I've got my driver's license number, one credit card and one debit card number, and I used to have three different bank account numbers. Having one number, the ssn, for all financial records makes it eqsier to steal ids. Credit bureaus may not want more than one number but that's because it's easier to track people with only one, however they have the ability to work with more. Government shouldn't be tracking people period! The IRS and income taxes should be abolished. Get rid of all of the federal agencies, departments, offices, ad nauseum that are not specifically authorized by the USA Constitution and there woudln't need to be any federal income tax.

Falcon

Re:Fix it the right way

[falconwolf]

SSNs should be public info, not a closely guarded secrets. It's quite a good identifier but SUCKS as authenticator. Something like government-issued smart cards would be MUCH better.

SSNs should be abolished, not made public info or hidden secret. The federal government shouldn't be issuing any ids except passports.

Falcon

Re:Fix it the right way

[Cyberax]

Biometrics is fine for us, because we need means for authentication. We don't store full biomteric data like fingerprint images, we just store biometric 'hashes' (about 16 bytes for user) because the risks of losing biometric data are much higher than risks from losing SSNs.

Yes, we tried to print numbers on cards - and users lose it all the time.

We don't use SSN is authenticator, we use it as IDENTIFIER. But lots of other institutions use it as authenticator and that's the problem.

Won't Stop Hackers, Might Scare Hackees

[gbulmash]

I think the more important aspect is the increased penalties for willfully concealing a security breach. Increasing criminal penalties is of varying value. One of the reasons criminals commit crimes is because they think they won't get caught, so whether they risk 2 years in jail or 4 isn't going to matter that much to them.

But increasing penalties for willfully covering up a data breach may have more effect. As we've seen, bigger breaches cannot be kept secret for long. There are too many ways for them to be ferreted out. Furthermore, the people who would be in a position to conceal a data breach are often people who are more afraid of jail than those who willfully commit crimes like identity theft.

Of course, what I'd really like to see is a death penalty for spammers.

- Greg

Re:Won't Stop Hackers, Might Scare Hackees

[tehtest]

This is a law with good intent targeted at the wrong area. There should be consequences for people, companies and, organizations who keep databases of personal information without properly securing said information. This information should; - NEVER be housed on a laptop or any other portable media, there is no need. - NEVER be without sufficient encryption, symmetric 256 These two steps alone would limit the majority of recent personal information exposure incidents. People who expose this information to security risks should be held accountable. Only than will we see a dramatic decrease of these exposures.

Re:Won't Stop Hackers, Might Scare Hackees

[kabocox]

Of course, what I'd really like to see is a death penalty for spammers.

Them, folks? Nah, those that practise ID theft yes. Spammers are just annoying. Those that do ID theft or forgery ruin living lives.

So what are the implications

[o'reor]

concerning whistleblowers who want to draw attention on possible security breaches inside a company, and who've been hit on hard both by corporations and justice every time it happened so far ?

I hope the secondary effects ...

[Ihlosi]

... are better than what is in the actual legislation.

Key features of the bipartisan legislation include increasing criminal penalties for identity theft involving electronic personal data and ...

Great. Increase the penalties. That's not really going to deter the criminals, they operate on the thought that they don't get caught.

... making it a crime to intentionally or willfully conceal a security breach involving personal data.

Also great. How about prohibiting the collection and storage of data that is not necessary for business transactions in the first place ?

One can just hope that companies will think a little more about what and how much data they collect and store.

Re:I hope the secondary effects ...

[k1e0x]

Yeah, I dont think this is in governments power to fix, its like Can Spam.. all they can do is send more people to jail it wont stop spam.

We need to look to the industry to fix this.. have them design better databases and start asking .. why do we need peoples SSN again?

Re:I hope the secondary effects ...

[Shadowlore]

Also great. How about prohibiting the collection and storage of data that is not necessary for business transactions in the first place ?

Nope, instead they (the fedgov) are going to require them to keep more and more data. Why? because the government wants it. It's reminiscent of the old bumper sticker/slogan that says "Don't steal, the government hates competition.". The government is increasingly interested in any little piece of data it can get on you for any reason it desires. Since the likelihood (given past and current experience) is that the government will be immune to this legislation, it serves only to increase it's own ability to abuse.

After all, if people are aware of the problems with private data and information being readily available and susceptible to crackers, they are less likely to be willing to let the government amass a prime target database. So by providing the theater that says such databases are secure, they pave the way to people ignoring or downplaying the risk of exposure to government amassed databases and thus are less likely to resist and/or object.

"But it makes it a crime to hid breaches!" you say? Sure, lots of things are crimes. There are so many legally defined crimes that one can be reasonably certain one commits one or more any given day in the US. Government's only control over people is to make them criminals, and as such the rise of "big government" is done through increasing the chances you commit crimes. But the mere criminalization of something does not in reality necessarily curb it. In this case it is theater.

For example, banks are legally required to report all thefts, embezzlement, etc.. However, in cases of small amounts many financial institutions keep them internal. Making them known can lead to reputational concern after all, and in dealings with the Fedgov they can increase your costs. Instead of it actually curtailing anything, the most probable scenario is that politicians and bureaucrats will instead point to the low numbers of reports as proof that they did something, that we are safer, and that this shiny new database of your information that the FedGov wants to create is not really at risk because people don't do that sort of thing anymore.

Increasingly companies are purging or not recording data that is not useful or needful to their business. This is for several reasons including cost of storage and reduced legal fees.[1] But this doesn't make the power hungry happy. So we get things like this: http://yro.slashdot.org/article.pl?sid=07/02/07/19 30228 instead.

1. When the fedgov knocks on the door and says "we want this data", it is much cheaper if you don't have said data and can reply with "we do not store that data and thus have none to turn over. It is also cheaper in that you can not have a privacy breach for data you don't have.

Exceptions?

I wonder groups are going to get their lobbyists to get an exception/exclusion/whatever for them?

My first choice is the banks and the credit card companies. They get anything they want!

Also, how about a bill that would stop colleges and universities from using our SSN as an ID number!! When I went back to grad school a few years ago, I was shocked at the lax security at the bursar's office! Through a thick plate glass window, the clerk needed the student to yell his name, DOB, and SSN. WTF!!!!!! All an identity thief had to do was stand and take notes or record!

Re:Exceptions?

[DrSkwid]

this glass was clear ?

how about writing it down & holding it up

Re:Exceptions?

this glass was clear ?

No, it was black glass, so it was opaque.

how about writing it down & holding it up

Sure, because things that appear to be obvious, are not; and things that are not obvious, are.

Ever get into a contract dispute? Things that you thought were obvious, were not to the other party. And the same goes for the other way, too.

Also, what is the sound of one hand clapping?

Would not pass.

[EveryNickIsTaken]

The bill would increase oversight of government programs to collect personal information on citizens. I wouldn't expect this bill to move anywhere right now, with the 2008 presidential candidates starting to gear up. Nobody wants to vote for a bill that would "Let the terrorists win."

Re:Would not pass.

[DaMattster]

I strongly disagree. I think this bill will pass and that is just what Bush does not want to happen. This bill probably has more support than you would think in the democratic majority; especially because there was considerable outrage in the democratic community at the warrantless searches and domestic spying programs. I think this will turn out to be a political move to provide some checks and balances. Finally, in addition, there should be some move to reaffirm the existing laws and begin enforcing them with real, tangible penalties for their violations.

Make It Cost Prohibitive To Store Too Much PD

A fundemental personal privacy/personal data concept that should be the basis of all laws governing how businesses and governments handle and are responsible for personal data should be liability for PD loss/leakage is directly proportional to the amount of PD per individual.

For example, your company leaks:

1) Addresses
2) SSN
3) Email addresses

That will give you three times the liability of a company that leaks:

1) Address

Make it financially worthwhile for companies to store the absolute minimum PD necessary to operate their business and to create the incentive to delete all unnecessary data at the earliest opportunity.

With storage so cheap and the liability for companies or governments essentially divorced from the actual damage done to personal privacy breaches there is absolutely no reason for any company to store every bit of PD about you on their(insecure) systems.

Re:Make It Cost Prohibitive To Store Too Much PD

[jimstapleton]

why not add the following as well:

No personal information may be stored on a computer accessable to an external nextwork except:

1) For up to 24 hours after recieving the information.
2) For up to 24 hours after the information is needed in a business transaction
3) For no more than 72 hours consecutive for any reason
4) For no more than 1 in 3 hours over any given timeframe of 216 hours or larger, except where initiated by the person to whom the data describes

And
5) No personal data can be taken outside of the secured data storage facility except via protected mechanisms for secure backup purposes (and the backups must be in a similarly secure facility). I.E. Joe Schmoe can take the data home on his laptop.

Violations of #1 and #2 would have heavy but standard fines.
Violations of 3 would have double the normal fines
Violations of 4 and 5 would have triple the normal fines and

Re:Make It Cost Prohibitive To Store Too Much PD

"1) Addresses
2) SSN
3) Email addresses"

Yes, there should be a standard breakdown of liability for the complete array of personal data that can be stored so that company accountants can easily do these types of sums:

1 million customer database
Each record has:
A) Street address
B) SSN
C) Phone number

So total company liability for that particular database is:

1 million * (liability cost for A + liability cost for B + liability cost for C) = X millions of dollars for example

And have the CFO go apeshit and start demanding to know if the company really NEEDS to store every customers SSN for example.

Re:Make It Cost Prohibitive To Store Too Much PD

[mpe]

A fundemental personal privacy/personal data concept that should be the basis of all laws governing how businesses and governments handle and are responsible for personal data should be liability for PD loss/leakage is directly proportional to the amount of PD per individual.
For example, your company leaks:

1) Addresses
2) SSN
3) Email addresses

That will give you three times the liability of a company that leaks:

1) Address


Assuming that there is a linear relationship between the number of fields leaked and the potential damage. Maybe the damages should be more along the lines of X cubed in the example. Even that assumes that all of the fields are equally damaging if leaked, which is not the case.

Re:Make It Cost Prohibitive To Store Too Much PD

[falconwolf]

why not add the following as well:

No personal information may be stored on a computer accessable to an external nextwork except:

1) For up to 24 hours after recieving the information.
2) For up to 24 hours after the information is needed in a business transaction
3) For no more than 72 hours consecutive for any reason
4) For no more than 1 in 3 hours over any given timeframe of 216 hours or larger, except where initiated by the person to whom the data describes

And
5) No personal data can be taken outside of the secured data storage facility except via protected mechanisms for secure backup purposes (and the backups must be in a similarly secure facility). I.E. Joe Schmoe can take the data home on his laptop.

A problem with this as I see it is people wouldn't be able to access their credit reports online then. However if credit reports and FICO scores weren't as important as they are it wouldn't matter.

Falcon

Damned if you do, damned if you don't

So what is it? Store everything to protect the children and hand it over to the ex-wife when she sues, or protect the privacy of your customers by not storing personal data?

Enforcement, not new laws

[imag0]

I happen to deal with a lot of regulated information (PHI with HIPPA, PCI in some environments as well). One thing that always astonishes me is not that security breaches happen (we're human, things happen), but that there is little to no reported repercussions from those losses.

It's one thing to have a security breach, but it's another one just to announce it, issue new cards to everyone and keep on working like nothing happened.

I think the best thing would be that the gov steps up to the plate and actually *enforce* the current laws and not spend our time and taxpayer money to create a new raft of laws that will end up never getting enforced in the first place.

Cheers,

imag0

Just an empty gesture

[140Mandak262Jamuna]

Nothing will come out of Senate to increase privacy. Remember CAN-SPAM act and how it stamped out all the spam emails? This bill will protect privacy exactly the same way. If you think this bill will improve privacy, contact me. I have 22 million dollars stuck in a bank in Nigeria. Help me get it out I will give you 33% of it. Please dont be greedy and steal all that 22 million dollars from me. OK?

Re:Just an empty gesture

[AlHunt]

Nothing will come out of Senate to increase privacy

No kidding. How the hell does congress reconcile on the one hand play at protecting "privacy" while at the same time doing this: ISP Tracking Legislation Hits the House?
I know, I know - congress wants us to be protected from everyone but congress. These people are almost collectively bipolar.

Re:Just an empty gesture

[trianglman]

I agree that asking the government to protect my privacy is like asking a thief to guard my jewelry. However, arguing that since it won't be completely enforced and won't completely stop the issue completely is intellectually dishonest.

The first problem is that Congress itself has no enforcement capabilities. Those duties fall completely under the executive branch. If this law, or CAN-SPAM, or any number of other laws aren't well enforced, it isn't the fault of the law itself but of those enforcing it.

Second, CAN-SPAM was a poorly worded law that created more loopholes than it closed. Now, I haven't read the full text of this law, but from the provisions I have read about so far, it seems to have some good premises. The final document (plus any of the random signing statements that POTUS will probably add) will doubtless be different. But we can make that argument when the final version of the law comes up between the Senate and House. Until then, support decent legislation when you see it.

Presumably...

it protects it from everyone but governmental agencies? Cause these days they can pretty much do whatever the fuck they like, right?

Hello mr senators...

[jonwil]

This is bill from the BIAA (Banking Industry Association Of America).
If you drop support for this privacy bill thingo, we will make sure there is a "bank error in your favor"...

What a wash...

[flajann]

While I respect Patrick Leahy and what he's generally been doing for privacy and rights of speech in the past, I consider it a wash to think that a bill will "protect" our security.

Raising criminal penalties for those commiting the breaches will not prevent them from happening (duh). Also, if the breacher is not within the jurisdiction of the US, it's pointless in any case.

It will give all false sense of security without addressing the real problems and issues regarding data security. The real issue is that our information is not secure, period. It is also an issue that creating really secure systems is a hard thing to do. But more important, "security" many times is an afterthought or has not been well throught through.

Any database on a machine connected to the Internet is a big security issue right up and front and center. And even if the database is not connected to the Internet, the weakness still lies with the employees and bureaucrats themselves and their approach to security.

Encryption of the data can solve many of these problems. Doesn't totally eliminate it, of course, but can at least put another roadblock in the way of breachers. A public key apprach, for instance, where the data is encrypted with one key before it hits the hard drive, but decrypted with another key only at the client computer requesting the information would go a long way to making breached data virtually useless. I used this approach in one system containing sensitive credit card information, and it worked quite well.

Ultimately, it is not bills and laws that will protect us, but well considered security policy and practices that will. And really, I'd actually like to see some penalties for those who are lax on the security front. We know that breaches will still occur even with the best laid plans of mice and men. Holding the implementors of these systems at least partially responsible, at least if it can be shown they were not diligent, would do much more to protect our privacy than some idle threat to lock the breacher away!

A few horses are but OMG Ponies!!!

This doesn't do a lot for privacy. It still permits widespread snooping, selling of information by commercial entities, etc.

It does nothing for example to the recent FBI snooping case:
http://yro.slashdot.org/article.pl?sid=07/01/30/15 8227

Where the FBI has been found to capturing all an ISP's traffic, then filtering as needed to match the warrants they had. (The argument for that is bogus, if the FBI can do the filtering then the ISP could do the filtering. It's some sort of game to remove the 'minimization' requirement for search warrants.)

Nothing to stop logging of everything you do. Nothing to stop AOL or Google collecting search information, which as we found can be used to identify individuals:
http://news.com.com/2100-1030_3-6102793.html

The gate isn't closed, they're proposing to part close it. Better than nothing, but only a little better.

Re:A few horses are but OMG Ponies!!!

[Shadowlore]

...not to mention I bet they follow tradition and exempt the government from abusing privacy, failing to publicly report breaches, etc..

Re:A few horses are but OMG Ponies!!!

[sheepweevil]

The government is trying to protect our privacy from other people, not the government itself, because that right is in the Bill of Rights. Unfortunately, no one in government seems to really care about the Constitution anymore.

Fair Enough

[TheVelvetFlamebait]

So what would it take for the senate to impress you on the privacy front?

It's not strong, esp. compared to Europe

[Nicolas+MONNET]

It's extremely weak.

In Europe, basically, your personal information belongs to you. No one (with obvious *limited* exceptions for law enforcement and tax collection) can keep information about you without your knowledge & consent. You have a right to have your record erased / corrected. Infringers face jail time.

Re:It's not strong, esp. compared to Europe

[nbannerman]

Normally, I'd agree.

But given that most airlines (at those in the UK) are freely dishing out our personal information to the US whenever we travel there, does this statement really hold true anymore?

Re:It's not strong, esp. compared to Europe

[Slithe]

Are you sure about that?

Key features of the bipartisan legislation include increasing criminal penalties for identity theft involving electronic personal data and making it a crime to intentionally or willfully conceal a security breach involving personal data, giving individuals access to, and the opportunity to correct, any personal information held by commercial data brokers, requiring entities that maintain personal data to establish internal policies that protect the personal data of Americans, requiring entities that maintain personal data to give notice to individuals and law enforcement when they experience a breach involving sensitive personal data and requiring the government to establish rules protecting privacy and security when it uses information from commercial data brokers, to conduct audits of government contracts with data brokers and impose penalties on government contractors that fail to meet data privacy and security requirements. That sounds pretty strong to me.

Re:It's not strong, esp. compared to Europe

[Ihlosi]

Are you sure about that?

Yes. Positive. *nod*

That sounds pretty strong to me.

That's because you've not seen really strong privacy laws yet.

"You may not keep personal information except if required for legitimate business transactions, and then only as long as the transaction requires."

"You may not share personal information with anyone unless the person in question gives you permission to do so."

"You must report, and delete, any personal information you keep if the person requests it."

_That's_ strong.

Re:It's not strong, esp. compared to Europe

It's strong on paper, but due to an almost total lack of repercussions and a total lack of enforcement, data protection in Europe is just a bunch of feel-good laws and associated jobs for politicians who only preach to the choir every once in a while. Just one example: Airlines hand over personal passenger data to the US and that practice has been found to be against the law in Germany. Not only are there no punishments, the airlines continue to break the law without restraint.

In a nutshell: If the cat's out of the bag, no data protection law is going to put it back in, anywhere. Data protection starts and ends with the owner of the data.

Re:It's not strong, esp. compared to Europe

[Ihlosi]

Airlines hand over personal passenger data to the US and that practice has been found to be against the law in Germany.

I guess this has more to do with the magnitude of the bullying power of the US than with the law being weak.

Re:It's not strong, esp. compared to Europe

[Dunbal]

given that most airlines (at those in the UK) are freely dishing out our personal information to the US whenever we travel there, does this statement really hold true anymore?


      One could argue that this is a "legitimate business transaction". After all, they won't be allowed to fly to the US if they don't hand over the list. Now what the US does with this information is another story entirely...

Request to Slashdot...

stop giving mod points to anyone with "senate.gov" or a "House.gov" domain address.

They have a problem with their campaign funding sources being leaked.

_REALLY_ hold companies accountable

[for_usenet]

What I'd love to see, if it isn't already in the bill (and I didn't see confirmation of anything like that in the bill from the article) was to have companies and institutions that lose consumer data pay for something like 1-3 years of credit monitoring ....

Personal data is too cheap and easy to collect and warehouse these days, and hence, easy to steal in huge chunks. If companies and institutions want to use and profit from our personal data, we should not have to suffer for it if they can't take care of it. I would say an "incentive" like this makes personal data hoarding MUCH more expensive and risky, will make companies think twice about their data hoarding, and shifts the balance somewhat back to the consumers.

Thoughts anyone ?

Re:_REALLY_ hold companies accountable

[freedom_india]

To supplement your good suggestions, i can add the following:
1. Automatically make private and personal data of an individual as a copyrighted piece of art with protection under DMCA.
2. Any waiver to this copyright would have to be approved by the person concerned.
3. Such waivers are mandatorily limited to the scope of the transaction OR 3 years (whichever is smaller), after which the copyright reverts to the person.
4. Misuse of this private copyrighted data including but not limited to publishing photos of my house taken from the street, etc., are punishable under the draconian DMCA laws which thankfully the corporates have paid for.
5. This becomes a constitutional amendment.
6. Any future AG or prez who would violate this amendment would automatically stand impeached and in addition become a convicted felon under the eyes of law. The courts only need to sentence the person.
7. Govt. monitoring programs that outsource their data collection to corporates are held responsible under DMCA.

Let's see how many AG's would risk becoming a felon under DMCA which has more punishments than homicide.

I don't want a new privacy law...

[caudron]

...I want a new Privacy Amendment.

Seriously, Privacy is a right (according to SCOTUS) but currently the right is in limbo. The limits and effects are mercurial and need to be codified.

Also, I'm far more worried about breaches of privacy by the government than by ID thieves. Shore up my Right to Privacy properly and I'll feel a little better about things. Adding sentencing recommendations to ID theft cases is like hate crime statutes. I'm not /opposed/ to an extra small smackdown for certain crimes (maybe...I admit to some uncertainty here) but I'd rather have a RIGHT to tell the phone company to play a game of Hide and Go Fsck Yourself when they ask for my SSN, for instance. Bonus points if I can get the right to do the same to the US Government when they don't /actually/ need it.

Tom Caudron
http://tom.digitalelite.com/

Re:I don't want a new privacy law...

[yams69]

This is actually a great idea, since Congress wants your ISP to retain all of that information anyway.
http://yro.slashdot.org/article.pl?sid=07/02/07/19 30228/

Re:I don't want a new privacy law...

[elrous0]

It's a sad day when the Attorney General of the United States can get up in public and openly proclaim that U.S. citizens don't have a right of Habeas Corpus. Forget the corporations, protect me from *HIM*!

-Eric

Re:I don't want a new privacy law...

Seriously, Privacy is a right

Well, is it? Larry Ellison said in 2001: "The privacy you're concerned about is largely an illusion." I think that was a prophetic statement. It's the continuation of the old hacker slogan "information wants to be free." What that means is that information is really hard to contain. It's hard to contain even if only you have it: People want to tell others about themselves. It's even harder once someone else knows it: You can't kill a rumor, can you?

The new dimension is not the availability of information. It's the longevity and searchability of information. I think we have to realize that an attempt to stop information at that stage is futile. It might be desirable, but it's not feasible.

I think the problem isn't that we have no privacy. I think it's that we expect privacy and consequently don't look for ways to deal with the problems that arise from living in a glas house. Privacy advocates often cite booze pictures on MySpace as something that is going to haunt the careless teens years down the road. Of course they're right, but isn't the problem really the way we treat these pictures as a bad thing? Nobody came into this world as an adult. We've all done foolish things and the real problem is that we're looking for perfection where there's only people. Privacy contributes to this skewed look on the world: By hiding the things that we deem inappropriate, we create an impression of a more perfect person, an impression that we can't live up to, so we rely on privacy to keep that image up, which in turn causes other people to think that they're not as good and need to hide their imperfections.

Posting as AC because we live in a superficial world.

if you do it legally then I don't see an issue

[Shivetya]

where has someone legally revealed a problem such as what this law will address that has been mistreated by the courts? Its one thing to make people worried, its a whole 'nuther thing to back it up.

In other words, I get so tired of this "implied knowledge" that people have getting rated insightful when all they are doing is hearsay. Give us links so your accusation has basis.

Boycotts (Re:Enforcement, not new laws)

There's a better tool available: Boycott the companies that are leaky. Laws are not as good an enforcement tool as money is. Once they and their competitors see they will lose future business, things will change. So keep publicizing the names of firms, their sponsoring banks, the companies who audit their books, and the number of accounts compromised, and other details here so we can make informed choices.

Re:Boycotts (Re:Enforcement, not new laws)

[Ihlosi]

There's a better tool available: Boycott the companies that are leaky.

You forget that that would need informed, intelligent and concerned customers, instead of just "consumers".

Re:Boycotts (Re:Enforcement, not new laws)

[AusIV]

There's a better tool available: Boycott the companies that are leaky

Please define "leaky". I got a letter from my bank a few weeks ago saying that someone somewhere had leaked my debit card number, and that I would be receiving a new one within a few days. I don't know where they fault lies - most likely it was vendor where I had used my card that had some kind of security breach - but my bank took care of the issue quickly, so aside from the 2 minute hassle of activating a new card, there wasn't really any problem. My guess is that the vendor realized the error, and called visa or my bank and gave them a list of cards that may have been compromised. If the bank were going to tell customers exactly which company had compromised my card, the vendor would be less forthcoming - maybe nothing bad would happen and they'd get off without damaging their reputation. Frankly, I'd rather have them contact my bank and be able to maintain a cloak of privacy than risk having my debit card compromised because they didn't want bad advertising.

Re:Boycotts (Re:Enforcement, not new laws)

[rhyre417]

You forget that that would need informed, intelligent and concerned customers, instead of just "consumers". As long as the informed customers are talking amongst themselves, the sheep... er .. other customers will follow.

intentionally or willfully?

[DoofusOfDeath]

Is there a legal distinction between the terms "intentionally" and "willfully", or were two equivalent terms just used used for the sake of emphasis?

Re: intentionally or willfully?

[thorkyl]

yes there is

intentionally = I did it on purpose

willfully = I knew it was happening and did nothing to stop it

Wow, yet again deterrence and punishment!

[uradu]

The cornerstones of American justice, which have reduced criminality in this country to practically zero. How about for a change doing something effective, like restricting the rights of companies from even OBTAINING data they don't need? If you don't have information to begin with, it's much harder to abuse. The level of unnecessary information collection in the US is mind boggling, yet you cannot usually question or refuse any such requests without being denied the service you're trying to obtain. European--in particular German--data privacy has historically been much, much more effective, because it approaches information on a need-to-know basis and empowers the citizen to refuse to provide information they deem unnecessary. Only recently have these systems started to weaken, primarily because they have been pressured into adopting some of the cavalier American attitudes towards data privacy, often under the guise of fighting terrorism or international crime (child pornography, money laundering, etc.)

different to Privacy Acts/Laws in other countries

[kinko]

in many Western countries, the privacy laws are more to do with the collection of the data in the first place, rather than how to deal with privacy breaches.

For example, "data may only be used for the purpose for which it was collected". This means that a company can't sell your data to another company, unless that is one of the purposes for which it was collected (which means that they have to tell you that clearly when they collect it).
So if a company asks for your email address for a competition, they can *only* use it for as long as they need it for that competition, unless they tell you otherwise when you enter it. The blurb here makes it sound like this bill only protects your data from unauthorised access, where the access is unauthorised by the company holding the data, rather than unauthorised by *you*.

Personal data and storage

[thorkyl]

Here in the States only those who report income or extend credit are allowed to request our SSN/Tax ID.

Now given that, every where you go they consider what you are buying to be an extension of credit.

What chaps my a$$ is when I go to the doctors and am paying cash for the visit they ask for my ssn

I tell them they do not have the legal right to ask for it, they say they do since they are extending me credit. I ask how much the bill will be and then hand them the cash. if they push hard I ask for the doctors SSN since I am extending him credit by paying for service up front. this usually shuts them up considering I say it loud enough for everyone in the lobby to hear.

When I close an account with a utility or credit card company I go to my local JP (justice of the peace) and file for an injunction against the company for certification that the account is closed and all personal data has been destroyed. Now if they "Loose/sell/release" my data they can go to jail for failing to comply with a court order. Our JP is very consumer friendly when it come to private data, he was a victim of identity theft a few years ago.

Commercial data brokers need to be reined in

[scruffy]

The biggest loss of privacy comes from the commercial data brokers and credit agencies. Except for some restrictions on financial and medical data, they would like to gather up all the information they can about you and sell it to companies for mailing lists and to the government for fishing expeditions.

This bill doesn't do squat on this issue.

Re:Commercial data brokers need to be reined in

[gorbachev]

You got that right. This bill does NOTHING to address the wholesale abuse of our privacy by the information brokers (Choicepoint, Acxiom, etc.)

If I were running an organized credit card fraud operation, rather than pay hackers or carders for the information, I'd just pay for a monthly report of US people with income over $150K and a credit card balance over $50K. And I would get the information completely legally. My marks list would be much higher quality, and I could probably even sell that to every Russian mobster out there for massive profit.

Re:Commercial data brokers need to be reined in

[Petrushka]

I disagree. I fear the US government much more than I fear credit agencies, or even spammers.

re: Senate Introduces Strong Privacy Bill

[g2ek]

what about protecting our privacy by preventing companies like ChoicePoint or LexisNexis" from collecting and selling our data?

"ChoicePoint aggregates personal data for sale to the government and the private sector. The firm maintains more than 17 billion records of individuals and businesses, which it sells to more than half of America's top 1,000 companies ... ChoicePoint database of personal information contains names, addresses, Social Security numbers, credit reports, and other sensitive data. In 2005, this database contained 250 terabytes of data on 220 million people. ... The CLUE database includes identification information on properties such as homes and automobiles, policy records (name, date of birth, policy number), and records of claims (date and type of loss, amounts paid)"
(source: Wikipedia)

a recommendable book on this subject: No place to hide, by Robert O'Harrow, Jr

How is the parent post flamebait?

[Travoltus]

Unbelievable.

Re:How is the parent post flamebait?

[db32]

Apparently because I mentioned Republicans in a positive way and then "insulted" Democrats by insinuating they have anything in common with Republican values. Left wingers have just as many blind extremists as Right wingers. Just leaves everyone willing to leave the emotional insanity behind and try and think through problems out in the cold. Tons of logical solutions to all our problems, they just get drowned out with irrational emotional cries from both sides.

Re:How is the parent post flamebait?

[Travoltus]

I couldn't possibly see your comment on Democrats as being flame bait, though, and if you look at my profile I'm always making fun of Republican ideals. Hell I can't even see where your post is factually wrong.

Re:How is the parent post flamebait?

[db32]

1. Thats the best part about * wingers. They don't have to understand what is said to take offense to it.

2. Comparing a Democrat and a Republican is a cardinal sin for any winger and thus comments of that nature will only be understood by the middle

3. No offense, you should know with your UID that fact has nothing to do with anything that goes on here :)

If you are actually interested, Ron Paul is a very interesting Republican. I didn't do alot of digging, but based on skimming around he really seems to be an old school type, not this new breed. He is a much closer representation to what I believe Republicans should be about (and he isn't a lawyer!). A constitutionalist! One of the few that understands the part "any powers not explicitly granted to the state belong to the people". The funny thing is, I only stumbled across him in my outrage over his moron Democrat opponent, slinging mud about how he voted against Child Online Protection Act and other such super invasive censorship, spying, "think of the children", unenforcable and largly unconstitutional laws with terribly unfortunate names making them terribly difficult to vote against without coming out looking evil. Go look up how many people voted for the PATRIOT act that didn't want it just based on the fact they knew their careers would end voting against something called "Patriot Act". Probably would have been one of the few places I would have voted for a Republican (again, given that these days, with a few exceptions, most Democrats are running much closer to old school Republican ideals than this current crop of neocon loons)

This doesn't address the real privacy issues

[MikeRT]

Like data retention, online surveillance (Carnivore successor that hoovers up all data then processes it!) and things like that. I'm a lot less concerned about personal information than I am about a surveillance state. We already have remedies for identity theft, even if they are a bit of a pain to use. Where are the ones that firmly restrict what the government can do which is far more destructive of privacy?

Better yet... just levy a tax

Since the Democrats are now in control of Congress, they ought to just simply do what Democrats do naturally.... create a new tax. Let them levy a "intellectual property tax" on businesses' gathering and storing of large volumes of individual' personal data.

Mutually exclusive laws

[Weaselmancer]

...making it a crime to intentionally or willfully conceal a security breach involving personal data.

Let's say you're doing some work on some corporate database software. It's your job - maybe you work at Oracle or something. Or perhaps you're an admin for a website that takes customer data. The details don't matter much. But let's say you find a problem, something that could be exploited.

If you don't go public with it, you get nailed by this law. If you do, you get nailed with the DCMA.

You are guaranteed to break one or the other of those two laws.

Re:Mutually exclusive laws

[Ihlosi]

But let's say you find a problem, something that could be exploited.

You only have to report actual breaches, not something that could be a problem. And the report probably has nothing to do with the exact technical details of the breach ... it's more important to document whose data and what exactly has been leaked.

How about making it all like video tape rentals?

[Dr.+Manhattan]

We have the Video Privacy Protection Act which gives better protection than almost all other data except possibly medical data.

(Well, we had that. Note that, by the strict language of the law, I'm not sure it applies to DVDs, and the Patriot Act put in a double-wide back door that lets them get your video rental records as long as they pinky-swear they're somehow fighting terrorism.)

But why can't we set the bar that high for other data?

HIPAA for consumer data?

[thomn8r]

Last week I had to sit through a HIPAA class ( http://en.wikipedia.org/wiki/Health_Insurance_Port ability_and_Accountability_Act ) Granted, I was bored to tears, but I couldn't help but think that we need these same guidelines were applied to consumer data, including credit and financial info.

HIPAA is a set of rules, with some teeth, that governs how patient medical information must be handled. The banks, credit agencies, etc would squeal like pigs if such legislation were proposed, but I think that's what we really need.

Re:HIPAA for consumer data?

[outcast36]

HIPAA has no teeth. Can you post a link to someone being punished for a HIPAA violation? I have never seen anyone prosecuted and I have seen some front-page SNAFUs.

How about protecting...

[Nom+du+Keyboard]

How about protecting your personal browsing and usage information from the RIAA goons? Now that would actually be an improvement in privacy.

That's a myth.

[FatSean]

The myth that the common man can become 'rich' in the United States is just that...a myth. It happens extremely rarely, and most people who are rich now came from rich parents.

Re:That's a myth.

[WhiplashII]

In my experience, you are totally wrong - and saying that to others is incredibly damaging. If they believe you, they are less likely to try and therefore much less likely to succeed.

I know many people with wealth of over a million dollars - say about 50 of them. Of those, several came from destitute families - I can think of three right off the bat, and of course I don't know the life stories of everyone. Most came from middle class families, or at least they are currently supporting their parents (and I know that their parents had to work). Only a few (I can think of 3) came from wealthy families. Even if you choose some other cutoff, in my experience it still applies. (The two richest people I know both started from nothing and pulled themselves up) In fact, one thing that VC types look for is a history of overcoming obstacles - and coming from a poor background shows that much better than living a life of luxury.

You don't know what you are talking about. Sure, the media goes on about the spoiled brats of the wealthy families - but really, how many are there? The consider how big the US is, and how many new millionaires are made each year. The birth rate is not high enough among rich people to explain the growth in millionaires under your scenario.

What you should be telling people: If you want to get rich, start a business. It will fail, and then you start another business. Keep doing it until you learn enough to make it work. You can't get money? Then start a business that doesn't require money. The man holding you down? Move away from the man. Whatever the obstacle, overcome it. The most valuable person in the world is someone that knows how to take labor and convert it to dollars - there is a huge shortage of this type of person, and there are no prerequisites or profiles you need to match to do it.

Seriously, everyone I know that did this (and really applied themselves) is now rich. Even the guys that did not know what they were doing in the begining - if you keep going, you learn. The best time to start is right after (or during) college - you know, when eating mac and cheese still seems acceptable... and remember, the first few will fail so be prepared for that and don't let it kill you.

Be the man.

Re:That's a myth.

[homer_ca]

The myth of social mobility in the US is the relief valve that prevents violent revolution. We know rags to riches stories happen, but it's so rare that it very probably won't happen to you. Still, we see stories all the time, whether it's entertainers, athletes, lottery winners, or someone who got lucky with a small time business deal. As long as people think there's a chance for themselves, that the game isn't rigged, they won't turn against the system. I've seen my share of rags to riches stories since I went to some good schools growing up. There were a lot of smart kids from poor or ordinary families who got a chance from financial aid and merit scholarships to join the elites. There were even more smart kids from upper middle class and rich families who were already elite.

So next time someone points to a rags to riches story to show that hard work pays, get ready to call bullshit. If you're smart, talented and hard-working, you'll probably end up a little better than an average guy, but you won't get rich without a lot of luck. We may not have a rigid caste system or a formal system of hereditary nobles, but don't pretend that privilege doesn't exist.

Re:That's a myth.

[db32]

The myth that social mobility is a myth is what is used by the far left to garner votes to get themselves into office, get their lobbiest bucks, and create social handout programs to further the problem. I believe unemployment and welfare have their places, but of all of the welfare cases I have seen only ONE actually used it as it was meant...to get back on their feet and get the hell off welfare, the rest just became leeches on the system raising taxes for the rest of us because they could get free handouts.

Smart, taleted, and hard-working has little to do with it really. Creativity, common sense and half a brain for math gets you there. The problem is the brainless "American Dream" of owning 6 homes and 12 cars means rich. Wealth has more to do with maintaining your lifestyle without being forced into being a wage slave. Managing your money and investments mean you can become very wealthy in a relatively short ammount of time. The get rich quick dream is a myth or at best unbelievably unlikely. As far as the entertainers, athletes, lottery winners, or "lucky" business deals...they are typically the ones that buy a bunch of extravagent shit and wind up dirt poor 5-10 years later. The smart ones are living a comfortable middle class lifestyle and not getting up to go to work every morning. There is a ton of social mobility in America. The idea that you must be extravagently wealthy and have all the trinkets and baubles to show for it is what causes the massive debt that causes people to remain poor.

Re:That's a myth.

[homer_ca]

You're correct that conspicuous consumption is bullshit. It's driven by advertising and marketing that makes you feel inadequate about what you have and that what they're selling makes your life better. The first step to financial security is not getting fooled by advertising.

However, there are limits to managing your money wisely. It's one thing to tell some upper middle class guy to buy less shit so he doesn't have to be a wage slave to service all that debt. Telling the working poor to manage their money wisely just sounds stupid. Say someone's working full time making $9/hr (decent pay for service industry work in a big city). What's the cheapest apartment rental in that city (either single or going in with roommates)? How much money is left after paying rent? Try figuring out a household budget for that scenario. Don't forget that car repairs or minor medical bills can easily wipe out your savings.

Re:That's a myth.

[dgatwood]

A million isn't rich these days. Not by a long shot. With median home prices in the SF Bay Area (California) at three quarters of a million, a million dollars in most U.S. cities is equivalent to about $150,000 in the rural U.S., which no one would consider "rich". And they recommend $1.5 million in savings if you are retiring today even in rural America.

Twenty years ago, I thought a million dollars was a lot of money. It was... twenty years ago. These days, the border for rich is about ten million. Why? Because everyone has gotten richer in the last two decades, and 'rich" can only be defined in proportion to the average. The reason becoming rich is nearly impossible for your typical American is that the line keeps moving.

Re:That's a myth.

[WhiplashII]

I think what you have just stated is that things are good now and getting better - I'm not sure how that jives with the thought that you can't get ahead. Unless you cannot be happy without someone else being sad, that is.

In addition, though I have a much smaller sample size above $50M, the same observations hold. The people are self-made, and did it by starting companies. One had a middle-income background, and one came from the projects.

In the US, you really can get ahead by starting your own company enough times that you get good at it.

Re:That's a myth.

[db32]

Sounds like that person making $9/hr needs to spend some time getting some job skills that will pay more than $9/hr. I have a friend that was basically in that situation, has a kid too. Ex totally hosed the finances and then left. Been outside with him freezing balls of cursing the british instructions to fix an american car that was assembled somewhere overseas when his beater broke down...every few months. Fast forward a year or two and he is now making 50% more and still moving upward. Managing your education and qualifications are as much a part of the equation as the money. Debt isn't always stupid either if you manage it right. $20k on a brand new car full of bling and rims is stupid, $5k on a car that is going to operate reliably for the next 2-3 years is smart.

High School diplomas or even GEDs are terribly important. If you even just have a HS diploma you can do a 4 year stint in the military that will get you on your feet quite comfortably, and if you are smart about which branch and what job, will set you up to make far more than $9/hr when you get out. There are numerous programs that buy you large ammounts of food in exchange for volunteer work. One of my favorite quotes lately is "What you do from 9 to 5 determines how well you live now, what you do from 5 to 9 determines how well you will live in the future" If you are trying to make a living on $9/hr you have failed yourself at somepoint and need to put in some hard laborous hours to get caught up. There are almost always places that you can turn to to get back on your feet. Take a shower at the YMCA, get some decent looking clothes for pennies at the Salvation Army, ask the local clergy if you can have toiletries to brush your teeth and shave. Pride and Sloth are listed some of the 7 deadly sins for a reason (I'm not really terribly religious, but there are some important life lessons to be learned if you look past the dogma).

Re:That's a myth.

You miss the actual benefit of the looseness of the US caste system.

It is very possible to move up one "step" in a level. For instance, my parents were not very well off.

I am a smart guy, so I went to college. I did get up a lot of debt, and that is probably why will stop me from jumping two "caste" levels instead of one.

But, it is very unlikely my children will have the same problem. By the time they get to college, I should be able to eliminate most, or all of their debt when they graduate.

This means that my children, if they are smart, can move up another "caste" level.

Of course, if they aren't smart, they could drop down to where I was, or if they are "normal" they should be able to tread water.

In many other places, this just isn't possible.

Re:That's a myth.

[dgatwood]

I'm not saying you can't be happy without others being sad. I'm saying that basic economics tells us that you can't be financially "rich" without someone else being poor, because rich is a relative term. If everyone is making more money, then it costs more for them to do things for you, and thus you have to be making proportionally more money than before just to break even. This applies whether that other person is someone at the bottom of the food chain flipping burgers at McDonald's or someone working as the CEO of a company whose products you buy, Either way, if they make more money, goods or services cost you more money, and thus you are effectively poorer than before.

Re:That's a myth.

[WhiplashII]

Ah - so you believe that the economy is a zero sum game, where the way you get money is by taking it from someone else. If it really was a zero sum game, the way to win would be to not play - be a farmer, and refuse to exchange your goods for paper IOUs. Why would a farmer trade food for worthless paper?

Fortunately, it is really easy to prove that the zero sum economy is false. The clasic example is a desert island, where two people live. One can fish, and one grows coconuts. In the beginning, their is no economy - guy 1 eats only fish, and guy 2 eats only coconuts. Both guys are pretty miserable about that. Then, one day the fish guy trades some fish for a coconut. Both people are better off - guy 2 values fish more than cocnuts, while guy 1 values coconuts more than fish - so the economy has more value in it than 0, where it started. Any trade in the economy creates value - otherwise people would not engage in trade!

Think about it this way - you are willing to trade your money (which really just represents some of your time) for a computer game, for example. Some other guy was willing to trade his time to create the game. He is better off, because he values money and the things it can buy more than the time he spent making the game. You are better off because you value the game more than the time it took to earn the money for the game. The CEO (or rich guy, in your example) makes money by facilitating the conversion of time into a game, but he makes less off of you than your increase in happiness from the game. (Because if he took more value than that, you wouldn't buy the game).

So everyone wins - the programmer, the CEO, and you (the consumer). For extra credit, now figure out why money should not be linked to a fixed resource, like gold... (Hint: do you want fluctuations in the value of a rare commodity to effect the value of your time?)

Prediction...

The part about 'willfully concealing a security breach' involving personal info will be removed before it becomes law. Too many businesses (and majority shareholders) will complain and may threaten to hold back campaign contributions.

Lawmakers will successfully remove this portion without political fallout by blaming trial lawyers and potential abuse of the legal system by crooks who use frivolous lawsuits to leech from businesses.

You heard it here first...

Bah Politics

[bobcat7677]

So in other words the government is compensating for running ape shit all over our privacy by putting some tougher penalties on private individuals that invade our privacy? Bah! It's nothing more then an empty political manuever to make them look better while the FBI, CIA or whomever looks into our bedroom window (figuratively or literally). Sad.

Not a privacy bill

[hedora]

Just a "government mandated security" bill... and we all know how well that works. There's no mention of increased penalties for leaking data; my guess is that in practice it will make it more difficult to sue or prosecute institutions that leak public data. ("We are compliant with government security regulations! It's not our fault!!")

According to the article, it doesn't even require public disclosure after a security breach, so consumers cannot identify or avoid institutions that make identity theft easy.

After seeing the headline, I thought the democrats were actually getting some real work done... more of the same, I guess.

Mod Parent Up(ton Sinclair)

[Wilson_6500]

This entire post is just an awful excuse for the horrid pun in the subject line. Nothing (more) to see here; please move along.

Yeah but how do you boycott ChoicePoint?

[schwaang]

How do I, as a consumer, boycott ChoicePoint or Axciom?

For some reason it is legal for companies I do business with to sell my personal information to them (and for other companies and the US Gov't to buy it from them).

As a consumer I usually have no knowledge of this, and therefore no leverage in the marketplace. That's why government action (legislation + enforcement) is a necessary part of the solution for this particular problem.

My concern is that this legislation legitimizes these private information databases (choosing to regulate them a tad) instead of abolishing them outright.

Barking Up The Wrong Tree

[anorlunda]

The content of this proposed bill may provide a small marginal improvement, but it does have a few gems.

The simple and direct way to combat financial identity theft is to forbid banks and others from extending credit or opening new accounts without seeing the applicant face to face and seeing photo ID. If that were true, your SSN and all your account numbers could be completely public, but of no use to the ID thieves. It is the banks who profit from easy credit that oppose meaningful identity theft legislation.

When I lived in Sweden years ago I was surprised to get letters in the mail for each request for information about my credit record together with a copy of the information provided. That very simple, almost trivial, requirement actually provided me with a great deal of protection.

Another different approach I learned in Sweden. They required companies to obtain a license from the government to keep a register (on paper or digitally) of information on private citizens. It applied all the way down to a desktop Rolodex with customer names and addresses. If you didn't have a license, you couldn't keep that information.

To get a license, the company had to declare all uses that it intended to make of the information. The government had the right to audit the company at any time to see if they had complied with the terms of their license. That's a very powerful lever to keep the companies on their toes. If they lost their data license they would be out of business instantly.

Still, the proposed bill does have a few gems. Notably, giving individuals access to, and the opportunity to correct, any personal information held by commercial data brokers. That would be a major change. Today, these brokers do not deal with individual consumers. If citizens by the millions started demanding copies of their files and asking for corrections, it could cost those brokers much more for customer service than their current gross income. I suppose the big loophole is that it would apply only to data brokers. Just watch for all the database owners to scramble to avoid that definition so that the law doesn't apply to them.

If the senators wanted to make a really tough bill, they should just adopt the OECD privacy guidelines and make them apply to all companies and nonprofits and government agencies. Ha -- don't hold your breath, the lobbies pay off both Reps and Dems.

current Republicans

[falconwolf]

Current "Republicans" are for increasing big business and Democrats for big government.

Current Republicans are just as pro big government as Democrats, the only difference is what part of government would be bigger.

Falcon

Now the fact is, most of the poor are poor by

[falconwolf]

choice

It's only a choice for most of the poor if who you're parents are is a choice. I don't ever recall having a choice as to who my parents will be.

Falcon

welfare

[falconwolf]

I believe unemployment and welfare have their places, but of all of the welfare cases I have seen only ONE actually used it as it was meant...to get back on their feet and get the hell off welfare, the rest just became leeches on the system raising taxes for the rest of us because they could get free handouts.

That's part of the problem with the welfare system in the USA, it's meant to keep people down. Someone who's on welfare can loose it if they try to improve their lives leaving them is worse shape. Instead of penalizing people for getting a job for instance, they should be given the resources to get a job and keep it. I recall years ago I was working fulltime however my employer didn't offer health insurance so I looked into getting my own. The health insurance I found would of cost me one third of my income however it was suggested I check into getting government assistance. So I did and I found out I made too much to qualify for assistance. I've met others who've lost thier food stamp benefits when they were finally able to find work, some continued to work and some quit, with children their welfare was about what they made working fulltime. And they had health coverage under welfare but no coverage from work.

Then again I want to go back to a Constitutionally limited government. Get rid of all of the unauthorized agencies, bureaus, departments, and offices then income tax could be abolished and replaced with a national sales tax as well as user fees. Then more businesses can create more jobs paying better wages and offer more benefits. With more people making more money civil society will be in a better position to help those who slip through the cracks.

Falcon

Re:welfare

[db32]

Well the real bitch of the create more jobs is the fact that businesses aren't held liable by their home nation for what they do overseas. If all of the trade nations got together and agreed to hold companies based in their lands liable for acts they commit elsewhere, and agree to only do business with nations that do that, we would be in alot better shape. No more Union Carbides and such. The problem is they can go overseas, pay pennies, have no safety or environmental regulations to deal with, and still not get touched. Things that at least in America were handled long long ago as bad things for companies to be doing. If we can bring back Americans and charge them with sex crimes for visiting foreign countries with lax child protection laws and participating in sex tourism, then we can bring back American companies and punish them for breaking US laws abroad too.

I agree that for the most part the deck is stacked against you, however its far from impossible. Now, for every one of those people that I have run into on welfare they also ate at Mcdonalds 3 times a day and bought cartons of smokes on government money while they had their rent paid. I keep hearing sob stories about how they lose everything by getting a job, but here is the problem, while on welfare you should be getting yourself educated, finish your GED, get some skills training. Getting a job at McDonald's making minimum wage trying to support a family is just stupid, the idea is to get a job better than what some HS kid should be working. Personally I think you should only get X ammount of months of welfare at a time (separated by years). Cut those safety nets out and people will either get off their ass and improve their situation or they will suffer for their laziness while still giving people who really just need that hand up a chance to get up and move. There are plenty of jobs to be had by those who are looking, and willing to get the skills to do that job.

homeownership and morgages

[falconwolf]

If it were not so easy to get mortgage, especially the more ridiculous ones like the interest-only or the negative amortization loans (in which you don't even pay off the interest acrued each month!), people would have said "I can't possibily pay any more" a lot sooner. Then, the market would simply have risen more sanely and not overextended so much.

The problem isn't "easy" to get morgages, the problem is getting morgages that are too big for home buyers. After buying a home, unless the buyer gets an ARM morgage, and they get a good morgage thier housing cost will stay the same excepting maintainance. However renters will pay more and more every year. When they move they don't have any property to show for it, whereas a new homeowner that buys a starter home after a few years can sale the home and move into a little bigger home which they can use because their family has grown. Even better is if they can get a multiunit building. If the buyer can swing it they may be able to buy a duplex or triplex. Then they can live in one unit while renting out the other(s).

Falcon

Ron Paul is a very interesting Republican

[falconwolf]

I voted for Ron Paul for president the first tyme he was a candidate, back in 1988, though he ran as a Libertarian. It's because he ran that I learned of the Libertarian Party. Though I'm registered independent now if I have to I'll change my party affiliation to Republican just so I can vote for him in the primary.

Go look up how many people voted for the PATRIOT act

Ron Paul was one of two members of the House of Reps that voted against the PATRIOT Act. Or was the other person a Senator? I recall when congress was supposedly "debating" the act Ralph Nader issued a challenge to congress. He offered to pay $10,000 to any charity the member of congress chose if they would take a test on what is in the act and pass it. Not one member took the test.

Falcon

Privacy must-read

[deblau]

Warren and Brandeis on privacy. Take 15 minutes and read this, I guarantee you will thank me. Try to remember as you're reading that it was written in 1890.

SSN

[falconwolf]

The SSN should be only considered as a gov't assigned userid

Get rid of the SSN period!

Falcon

Re:homeownership and mortgages

[Evilest+Doer]

The problem isn't "easy" to get mortgages, the problem is getting mortgages that are too big for home buyers. After buying a home, unless the buyer gets an ARM mortgage, and they get a good mortgage thier housing cost will stay the same excepting maintainance. However renters will pay more and more every year. When they move they don't have any property to show for it, whereas a new homeowner that buys a starter home after a few years can sale the home and move into a little bigger home which they can use because their family has grown. Even better is if they can get a multiunit building. If the buyer can swing it they may be able to buy a duplex or triplex. Then they can live in one unit while renting out the other(s).

What you are saying is quite true, and I have no argument with it. The problem is that you are discussing the individual motivations and effects. I am referring to the effect of easy to get mortgages on the entire market. By making it easy for people to borrow tons of money that they shouldn't, the housing prices in a region skyrocket quickly since desperate people are able to buy at the higher prices since their ability to buy is based largely on the amount of the monthly payment (+ taxes + insurance) they can afford. If people in general did not have the easy mortgages available, the highest price that they could pay for a property would be lower and the laws of supply and demand would dictate lower housing prices. One of the most egregious mortgages I've seen available are the negative amortization loans where you don't even pay off the amount of interest accrued that month. In this case, you are truly gambling that your house's value will increase since your monthly payments, while lower, do not even cover the interest, so the amount you owe increases as time goes on.

as ever, use a proxy

[talledega500]

http://www.mysecureisp.com/

Re:homeownership and mortgages

[falconwolf]

If people in general did not have the easy mortgages available, the highest price that they could pay for a property would be lower and the laws of supply and demand would dictate lower housing prices.

If mortgages were harder to get then less people would own qa home and would instead be renters which makes their credit worse. As microcredit has shown throughout the world the more people who have credit the better they do and the economy gets. As I said before it's not the ease of getting a morgage that's the problem, the problem is creditors extending too much credit, ie offering mortgages too big.

One of the most egregious mortgages I've seen available are the negative amortization loans where you don't even pay off the amount of interest accrued that month. In this case, you are truly gambling that your house's value will increase since your monthly payments, while lower, do not even cover the interest, so the amount you owe increases as time goes on.

Those that get such a mortgage are the ones at fault. If only people would learn more about finance and how to live within their means, admittedly that is hard for the working poor.

Falcon

Comment removed

[account_deleted]

Comment removed based on user account deletion

Yippie!

[Guppy06]

They'll put a stop to identity theft the same way they ended spam, telemarketing and junk faxes!

I expect the incidence rate of identity theft to go down as more of it is made legal by this legislation. And I imagine the first thing they'll do with this law is eliminate any stricter laws on state books.

Ron Paul?! Aw man...

[Travoltus]

To think that I deleted a long rant from my post above about Ron Paul! I'm clairvoyant! (Or you're psychic. Hmmm. Naw, I'm clairvoyant. That's it.)

Ron Paul is the only Congressman who voted against the USAPATRIOT Act, and if I recall, he voted against it because no one was allowed to actually see the law beforehand. That's raw integrity. He also sponsored or defended a bill to block the Government from turning to overseas outsourcing for Government work. The man apparently knows the difference between the free market and selling out America.

The dude is fairly awesome for a Libertarian. Hell, for a politician period. If I were President I would at least bring him in whenever I planned on proposing legislation. He might not be able to stop us leebruls but at least we could get some ideas on compromises that would make things more sensible.

BTW lemme throw this idea at you... how about all new laws automatically be assigned a sunset clause with three renewals required for consideration for permanency? It won't stop corrupt Congresses from renewing them, but it gives us more of a chance to remove unpopular laws. This served us well with the Brady Bill, or another one of those hideous gun control laws that Bush, during one of his few bright moments, helped shoot down -

OMFG, I'm starting to sound like a Republican...

Re:Ron Paul?! Aw man...

[db32]

He is smart. Libertarians for the most part hold true to the old Republican values. The smart Libertarians run as Democrats or Republicans so they have a snowballs chance in hell of getting in and making a difference. This is the inherent flaw in our system. Thomas Jefferson pointed it out ages before it even really got bad. Political parties destroy the system. We have tons of people sitting in office who got there by dumb * wingers just team voting their party with no clue about what the candidate really plans.

Re:Ron Paul?! Aw man...

[Travoltus]

Actually, Libertarians are usually the worst. Hear me out here.

For one, they're selfish to a fault. They would turn Scrooge into a capitalist hero. Libertarians, for the most part, don't want to pay for anything, and don't want to be forced to contribute to a functioning society.

No welfare? Come on, what civilized nation doesn't have that? They expect you to beg charity for money for a heart transplant. When you bring up corporate welfare, on the other hand, it's like "Uncle Sam, don't you take my taxes to fund Bankrupt Airline's bankruptcy bailout, if you do I'm going to count to ten, really Uncle Sam, I'm counting to one now, one and one tenth, one and two ninths, one and two sevenths... oh wait, Halliburton got a buncha no-bid contracts? More corporate welfa... hey, I have stock in Halliburton! Hooray! I'll forgive you this time, Uncle Sam!"

Libertarians on the working class: "What, you can't afford a heart transplant? Poor you. You got killed in a mine collapse? Somebody call the whaaaaaambulance! You chose to work there! You could have chosen not to work there. So what if you starve? Do you realize we have poor hungry people in China to feed? Forget the American worker, won't somebody think of the Childr... er, Chinese peasants! If you'd only been smart enough to invested in Enron, you'd be able to afford that transplant - er, wait, you lost a pile of money in Enron? Well only an idiot would have invested in Enron! Everyone knows Halliburton stock is flyin' high, baby! Rah rah corporate welfa-er, I mean the war on terror!"

Libertarians on air and water pollution: "If the confiscationalists hadn't taken steps to clean up our air and our drinking water, then big business wouldn't have moved to China! Do you want to breathe or do you want to work? Well? Aw, forget working. I made my millions selling bottled water straight outta Love Canal!"

Libertarians on workplace safety: "Everybody sing! It's my workplace, I can kill my workers if I want to, poison them if I want to, beat them if I want to!"

Dude, Libertarians support free trade with China, which by every credible form of human rights standards is orders of magnitude worse than Nazi Germany. 50 million dead baby girls vs 12 million dead Jewish people, Chinese democracy activsts vs German Catholics & gays, bullets in the back of the head at night vs concentration camps, jewish skin lamps versus political prisoners being harvested for organ donations, etc. 50 million people killed during Mao's reign vs 12 million total dead in Hitler's regime. The list goes on and on. China's shooting down test satellites while conducting cyber warfare against US sites (a clear act of war). Why are we engaged in free trade with a nation that steals our intellectual property (look up Cisco vs Huawei or Chevrolet vs the Cherry QQ) with the Government's support and then floods our market with knockoffs based on that stolen IP? China enforces atheism. I'm a God fearing man, I'd be an utter hypocrite not to oppose them, but I've never run into a so-called God fearing Libertarian (and there are a ton of those) whose tongue didn't drag behind him on his way to Wal Mart to hunt for a $25 made-in-China DVD.

Yes, I know there are extremists on all sides, and I know Liberals have equally whacked out kooks in their ranks (Al Sharpton, anyone?), but I've never met a Libertarian who didn't behave like that.

Ron Paul is a Libertarian but he doesn't come across anything remotely like his flaming nutjob peers that I've encountered.

Re:Ron Paul?! Aw man...

[db32]

Uhm...I would like to point out that I have never met a Libertarian that did behave like that. In fact I haven't run into any Libertarians that have supported anything with China. I would also like to point out your description of Libertarian is basically the same as a Democrat or a Republican explaining any opposing party, it just enhances the team vote mentality "All believe in this!" Which is what got us the Decider Shrub and his crew. Beyond that, as I pointed out the smart libertarians don't typically advertise themselves as libertarians. Most of the people I run into actively advertising themselves as Libertarians have some odd agenda and many are just confused winger loudmouths that don't understand the party divides. But the same goes for most Republicans I meet...have no damned clue what Republican means except their twisted little neocon world of Government + Jesus = Double Plus Good! Evil Muslims will be the death of us! rah rah fear fear fear! In fact almost every trait you describe there isn't libertarian, but the new crew of Republicans we have running around.

On charity...Independent charities have always had a MUCH higher success rate of getting people on their feet. Government "charity" makes people leeches and drains on society. So damned skippy, I don't want my taxes funding another welfare case, I want my donations feeding someone who is trying to pick themselves up. It may be harsh but most of the welfare cases I have known were just proud to be ignorant and get free stuff, had no desire to get something better for themselves so long as the government gives it to em free. The church for centuries has been the most effective charity and the least effective government. Its time we move the church back out of our legislation (ban gays, fear the muslim, evolution is only a theory) and back into the business of taking care of citizens.

Re:Ron Paul?! Aw man...

[Travoltus]

All I gotta say to that is, where I come from, a man should look for work before he looks for welfare - and God damn those globalists for taking the work overseas...

Re:Ron Paul?! Aw man...

[db32]

The thing that bothers me is that there are tons of jobs to be had. I see a few major things that are causing hangups. 1. The dot com bubble taught everyone in IT they can make more than they are worth, and now it has put a hurt on the job market. 2. People expect to get jobs with the skills they already have and not have to go learn new skills to get the jobs. Sift through online job search stuff, tons and tons of jobs, unfortunately many of them (specially in IT where I am) want experience in systems that were going out of date before I was out of diapers. So, if I want one of those jobs I have to get myself smart on those systems and interview well, not just whine that there are no jobs available. Libraries have books that you can read for free!

I used to believe the government should be doing more (and in some areas I still think they need to, namely punishing US corporations going overseas to avoid the laws), but the more I look the more ways I see how there is a huge structure in place that you can get yourself out of the hole with. Welfare is part of it, the local charities and churches, the local library, the YMCA, the list goes on and on of places and people that exist just to get you moving again. People just choose not to because they can sit home and cry and collect my tax dollars. Work harder! People on welfare need your money!

holding businesses accountable

[falconwolf]

Well the real bitch of the create more jobs is the fact that businesses aren't held liable by their home nation for what they do overseas. If all of the trade nations got together and agreed to hold companies based in their lands liable for acts they commit elsewhere, and agree to only do business with nations that do that, we would be in alot better shape. No more Union Carbides and such

Actuaklly there is a way for foreigners to hold US businesses accountable though not many know about it, The Alien Tort Claims Act of 1789, and it has and is being used. In Colombia groups have filed lawsuits against Coke in US courts for supporting the paramilitary and death squads. In Indonesia, people have sued Exxon for supporting military units that torture people. Now, that I know of the act has not been used against Union Carbide, which I'd imagine is the perfect case to be used in.

Falcon

Re:holding businesses accountable

[db32]

And Microsoft was found to be a monopoly and guilty of a number of other things and you see how well that turned out
We have the T-1000 Terminator phone company, break it into little pieces and it just melts and reforms
We have a constitution that says the government can't take our stuff (eminent domain found constitutional?!), they can't spy on us (warrantless wiretaps, mail sifting, indefinite ISP logs), and they can't grab us and hide us away in secret prisons without real charges over paranoid delusions (PATRIOT Act). So I am a little less than convinced a bunch of poor and suffering in a 3rd world country would make it very far (at least with the frequency required to fix things) or have enough of an understanding of American law to understand how aweful and illegal the working conditions frequently are by our standards. Conversely we have actually had a few AG types in various areas that did their job, did it well, and made flakey business folks head for the hills. We need to aggresively police our own behavior, not wait for some poor 3rd world nationals to complain. We are supposed to be the light on the hill and all that, set the example.

I'll make you a bet. Pick a skill. Any skill.

[Travoltus]

Try one that is in demand. Let us assume you start learning it today. I bet you it will be obsolete by the time you're certified/degreed/etc.

It's called "just in time" employment.

BTW when you have a wife and kids, that kind of stability is never good for your family. You call it adapt and change; you might also know it as "latch key kids".

We need some balance, and the balance is shifted way too far against the working class. The middle class is shrinking. http://www.factcheck.org/article249.html

Re:I'll make you a bet. Pick a skill. Any skill.

[db32]

If you try to ride the edge then you kinda deserve the risk that goes along with it. Tried and true tech frequently sticks around for a long while (hence, a rather disturbing number of jobs still available in ancient systems that not many have any experience with). The smart and stable business doesn't jump on every new wizbang thing unless they wanna end up like the rest of the dot bombs. Now also, I don't just mean tech industry either. The pillow making industry still needs people to run their networks, and there are tons of jobs in other fields that don't have the same breakneck pace of advancements. Not that riding the edge is always bad if you can afford the risk, but listening to "Get your MCSE now and start earning $60,000 a year!" radio ads is going to get you in the same place that "Dr. Credit, he's in desparate need of new furniture, stereo equipment, and RIMS!. Get me a credit application nurse approval!" commercials get you.

I'm not sure what you mean by that kind of stability. Being a latch key kid is infinitely better than being a welfare case. My parents divorced and I spent quite a few years as "latch key" granted never as a small child. But once again, there are tons of programs for that as well offering free/cheap child services to those who can't afford the astronomical costs of child care.

Personally I believe one parent should be staying home with the kids anyways (not really sexist, just whoever can win the most bread should be bread winning and the other should be staying home). Its better for the kids, and given the insane costs of child care (not to mention the overcrowding and frequently crappy conditions). These people don't give a crap about your kids well being beyond keeping them healthy enough to collect their next bill. There is frequently 1 adult to 10-20 kids so any kind of real attention or supervision is virtually impossible. Unless you have a pretty significant income then by the time you pay the child care bill, taxes, and the other expenses involved in work (clothing, lunches, gas, etc) you frequently are losing money by working. Americans are notoriously bad at math, so they see the paycheck come in and don't understand why they are struggling, they don't understand that they create many of their own bills. There is also the problem of luxuries being viewed as necessities. Internet access, cable TV, in fact TV at all, etc etc etc.

There is quite a bit of unbalance, but having watched people and supervised people that put themselves in these situations...holy crap. The balance isn't that bad, it really is mostly just people who don't get it. They have the critical thinking skills and impulse control of a 4yr old. If you are smart, and really track down every dime of your income and understand where it goes, how interest rates work, how investing works, its not hard to get on the upper end of that middle class problem. Go to school being a big one, and not just go, but actually learn something (and god forbid a parent work with their child on homework and the like to make sure they are learning).

Re:I'll make you a bet. Pick a skill. Any skill.

[Travoltus]

The pillow making industry still needs people to run their networks,

I was going to write a long explanation for why what you're saying is no longer true, but this should suffice.

Old skills go overseas. New skills become obsolete in about 5 years. The future lies in changing your skill set on a yearly basis, working for a year, getting laid off, then moving to a new area to find a new line of work. There's no such thing as a long term employee any more.

And for most families, the simple fact is, if one spouse doesn't work, they won't make rent and bills. In the 1950s, one income could support a house and car; sadly, inflation is outstripping income.

We're exporting our jobs but not our goods.

Re:I'll make you a bet. Pick a skill. Any skill.

[db32]

I can't believe you found an article directly referencing a pillow mfg shutting down. I only said pillow because I was recently looking at getting a job at a pillow making place as part of a relocation. There have been numerous studies about what you are talking about and typically they vary wildly, I think for certain industries and services its true one direction and others the opposite. I'm not saying its all that rosy out there, but there have been a growing number of companies that are starting to shy away from the offshoring things as the PHB types learn its not as cost effective as the fluff filled hype magazines lead them to believe. Some things just can't go on without touch maintenance in IT, and there are other related jobs that aren't likely to go anywhere. Government jobs being a big one (as much as I hate the current crop of insanity, it certainly has created tons of government jobs).

It does still work today, you just can't live like the media makes it look. I have never bought a new car, and have never been plagued by the "unreliability" that the media would have you believe to drive new car sales. Many of these closings and draw downs aren't just a symptom of offshoring, its also hugely affected by the debt driven credit society. The money just doesn't exist, its all credit, and that only works so long as the status quo is maintained. Any kind of surprise and the whole system starts to suffer. Economics is a terribly complex system and really is driven by consumer habits more than CEO decisions. The best thing you can do is work local and shop local. The more crap people buy on credit from places that mfg overseas the worse the situation gets. Alot of people act like its stupid and arrogant and otherwise self centered Americanism, but BUY AMERICAN! Yes, you might pay a bit more, but if you want to get paid you will deal. The best way to stop offshoring is to make the American run businesses do better, but it takes a whole lot of people and a whole lot of financial discipline that just doesn't exist in our mass media marketing society.

Now, I'm not saying its all easy, but it can be done. I don't make all that much but I am the breadwinner and wife stays home with kids. We are doing fine, not life of luxury or anything, but well to do. My plasma TV was paid for in less than a month (yes, on credit, but half per payday to account for any emergency that might come up) and it was US made. In two short years of getting really involved in my finances, investing, planning, budgeting, we have become completely debt free and have investments earning at a considerable rate.

Re:I'll make you a bet. Pick a skill. Any skill.

[Travoltus]

I always buy American, if ever possible. I go out of my way.

I say the US and its ethical allies in Europe end all trade barriers and block China and the rest of these sweatshop nations who are cheating like hell.

There's no way a free and ethical nation can compete against fascist dictatorships that use prison labor and which ties its currency. That's like bringing steroid users into the NBA.

Congrats on living within your means, I do too. Maybe everyone should. The economy would shrink drastically, though.

Re:I'll make you a bet. Pick a skill. Any skill.

[db32]

It blows my mind that for all the "moral" reasons we are going to war...we completely overlook China and make them a most favored trade nation. What a joke. I absolutely agree with that idea, there needs to be international agreements on labor conditions and such, its the same thing that drives so many US companies overseas...they can cheat and win. I also think investors should be held liable for the behavior of the company. Now you have to do some research into their business before giving them your money to use to continue to do whatever good, bad, or other they are doing. You invested in Coca Cola, Coca Cola paid mercenaries to harass/kill union workers in south america, YOU paid mercenaries to harrass/kill union workers in south america.

Incidentally, mancow radio show plays this GREAT 'commercial' about this guy going through his daily business "he wakes up and puts on his slippers made in taiwan, turns on his coffee pot made in china, etc etc etc" and he goes out to look for a job but can't find one and he wonders where all the American jobs went. Freaking funny yet disturbingly true.

I dunno that the economy would exactly shrink, but it would most certainly slow down until it reached its equilibrium. This credit nonsense totally screws market equilibrium because people are willing to pay higher prices since its not really money they have anyways.