Slashdot Mirror
Companies To Be Liable For Deals With Online Criminals
Dionysius, God of Wine and Leaf, sends us to DarkReading for a backgrounder on new rules from the FTC, taking effect in November, that will require any business that handles private consumer data to check its customers and suppliers against databases of known online criminals. Companies that fail to do so may be liable for large fines or jail time. In practice, most companies will contract with specialist services to perform these checks. Yet another list you don't want to get on. "The [FTC's] Red Flag program... requires enterprises to check their customers and suppliers against databases of known online criminals — much like what OFAC [the Treasury Department's Office of Foreign Asset Control] does with terrorists — and also carries potential fines and penalties for businesses that don't do their due diligence before making a major transaction."
This sounds like quite an onerous burden on businesses, and I imagine it will be struck down by the courts soon enough unless it's much narrower and specific a regulation than the story makes it appear. Private parties should not be expected to do the job of law enforcement.
Part of the hardcore faithful who believed in Apple long before it was cool again to do so
No? How about forged packet Comcast? No again? What about exposing most of the internet to id theft and cross site scripting Barefruit? Not a very thorough list, is it?
At first this sounds like an incentive for businesses not to conduct transactions with criminals. Take identity theft, for example. I don't want vendors consorting with thieves, should somebody steal my credit card info. But how should vendors know it's a thief and not me? It's not reasonable.
Worst case scenario: this turns out to be another vague No-Fly list that persecutes the innocent while doing little to no actual good. In any case, it will be more work and more liability for vendors.
Companies that fail to do so may be liable for large fines or jail time
They're going to put whole companies in jail?
But at any rate, after Sony's criminal rootkit vandalism of millions of computers, I'm going to have to see a CEO in shackles before I believe it. And Martha Stewart doesn't count.
For those of you unfamiliar with Sony's evil, deliberate vandalism, here are two links:
serious
content-free
mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
The FTC page that the original article links to
http://www.ftc.gov/opa/2007/10/redflag.shtm
Only talks about financial institutions and creditors. It doesn't seem to indicate that Mary's Online Potpourri Barn has to do a background check on everybody that orders a lemon scented candle.
Mastercard is the one doing actual business with terrorists... why aren't THEY responsible for this "small" fee?
This seems like some kind of backdoor conviction without a trial. If the government "knows" these people are criminals, why haven't they been arrested, convicted, and sentenced? If the government is forbidding people to do business with these people, shouldn't they have a trial or some kind of public hearing where the facts are presented?
This kind of thing seems like it could lead to rampant abuse, or at least error if someone winds up on one of these lists that shouldn't be on it.
AccountKiller
The "Do Not Fly" list already has shown how well false positives work - it's caused trouble for people who are wrongly put onto the list. Those with particularly common names will have particular trouble.
Unless there's a swift and clear grievance system, this will cause so many false positives that positives will be worked around. And who says that any bad people wouldn't steal or set up identities under which to do business?
The end result in three years? There will be lots of news about false positives, and the bad guys will just use more ID theft. Which will put those with stolen IDs into still more of a mess.
I don't think that this passed the "run it by a six-year-old first" test.