Slashdot Mirror
Companies To Be Liable For Deals With Online Criminals
Dionysius, God of Wine and Leaf, sends us to DarkReading for a backgrounder on new rules from the FTC, taking effect in November, that will require any business that handles private consumer data to check its customers and suppliers against databases of known online criminals. Companies that fail to do so may be liable for large fines or jail time. In practice, most companies will contract with specialist services to perform these checks. Yet another list you don't want to get on. "The [FTC's] Red Flag program... requires enterprises to check their customers and suppliers against databases of known online criminals — much like what OFAC [the Treasury Department's Office of Foreign Asset Control] does with terrorists — and also carries potential fines and penalties for businesses that don't do their due diligence before making a major transaction."
Does the crime of Slashdot first-posting get you on that list?
This sounds like quite an onerous burden on businesses, and I imagine it will be struck down by the courts soon enough unless it's much narrower and specific a regulation than the story makes it appear. Private parties should not be expected to do the job of law enforcement.
Part of the hardcore faithful who believed in Apple long before it was cool again to do so
How do they define a "Major Transaction"?
No? How about forged packet Comcast? No again? What about exposing most of the internet to id theft and cross site scripting Barefruit? Not a very thorough list, is it?
.. but what happens if I Jason Smith am not a criminal and there happens to be a Jason Smith criminal out there that isn't me. Also who in their right mind uses their real name on the internet? Just gives the goverment more knowledge where you are on the internet. ( I'm still stuck on Baker St on the internet).
i'll bet ebay gets a kick out of this
At first this sounds like an incentive for businesses not to conduct transactions with criminals. Take identity theft, for example. I don't want vendors consorting with thieves, should somebody steal my credit card info. But how should vendors know it's a thief and not me? It's not reasonable.
Worst case scenario: this turns out to be another vague No-Fly list that persecutes the innocent while doing little to no actual good. In any case, it will be more work and more liability for vendors.
Won't the criminals just switch to doing business with foreign companies instead, to avoid the reach of US laws?
Oh wait, many of them already have. Just take a look at the guys on the spamhaus list - they do their work just fine without help from US companies.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
HMMMM...lets see what other parts of our jobs we can outsource to the people so we can do less work for more money....we get calls from the county demanding to know what boats we have on our lots...THATS NOT MY JOB..AHHHHHHHHHHHHHHHhhhhhhh I'm going mad!
I am really starting to DESPISE those who claim to represent our country...It's gotten to where I cannot even read the news anymore without getting sick to my stomach.
Companies that fail to do so may be liable for large fines or jail time
They're going to put whole companies in jail?
But at any rate, after Sony's criminal rootkit vandalism of millions of computers, I'm going to have to see a CEO in shackles before I believe it. And Martha Stewart doesn't count.
For those of you unfamiliar with Sony's evil, deliberate vandalism, here are two links:
serious
content-free
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
OK, I'm just a bit confused. A quick search for FTC Red Flag returned this site, which exclusively talks about misleading weight loss claims. What does this have to do with vetting customer lists against known criminal lists?
Is it just me, or does this stink of lobbyists?
To my knowledge, European Union regulations already require you to check the people to whom you are shipping goods, to see if they are on a list of known terrorists and their associates.
Join the Empire! http://www.empirereborn.net/
When the laws make something illegal, suddenly people are willing to break other laws to continue doing it.
This is especially true if they believe they have a moral or legal right to keep doing what they were doing.
It's a legal travesty when they actually DO have a moral or legal right to keep doing what they are doing: The government is in effect enticing people to break the law.
These days this means laws regarding lying about who you are, forging identity documents, and identity theft.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
.. but what happens if I Jason Smith am not a criminal and there happens to be a Jason Smith criminal out there that isn't me. Also who in their right mind uses their real name on the internet?Aaaaaannnnnd, changing identity is easy. It's nothing to create a corporate entity - and that's a real one. Fake ones? Ha! So, while they're checking their all seeing database of criminals, the crooks are changing their identity.
It's even done by legal, although unethical, businesses. Get too many complaints to the Better Business Bureau just change your business' name.
Or are we only counting criminals that aren't considered above the law?
I remember a common threat in grade school was "this will be on your permanent record". We used to joke about it - it seemed ridiculous.
As an adult, it's starkly clear to me that "permanent records" do exist for all of us, and they control our lives to a large degree. Credit reports, "no-fly" lists, and now this "red flag" list - somewhere out there grim people in small offices quietly compile lists of citizens whom they feel should be "less free".
What kind of oversight exists for this list? What does one have to do (or not do) to appear on it? If you're on it, how can you be removed?
I wish I could say I was surprised by this new step towards an Orwellian dystopia, but the past several years have numbed me to it.
The FTC page that the original article links to
http://www.ftc.gov/opa/2007/10/redflag.shtm
Only talks about financial institutions and creditors. It doesn't seem to indicate that Mary's Online Potpourri Barn has to do a background check on everybody that orders a lemon scented candle.
Mastercard is the one doing actual business with terrorists... why aren't THEY responsible for this "small" fee?
This seems like some kind of backdoor conviction without a trial. If the government "knows" these people are criminals, why haven't they been arrested, convicted, and sentenced? If the government is forbidding people to do business with these people, shouldn't they have a trial or some kind of public hearing where the facts are presented?
This kind of thing seems like it could lead to rampant abuse, or at least error if someone winds up on one of these lists that shouldn't be on it.
AccountKiller
Do I give the Govt a list of everyone I do business with for them to check; or do I get the complete list of criminals and check for overlap myself? Sounds like a massive datamining operation to me.
Does getting put on Santa's naughty list red flag you?
What if you are an offline criminal?
You know, some of those still exist.
Turn on, tune in, drop out.
Tisha Hayes
... because nobody will be able to do business with Microsoft. They are convicted in Europe.
Don't fight for your country, if your country does not fight for you.
1. Inocent until proven guilty. So why should there be a black list of people who havn't been threw justice system.
2. Rights after you serve your time. So if the person was an online criminal and served his/her time. Is is really reasonable to block them for using the inernet ever again, espectially in a world with increasing demmand to use the internet for daily communication and comerse.
3. People on probation is such a small portion of a list that the forced blacklist is an undue burden.
4. These people are criminals... They have been proven to be untrustworthy, what makes it so they don't lie on an online form or use someone elses idenity.
5. Small ISP and companies don't have resources to do this. a 10-15k project for a big company is a drop in the bucket for for a small ISP it is a huge undertaking, which could kill it.
6. Why punish honest/trusting people. America's growth was based on contract by handshake. There are a lot of companies that still want to keep that type additude. But laws like this make it so you need a lawer for everthing... (on a side note why the hell do we keep electing lawers into government)
7. In a slumbing echonomy is it prudent to make it difficult for people to do business.
8. If it forces criminals to be smarter and hide their tracks more, doesn't it make it more difficult for authorities to track such people.
9. If the criminals cannot work online they will still be criminals and be on the street with guns and drugs.
10. What happends if your name matches a criminal.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
From the article: OK, pop quiz. A local car dealership sells a car to a new customer. A week later, that same automobile is used in a terrorist car bombing. The business can't be held liable for what the customer did, right?
Now the idea that terrorist would buy a car to blow up rather than stealing one so it can't be tracked back to them seems rather ridiculous. But we here at slashdot love a car analogy so let's stick with that.
Businesses, unlike airport screeners apparently, KNOW where most modern terrorists come from. Is the government then going to protect that dealership from a lawsuit when a middle-easterner with ties to the motherland is turned down when he shows up cashier's check in hand?
Most businesses DON'T want to do business with crooks or terrorists. Makes sense because they don't want to get screwed in the deal. But it's ridiculous to expect business to do the federal government's job for them under threat of criminal charges and fines. And there's certainly been times where business didn't have that choice.
If you've never been modded as "flamebait" or "troll," you've never tried to argue a minority viewpoint here!
What kind of criminals? Anyone with a felony conviction? Theft? dui? murder?
Since almost everything other than traffic tickts is being charged as "felony" something this could easily mean a loss a business to normal people, not internet criminals.
Again, it sounds great, but it's a knee jerk reaction that will create big undesired problems.
The "Do Not Fly" list already has shown how well false positives work - it's caused trouble for people who are wrongly put onto the list. Those with particularly common names will have particular trouble.
Unless there's a swift and clear grievance system, this will cause so many false positives that positives will be worked around. And who says that any bad people wouldn't steal or set up identities under which to do business?
The end result in three years? There will be lots of news about false positives, and the bad guys will just use more ID theft. Which will put those with stolen IDs into still more of a mess.
I don't think that this passed the "run it by a six-year-old first" test.
It appears to me that if I get on that list it will greatly reduce my exposure to Identity Theft.
To me, there are two sides to identity theft.
1) The thief him/herself.
2) The company who enables the identity theft by enabling "sight-unseen" optimistic transactions. In other words, companies who have, up to this point, assumed that you are who you say you are when you fill out an online form or whatever other such transaction is being exercised.
If our world is to become more and more disconnected from face-to-face commercial transactions, which offer a sight better chance of verifying that person A using the credit card is not in fact person B or what have you, then I am absolutely for legislation which recognizes that identity theft is not possible without companies de facto complicity in the matter.
However, there is a legal principle that the worst laws are the ones that cannot be enforced without great cost to the society and yet get passed anyway. This is one of those laws.
It's not a bad idea to hold companies at least partially accountable for their participation, perhaps unwilling, in enabling identity thieves, but it needs some retooling and may require infrastructure that does not yet exist. Moreover, there need to be limitations such that the burden on companies is not so severe that it must radically increase the prices of its products simply to be compliant. A law this open-ended invites so much litigation that a company would be justified in expending exorbitant amounts simply to keep from running afoul of it.
If any value came out of Germany in the '40s is its meticulous use of lists and record keeping about its citizens. That way when history repeats itself there's a clear and concise roadmap of what needs to be done. No need to reinvent the wheel.
-[d]- br.
I work for a small community bank, and we are in the process of developing our program now. The regulations implement sections 114 and and 315 of the FACT Act. Section 114 requires all covered institutions to create and implement a written Identity Theft Prevention Program consisting of four elements: 1. Identification of Red Flags 2. Detection of Red Flags 3. Responding to Red Flags 4. Updating the Program To be covered, an institution must offer what is called a "covered account." A covered account is (1) an account primarily for personal, family, or household purposes, that involves or is designed to permit multiple payments or transactions, or (2) any other account for which there is a reasonably foreseeable risk to customers or the safety and soundness of the financial institution or creditor from identity theft. The regulatory bodies go on to offer guidance on 5 categories of potential Red Flags, including: 1. Alerts, notifications, or other warnings received from consumer reporting agencies or service providers, such as fraud detection services; 2. The presentation of suspicious documents; 3. The presentation of suspicious personal identifying information, such as a suspicious address change; 4. The unusual use of, or other suspicious activity related to, a covered account 5. Notice from customers, victims of identity theft, law enforcement authorities, or other persons regarding possible identity theft in connection with covered accounts held by the financial institution or creditor. Section 114 also requires the issuer of a debit or credit card to verify the vailidity of an address change followed by the request for a new, additional, or replacement card if requested within 30 days of the address change. In other words, if you receive a request for a new card within 30 days of an address change, you are required to validate the address change with the customer to be sure it is indeed a valid request before mailing the new card. Section 315 requires the users of consumer reports (i.e., credit reports) to verify the identity of the consumer if the report notes a substantial difference in the address provided by the institution versus the address last on file with the Credit Reporting Agency. This applies only if a continuing relationship is established with the consumer. One of the ways to comply with Element 2, detecting Red Flags, is to use various software programs (such as those for BSA/AML) or databases to run checks against, but the regulations clearly state that the program must be appropriate for the size of the institution and the scope of its operations. I highly doubt they'll expect mom & pop types institutions to deploy extraordinary measures to verify that Jim Bob is not a terrorist. Now, if you're Bank of American or Fifth Third, for example, you'll be expected to do a little more. Also note that bank's service providers are required to have a Red Flags program in place. Meaning if I am generating mortgage or auto loans for a financial institution, I'm required to detect and respond to Red Flags, and the bank is required to assess my program. Hope this helps!
Hmmm?????
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
A generation or two ago, felons had their civil rights greatly curtailed and had to petition the courts individually to get their rights restored.
In some states:
They couldn't vote.
They couldn't hold elected office.
They couldn't own or be an officer of an incorporated business.
They couldn't hold a license for most licensed professions.
They couldn't hold an alcohol license.
They couldn't be a notary.
They couldn't hold certain banking jobs.
The list goes on.
In almost all states felons who have served their jail time and parole can vote, but many of the remaining restrictions still apply today.
The theory is that certain things like voting or being a loan officer were reserved for "moral" people.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
They aren't being asked to do the job of law enforcement.
Punishing criminals is a job of law enforcement, not private businesses. HOW they do it doesn't matter.
Furthermore, businesses are being asked to turn down potential sales, which impacts their bottom line. Not only that, but they have to pay to do this, which increases their costs of doing business. Both of these are negatively impactful to the vendors, and ultimately make vendors responsible for something that law enforcement should already be taking care of.
We are also running headlong into an age of "lifelong punishment," where 50 year old men are denied needed services because of a crime they commited when they were 19 and drunk, and which they would not commit now that they have grown up. This sort of thing is happening *today*, is utterly unjust, and will only get worst if we continue with this sort of personal data tracking.
I will add that we have seen mistakes with this sort of thing happen already. People who's names are similar to someone on the list get unjustly denied services they need. People get put on the list erroneously, are harmed by it, and have no effective means of getting their names expunged. The list itself can be compromised, causing even further harm to innocents, and possibly causing extra unjust harm to the criminals (vigilantism). In order to try to prevent some of this, there winds up being a push for even *more* identity tracking and verification of non-criminals, thus further exposing them to the potential for identity theft, governmental oppression, privacy violations (employers peeking into details to which they should not have access), and general hassle.
I understand the benefits, but the costs are just to great. This has "bad idea" written all over it.
Once the infrastructure to "Red Flag" anyone is in place, the government can deem any person "BAD" and destroy their life. The government then is the sole entity that defines who is on the list. No over sight, no judicial review, no rights.
The article/summary completely misinterpreted what this is. It's not a no-fly kind of list. This is just requiring financial institutions to "red flag" unusual activity. It's quite common for credit card companies to call you and verify purchases if you make a sudden string of online purchases if you don't typically do that or make multi-$1000 purchases somewhere geographically remote from where you live. That's all this is.
For great justice.
... then it's a list of names of people and the known aliases of people who commit crimes but who haven't been apprehended yet. Usually crimes like extortion, terrorism, racketeering, international stuff that makes it difficult to just walk up to someone, put cuffs on them, and haul them off to jail.
Which isn't to say this can't lead to rampant abuse -- it certainly can -- but the idea of the list is more along the lines of "this is a guy who is suspected of being involved in illegal activity right this very moment -- do not do business with him" rather than "this is a guy who just got out of jail last week -- do not do buseinss with him."
Eviscerati.Org: All Hail the Eviscerati
With these lists, you can make sure no one can work, buy food or have a place to live.
---- Booth was a patriot ----
Cool, so these alleged criminals must live in some state, etc.? Does this mean if they pay bills online with a state or local govt. website, we could throw the govt. in jail? :-p
That would be kind of ironic. LOL
Oh, those kooky 'online criminals,' clearly they are a threat right up there with terrorists. Look out! They'll bomb your modem!
Can someone explain how we have a list of known criminals and their location (name = location, on the internet, and if you can access them on-line you can figure out where they are) and they're still free?
Even though there is no nominal fee for using GMAIL, and it kinda looks like it is free (though you're trading your value as an advertisement target, actually), shouldn't this new regulation also include GMAIL, and for that matter all free services in the internet (like free email services, free hosting, personalized search engines, etc)?
I mean, these services are undoubtedly businesses that handle private consumer data, aren't they?
If that's really the case I see no way this law can ever be fully enforced. It's kinda like a joke, don't you think?
1. Provide an unnecessary, unwanted service to perform background checks on the entire population of the US.
2. Lobby to have your service legislated into a legal requirement.
3. Profit.
There is no step ?.
Great, one more way for govt to terrorize private citizens. Cuz you know their infamous No Fly List was SO accurate (nevermind that the 9/11 hijackers used their real names). And one more way to terrorize private industry into reporting the identity of every customer to Big Brother. And as usual, this wont bother most sheeple. "If you have nothing to hide" will be the excuse. This country is sooo spiraling downward into fascism. I give it 10 years.
Sex crimes can be for a variety of reasons.
Some people commit sex crimes because their only sexual preference is criminal in today's society and it's either be a criminal or do the right thing and be a virgin for life.
Some people commit sex crimes because they don't care about other people. This is the same class of people who commit other types of crimes including con jobs, theft, and the like.
Some people commit sex crimes because they like being in control. This is the same class of people who are bullies.
Some people commit sex crimes because they are drunk and do things they would ordinarily not do.
There are other reasons but those are some of the major ones.
Each class requires a different approach to preventing recidivism.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Start using cash.
Can I bum a sig?
Banks snitch to the government if you do something "suspicious" like put a thousand too much in cash in your account in one transation or take a thousand too much out. Many businesses must snitch about various sorts of purchases like too much gold or silver bought (about $10000 at a time IIRC). ISPs are increasingly forced to open their doors to all traffic being examined for anything the government doesn't like. No fly lists that it is impossible to get off of or challenge can list you or I for no reason we can ferret out. Now the government wants the effective power to blacklist anyone they [don't] like from doing any business online. Call me paranoid but this does not bode well at all for the republic.
Also remember that the majority of what people are in jail for (officially criminals) in this country are victimless crimes that in a saner world would never have been called crimes. Remember that the US government now has the power to declare you a terrorist or "enemy combatant" at its sole discretion, lock you up, throw away the key and never even charge you or try you. And it gives itself the power to use such 'not really torture' techniques as waterboarding.
Do NOT give such people the benefit of the doubt.
Export Control laws http://itlaw.wikia.com/wiki/Export_controls/, let me introduce you to them.
Even more burdensome is the Foreign Corrupt Practices Act http://en.wikipedia.org/wiki/Foreign_Corrupt_Practices_Act/ since, unlike as is the case with Export Control laws and would be the case with the proposed legislation discussed in the article, you can't check against a government-maintained Red Flag list but rather each company has to pay for development of its own Red Flag list.
If some West Virginia kid comes into a retail store and buys a pallet of old-style Sudafed, the retail store is durn well going to be held responsible (in most US states) when the DEA busts him for making meth.
This article is just a press release for MicroBilt, using blatant scare tactics to seem like everyone needs their service, where the rule only applies to financial institutions and creditors with consumer accounts. It does NOT apply to stores (online or otherwise.)
From the FTC themselves :
"The final rules require each financial institution and creditor that holds any consumer account, or other account for which there is a reasonably foreseeable risk of identity theft, to develop and implement an Identity Theft Prevention Program (Program) for combating identity theft in connection with new and existing accounts."
Stores are usually not financial institutions, neither are they creditors. 99.999% of Mom and Pop businesses won't be affected in the least. I don't know of any Mom & Pop banks or creditors, but I'm sure they exist.
This story should be deleted by the mods, it's just an advertisement from a scumbag company, and we're giving it more coverage than it should ever get (unless it's the "MicroBilt goes out of business from customer lawsuits" type of coverage.)
. . .and it needs to be messy, and as nasty as possible.
I am an artist. I sell artwork commercially, both online and at major artisan shows. I will never check the background of anyone that wishes to purchase art from me. Ever. Regardless of the lengths needed. Nor will I allow myself to be fined or otherwise intimidated by this fascist sack of crap passing itself off as a government.
Big Brother is kindly invited to lick my nuts.
This used to be the land of the free and the home of the brave, not the land of the 'secure' and the home of the naive.
The choice is before you: be a part of the solution, or remain a part of the problem.
Wow, this would exclude half of eBay's customer base...
You won't see a problem until YOU realize that YOU pay taxes, the business pays taxes, your sales are charged taxes, and after all that theft from you in the guise of protecting you, they kindly remind you that the nations burgeoning police force needs YOU to check on criminals for them.
Lovely isn't it?
Someday people will see the absurdity of forcing others to pay for the stupidity of some group or other.
" What luck for rulers that men do not think" - Adolf Hitler
"Contract with specialist services".....
Smells like the leavings of a lobbyist.
Interestingly enough, its amazing how much the government wants to regulate our lives, but dosn't wan't to pay for it, and make us foot the bill in order to comply with their whims..... Whims that are conjured up by some of the most power hungry, ass-backward, demented, half-witted individuals on the planet. This is another case of placing blame where it doesn't belong. You have the right to do business with anybody, and you cannnot control what they do with your product. What if a gas station sells an adult a cigarette lighter, who uses it to light the fuse on a bundle of dynamite that blows up a courthouse? I hope there are companies that openly denounce and refuse to cooperate.
What's next? A 10 day waiting period for a replacement propane tank for my BBQ?! How about a background check every time you fill your car up with gasoline? This is utterly ridiculous. Seeing as how pretty much EVERYTHING in existence can be used for some form of malfeasence, this makes everybody liable for just about everything.
The only thing that I would support is *HEAVILY* fining companies that do business with known spammers.
Knowing Google's lust for data collection, the Soviet Union is still alive and well inside the psyche of Sergey Brin....
This kind of thing seems like it could lead to rampant abuse, or at least error if someone winds up on one of these lists that shouldn't be on it.
Yep. And they got the color wrong, too.
This is not a "red flag". It's a government-maintained "blacklist":
- It creates a broad penalty for anyone they put on the list, making it virtually impossible for them to get or hold a well-paying job, buy a house, buy a car, or do most of the other big-ticket business of life.
- Putting people on it is done in secret and without legal due process, for reasons other than imposing statutory penalties for conviction of violating a published law. No opportunity to confront witnesses against them or challenge the process - either as they're being added or to remove themselves afterward.
- The list is effectively secret. It's known to the business people but is virtually unknown to the people on it, who get no notification that they've on it or even that it exists.
Welcome to the McCarthy Era, version 2.0.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
All you need is to have the same sounding name (as in the SoundEx algorythm) as somebody who screwed up.
The TSA is currently screwing people over with that flaw. (See Adam Curry of "The Daily Source Code" fame.)
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
Rev 13:17 And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name.
Hmmm?????
College-Pages.com - Online Colleges, Degrees, and Programs
It works even better when you can get the nation in question to freeze their assets as well.
Businesses shall not lord over governments at the expense of the people as done in many places today. What is good for business isn't always what is good for the US.
Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
I believe there would be over 11,000 people who had a form of this done to them. Not only could they get a line of work in that field, but they were blackballed from any government work until a Clinton-era pardon.
It was done by someone thought to have ended government intervention. The only problem is that it was pro-business government intervention, which is just as bad if not worse. It won't be people who just simply are asking to collectively bargain this time around. It will be everybody within the reach of the US. Unfortunately this attitude would continue with the GOP nominated candidate if in office.
Twitter supports and protects racists - by smearing their critics with the "Hate Speech" label.
If this covers a spammer making a deal with a botnet controller, or a company making a deal with a spammer, I am completely in favor of this.