Gridlock In Action: Retailers Demand New Regulations To Protect Consumers

← Back to Stories (view on slashdot.org)

Gridlock In Action: Retailers Demand New Regulations To Protect Consumers

Posted by Soulskill on Tuesday November 11, 2014 @01:12AM from the use-your-terrible-system-to-fix-your-terrible-system dept.

chicksdaddy writes: How bad is the gridlock in Washington D.C.? So bad that the nation's retailers are calling for federal legislation on cyber security and data protection to protect consumer information — even though they would bear the brunt of whatever legislation is passed. The Security Ledger notes that groups representing many of the nation's retailers sent a letter (PDF) to Congressional leaders last week urging them to pass federal data protection legislation that sets clear rules for businesses serving consumers.

"The recent spate of news stories about data security incidents raises concerns for all American consumers and for the businesses with which they frequently interact," the letter reads. "A single federal law applying to all breached entities would ensure clear, concise and consistent notices to all affected consumers regardless of where they live or where the breach occurs."

Retailers would likely bear the brunt of a new federal data protection law. The motivation for pushing for one anyway may be simplicity. Currently, there are 47 different state-based security breach notification laws, as well as laws in the District of Columbia and Guam. There is broad, bi-partisan agreement on the need for a data breach and consumer protection law. However, small differences of opinion on its scope and provisions, exacerbated by political gridlock in Congress since 2010 have combined to stay the federal government's hand. Meanwhile, reader schwit1 points out that banks are now starting to demand that retailers pay for all the financial damage their security breaches cause.

127 comments

Min score:

Reason:

Sort:

CYA by thaylin · 2014-11-11 01:18 · Score: 4, Insightful

I think this is just CYA. The government will set a minimum standard of security which the retailers will set as their default level and that way when a breach happens they can say, well we followed the government mandates, we should not be sued. This is not for the customers, it is for the retailers.
In reality they should be securing their systems to the best of their ability.

--
When you cant win, ad hominem.
1. Re:CYA by TigerPlish · 2014-11-11 01:27 · Score: 2
  
  The last sentence of TFS has a link to an article mentioning bankers are pressuring retailers to pay for the banks' costs in a post-breach cleanup.
  Money talks. In this case the bankers hold all the cards and the retailers will have no choice but to armor their payment systems. That, or spend hand-over-fist in cleanup and damaged reputation.
  Which road will they take? The cheaper one -- which I suspect is to armor their POS systems.
  
  --
  The "Civilized World" jumped the shark ca. 1973.
2. Re:CYA by gstoddart · 2014-11-11 01:31 · Score: 4, Insightful
  
  In reality they should be securing their systems to the best of their ability.
  I wouldn't say "to the best of the ability of the retailers".
  They've already demonstrated themselves to be lazy, incompetent, and largely indifferent to security.
  They should be held to an entirely different standard than "the best of their ability", because we already know that's not good enough.
  
  --
  Lost at C:>. Found at C.
3. Re:CYA by postbigbang · 2014-11-11 01:40 · Score: 1
  
  And if either the banks, the retailers, and/or any member of the supply chain gave up a single point in transactions TO UPGRADE THEIR SECURITY INFRASTRUCTURE and SELF POLICE, then government interaction would be unnecessary and consumer safety would soar.
  It's always someone else's problem, and someone else needs to eat the costs. So crappy POS, putting your fingers in your ears when IT warns you that your systems are about to explode, be breached, or become a PR nightmare, are all OK because it's the other guy's problem, never your own.
  Fuck that.
  
  --
  ---- Teach Peace. It's Cheaper Than War.
4. Re:CYA by jbmartin6 · 2014-11-11 01:46 · Score: 2
  
  I'm not so sure that armoring POS systems is the cheaper option. Sure there are a myriad of things that can be done, but how effective are they likely to be? Even a company like RSA got breached, and their seed database was armored pretty well until reality pried it open. Ultimately the underlying issue will remain, which is that "shared secret" is an oxymoron. As long as the payment is verified by shared information someone will find a way to steal and use the shared information. After all, retailers can't just seal the information in a box and never access it, they need to use it. And thieves will just access it the same way the retailer does.
  
  --
  This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
5. Re:CYA by houghi · 2014-11-11 02:36 · Score: 1
  
  Hey! The companies are the ones who bought the politicians, so they should be the ones to come up with a solution that does not cost the companies anything.
  If you were serious about politics, put YOUR money where your mouth is.
  
  /Sarcasm
  
  --
  Don't fight for your country, if your country does not fight for you.
6. Re:CYA by Shortguy881 · 2014-11-11 02:54 · Score: 1
  
  Hmmm... what better way to close a bunch of small businesses than demand all businesses meet some arbitrary security requiremnts.
  
  "Sorry mom and pop, your shop doesn't have the required firewall, point of sale equipment, network security administrator, or minimum database standards.I'll have to shut you down"
  
  "But we dont even have a computer. All our sales are manual!"
  
  "Sorry, take it up with the Another Department to Fuck You Over**"
  
  **Name pending
  
  --
  Brilliance without wisdom, power without conscience. Ours is a world of nuclear giants and ethical infants.
7. Re:CYA by Art+Challenor · 2014-11-11 02:57 · Score: 2
  
  I'm not so sure that armoring POS systems is the cheaper option.
  The cheapest thing is to buy off politicians so that they can continue doing what they are currently doing, but shift the blame to the consumer. This, I assume, is the purpose of the legislation. (Cynicism is almost always the model with the most accurate predictions of political outcomes in the US).
8. Re:CYA by TigerPlish · 2014-11-11 03:10 · Score: 3
  
  No, the Mom and Pop likely uses a 3rd-party payment processor.
  What, you thought *everyone* taking credit / debit payments have their own in-house?
  
  --
  The "Civilized World" jumped the shark ca. 1973.
9. Re:CYA by internerdj · 2014-11-11 03:18 · Score: 1
  
  I'm really confused here. We've got the bankers pressuring the retailers for higher security or they will legally pursue them to cover the damages. Isn't this the picture perfect case where capitalism should solve the problem? Why are the retailers running to the government for regulation? Shouldn't the market solution be cheapest for the pure blooded capitalists of retail?
10. Re:CYA by gmhowell · 2014-11-11 03:19 · Score: 1
  
  Holy shit. First post (that I can see at my threshold) captures things in their entirety. Are you sure you belong on slashdot?
  
  --
  Jesus was all right but his disciples were thick and ordinary. -John Lennon
11. Re:CYA by gmhowell · 2014-11-11 03:20 · Score: 1
  
  They've already demonstrated themselves to be lazy, incompetent, and largely indifferent to security.
  Maybe. Or maybe they're just cheap.
  
  --
  Jesus was all right but his disciples were thick and ordinary. -John Lennon
12. Re:CYA by Shortguy881 · 2014-11-11 03:24 · Score: 1
  
  I think you missed the point. New regulations means more stringent requirements, means newer equipment, upgrade costs, compliance testing, etc. If you don't think these new regulations are going to be a burden, you are naive.
  
  --
  Brilliance without wisdom, power without conscience. Ours is a world of nuclear giants and ethical infants.
13. Re:CYA by fuzzyfuzzyfungus · 2014-11-11 03:27 · Score: 2
  
  I think this is just CYA. The government will set a minimum standard of security which the retailers will set as their default level and that way when a breach happens they can say, well we followed the government mandates, we should not be sued.
  I agree that this isn't some altruistic action motivated by concern over the poor consumers; but asking for regulation is something that also serves a secondary purpose: 'retail security' is a collective action problem: It costs money to do(best case, it costs money but at least you can do it unilaterally, as in the case of hardening your own network and backend; worst case it costs money and can't be done without industry-wide buy-in, as with replacing mag stripes with something less totally fucked); but the benefits are mostly invisible (customers only care how secure you are when you weren't secure enough and you get cracked; up until then, they don't know and don't care whether you are pitifully insecure and lucky or highly secure).
  
  Under these circumstances, it's difficult to justify unilateral improvements ("Hey, the nerds over in the cost center want more money because something, something, identity theft, yadda yadda. Tell them to STFU, it's cheaper just to 'apologize' and offer a free year of credit monitoring") and even more difficult to drive a coordinated, multi-actor, upgrade.
  
  If you lobby for a regulation, though, you can be assured that your competitors have to deal with the same hassle you are dealing with and are in a much better position to say "Hey! Other merchants, banks, and involved parties? Y'know those new regulations? Compliance will end up costing us all less if we just roll out something less broken, rather than individually slapping band-aids on our shitty systems."
  
  It's not elegant; but that is an additional use of regulation, aside from CYA.
14. Re:CYA by gstoddart · 2014-11-11 03:40 · Score: 1
  
  If you don't think these new regulations are going to be a burden, you are naive.
  If you think having no regulations isn't already a burden on other people, you're also naive.
  So, if companies want to take risks with the financial information of their customers, they should be the ones assuming the risk, not the customers.
  Right now, in order to maximize corporate profits, customers are the ones bearing the risk for the crap the corporations do. Sorry, but screw corporate profits. We want to see some corporate responsibility and liability.
  My credit card company has had to send me a new card three times in the last year, and I can never identify the source. If I knew who the hell was doing a shit job of security, I'd stop buying from them.
  And I presume the large number of customers they lose would be an incentive to actually take this seriously.
  So I'm afraid I have no sympathy for these companies. If you're going to hold onto my financial and personal information, you're going to have to do it in such a way as to not constantly expose it.
  
  --
  Lost at C:>. Found at C.
15. Re:CYA by Anonymous Coward · 2014-11-11 03:41 · Score: 0
  
  I think this is just CYA. The government will set a minimum standard of security which the retailers will set as their default level and that way when a breach happens they can say, well we followed the government mandates, we should not be sued.
  That theory of liability hasn't worked for anything else.
  You can meet all applicable legal standards and still be liable.
16. Re:CYA by HideyoshiJP · 2014-11-11 03:45 · Score: 1
  
  In all fairness, those that may wish to put security solutions in place may need a way to justify the increased cost of additional security to the larger shareholders, who often can't see the forest for the trees. You'd think those shareholders would just invest in IT/security companies...
17. Re:CYA by CrimsonAvenger · 2014-11-11 04:10 · Score: 2
  
  Shouldn't the market solution be cheapest for the pure blooded capitalists of retail?
  Two things:
  1) Whatever makes you think that retail giants are "pure-blooded capitalists"?
  2) A sufficiently powerful government usually means that the cheapest solution to any problem is to buy favourable legislation.
  
  --
  
  "I do not agree with what you say, but I will defend to the death your right to say it"
18. Re:CYA by mlts · 2014-11-11 04:25 · Score: 1
  
  I will be a bit of a devil's advocate here:
  We also need guidelines and standards for security. This isn't something that I can quantify, toss a high amount at a CISSP and get some unit of security. PCI-DSS3 is an example of decent guidelines. Another are the NIST SCAP items.
  What would be an ideal would be some standard body making up security standards, not just guidelines (segment and firewall networks), but actual steps to secure operating systems and appliances with varying levels of security [1]. This wouldn't just be something that an organization could do once, but something that would have to be made at least quarterly with emergency workarounds coming out 24/7, such as replacing bash with Busybox or compiling a binary from the fixed source.
  There are also issues and publications that wouldn't be as obvious... for example, guidelines on securing HVAC systems or basic power. Recommendations for organization charts to protect against social engineering, so someone name-dropping a VP doesn't get a file full of root passwords just by asking. Even physical guidelines like protecting against tailgaters at building entrances [2], or what type of lock cylinders to use (as some brands of cylinders had reports about security gaps which got remedied in later models.) Security is a moving target, and it would take a lot of cash to keep an organization funded which keeps on top of this... but it would do far more to help things than adding new regulations [3].
  Right now, the major vendors have security tools usually baked into the OS which are pretty good. The trick is to have one coherent clearinghouse that can help people use what tools are available and still remain vendor neutral.
  [1]: For example, on AIX, if I wanted one level of security, I'd sign all binaries on the system and configure trustchk to disallow anything else to be run. If I wanted higher than that, I'd disable root (so UID 0 processes had no "special-ness" about them) and set trustchk with LOCK_KERN_POLICIES on so there is no process on the system that can allow untrusted binaries, libraries, or even shell scripts to run.
  [2]: Badge policies have to apply equally in a company, and if all someone needs to do is wear a suit or a uniform to get in, then physical security has failed. 99% of the time, it may just be nothing... but there is always that 1% where calling security on someone might have just stopped an attack.
  [3]: Sarbanes-Oxley comes to mind. I've yet to read about it being enforced... except when it was used against an individual who had an improperly fished grouper.
19. Re:CYA by peragrin · 2014-11-11 05:26 · Score: 1
  
  The cheaper option is to stop storing credit data and have the banks and credit card companies and switch to one time tokens for all transactions.
  That way in the event of breaches credit and banking information can't be stolen.
  Guess which way it won't go. Though Amex is trying to go that way. Hence the support for Apple pay.
  
  --
  i thought once I was found, but it was only a dream.
20. Re:CYA by Shortguy881 · 2014-11-11 07:58 · Score: 1
  
  Actually you are taking the risk by using a credit card. Go to an ATM and get some cash. Problem solved.
  
  Better yet, lets get rid of capitalism all together. How about we just walk into a store and be given what we want. Clearly we are all entitled to it.
  
  --
  Brilliance without wisdom, power without conscience. Ours is a world of nuclear giants and ethical infants.
21. Re:CYA by hey! · 2014-11-11 09:03 · Score: 1
  
  Well, this is the dark side of competition. Without regulation, you find yourself competing with bottom feeders.
  It's one thing to be competing with bottom feeders who simply externalize costs -- e.g. shipping waste to countries with weak environmental regulations. It's another thing to be competing with bottom feeders who undermine trust in your industry. You can't just copy them and say, "everyone does it, that's life." Winning that race to the bottom is actually bad for your bottom line.
  
  --
  Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
22. Re:CYA by Anonymous Coward · 2014-11-11 09:14 · Score: 0
  
  I think this is just CYA.
  I agree, anyone who expects "A single federal law applying to all breached entities would ensure clear, concise and consistent notices to all affected consumers regardless of where they live or where the breach occurs." out of Congress is either insane, deluded, or lying.
23. Re:CYA by innocent_white_lamb · 2014-11-11 10:21 · Score: 1
  
  I own a small "mom and pop" business.
  I accept cash, cash or cash. No credit or debit cards of any kind.
  I save a lot of money on fees that I would otherwise have to pay to banks for accepting their cards, and I don't have to hassle around with payment terminals and the like.
  All of my customers know that they have to bring cash when they come here. Anyone who doesn't know that (new people in town) find out pretty quickly on their first visit, and there is a bank machine about a half-block away from here.
  
  --
  If you're a zombie and you know it, bite your friend!
24. Re:CYA by AK+Marc · 2014-11-11 10:29 · Score: 1
  
  Minimum standard laws usually come with liability limits. "If you put a disclaimer in your ToS, your liability is limited to $3." So the retailers want the rules so they can determine (and limit) liability and guard against it, rather than having unbounded liability, as currently exists.
  
  --
  Learn to love Alaska
25. Re:CYA by AK+Marc · 2014-11-11 10:34 · Score: 1
  
  Yes, carrying around cash is lower risk than a credit card with $0 liability limits. Or not. I'll stick to credit cards. Safer for me. Worse for the retailer. They are likely hoping this legislation will lower liability for the retailer, and push it on the banks or customers.
  
  --
  Learn to love Alaska
26. Re:CYA by gstoddart · 2014-11-11 11:30 · Score: 1
  
  Better yet, lets get rid of capitalism all together.
  The concept of ownership?
  No, not really.
  The absurdity which is the notion of laissez faire, free market, unregulated capitalism which is a self healing entity which achieves optimal outcomes over time because it's infallible and people will play by the rules??
  Now, that version of Capitalism is a complete fucking lie perpetrated by people who are either intellectually dishonest enough to believe it, or sociopathic enough to want it anyway.
  That version of capitalism is a complete fiction, and is in fact nothing at all like what actually happens -- specifically because everyone in the system knows damned well the only way to win is lie, cheat, and steal.
  So all of the assumptions of how it will regulate itself pretty much fall apart. Because those assumptions are about as stupid as the assumptions of Communism ... or pretty much any other "ism" which is supposed to lead us to a wonderful utopia if only people would listen to the theorists and live as perfectly as they envision.
  Go ahead, drink the Kool Aid of Capitalism. But don't for a minute believe half the stories you've been told about it -- because they're all complete fiction.
  Pure Capitalism is just as dangerous as pure Marxism. The main difference is the lies its adherents use to justify it.
  
  --
  Lost at C:>. Found at C.
27. Re:CYA by Anonymous Coward · 2014-11-11 12:03 · Score: 0
  
  That, and a 'healthy' bout of protectionism. 'Retailers' are threatened by, among other things, competitors based outside the USA.
  I'd lay good money that the finished law, when passed, will be considerably more onerous for foreign companies than for US ones.
28. Re:CYA by mjwx · 2014-11-11 12:27 · Score: 1
  
  No, the Mom and Pop likely uses a 3rd-party payment processor.
  What, you thought *everyone* taking credit / debit payments have their own in-house?
  I used to work for an outsourcing outfit that looked after small stores, including their EFTPOS systems and you'd be surprised how many small "mum and dad" stores used things like an EFTPOS client sitting on an unpatched XP box in the back room (half the time the staff would also be using this box for email/excel/Facebook). Using a 3rd party payment processor is expensive, you're talking about $500 p/m expensive per terminal for the most basic services. For a cafe $500 a month is the difference between being in the red and being in the black.
  
  If you need to be convinced why you should pay cash in physical stores, go do tech support for one.
  
  --
  Calling someone a "hater" only means you can not rationally rebut their argument.
29. Re:CYA by tlhIngan · 2014-11-11 18:08 · Score: 1
  
  Yes, carrying around cash is lower risk than a credit card with $0 liability limits. Or not. I'll stick to credit cards. Safer for me. Worse for the retailer. They are likely hoping this legislation will lower liability for the retailer, and push it on the banks or customers.
  And there's the REAL reason.
  The customer getting their CC stolen is a minor inconvenience of having to reset their auto-payment systems. But a retailer hit with a chargeback? Big problem.
  If credit cards keep getting leaked out, eventually they're going to be used by someone and it could hit the retailer. Who doesn't find out until they charge it and the bank tells them that no, they were a victim, too bad, so sad.
  Card Not Present transactions (mail order, online) are the most riskiest transaction of all - even swiping is more secure as you can verify the embossed number against the stored number, and the CVV. Then there's Chip+PIN and EMV which are the most secure methods we have now (they're not super super super secure, but on a relative scale, they are the most secure).
  And online retailers want data protection laws because eventually they're going to be a victim.
  I know when my bank called me, some guy racked up $1000 worth of stuff, including $500 at some drum store. That's $500 in inventory that that retailer lost - hope they have the transaction details so they could trace where the product fraudulently went.
  And yes, in the 14 years I've had a credit card, I've had 2 legit chargebacks - 1 was for a product they never shipped, and another was a product that never arrived. In the past 3 years, I've changed my credit card about 5 times already. Total loss to me? Maybe about $200 in cash that I had to run to the bank to pay off a bill because the replacement card didn't arrive in time to be billed to the card. (and likewise, a $200 less charged to my credit card. Since I pay it off every month, it washes out).
  Retailers will probably demand some sort of EMV system for online purchases where most likely either you use an app on your phone to enter transaction details (merchant ID, transaction ID, amount transacted, etc) and it spits back a hash for that transaction that verifies the card. Fancier cards will have the electronics to do it on the card to do that so all you have to do is whip out your card. (The card can be powered by a battery - since the cards are only good for 3 years, the battery only has to last at least that long, and it's something we're able to do since regular digital watches with fancy interfaces can often last 7-10 years on an itty-bitty battery).
30. Re:CYA by AK+Marc · 2014-11-11 21:51 · Score: 1
  
  And yes, in the 14 years I've had a credit card, I've had 2 legit chargebacks - 1 was for a product they never shipped, and another was a product that never arrived. In the past 3 years, I've changed my credit card about 5 times already. Total loss to me? Maybe about $200 in cash that I had to run to the bank to pay off a bill because the replacement card didn't arrive in time to be billed to the card. (and likewise, a $200 less charged to my credit card. Since I pay it off every month, it washes out).
  I had two chargebacks. Once I bought something off eBay, using PayPal (via credit card, never a bank account). The item didn't show up, I worked with the seller for a bit, but just did a chargeback. I paid and never got it. The seller told me I need to pay insurance to be able to do that. That's wrong. The "insurance" pays him, not me. That's his responsibility. His responsibility is to deliver the item in agreed condition. I don't care if he wants me to pay insurance, consumer law is clear, if I never got it, I don't have to pay. He argued. I charged back. Problem solved.
  
  The other was a DOA product from a store that the return failed. So I left the item there, kept my receipt and performed a chargeback.
  
  Lost a credit card in a foreign country once. Canceled that day, no loss, no problem. Declined to get a replacement (for a fee) and used a backup for the remainder of the trip. Credit cards are great. Lose $10,000 cash, big problem. Lose a card with $20k limit? Max $0 liability.
  
  --
  Learn to love Alaska
31. Re:CYA by Shortguy881 · 2014-11-12 02:41 · Score: 1
  
  Actually we live in a socialist oligarchy, far from any real capitalism. I also don't believe pure unadulterated capitalism is the way to go. There should be some oversight. However, the fundamental concept of capitalism, that I have to work for my own keep, is better than the idea of work or not you get your fair share.
  
  As you pointed out in your post, the problem really isn't Capitalism or Marxism or any "ism." Its the corruptibility of people. So how do you plan to fix that?
  
  --
  Brilliance without wisdom, power without conscience. Ours is a world of nuclear giants and ethical infants.
32. Re:CYA by tlhIngan · 2014-11-12 04:50 · Score: 1
  
  I accept cash, cash or cash. No credit or debit cards of any kind.
  I save a lot of money on fees that I would otherwise have to pay to banks for accepting their cards, and I don't have to hassle around with payment terminals and the like.
  You're also not moving a lot of cash, because it costs you little enough that the risk is worth it. (And no, $1000/day isn't a lot of money.
  Because once you start racking up the dollars, you start having to spend dollars to protect those dollars - which is the true cost of handling cash. (Plus, you probably only have 1 or 2 cashiers, and a system based around a regular dumb cash register, and are fairly loose with cash).
  In other companies, cash control is king - to handle cash requires you to get special training and trust, while doing a credit transaction means any floor lackey can do the transaction because the backend computer can verify the money.
  So yeah, as a small mom and pop, cash works because at most you're out a day's take if you get mugged making the deposit. But since the day's take is relatively small, you're not a huge target either, especially if you make multiple runs to the bank during the day (if you can) so the amount you carry is low and amount you can lose is low.
  But take a much larger company like a big-box retailer, and cash handling does cost money - a real cashier gets paid more than minimum wage (you need to trust them with cash, plus train them on how to handle it and having your register and box out significantly can be a fireable offense). Plus, significant cash transactions mandate measures for cash protection. E.g., when a big game is released, the stores selling it may easily do $50K or more in cash in one day which means rolling out an armored vehicle to transfer that money to a bank, which cost hundreds of dollars in an of itself (if it costs $500, that's already 1% of the cash take!). So those businesses handling cash can cost more money than credit (because credit just transparently goes into their account with full reporting and correlation with the register).
33. Re:CYA by gstoddart · 2014-11-12 07:56 · Score: 1
  
  Actually we live in a socialist oligarchy
  No, you do not. You live in an oligarchy, but it definitely isn't socialist. Oligarchies are pretty much orthogonal to socialist. In fact, the oligarchy wants to remove the last bit of "social" you have left, and the people cheering the oligarchy who are in government are working to hasten in.
  
  So how do you plan to fix that?
  Summary rejection of all economic and political theories which assume people will play by the rules of your "ism" and it will be a perfect system once people accept it as perfect and infallible.
  I am not required to have a plan to "fix it". Not my job. Nobody is gonna listen to me anyway.
  But I can say that any system which has the in-built assumptions that you can rely on anything except corruption, and people being selfish bastards is probably complete crap, is built on ridiculously naive assumptions, and is likely inherently flawed by people who can't get past their own "ism".
  So, in the same way that when the Communists say that "if only people can be made to see how awesome this is", or when the Anarcho-Capitalists say tell us the same thing .. these are people who are willing to burn the world to remake it in their own image.
  I view some of the crap the Libertarians say to be as "burn the Earth and force it to match what we want" to be as scary and unfounded as half the crap Mao did.
  Beware the person who tells you he has The Solution. He's probably a zealot.
  I believe the shining path of Communism no more than I believe in the Utopian fantasy of Libertarian economics -- both are complete lies.
  
  --
  Lost at C:>. Found at C.
34. Re:CYA by Shortguy881 · 2014-11-13 03:40 · Score: 1
  
  Oligarchy refers to the organization of the government, socialism to how it handles economic activities. The two are mutually exclusive. Between welfare, medicaid, medicare, government subsidized health insurance, food stamps, disability, tax rebates, subsidized cell phones and internet plans, and many more programs, we live in a socialist society. Most people disagree because the rich don't pay as much into this system but that's because its an oligarchy. Those in power are redistributing the middle class wealth to the poor.
  
  Saying the world sucks, people suck, and there is nothing we can do about it is pointless. Apathy towards the worlds problems is a big part of the reason we are in such a mess.
  
  Capitalism lends itself more to self interest, playing off human behavior. That is why I think its the better choice. Its not perfect, but at least I'll take a stand and try to make the world a better place.
  
  --
  Brilliance without wisdom, power without conscience. Ours is a world of nuclear giants and ethical infants.
Huh? by Anonymous Coward · 2014-11-11 01:19 · Score: 1

What's this got to do with traffic problems?
Repeat with me by rodrigoandrade · 2014-11-11 01:26 · Score: 0

Regulations protect corporations!!
Regulations protect corporations!!
Regulations protect corporations!!
Regulations protect corporations!!

Say NO to regulation!!!
1. Re:Repeat with me by TigerPlish · 2014-11-11 01:43 · Score: 2
  
  So you'd rather have it so there are no Federal consequences for being a sloppy, lazy, bug-infested easy target?
  Sometimes regulation protect all of us, not just corporations. This could be one of those.
  OK, I have a non-regulated approach to fighting breaches: If your company is stupid enough to get breached, the banks and card issuers must block you from doing credit and debit card business again -- ever. Good luck with cash-only.
  Is that too cold-hearted for you? You'd rather have that instead of rules and consequences for data breaches?
  
  --
  The "Civilized World" jumped the shark ca. 1973.
2. Re:Repeat with me by gstoddart · 2014-11-11 02:08 · Score: 1
  
  Yeah, no, no they don't.
  Which is why the Republicans have been de-regulating, because when corporations can do anything they want, that protects corporate interests.
  Regulations protect us from corporations.
  
  --
  Lost at C:>. Found at C.
3. Re:Repeat with me by Immerman · 2014-11-11 02:08 · Score: 1
  
  Sounds to me like the default outcome down this path is that the banks start forcing the retailers to eat the losses rather than covering it themselves. Which would mostly work for me - let the people responsible for allowing the breach pay for the privilege of being sloppy. In that context federal regulations would likely indemnify them against damages if they employed the legal minimum of protections, or at least make sure that all their competitors are footing a comparable bill so that the cost of security doesn't put them at a competitive disadvantage.
  Sure, we'll get some incremental protection via the regulations, but nothing compared to what the retailers are likely to get.
  
  --
  --- Most topics have many sides worth arguing, allow me to take one opposite you.
4. Re:Repeat with me by Pope+Hagbard · 2014-11-11 02:14 · Score: 1
  
  FOUR LEGS GOOD TWO LEGS BAD
  I can't understand people who think reality is simple.
5. Re:Repeat with me by Anonymous Coward · 2014-11-11 02:26 · Score: 1
  
  If they are negligent, and you are harmed, you sue. Is this concept so difficult? With regulations, you still may be harmed, but they are protected from negligence, and you are unable to sue. Easier to pay off a few polticos than millions of victims, no?
6. Re:Repeat with me by oh_my_080980980 · 2014-11-11 02:34 · Score: 1
  
  Yo moron, they're trying to reduce their liability not protect the consumer. FTA: "Currently, there are 47 different state-based security breach notification laws, as well as laws in the District of Columbia and Guam." Do you understand now?
7. Re:Repeat with me by oh_my_080980980 · 2014-11-11 02:36 · Score: 1
  
  LMOL - do you know where regulations come from? They come from corporate lobbyists. Corporations write legislation that Congress passes. These "regulations" reduce the liability to Corporations. They do not protect consumers! Check out ALEC sometime.
8. Re:Repeat with me by gstoddart · 2014-11-11 02:50 · Score: 1
  
  Wow, such a simplistic and reductionist world view you have.
  Yes, laws which are written on behalf of corporate lobbyists are designed to game the system to give corporations the most freedom. This means you should stop the process of corporate lobbyists, because they don't help anybody except corporations.
  But, environmental laws, consumer protection laws, banking laws, laws designed to stop insider trading ... these are all intended to prevent corporations from being able to do anything they please without consequence. Those laws are the kind of things some people want to repeal under the notion that anything which prevents a company from acting like assholes is unfair.
  So, if you say "all government regulations are bad", it's as stupid and meaningless as if you say "all government regulations are good".
  One political end of the spectrum wants to pass laws to limit the amount of crap companies can do. Another end of the political spectrum wants it to be "anything goes" for corporations.
  The latter of those two? They're the people behind your ALEC, and the people who would do away with any form of environmental and consumer protection. These are the people who want you to have an oligarchy in which humans are secondary to corporate profits.
  Anybody who says "it should be ok to pollute, and to make toxic products because the free market will regulate itself and people will make good choices" is lying to you. Because it won't happen that way.
  
  --
  Lost at C:>. Found at C.
9. Re:Repeat with me by sjames · 2014-11-11 03:28 · Score: 1
  
  The problem is that the technology to make the breaches meaningless has existed for decades now but the banks refuse to implement anything like it. The banks are the ones that have foisted the fundamentally flawed system on the retaiolers and now expect them to spend bucketloads of cash on shoring it all up.
  As long as they are allowed to continue pushing the costs off onto merchants and consumers, the problems will continue.
  For example, if credit cards were smart cards and consumers carried a cheap dumb card terminal with them, they could cryptographically sign transaction records which retailers could submit once. It wouldn't actually matter at that point if each and every such record was copied as soon as it was made or even if the POS terminal was actively infected at the time. The records could only cause the purchase amount to transfer from customer to merchant once.
10. Re:Repeat with me by FictionPimp · 2014-11-11 03:56 · Score: 1
  
  Which is the exact opposite of what merchants are trying to do with their shitty CurrentC.
  They don't want security, they want protection from liability. They probably want to move that liability onto the consumer.
11. Re:Repeat with me by silfen · 2014-11-11 04:03 · Score: 1
  
  Sometimes regulation protect all of us, not just corporations. This could be one of those.
  Or maybe not. Along with such regulations usually comes immunity from liability lawsuits.
12. Re:Repeat with me by Anonymous Coward · 2014-11-11 04:24 · Score: 0
  
  Okay, so when someone steals someone else's credit card regardless of source of breach and spends that money at Mom and Pop shop you think the Mom and Pop shop should pay the penalty for accepting a card that as far as they know is valid? The system is fundamentally flawed. Apple and Google have recognized this for a long time and Paypal realized it even further back. You need a trusted party in the middle who's job it is to secure these transactions. If retailers don't have actual payment data then they can't lose said data.
  A formalized process for this would be beneficial to all as long as it didn't end up like Paypal. It wouldn't end fraud but it would make it much easier to identify and a whole lot easier to clean up.
13. Re:Repeat with me by Immerman · 2014-11-11 04:53 · Score: 1
  
  That addresses a completely different attack vector, and I agree that the banks should be stepping up there. However, when Mom&Pop Co. has their credit card database stolen and I get hit with a bunch of fraudulent charges, yes - they should be at least partly liable.
  Granted though - regulations requiring the banks to offer actual secure transactions would likely be a far more appropriate response: In a free market Mom&Pop would simply and easily reduce their liability by refusing to use insecure banking technology, but in a country where essentially no banks offer such technology their choice is only between accepting the insecurity or passing up the sales opportunity.
  
  --
  --- Most topics have many sides worth arguing, allow me to take one opposite you.
14. Re:Repeat with me by sjames · 2014-11-11 05:27 · Score: 1
  
  Yes, but likely in part because the last few years have made it apparent that banks will never be held accountable for the laws they break.
15. Re:Repeat with me by afidel · 2014-11-11 07:00 · Score: 1
  
  Wrong, the reason we don't have EMV in the US is the retailers didn't want to pony up the cash to upgrade their POS systems. The banks finally put their foot down about 18 months ago and set a deadline that shifts the liability for non-EMV transactions to the retailer starting 9/2015.
  
  --
  There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
16. Re:Repeat with me by sjames · 2014-11-11 07:21 · Score: 1
  
  Too bad they went from a totally broken system to a half broken system when they could have gone to a functional system.
  Then there's the matter of the tech being decades old. They had the option to introduce it through attrition so the cost would be part of the normal upgrade cycle.
17. Re:Repeat with me by afidel · 2014-11-11 07:33 · Score: 1
  
  In cryptography old is good as long as the cypher strength is still sufficient to thwart expected attacks. The only weakness in EMV I'm aware of is a man in the middle attack against chip-n-pin where you can send a pin not required signal to the terminal if you can get between the card and the terminal. Since most US banks will be doing chip and signature, not chip and pin that's moot. If you're aware of another attack on EMV then please enlighten me.
  
  --
  There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
18. Re:Repeat with me by sjames · 2014-11-11 08:59 · Score: 1
  
  Web and mail order (that is, card not present transactions in general).
  A proper public key signature card benefits from being old (well understood) and having a sufficient key strength. It could even be used to sign a recurring charge authorization.
19. Re:Repeat with me by Anonymous Coward · 2014-11-11 09:30 · Score: 0
  
  For example, if credit cards were smart cards and consumers carried a cheap dumb card terminal with them, they could cryptographically sign transaction records which retailers could submit once. It wouldn't actually matter at that point if each and every such record was copied as soon as it was made or even if the POS terminal was actively infected at the time. The records could only cause the purchase amount to transfer from customer to merchant once.
  Isn't this somewhat how Apple pay is supposed to work? I notice that a bunch of powerful retailers shut that down real quick so they could push their own ultra-insecure version, they won't start operating publicly for at least another year and they have already had a significant data breach - [[news.slashdot.org/story/14/10/29/1641259/apple-pay-competitor-currentc-breached]].
Er...lobbiest fails to do job, so panic? by xxxJonBoyxxx · 2014-11-11 01:32 · Score: 4, Insightful

>> gridlock...nation's retailers
Er...lobbiest fails to do job, so panic?
>> they would bear the brunt of whatever legislation is passed....there are 47 different state-based security breach notification laws
In other words, they want a single Federal law to replace all the state laws, which would do two things: 1) allow them to concentrate their efforts on watering down the federal law 2) take the ability for people to collect damages against it out of state courts and 3) reduce their notification costs because they would only do the bare minimum required by the federal law (e.g., filing it in a basement drawer marked with "beware the leopard"). I see no "brunt" here. (IANAL)
1. Re:Er...lobbiest fails to do job, so panic? by Trailer+Trash · 2014-11-11 04:01 · Score: 1
  
  There's more to it. Note the last line - banks want to make retailers pay for their expenses when these breaches occur. My bank just had to send me (and presumably thousands of other people) new debit cards due to the Home Depot breach, for instance. That cost them plenty in aggregate - sending me a letter and then a new card. It's not much, maybe $2 or $3 for me, but multiply that by 10,000 or 100,000 and suddenly some money's in play.
  So if the retailers can hijack the "regulation" they can write it such that they don't have to reimburse banks.
  I know this is hard for some people to understand, but big business *wants badly* to be "regulated". They have the money to buy legislation, so they won't personally be regulated or they will be regulated to the extent that the regulation simply defines their current business processes and won't harm them. The point of such legislation is to create barriers of entry into their markets and harm smaller competitors. And, in this case, other businesses that wish to extract money from them.
  
  --
  Do you have ESP?
2. Re:Er...lobbiest fails to do job, so panic? by Optic7 · 2014-11-11 06:15 · Score: 1
  
  Your guess for the cost to produce a regular credit/debit card is exactly right, but chip cards apparently cost a lot more. Bank of America sent me a new "chip-and-signature" card (yuck, why not chip-and-pin, so frustrating) after the Home Depot breach. According to this article:
  
  "The cost to produce and distribute a card to a customer is under $2. The cost to make and distribute a chip card to a customer is between $15 and $20," says Coleman.
  The last link on TFS says that just community banks and credit unions are already on the hook for $160 million. That's not even counting the banking giants. We're talking LOTS of money lost and wasted by a lot of people because of Target, Home Depot, et al being lax with their security.
3. Re:Er...lobbiest fails to do job, so panic? by Trailer+Trash · 2014-11-11 06:30 · Score: 1
  
  One thing to note is that the chip card shouldn't need to be replaced after one of these breaches since they're doing end-to-end encryption, so hopefully it's a one-time cost that they were going to incur anyway.
  
  --
  Do you have ESP?
4. Re:Er...lobbiest fails to do job, so panic? by Optic7 · 2014-11-12 13:57 · Score: 1
  
  I'm not positive about the technical aspects of the chip, but just thinking about it, I don't believe that chip cards protect you from certain fraudulent transactions, like online purchases. I'm giving the website my card number, expiration date, card verification number, name, and billing address.
  Someone who gains access to all that information stored by the retailer would certainly have all they need to initiate another online transaction elsewhere. The only way the bank has of preventing that would be to issue a new card number.
Translation by Charliemopps · 2014-11-11 01:42 · Score: 2

Translation: Please pass a law that dictates the minimum effort we are required to put forward so we can barely meet that very low bar and not get sued. As it is, we have to actually pay attention to security and update constantly. If you pass a law, it will be out of date in about 3 months... but hey! At least we can't get sued. And that's all that really matters.
1. Re:Translation by mrchaotica · 2014-11-11 01:51 · Score: 4, Insightful
  
  There is a less pessimistic translation: "Please pass a law so that our competitors are forced to spend money securing their systems, so that we can justify doing so without fear of being out-competed."
  
  --
  "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
2. Re:Translation by Anonymous Coward · 2014-11-11 02:02 · Score: 0
  
  There is more pessimistic translation which is, sadly, historically more common: "Please pass watered down federal legislation that will preempt the consumer protection laws being passed in more states than just California."
  Ironically it will be the small government, states rights Republicans who will be the most in favor of another federal preemption of existing state laws.
3. Re: Translation by Anonymous Coward · 2014-11-11 02:35 · Score: 0
  
  This is totally an effort to blunt the state regulations. The goal is to reduce compliance from California to deep south levels.
4. Re:Translation by oh_my_080980980 · 2014-11-11 02:37 · Score: 1
  
  Umm no, it's the above: "Currently, there are 47 different state-based security breach notification laws, as well as laws in the District of Columbia and Guam."
  
  Jackass.
5. Re:Translation by Charliemopps · 2014-11-11 03:49 · Score: 1
  
  There is a less pessimistic translation: "Please pass a law so that our competitors are forced to spend money securing their systems, so that we can justify doing so without fear of being out-competed."
  less pessimistic = extremely unlikely but supports my world-view so I chose to believe it despite the evidence.
6. Re:Translation by roman_mir · 2014-11-11 10:23 · Score: 1
  
  Obviously this is the correct interpretation of what is being demanded here. Yes, some retailers want government to help destroy their competition for them. The reality is that there is plenty of market forces at play here. If you know that a particular retailer doesn't take your information seriously enough and a breach happens and there is no adequate timely response to your satisfaction, you are not going to buy through this retailer anymore. What this regulation would do is make sure that there is LESS competition, not more, this way the security breaches will still happen with the large retailers, but the smaller ones will not be there anymore because the government will regulate them out of this type of business so the consumer will have no choices left.
  
  --
  You can't handle the truth.
7. Re:Translation by david_thornley · 2014-11-12 06:42 · Score: 1
  
  Except that such competition depends on people knowing what's going on. I don't know much about the security Target used to have, before their breach. I don't know how, or whether, they've improved it. I know they had a major breach, and at least some credible speculation about what happened, and that's it. Right now, I don't know if Target or Home Depot has better security.
  
  --
  "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
8. Re:Translation by roman_mir · 2014-11-12 08:19 · Score: 1
  
  Right, but you wouldn't be in any different position if any government regulations were enforced, you would have false sense of security and less competition for your money by fewer retailers. As a customer right now you can avoid Target and/or Home Depot and that is the market pressure that the companies would have to consider to improve and become more transparent if enough people care and stop buying there. With government regulations you would just have no choices at all, Target and Home Depot would be the only stores if they could get government to destroy their competition with regulations. Would Target and Home Depot be more secure and more transparent with government regulations? No, they just would have less competition.
  
  --
  You can't handle the truth.
9. Re:Translation by david_thornley · 2014-11-14 04:12 · Score: 1
  
  What I'm saying here is that market forces DON'T WORK for this. I can't really tell security with transparency from covered-up incompetence. I know that Target leaked credit card information, but how secure is Wal-mart? Have they been leaking for years without telling anybody? How would I know?
  If government regulations were enforced, I'd at least have more information on security. This comes with costs, as you point out, so I really don't know what the best thing to do is.
  
  --
  "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
10. Re:Translation by Your.Master · 2014-11-14 23:11 · Score: 1
  
  How is it extremely unlikely? What evidence are you talking about?
Grover Norquist called by Ol+Olsoc · 2014-11-11 01:49 · Score: 0

Sorry, the Government has been drowned in the bathtub.
This consumer protection stuff is just more liberalati socialistic hogwash.
First, they'll want to regulate the hackers, next thing you know they'll be sending jack booted thugs to take your sons and daughters to FEMA homo training camps.
Wake Up America!

--
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
1. Re:Grover Norquist called by Lehk228 · 2014-11-11 01:55 · Score: 0
  
  > FEMA homo training camps
  
  that is like boyscout camp but with somewhat less homoeroticism, right?
  
  --
  Snowden and Manning are heroes.
2. Re:Grover Norquist called by Anonymous Coward · 2014-11-11 02:32 · Score: 0
  
  This consumer protection stuff is just more liberalati socialistic hogwash.
  Ah, the Libertarian view ... you're free to die in a fire, starve, or get killed by a shoddy product ... anything else would be an impediment to the form of douchebag capitalism we think is the natural order of society.
  I sincerely hope you die a traumatic death at the hands of a greedy corporation who doesn't care about your safety.
  That would be awesome.
3. Re:Grover Norquist called by oh_my_080980980 · 2014-11-11 02:38 · Score: 1
  
  Except it's not consumer protection. It's corporate protection. Try taking our head out of your ass sometime.
4. Re:Grover Norquist called by silfen · 2014-11-11 04:06 · Score: 1
  
  FEMA homo training camps.
  That sounds like fun. Unfortunately, instead, they just hand the money to their corporate cronies.
  
  This consumer protection stuff is just more liberalati socialistic hogwash.
  Just because something is called "consumer protection" doesn't actually make it "consumer protection".
5. Re:Grover Norquist called by Ol+Olsoc · 2014-11-11 05:34 · Score: 1
  
  > FEMA homo training camps that is like boyscout camp but with somewhat less homoeroticism, right?
  Well played sir, Well played!
  
  --
  The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
6. Re:Grover Norquist called by Ol+Olsoc · 2014-11-11 05:36 · Score: 1
  
  Except it's not consumer protection. It's corporate protection. Try taking our head out of your ass sometime.
  Speaking of, it's pretty plain to see you have a sore one. It can be pretty tough at those Focus on the Family rallies.
  No humor gene, it would appear.
  
  --
  The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
7. Re:Grover Norquist called by Ol+Olsoc · 2014-11-11 05:37 · Score: 1
  
  FEMA homo training camps.
  That sounds like fun. Unfortunately, instead, they just hand the money to their corporate cronies.
  
  This consumer protection stuff is just more liberalati socialistic hogwash.
  Just because something is called "consumer protection" doesn't actually make it "consumer protection".
  Should I send a Whoosh with my posts these days?
  
  --
  The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
8. Re:Grover Norquist called by silfen · 2014-11-11 05:51 · Score: 1
  
  Should I send a Whoosh with my posts these days?
  No. Should I?
9. Re:Grover Norquist called by Ol+Olsoc · 2014-11-11 12:58 · Score: 1
  
  >I sincerely hope you die a traumatic death at the hands of a greedy corporation who doesn't care about your safety.
  That would be awesome.
  And I sincerely hope that you live a long, happy, and healthy life.
  
  --
  The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
Computer, Electronic Security by Anonymous Coward · 2014-11-11 01:53 · Score: 0

Hmm, are they possibly starting to take computer and electronic security seriously? Not holding my breath, but maybe, just maybe they should throw some of that money at the security folk, rather than lobbyists. Might have a better ROI.
Wrong Threat Model by Anonymous Coward · 2014-11-11 01:54 · Score: 0

We don't need to pass legislation to ensure retailers have decent security. Europe already has it figured out. You put chips in your credit cards, and your credit card never leaves your sight when paying at a restaurant, etc. *That* would eliminate far more problems than making retailers promise to have good security, which in reality will never be good enough.
Missing the point. by Orgasmatron · 2014-11-11 01:56 · Score: 1

This isn't (just) about trying to dodge liability by having defined standards to meet.
The big retailers are all spending shitloads of money on security because they have to. Now they want regulations that require everyone else to do the same.
A few million each year for security compliance is nothing to Target or Walmart. It is a dagger in the heart of their local and regional competition.

--
See that "Preview" button?
1. Re:Missing the point. by TigerPlish · 2014-11-11 02:03 · Score: 1
  
  A few million each year for security compliance is nothing to Target or Walmart. It is a dagger in the heart of their local and regional competition.
  Mom and Pop don't have their own POS. They use payment processing houses. It's the Big Dogs that have their own POS systems.
  
  --
  The "Civilized World" jumped the shark ca. 1973.
2. Re:Missing the point. by oh_my_080980980 · 2014-11-11 02:42 · Score: 1
  
  Jesus tap dancing Christ. Read the fucking article. It has nothing to do with forcing companies to spend any money on security! It's about the "...47 different state-based security breach notification laws, as well as laws in the District of Columbia and Guam" The retailers want one single system for NOTIFICATION of a breach: "A single federal law applying to all breached entities would ensure clear, concise and consistent notices to all affected consumers regardless of where they live or where the breach occurs."
  
  Do you understand now moron!
Am I missing something by Anonymous Coward · 2014-11-11 02:09 · Score: 0

They sent a letter demanding more regulation?

Isn't there already legislation and requirements for this stuff already?

Why now with the stroke of a magic pen will things be fixed?
Shift the cost to the consumer ... by CaptainDork · 2014-11-11 02:09 · Score: 2

The banks are not the point of contact for the consumer ... the retailer is. Banks AND retailers want the retailer to bear the cost so the retailer can pass it on to the consumer.
Consumers, in one form or another, will be responsible for breaches.

--
It little behooves the best of us to comment on the rest of us.
1. Re:Shift the cost to the consumer ... by Anonymous Coward · 2014-11-11 03:13 · Score: 0
  
  Consumers, in one form or another, are responsible for every cost of everything. There's no economic system in the past, present, or future where this isn't true so it would be nice of people stopped pretending it was an argument for or against anything.
2. Re:Shift the cost to the consumer ... by cdrudge · 2014-11-11 03:50 · Score: 1
  
  Consumers, in one form or another, will be responsible for breaches.
  We (the consumers) always have been. If breaches start to hurt the bottom line of the processors, merchant fees will just increase. Merchant fees increasing will result in merchandise prices to rise or credit card surcharges (where legal).
Gridlock by Anonymous Coward · 2014-11-11 02:10 · Score: 3, Funny

Gridlock? Yes, the democrat Senate has prevented many bipartisan House bills from passing. It will be good to see the Senate in the hands of the GOP. Hopefully Obama won't continue the gridlock by vetoing bills.
1. Re:Gridlock by oh_my_080980980 · 2014-11-11 02:43 · Score: 2
  
  You mean like the immigration reform bills tied up in the house that would pass if Boehner allowed a vote? Yeah keep promoting that canard....
2. Re:Gridlock by Anonymous Coward · 2014-11-11 02:57 · Score: 0
  
  Amnesty was not a bipartisan bill. It was a corrupt agreement between the left and their RINO stooges. Speaker Boehner did the Republic a great service by denying it a vote.
3. Re:Gridlock by gurps_npc · 2014-11-11 03:16 · Score: 1
  
  If the bills were bipartisan, then the democrats would be helping it by definition.
  How much do you get paid to put forth idiotic political propaganda like this?.
  As for your silly wish for Obama to roll over and be the GOP's lapdog, he's got way too much of a backbone to do that.
  
  --
  excitingthingstodo.blogspot.com
4. Re:Gridlock by AK+Marc · 2014-11-11 10:37 · Score: 1
  
  Ah, RINO, the Scotsman of the USA. The Official Republican party let them in, approved their platform and stance. They are Republican in name only only if *all* Republicans are in name only.
  
  --
  Learn to love Alaska
Oh, that one. by sootman · 2014-11-11 02:15 · Score: 0

When I saw the first three words of the headline, I thought it was going to be about this fucktard.

"Net Neutrality" is Obamacare for the Internet; the Internet should not operate at the speed of government.
Senator Ted Cruz, TX
What an absolutely fucking disgusting display of "If Obama is for it, I'm against it."

--
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
1. Re:Oh, that one. by Anonymous Coward · 2014-11-11 02:19 · Score: 1, Insightful
  
  Ted Cruz is a fine American. Get used to him, he will be leading this great nation.
2. Re:Oh, that one. by Anonymous Coward · 2014-11-11 02:38 · Score: 0
  
  Ted Cruz is a fine Canadian. Get used to him, he will be leading this great nation.
  FTFY
3. Re:Oh, that one. by oh_my_080980980 · 2014-11-11 02:44 · Score: 1
  
  LMOL - only in your tiny little mind.
4. Re:Oh, that one. by Anonymous Coward · 2014-11-11 03:43 · Score: 0
  
  Welcome to Slashdot, Mr. Cruz!
  "TED Talks" doesn't mean what you think it means.
5. Re:Oh, that one. by AK+Marc · 2014-11-11 10:39 · Score: 1
  
  He's a Cuban-Canadian ineligible for Presidency.
  
  --
  Learn to love Alaska
Permission to be secure by penguinoid · 2014-11-11 02:19 · Score: 1

Consumers don't properly appreciate cyber security. Nor do stockholders. This makes it difficult to justify the expense of proper security. But if it is a legal requirement, then you can do it.

--
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
1. Re:Permission to be secure by Another,+completely · 2014-11-11 02:36 · Score: 1
  
  And if your competitors have to do it also, then they can't undercut you with their simpler and cheaper (although less secure) systems.
Seems logical enough on their part by charronia · 2014-11-11 02:27 · Score: 1

Because really, who wants to deal with 47 different state laws when you can just have one federal law? At the very least, it would save their legal departments a lot of headaches.
Retailers can improve security in one big way by Applehu+Akbar · 2014-11-11 02:28 · Score: 3, Interesting

Just turn NFC back on while you wait for CurrentC to get off the ground and be tested sometime next year. It's already on your registers, and some of the NFC vendors have high-grade security that sharply reduces the risk of credit card breaches.
Lenders are the culprits. by 140Mandak262Jamuna · 2014-11-11 02:35 · Score: 1, Interesting

Data breach and identity theft etc would not be a serious issue if the lenders exercised due diligence before extending credit to make sure the borrower's credentials are correct. They make sure it is impossible for ordinary person to lock up the credit reports and credit to make sure no unauthorized accounts are opened unbeknownst to them.
If we make the lenders liable for all the damage caused by them. We don't even need any new laws for this. The lender has all the right to be very lax and extend credit to any Tom Dick or Harry. But if they are going to report to credit reporting agencies about default or missed payments, they have to prove that the credit was extended to the correct person. If they mistakenly report missed payments on the victim of identity thefts, the banks should be fully liable for all the damage caused to the innocent party.
The banks are the worst. They extend credit without checking. They destroyed the cheap Point-of-sale pin encoded debit/ATM transactions by conflating it with credit transactions. Merchants who used to pay a flat fees of 25 cents or so per transactions are being saddled with 2%.
The financial sector has gone from less than 5% of S&P500 index to 15% of the index. From all the economic activity going on in the country the banks rake in more than 50% of the profits. Companies that take the risk and actually make products make much less money than the the banks.
The banks have grown too big to fail, too big to jail.
All the talk about government must be small misses a crucial point. The moment the government becomes smaller than the most powerful person, that person would drown the government in a bath tub. The courts have ruled corporations are people. Now corporations are actively drowning the government in a bathtub. The banks are at the forefront. If we don't realize and and reign in the banks, we are doomed.

--
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Gridlock is so bad ... by RoccamOccam · 2014-11-11 02:41 · Score: 2

The gridlock has been so bad that the American public has voted to fix it. Yay!
1. Re:Gridlock is so bad ... by Anonymous Coward · 2014-11-11 04:23 · Score: 0
  
  | The gridlock has been so bad that the American public has voted to fix it.
  How, with a Republican Congress and a Democratic President?
  Please be prepared to meet Gridlock 2.0
2. Re:Gridlock is so bad ... by paulpach · 2014-11-11 06:04 · Score: 1
  
  The gridlock has been so bad that the American public has voted to fix it. Yay!
  I will gladly take gridlock over the out of control goverments we have had in the last 13 years or so.
  If Obama was incapable of passing a single law for the rest of his term, I would be very happy. I wish there was this gridlock when Bush was president pushing for bailouts.
3. Re:Gridlock is so bad ... by Anonymous Coward · 2014-11-11 08:47 · Score: 0
  
  ... was this gridlock when Bush was president ...
  
  Hmmm. So one US party is better at shifting the blame. Or, to be accurate, the US voters punish one party less than the other.
Retailers Already Pay by rjstanford · 2014-11-11 02:53 · Score: 1

The cost of fraud and security is built in to the interchange rates that make up the bulk of card-present fees from Visa et al. By and large, the retailers already cover those costs. If specific retailer-focussed fines are put in place they should be accompanied by a drop in interchange rates (not going to hold my breath here). Also, by reducing cost-sharing and increasing self-insurance, that's another way of squeezing out smaller merchants (who can't begin to cover those costs) in favor of the larger ones (who don't need external underwriting to do so).

--
You're special forces then? That's great! I just love your olympics!
Yep by Anonymous Coward · 2014-11-11 03:10 · Score: 0

Good regulations are good for business because they establish the ground rules of the game. Good regulations also give business a good legal defense. However, waiting until the day after Republicans had taken control of the Congress before releasing this letter is fairly suspicious. It has the appearance of shopping for regulators in the hopes that any consumer protections passed by a Republican Congress will be weak and ineffective.
They are hoping for an easier out by Anonymous Coward · 2014-11-11 03:18 · Score: 0

If you think any business is asking for new regulation with an eye towards helping consumers, I have a bridge to sell you.
The hope is that the federal law, because it can be lobbied heavily, will be weaker than the individual state laws. Even if not, it will make compliance easier (1 reg to go against vs. 47 with differing requirements).
Come on Obama, use reverse psychology! by sootman · 2014-11-11 03:43 · Score: 1

Now that the Rs are in power, it's time to Obama to lean in and take one (or ten) for the team. Everything that's good, come out against it; everything that's bad, say you support it. The Rs will slavishly oppose and BAM! Progress.

--
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
North Pacific, a musical by Impy+the+Impiuos+Imp · 2014-11-11 03:55 · Score: 1

> and Guam
"Oh no! Someone took the credit card receipts from the grocery's trash! Well, according to Guam law, we must notify consumers."
(Opens window). "Hey, Frank! Charlie took your credit card receipt! Oh, and Paul, get your damned chickens off the runway!"

--
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
The summary is wrong by MobyDisk · 2014-11-11 03:59 · Score: 1

The summary claims that the retailers would bear the brunt of the legislation. The opposite is true. The letter is written by retailers, asking for increased regulation of cloud providers and banks. The letter is specifically calls out Apple and J.P. Morgan as the causes of recent data breaches. It complains that the retailers are responsible for notifying their customers of breaches, but they aren't the only link in the chain.
Regulation should make it "regular" by magarity · 2014-11-11 05:06 · Score: 1

there are 47 different state-based security breach notification laws
These retailers should be careful what they wish for. One of the main problems with health insurance used to be that every state had its own set of laws and licensing. Now that the feds took over the regulation of it they not only require everyone buy it but also dictate coverage levels, like it or not.
1. Re:Regulation should make it "regular" by slew · 2014-11-11 08:10 · Score: 1
  
  there are 47 different state-based security breach notification laws
  These retailers should be careful what they wish for. One of the main problems with health insurance used to be that every state had its own set of laws and licensing. Now that the feds took over the regulation of it they not only require everyone buy it but also dictate coverage levels, like it or not.
  Sigh... Actually the way Obamacare is set up, insurance companies should *like* it. They theoretically get lots of new customers who are forced to buy their services and are pretty much guaranteed 20% of the premiums to run their business (80% has to go to medical reimbursement) and they are allowed to pick and choose the medical providers they will contract with... It's likely the patients that get the screw on this (other than the sorely underused HRA option which is another can of worms)...
  Similarly, the large retailers would like a defined standard security coverage levels for POS transactions. The large retailers will simply pass this cost on to the consumers confident in the knowledge that nobody can undercut them in this dimension (as they have economies of scale). It's likely the consumers that will get the screw on this one as they will have to pay for the security upgrades for the smaller retailers...
  I think people don't generally realize how much they are actually paying for the convenience of credit card transactions as the costs are cleverly hidden from them. In fact, until recently, the costs were mostly handled in a completely regressive manner (rich generally pay less, poor pay more). Interest payments subsidized the no-fee cards for those freeloaders (industry term) that don't carry monthly balances, Rewards cards dollars are extorted directly from the merchants (merchants have to pay a higher percentage to clear rewards cards than non-rewards cards). The money comes from the merchants so they charge higher prices, and the banks skim the money that is passed through them.
  Consumers addicted to plastic payment are essentially enabling the banks to skim money from the retailers (and thus you the consumer)... Think of these two questions you might ask a random consumer...
  Would like a convenient way to pay such that you will pay 3% higher prices to retailers so that large banks can get 50% of that money?
  Or would you like a convenient way to pay if I gave you back 1% of your purchases volume so you can spend more money?
  Clever, those credit card companies, aren't they ;^)
Better translation by Anonymous Coward · 2014-11-11 05:35 · Score: 0

"We don't mind paying a lot for things like this as long as all of our competitors have to pay about the same as well. If none of our competitors can skimp out on these costs, we can all just raise prices and if the consumer really wants or needs the items we sell, he will buy them and he will absorb the cost."
D.C. streets congested? by Anonymous Coward · 2014-11-11 05:54 · Score: 0

Am I the only one that read the title as Retail stores in Washington, D.C. upset about traffic congestion, beg Congress to fund traffic improvements so people can get to their stores and buy stuff.
Micro case study ... by quax · 2014-11-11 06:54 · Score: 1

... of why libertarians are wrong about the role of governments.
Free markets are nothing that comes about naturally. It is the governments that create the regulatory framework that allows for free markets to function.
Business hurt when governments fail in this most important job.
This is mildly amusing by Loopy · 2014-11-11 08:43 · Score: 1

Here we see people clamoring for government regulation of tech issues after numerous stories on that same government's lack of understanding of tech issues. Really?
If the banks charge the retailer that suffered the breach for the damages resulting from the breach, then only the offenders suffer rather than making everyone suffer under onerous and ill-conceived regulations. Not to mention that charging for the damages from a breach means the punishment will actually fit the crime. Further, punishing a single guilty retailer for a breach means the customers can go to another retailer that is not having to raise prices to cover a breach fine, which is even more incentive for a company to protect against a breach in the first place.
And all this takes place without the need for 2000 pages of regulation that nobody will be able to understand and no risk of unintended consequences resulting from it that nobody can fix because of the same gridlock the article summary complains about.
It's like that scene in Kill Bill where Budd's manager tells him that "fucking with your cash is the only thing you kids seem to understand."
1. Re:This is mildly amusing by david_thornley · 2014-11-12 06:50 · Score: 1
  
  How do you determine what costs come from a particular breach? Some are obvious ("Here, Home Depot, this is a bill for $2 for every card we had to replace because of you"), some are not ("there's a fraudulent card-not-present transaction here from somebody whose card may have been leaked by Home Depot or Target or somebody").
  
  --
  "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
Maybe I'm missing something by Anonymous Coward · 2014-11-11 12:10 · Score: 0

But wouldn't a lot of these problems go away if people started using CASH when they go to a brick-and-mortar to shop? I know retailers and such wouldn't like it, since they couldn't track individual customers nearly as well. But them tracking my habits isn't my problem.
If the Brain dead Bankers would think by Anonymous Coward · 2014-11-12 10:45 · Score: 0

If the Brain dead Bankers would think instead of putting things like peoples social security number and other personal data on the cards, things would improve immensely. I agree, this is just a way for banks and retailer to not be sued.