Slashdot Mirror
Senate Introduces Strong Privacy Bill
amigoro writes "US Senators introduced a bill that better protects the privacy of citizens' personal information in the face of data security breaches across the country. Key features of the bipartisan legislation include increasing criminal penalties for identity theft involving electronic personal data and making it a crime to intentionally or willfully conceal a security breach involving personal data."
I thought that horse was already out of the barn.
The simple truth is that interstellar distances will not fit into the human imagination
- Douglas Adams
Why isn't it fixed the right way? If the use of Social Security numbers by non-government agencies was ended then much of this would fix itself. Each company would likely pick a different number/id for each individual and it would partition the information. Then, stealing a single number wouldn't give you access to an entire individual.
I think the more important aspect is the increased penalties for willfully concealing a security breach. Increasing criminal penalties is of varying value. One of the reasons criminals commit crimes is because they think they won't get caught, so whether they risk 2 years in jail or 4 isn't going to matter that much to them.
But increasing penalties for willfully covering up a data breach may have more effect. As we've seen, bigger breaches cannot be kept secret for long. There are too many ways for them to be ferreted out. Furthermore, the people who would be in a position to conceal a data breach are often people who are more afraid of jail than those who willfully commit crimes like identity theft.
Of course, what I'd really like to see is a death penalty for spammers.
- Greg
Start a happiness pandemic
concerning whistleblowers who want to draw attention on possible security breaches inside a company, and who've been hit on hard both by corporations and justice every time it happened so far ?
In Soviet Russia, our new overlords are belong to all your base.
Key features of the bipartisan legislation include increasing criminal penalties for identity theft involving electronic personal data and
Great. Increase the penalties. That's not really going to deter the criminals, they operate on the thought that they don't get caught.
Also great. How about prohibiting the collection and storage of data that is not necessary for business transactions in the first place ?
One can just hope that companies will think a little more about what and how much data they collect and store.
The bill would increase oversight of government programs to collect personal information on citizens. I wouldn't expect this bill to move anywhere right now, with the 2008 presidential candidates starting to gear up. Nobody wants to vote for a bill that would "Let the terrorists win."
A fundemental personal privacy/personal data concept that should be the basis of all laws governing how businesses and governments handle and are responsible for personal data should be liability for PD loss/leakage is directly proportional to the amount of PD per individual.
For example, your company leaks:
1) Addresses
2) SSN
3) Email addresses
That will give you three times the liability of a company that leaks:
1) Address
Make it financially worthwhile for companies to store the absolute minimum PD necessary to operate their business and to create the incentive to delete all unnecessary data at the earliest opportunity.
With storage so cheap and the liability for companies or governments essentially divorced from the actual damage done to personal privacy breaches there is absolutely no reason for any company to store every bit of PD about you on their(insecure) systems.
I happen to deal with a lot of regulated information (PHI with HIPPA, PCI in some environments as well). One thing that always astonishes me is not that security breaches happen (we're human, things happen), but that there is little to no reported repercussions from those losses.
It's one thing to have a security breach, but it's another one just to announce it, issue new cards to everyone and keep on working like nothing happened.
I think the best thing would be that the gov steps up to the plate and actually *enforce* the current laws and not spend our time and taxpayer money to create a new raft of laws that will end up never getting enforced in the first place.
Cheers,
imag0
Nothing will come out of Senate to increase privacy. Remember CAN-SPAM act and how it stamped out all the spam emails? This bill will protect privacy exactly the same way. If you think this bill will improve privacy, contact me. I have 22 million dollars stuck in a bank in Nigeria. Help me get it out I will give you 33% of it. Please dont be greedy and steal all that 22 million dollars from me. OK?
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Isn't this the Republicans domain, increasing privacy?
Are you being sarcastic?
The Republicans have always positioned themselves as champions of law and order, and their favorite tool for it is intelligence gathering. Things like the Patriot Act as well as the warrantless wiretapping controversy just prove that out.
Both parties like to pick and choose which civil liberties they defend and which ones they attack in the name of fighting crime. While the Republicans are big on intelligence gathering at the expense of our right to privacy, the Democrats are big on gun control at the expense of our right to bear arms.
Start a happiness pandemic
Raising criminal penalties for those commiting the breaches will not prevent them from happening (duh). Also, if the breacher is not within the jurisdiction of the US, it's pointless in any case.
It will give all false sense of security without addressing the real problems and issues regarding data security. The real issue is that our information is not secure, period. It is also an issue that creating really secure systems is a hard thing to do. But more important, "security" many times is an afterthought or has not been well throught through.
Any database on a machine connected to the Internet is a big security issue right up and front and center. And even if the database is not connected to the Internet, the weakness still lies with the employees and bureaucrats themselves and their approach to security.
Encryption of the data can solve many of these problems. Doesn't totally eliminate it, of course, but can at least put another roadblock in the way of breachers. A public key apprach, for instance, where the data is encrypted with one key before it hits the hard drive, but decrypted with another key only at the client computer requesting the information would go a long way to making breached data virtually useless. I used this approach in one system containing sensitive credit card information, and it worked quite well.
Ultimately, it is not bills and laws that will protect us, but well considered security policy and practices that will. And really, I'd actually like to see some penalties for those who are lax on the security front. We know that breaches will still occur even with the best laid plans of mice and men. Holding the implementors of these systems at least partially responsible, at least if it can be shown they were not diligent, would do much more to protect our privacy than some idle threat to lock the breacher away!
Ruby Neural Evolution of Augmenting Topologies
This doesn't do a lot for privacy. It still permits widespread snooping, selling of information by commercial entities, etc.
5 8227
It does nothing for example to the recent FBI snooping case:
http://yro.slashdot.org/article.pl?sid=07/01/30/1
Where the FBI has been found to capturing all an ISP's traffic, then filtering as needed to match the warrants they had. (The argument for that is bogus, if the FBI can do the filtering then the ISP could do the filtering. It's some sort of game to remove the 'minimization' requirement for search warrants.)
Nothing to stop logging of everything you do. Nothing to stop AOL or Google collecting search information, which as we found can be used to identify individuals:
http://news.com.com/2100-1030_3-6102793.html
The gate isn't closed, they're proposing to part close it. Better than nothing, but only a little better.
It's extremely weak.
In Europe, basically, your personal information belongs to you. No one (with obvious *limited* exceptions for law enforcement and tax collection) can keep information about you without your knowledge & consent. You have a right to have your record erased / corrected. Infringers face jail time.
Exactly, the current crop of Republicans are failing absolutely to hold to any kind of Republican values. True Republican values does not involve this twisted religious bent on things, it advocates personal responsibility, no nanny state crap, no blame society crap. You screwed up making yourself poor by signing a 20% interest rate payday loan and Rent-to-own contracts to live above your means...not my problem to bail your ass out. (Now the fact is, most of the poor are poor by choice doing stupid crap like this and its a failure of the education system not teaching financial responsibility, the gap between rich and poor wouldn't be growing nearly as fast and eliminating the middle class if everyone didn't buy all their wizbang-gottahavits on credit...when it was normal to save for years for a house/car/stuff the gap was much smaller and the middle class was much larger)
/.)
Additionally traditional Republican values want lowered taxes (the current crop pay lipservice to this with tax cuts), but the financial responsibility part of low taxes involves less spending. Leaving the war out since that is a twisted mess of a wreck to begin with, we can see the bloat in HomeSec, TSA, and other such nonsense. Our state sponsored paranoia is costing us billions. Ironically the current Republicans bitch about how we are all doomed because the Democrats will break the bank on social programs, but as much as I disagree with most of those programs (ain't the governments problem, and sure as shit ain't mine, why should I have to pay taxes because some fat bastard needs a quadruple bypass that he can't afford because he eats McDonalds 18 times a day) at least they have more of a positive impact on society as a whole vs x-ray scans, anal probings and other such nonsense every time I go through an airport.
All in all the traditional Republican is more concerned about making the people take care of themselves instead of the government doing everything. This includes heathcare, legislating morality, church and state issues, the whole nine, ideally are handled outside of the government and outside of the federal budgets. This also includes not being Team America World Police. I can't figure out if I got modded as flamebait for making a joke about Republicans protecting big business or saying that I am mostly Republican (I am guessing the latter since this is
The only change I can believe in is what I find in my couch cushions.
...I want a new Privacy Amendment.
/opposed/ to an extra small smackdown for certain crimes (maybe...I admit to some uncertainty here) but I'd rather have a RIGHT to tell the phone company to play a game of Hide and Go Fsck Yourself when they ask for my SSN, for instance. Bonus points if I can get the right to do the same to the US Government when they don't /actually/ need it.
Seriously, Privacy is a right (according to SCOTUS) but currently the right is in limbo. The limits and effects are mercurial and need to be codified.
Also, I'm far more worried about breaches of privacy by the government than by ID thieves. Shore up my Right to Privacy properly and I'll feel a little better about things. Adding sentencing recommendations to ID theft cases is like hate crime statutes. I'm not
Tom Caudron
http://tom.digitalelite.com/
-Tom
A bit of a side track, but not everyone who is poor is there because they were lazy or irresponsible. I'll grant you, there are plenty as bad or worse than you described, but there's plenty who have just had "hard luck".
I'm all for 'working to earn your keep', but there are plenty of rich people who didn't earn their riches, and plenty of poor people who had been responsible, did more than their fair share, and just ran into bad luck.
34486853790
Connection too slow for X forwarding? Try "ssh -CX user@host"
The cornerstones of American justice, which have reduced criminality in this country to practically zero. How about for a change doing something effective, like restricting the rights of companies from even OBTAINING data they don't need? If you don't have information to begin with, it's much harder to abuse. The level of unnecessary information collection in the US is mind boggling, yet you cannot usually question or refuse any such requests without being denied the service you're trying to obtain. European--in particular German--data privacy has historically been much, much more effective, because it approaches information on a need-to-know basis and empowers the citizen to refuse to provide information they deem unnecessary. Only recently have these systems started to weaken, primarily because they have been pressured into adopting some of the cavalier American attitudes towards data privacy, often under the guise of fighting terrorism or international crime (child pornography, money laundering, etc.)
HIPAA is a set of rules, with some teeth, that governs how patient medical information must be handled. The banks, credit agencies, etc would squeal like pigs if such legislation were proposed, but I think that's what we really need.
when it was normal to save for years for a house/car/stuff the gap was much smaller and the middle class was much larger
I wonder how much advertising/marketing had to do with this. After all, marketing has changed from "explaining how you fill a need" to "create a need and then fill it". Should marketing to certain segnments have government oversight?
(I'd say no - any government oversight is bad oversight by definition, but as you say the problem is education - and these people are getting their education from marketing departments...)
while (sig==sig) sig=!sig;
The myth of social mobility in the US is the relief valve that prevents violent revolution. We know rags to riches stories happen, but it's so rare that it very probably won't happen to you. Still, we see stories all the time, whether it's entertainers, athletes, lottery winners, or someone who got lucky with a small time business deal. As long as people think there's a chance for themselves, that the game isn't rigged, they won't turn against the system. I've seen my share of rags to riches stories since I went to some good schools growing up. There were a lot of smart kids from poor or ordinary families who got a chance from financial aid and merit scholarships to join the elites. There were even more smart kids from upper middle class and rich families who were already elite.
So next time someone points to a rags to riches story to show that hard work pays, get ready to call bullshit. If you're smart, talented and hard-working, you'll probably end up a little better than an average guy, but you won't get rich without a lot of luck. We may not have a rigid caste system or a formal system of hereditary nobles, but don't pretend that privilege doesn't exist.