Court: FTC Can Punish Companies With Sloppy Cybersecurity

jfruh writes: The Congressional act that created the Federal Trade Commission gave that agency broad powers to punish companies engaged in "unfair and deceptive practices." Today, a U.S. appeals court affirmed that sloppy cybersecurity falls under that umbrella. The case involves data breaches at Wyndham Worldwide, which stored customer payment card information in clear, readable text, and used easily guessed passwords to access its important systems.

I agree with this in principle, however...

[Rainbow+Nerds]

What constitutes sufficiently strong security practices? This seems subjective unless there are clear rules published. Obviously we'd agree that the practices in the summary are truly awful, but there are plenty of data breaches that don't seem quite as egregious. Are there going to be standards for applying patches to vulnerable software? What about human error such as tricking someone to giving out data they shouldn't or losing hard drives with data? Unless clear standards are published, this seems like an opportunity for selective enforcement. Also, while I understand it's a different agency, the US government is one of the worst offenders in terms of poor security practices. Who will hold the IRS accountable for their data breach, for example? It's hypocritical for the government to hold businesses accountable when they're an awful offender, too.

Re:Corporations

[penguinoid]

The trouble is when the CEO says "don't bother with security", and his underlings have to obey or get fired, then the CEO claims he can't be blamed for the actions of his underlings. Of course, the way the CEO says "don't bother with security" is by setting spending and productivity requirements, such that no spending can actually be done on security else you get fired for lack of productivity.

Re:oh, man. Prepare for another round.

[Required+Snark]

So how many big US banks have assumed huge risks for short term profits since Sorbanes-Oxley passed? You talk as if it was a plague of locusts that mysteriously descended out of the sky for no discernible reasons. It passed because Wall Street fucked up the entire world economy out of incompetence and greed.

Were you asleep since 2008 or are you mentally deficient? Those are the only two reasons I can think of for your idiocy.

Given the chance, big business behaves like meth freak with rabies. They are not trustworthy. There is no such thing as "business ethics".

There is only one goal: making the people at the top as rich as possible. Nothing else counts. This is why 10% of the profits of large US companies go to the CEO. That's insane. No where else in the world is this true.

Even after Sorbanes-Oxley the banking sector remains unchanged. We've seen international currency rigging, wholesale tax cheating and money laundering. There have been tens of billions of dollars of fines. It's still the same rigged game.

Sorbanes-Oxley is too weak. Until CEOs and board of director members go to jail it will never stop. So far no one has gone to jail. Not one person. The only people who do time are people convicted on insider trading, which is a joke. That is petty crime compared to what people like Mozilo did at Countrywide Mortgage.

If we are ever going to ride ourselves of our completely corrupt economic system a lot of very rich people are going to have to spend decades in jail and be stripped of every penny they stole. And we are going to have to break up the monopolies and de facto cartels that dominate the economy. Only then will we get back to functioning capitalism. If you think that our economy is capitalistic then you are truly delusional.