Congresswoman Destroys Equifax CEO Mark Begor About Privacy

An anonymous reader shares a report: In a congressional hearing on Tuesday, Representative Katie Porter (D-CA) asked whether Equifax CEO Mark Begor would be willing to share his address, birth date, and Social Security number publicly at the hearing. Begor declined, citing the risk of "identity theft," letting Porter criticize Equifax's legal response to the 2017 security breach that exposed almost 150 million people's data of that sort to an unknown intruder. The company had unsuccessfully asked a judge presiding over a class-action suit over the breach to dismiss it, saying the plaintiffs hadn't "sufficiently alleged injury and proximate causation" to bring suit, as Yahoo Finance reported late last month.

This guy should be in prison

[WCMI92]

But they won't do that. Because he's rich. Filthy rich.

Re:This guy should be in prison

[DickBreath]

The only way to fix this is to make data breaches MUCH more expensive than what it costs to make their systems secure. With a side order of mandatory executive jail time just to be sure.

Re: This guy should be in prison

the congress should really do something about that you can make binding contracts with just this set of information though.

as none of it is actually "secret" and cannot remain secret when it is used for making stuff like credit card applications.

like, theres 3rd world countries where identity theft is harder to commit than in usa.

Re:This guy should be in prison

The only way to fix this is to make data breaches MUCH more expensive than what it costs to make their systems secure. With a side order of mandatory executive jail time just to be sure.

Once the threat of jail time is held over any CxO position, good fucking luck filling it.

The money would have to be at the non-extradition-country level for most to consider it.

Re:This guy should be in prison

[DickBreath]

The jail time would need to be an option for willful negligence where profit was prioritized over actual data security.

The point of a financial penalty IS to force them to prioritize correctly. The costs of investing in security will be less than the cost of a breach. That incentive is exactly backwards at present.

If this is willfully ignored, then the jail time option needs to become available.

Re: This guy should be in prison

Yes because asking questions is now illegal in this country. Perhaps you should re-read the Constitution, because I don't believe you'll like what it says.

Re: This guy should be in prison

[dougdonovan]

i hear equifax is looking for a new ceo.

Re:This guy should be in prison

[ShanghaiBill]

If this is willfully ignored, then the jail time option needs to become available.

It was not willfully ignored. The CTO was a music major. All the evidence points to oblivious incompetence. There was no decision to be evil and greedy by trading security for profit, because they were too dumb to realize such a tradeoff even existed.

If we are going to incarcerate people for incompetence, we are going to need a lot more prisons.

Re:This guy should be in prison

[ShanghaiBill]

But they won't do that. Because he's rich. Filthy rich.

They also won't do it because there is no evidence that he did anything wrong.

The breach occurred in March 2017.

He became CEO in April 2018.

Re: This guy should be in prison

Time to bring out the guillotines.

Re: This guy should be in prison

[ShanghaiBill]

like, theres 3rd world countries where identity theft is harder to commit than in usa.

Umm ... all of them. All the other first world countries too. Identity theft is mostly an America-only issue.

Only in America do we base our financial security on a number that is expected to be both secret and widely shared.

The solution is not "throw more people in prison". Instead, we should ban the use of SSNs for authentication.

Re:This guy should be in prison

If this is willfully ignored, then the jail time option needs to become available.

It was not willfully ignored. The CTO was a music major. All the evidence points to oblivious incompetence. There was no decision to be evil and greedy by trading security for profit, because they were too dumb to realize such a tradeoff even existed.

If we are going to incarcerate people for incompetence, we are going to need a lot more prisons.

Correct. It was sheer incompetence. Unlike the TARGET breach, which *WAS* willful. The CTO and CIO were told many times that their systems were insecure and they CHOSE to not secure them due to the cost.

Re:This guy should be in prison

100% true. If he was a regular rank-and-file employee, he'd be behind bars and his life would be ruined. But since he's the CEO, this is the worst he has to endure. A few moments of uncomfortable questioning and then go back to counting his millions

If someone yelled at me once a year but I got to make tens of millions a year, I'd be totally OK with that.

Re:This guy should be in prison

[kaizendojo]

Which is correct of course, but never going to happen under this administration.

Re:This guy should be in prison

[Puls4r]

100% Nope.

If someone climbs onto a piece of heavy machinery like a crane and proceeds to kill someone - they are still prosecuted. If someone picks up a handgun and shoots someone, they are still prosecuted even if they have no training or knowledge on how to use the handgun.

Ignorance is NOT a defense. Especially in a situation where someone is put into a position of power. You could even extend the prosecution to the people who PUT the CTO in the position, because they knew he / she didn't have the experience or knowledge necessary to execute the job.

Re: This guy should be in prison

[jbmartin6]

So when you call a mobile phone service provider, or a bank, in China and ask them to help you log in to online service portal or otherwise make some change, how do they authenticate you?

Re: This guy should be in prison

In Bulgaria, you simply can't. You show up in person with a photo id.

Re: This guy should be in prison

[ShanghaiBill]

So when you call a mobile phone service provider, or a bank, in China and ask them to help you log in to online service portal or otherwise make some change, how do they authenticate you?

They authenticate with a mobile phone and WeChat or AliPay PIN. Identity theft is essentially nonexistent in China.

Re:This guy should be in prison

[Guybrush_T]

Just implement the GDPR in the US. But I'm sure by the time it is adopted, it will be crippled by loopholes.

Re:This guy should be in prison

[geekmux]

The jail time would need to be an option for willful negligence where profit was prioritized over actual data security...

Here, let me point out your first mistake; define "actual data security" for me.

And when I say define, I'm specifically talking in a highly technical and legally binding way that is actually worth a shit in a courtroom.

If you can't manage to do that, then you might as well stop bitching about the problem of prison time, because you can't even define the fucking problem to correct.

Re: This guy should be in prison

Identity theft is essentially nonexistent in China.

Bull Shit.

Stop shilling for China.

Re:This guy should be in prison

[Immerman]

>Once the threat of jail time is held over any CxO position, good fucking luck filling it.

Shouldn't be hard - just make sure the company has lots of checks and balances to ensure nobody, at any level, can get away with causing the company to engage in illegal or high-risk activities.

Would that hurt profits? Almost certainly. But it would also go a long way to making company's behave in socially responsible ways, rather than as psychopathic profit-seekers. Which is something society, and it's supposed representative in government, should probably be very interested in encouraging.

Re:This guy should be in prison

As if it happened under ANY previous administration. Enjoy that Trumpophoebia.

Re:This guy should be in prison

[Zmobie]

Or, you know, they could obey the laws like the rest of the country? I don't get how that is an excuse at all. Unless a person is planning to commit illegal acts they really shouldn't have an issue with some laws that mean they need to protect people. The only argument is they just don't like the risk, but we all have to take on risk proportionate to the reward and when you are making fuck-you levels of money it should be understood to have greater risk.

The argument, "ok, define it then" doesn't really hold up well either. We define what negligence and best efforts are all the time, why exactly do you think computer security can't have the same standards applied? Just because a person fails to define something on the spot, by themselves, without a law degree, doesn't mean we simply can't do it or shouldn't do it. Civil engineers get sued all the friggin time. When they are criminally negligent the charge(s) become criminal and not just civil. The person ultimately responsible for making the decisions should be held accountable

People still have this idea that software/IT is somehow so magically different from everything else in the eyes of the law, but it can be regulated in basically the same ways. Bring in some experts, talk to some damn congressional representatives, do the due diligence, and stop letting these ass holes skate the responsibility. Literally the only people that benefit from no liability are the C-suite execs. If you think it is acceptable to just let people's lives get destroyed to make a couple extra bucks then you need to examine your own morality and ethics.

Re:This guy should be in prison

[Shotgun]

Under what administration would it happen? Putin's? Maduro's? Makes you kind of glad to have the administration we have, doesn't it?

Re:This guy should be in prison

[Zmobie]

If this is willfully ignored, then the jail time option needs to become available.

It was not willfully ignored. The CTO was a music major. All the evidence points to oblivious incompetence. There was no decision to be evil and greedy by trading security for profit, because they were too dumb to realize such a tradeoff even existed.

If we are going to incarcerate people for incompetence, we are going to need a lot more prisons.

Not really sure that is an excuse here though. This is a company that literally makes billions off of holding people's information in IT infrastructure. Don't you think that it should be obvious that they need to have a CTO and CIO at the very least educated on what the hell they are doing/in charge of? If they are not then that in and of itself constitutes willful negligence on the part of the board and those responsible for hiring them. If I hire an incompetent engineer to work on my team, knowing they do not have the background necessary to do the job, don't you think those above me are going to hold me accountable?

Why make excuses for company's failings at the most basic levels. It would be different if they had a state of the art system and it was still breached. Hell, it would be different if they were in the process of bringing an ancient system up to date, but they were running on horribly outdated systems and those in charge of making the decision to upgrade didn't even possess enough knowledge to know they should upgrade? That isn't an excuse, it is just being irresponsible.

Re:This guy should be in prison

The data shall be secured such that it cannot end up in the possession of someone not specifically authorized to have it.

If you've been breached, by definition you've failed.

There, defined. Easy peasy.

Re:This guy should be in prison

[aaarrrgggh]

In theory, sure. The companies keep too much information and therefore make it too valuable, right?

The problem is now it is easy enough for a hacker to crack multiple (softer) targets and assemble much of the same data. Perfect security is impossible, and the problem gets worse the further down you go. Once you talk about employee exfiltration of data they had the right to access, things become darn near impossible.

Re:This guy should be in prison

[dnaumov]

My country can and does put CEOs in jail and we seem to have little trouble filling the positions.

Re:This guy should be in prison

[aaarrrgggh]

But it is all risk management-- this outcome has such-and-such probability and will cost $X to address with a n% chance of eliminating the threat. Nobody can commit infinite sums to data security; it is unreasonable for them to commit even their annual revenue to the cause.

So, what is the alternative? Don't keep anything useful?

Re: This guy should be in prison

If the CTO is incompetent and was thus not liable for negligence, that hire is gross negligence on the part of the hiring entity, aka, CEO.

Re:This guy should be in prison

[AlwinBarni]

Such a breach and handling of it should constitute penalty of bringing the company down magnitude - it has to be felt not only by C[ET.]Os but by shareholders as well, who have to start putting attention on how the company is managed not only how much dividend they get - otherwise all will remain business as usual.

Class action lawsuit is justified, as the genie is out and there's no way to put him back, unless 150mln people changed their SSNs they will remain susceptible to identity theft for the rest of their lives.

Re:This guy should be in prison

[liquid_schwartz]

If we are going to incarcerate people for incompetence, we are going to need a lot more prisons.

Most incompetent people do not impact 150 million customers. The punishment should fit the crime, including in scale.

Re:This guy should be in prison

Absolutely easy.

Now. Your mortgage application will require you to travel to Austin, TX or Bangor, ME if you happen to be from Texas. You'll be given a ticket and can wait in line until called. It might be on the day of your arrival, but could also be 3 weeks out. Bring all of your supporting documentation.
Your request for a line of credit to buy a car will only require you to travel to your state capital.
Your request for a $1,000 line of credit will require photo ID, 3 notarized letters of reference and trip to the local bank. Again, bring your docs with you.

You see, it's going to require a massive investment in physical infrastructure to support the printed forms and security guards necessary to "secure the information such that it cannot end up in the possession of someone not specifically authorized to have it" because NONE of that shit can be online if you want that. Your convenience and costs are directly proportional to the costs associated with securing it. Remember, under penalty of jail time, are you going to work for ANYONE who's providing these services knowing full well that the next Spectre/Meltdown/vulnerability-du-jour is already lurking just outside of view right now??

I'm not talking about willful disregard of risk. just plain old security vulnerabilities are now potentially going to put you in jail. Hmmm.

Re:This guy should be in prison

> Ignorance is NOT a defense.

Not to get technical here, but the saying is that "ignorance of the law" is no defense. This is quite different from ignorance not being a defense.

In many cases ignorance is actually a defense. In criminal law, there are materially fewer 'strict liability' statutes. These are statutes where you don't require 'mens rea', which is a guilty state of mind. Proof of ignorance can actually proof of a lack of mens rea.

There are some statutes where the standard is "knew or should have reasonably known" -- in these case willful ignorance often contributes to guilt. This is why in many cases we have various levels of statute, for example the various degrees of homicide. The strictest levels are reserved for pre meditation, use of aggravating factors (murder for hire, deadly weapons, etc..). Lower levels are reserved for "we get it was a whoops, but still can't tolerate the outcome".

Take another example -- Fraud. Typically common law and statutory fraud have 9 elements

          (1) a representation of fact;
          (2) its falsity;
          (3) its materiality;
          (4) the representer’s knowledge of its falsity or ignorance of its truth;
          (5) the representer’s intent that it should be acted upon by the person in the manner reasonably contemplated;
          (6) the injured party’s ignorance of its falsity;
          (7) the injured party’s reliance on its truth;
          (8) the injured party’s right to rely thereon; and
          (9) the injured party’s consequent and proximate injury.

For elements 1, 4, and 5 a parties ignorance actually can be defenses and change the outcome. For example, point one if the person who supposedly represented a fact was ignorant of the fact/situation ...it casts doubt the person made the representation. Interestingly, for point 6 the inverse it true, the person harmed has to actually be ignorant to succeed on a claim.

Re:This guy should be in prison

I think the term you are looking for is Criminal Negligence.

Re:This guy should be in prison

Here, let me point out your first mistake; define "actual data security" for me.

And when I say define, I'm specifically talking in a highly technical and legally binding way that is actually worth a shit in a courtroom.

Infosec SME here. Don't be an ass, the law is not "highly technical" and you know it. The definition you are looking for would take many hours of deposition and a hefty bill, but the short version is this: best practices.

Re:This guy should be in prison

It was not incompetence. It was wilful.

I personally informed Equifax about a potential breach when I began receiving emails to an email address only Equifax had, with my SSN in them, two years before the breach. I spoke extensively with their information security department about the problem.

Equifax knew, or should have known, they had a problem.

Re:This guy should be in prison

[fafalone]

Ignorance is in fact a defense, if you're a cop. Unlike normal people, courts have found they can't be expected to actually know the law, so can't be held responsible if they thought something was illegal. I'm sure similar arrangements can be made for the very rich where their crime involves financial harm to the nonrich, assuming we ever get over the hurdle that that's a crime to begin with.

Re:This guy should be in prison

[Dragonslicer]

If we are going to incarcerate people for incompetence, we are going to need a lot more prisons.

We do incarcerate people for incompetence. It's called negligent homicide.

Re:This guy should be in prison

[terrycarlino]

I think you vastly underrate the greed of most people. For the kind of money most C level executives make there would be no problem filling positions at most businesses. They would either work harder to protect people's data or be sneakier in hiding data loss.

Actually in real life the threat of jail time for bad actors in a field doesn't typically deter practitioners. Every medical doctor or engineer knows that should they cause a death through malfeasance that real jail time is on the table. That doesn't stop people from entering those fields. What it does do is make practitioners much more careful about taking shortcuts just to save money.

This is the mindset of people who rail about corporations being people. (They're not they are legal persons, not the same thing.) The fact that a contract with a corporation is legal (which is why they have to be legal persons) does nothing to shield corporate actors (corporate executives or other decision makers) from legal action for breaking the law. What shields them from breaking the law is the government's lack of will in prosecuting them for their illegal actions. A regulatory agency's fine of a company does not prevent officers of that company from being arrested and prosecuted if they break the law. Only the governments unwillingness to do so shields them.

Re:This guy should be in prison

[terrycarlino]

Exactly. The CTO of a company which keeps a database of individual's private information "Should have known" they were incompetent to fulfill that job with their present knowledge. They "should have known" they needed to hire people competent in the field of security to ensure that data, which contain data harmful to individuals if released, was secure.

The fact that they did nothing makes them culpable for the harm that resulted.

Re:This guy should be in prison

You say this like we should care. I give not even the tiniest f*ck how hard it is to fill a position if all the law requires is that the person filling it not knowingly break the law, and managing the company's customer data as closely as they would their own personal data. Few people are advocating C level officers going to jail because something went wrong. We are talking about something going wrong because the companies set up circumstances to encourage illegal behavior (Wells Fargo), ignored the risk to data that was obvious as a target because it was cheaper and easier than having a responsible patching routine and security practices (Equifax), or didn't do anything negligent or criminal until the event in question occurred, then went on a campaign to hide and lie about the issue until caught (dozens of companies). Going in front of a Judge and saying the burden is on individual victims of identity theft to PROVE "sufficiently alleged injury and proximate causation" from data your company let out into the world is, on its face, an irresponsible defense in defiance of the scale of your company's negligence. Especially when your entire business is built on the value of that data. If such a company can't find officers willing to risk prison if they WILLFULLY screw up something so big, they shouldn't be in business. The legal penalty is to incentivize companies that seek data because it is valuable, to protect it, because it is valuable to its owners, even if losing control of that data doesn't threaten the business model of said company,

Re:This guy should be in prison

[klui]

Just reply to a cop "I didn't know speeding was against the law on this road" when he pulls you over and see what that gets you. Say that to the judge when you contest the ticket.

Ignorance of the law is not a defense is common knowledge.

Re:This guy should be in prison

[MooseTick]

"Once the threat of jail time is held over any CxO position, good fucking luck filling it."

If I could made CXO money for a couple of years, I'd probably be ok with a couple of years of white collar rich white guy jail time. You know, they have conjugal visits there? I be many of you haven't had a conjugal visit in six months.

Re:This guy should be in prison

If this is willfully ignored, then the jail time option needs to become available.

It was not willfully ignored. The CTO was a music major. All the evidence points to oblivious incompetence. There was no decision to be evil and greedy by trading security for profit, because they were too dumb to realize such a tradeoff even existed.

If we are going to incarcerate people for incompetence, we are going to need a lot more prisons.

The corporate officers did not exercise due diligence by hiring the incompetents who then did not exercise due dilligence, that warrants prison time.

Re:This guy should be in prison

[DickBreath]

It was Enron, I think, that triggered congress.

Ever hear of Sarbanes-Oxley?

Or: Knew or Should Have Known?

Now you see that in corporations, from the Cxx's on down, they are very careful that financial information they release is truthful.

Re:This guy should be in prison

Unless you are Charles Rangle (D-NY) when failing to pay his taxes. Of course he was head of Ways and Means committee, the one that wrote tax laws. But he wasn't charged with anything for failing to pay his taxes after claiming the tax laws he wrote he didn't understand.

Don't fear, he has a D next to his name and isn't criminal liable no matter what he does, even killing live babies, raping women, or joining the KKK.

Re:This guy should be in prison

[Anubis+IV]

This guy should be in prison. But they won't do that. Because he's rich. Filthy rich.

So, you're in favor of jailing innocent people?

After all, Mark Begor was not the CEO when the leak happened (that would be Richard Smith), nor was he even the CEO who handled most of the aftermath (that would be Paulino do Rego Barros Jr.). Mr. Begor only started as CEO in April 2018, nearly a year after the leaks were first discovered. He may be as slimy as the rest for all I know, but he wasn't a part of what happened back then. So far as I can see, he's simply the guy trying to clean up the mess.

It's fine if you don't like the guy (I don't either), but it's comments like yours that make me VERY glad we have a justice system that doesn't mete out punishment according to the rule of mob.

Re: This guy should be in prison

[Zmobie]

Well yea that was generally my point, although one could argue if the CTO knew he was not qualified to hold that position he shouldn't have taken it. If the CTO was in that position without at least a reasonable amount of experience and qualification then he could be in the wrong too. Hubris does not excuse someone from an action that harms or could potentially harm millions of people.

I would be in the wrong to take a CFO position if offered because I don't have anywhere near the experience in financials to qualify me for that. Just because I do play around in the markets and probably have a higher than average knowledge concerning financials doesn't mean it wouldn't be irresponsible.

Re:This guy should be in prison

[sfcat]

But it is all risk management-- this outcome has such-and-such probability and will cost $X to address with a n% chance of eliminating the threat. Nobody can commit infinite sums to data security; it is unreasonable for them to commit even their annual revenue to the cause.

So, what is the alternative? Don't keep anything useful?

That's classic reductio ad absurdum. If you can't define the risk because you don't know enough about the area, you by definition aren't qualified for the CTO/CIO of an organization like Equifax. And the board, whose job it is to know this, should be raising questions about a music major in charge of their InfoSec. I understand there is a middle ground and a balance to be struck, but in this case every level failed so spectacularly in fundamental ways that they should have known about that if there is no jail time here, there never will be. This is the maximum level of incompetence beyond which there are no more higher penalties. Their performance at every level basically assured that there would be a break-in at some point. That's a good definition of maximum incompetence and a good bar for a maximum enforcement action here. If we don't, we are inviting this to happen again and again. To whom much is given, much is expected...much is given to the board and CxOs and they delivered nothing.

Re:This guy should be in prison

[sfcat]

"Once the threat of jail time is held over any CxO position, good fucking luck filling it."

Or, it would only attract those with ethics. If such an action scares you about being in management, perhaps you shouldn't be in management. Perhaps tougher sanctions would prevent those with compromised ethics from trying to get into positions of management. Perhaps that's a good thing...perhaps that even what we want.

Re: This guy should be in prison

[jbmartin6]

That's generally what happens now in more and more cases in the US. Well, the phone thing not WeChat obviously.

Re:This guy should be in prison

[Required+Snark]

"Once the threat of jail time is held over any CxO position, good fucking luck filling it."

This validates my opinion of corporate behavior in the US: if you are a CxO of a major corporation you are already a criminal.

In general large scale corporate capitalism is a criminal enterprise.

Re:This guy should be in prison

We do incarcerate people for incompetence. It's called negligent homicide.

But not for incontinence, which has a default penalty all its own...

Re:This guy should be in prison

That's classic reductio ad absurdum.

Yes, and it made its point, as intended. Btw, that whooshing sound you heard was you using some words without actually understanding the concept they represent. Points for effort, I guess.

And the board, whose job it is to know this, should be raising questions about a music major in charge of their InfoSec.

Please point out to me the medical evidence that obtaining a music major prevents one from learning enough about data security to function in a CTO role. Then show me any evidence that obtaining the kinds of degrees available to this person at the time he was in college would have guaranteed that no mistakes would have been made on technical grounds.

You can't do either, because both concepts are ludicrous. If you want someone to pay attention to you and take you seriously as to how to fix things, you're going to actually have to put some thought into it and come up with something which has a relationship to the real world, rather than grasping at the first straw of idiocy available to you and bleating vacuously about it while hoping nobody notices how meaningless everything you're saying is.

Re:This guy should be in prison

[marcel_in_ca]

The problem right now is that there is absolutely *no* threat of jail-time for CxO's, no matter *what* professional crime they do ( and, darn little chance for unprofessional crime, but that's another thread).

Re:This guy should be in prison

[aisnota]

Lifetime in prison as the entire adult population save for Amish has been harmed for life.

They should be de-registered as a corporation and forced to liquidate all activities.

Re:This guy should be in prison

Heh some cop worshipper is mad. A comment about the likelihood of allowing a defense of ignorance for crimes involving a privileged class victimizing the poor based on the precedent of already allowing it for one privileged class, in an article concerning legislative action to consider such laws, isn't exactly offtopic. Lick more boots. And mod *this* comment offtopic.

Re: This guy should be in prison

Save a step. Pop 'em in a mulcher.

Re:This guy should be in prison

What's your country?

Re:This guy should be in prison

[Obfuscant]

"Once the threat of jail time is held over any CxO position, good fucking luck filling it."

Or, it would only attract those with ethics.

Suppose you have this "ethics". Suppose you know all there is to know about computer security on your first day of the job, which let's say was Jan 1, 2014. You make sure everything is done the best way possible as of Jan 2, 2014. You're "ethical" and "competent".

And then on Apr. 1, 2014, the Heartbleed bug is announced. Thirty minutes later your corporate database is hacked. One hundred fifty million people's identifying information is stolen. You go to jail. (That is the working theory here, "threat of jail time".)

Or Heartbleed doesn't take you down. You didn't get hacked before it was patched. You breathe a sigh of relief. You dodged a bullet there. Then Jan 2018 rolls around. Meltdown and Spectre show up, your database is hacked, you go to jail.

Yeah, people with "ethics" are just going to flock to the jobs where they can be put in jail because hackers find a bug in some software they're using.

The premise of this story is all wrong. Porter didn't need anyone's response to attack the CEO for a privacy breach, she was going to do it no matter what he said. And not wanting to release private details in a public hearing doesn't mean someone wouldn't give that information to a database like Equifax's. In fact, as the CEO, all of his data is already in Equifax databases. And there is no doubt that Porter would not reveal her information the same way and she's not the one being attacked for the privacy problems.

It's virtue signalling on Porter's part. That doesn't say anything about Equifax's actions or lack thereof, it's a comment about the politician involved only.

Re:This guy should be in prison

[phantomfive]

Perfect security is impossible, and the problem gets worse the further down you go

This limitation is much more often used as an excuse than it is reached. If someone says, "Perfect security is impossible" you better check for SQL injection attacks, because they most likely have them. Better make sure their passwords are encrypted, too.

Re:This guy should be in prison

Let's not forget the venerable Ford Pinto. If it's cheaper to let people die, then we'll let people die.

Re:This guy should be in prison

"...unless you're rich"

In which case, go right ahead. Nothing to see here officer.

Re:This guy should be in prison

Better make sure their entire corp database isn't public facing on an AWS bucket with no password, too.

When you say "total security is impossible" then the average company is going to fire the Sec team and wait for the fireworks.

Re:This guy should be in prison

So that is your only options? Comparing what you have to totalitarian regimes? That says quite a lot of how skewed your world views are.

Re: This guy should be in prison

Identity theft is mostly an America-only issue.

Bullshit, it is definitely a problem of the modern world, but has been around for centuries.

Saying such a stupid thing only shows how little you know of the world around you. Don't add to the US stereotype of total ignorance and lack of knowledge.

Google "identity theft" and a country name and you will get more than enough hits to convince you of otherwise. And that is just the hits of articles written in english. Technically, you are partly right that "identity theft" is "mostly" an American-only issue (along with all other english language speaking countries of course) since "identity theft" is called something else in other countries native languages. That is why you don't get as many hits on the above search as you would expect.

Re:This guy should be in prison

[Cederic]

Once the threat of jail time is held over any CxO position, good fucking luck filling it.

Multiple positions at Financial Services companies (e.g. banks) in the UK incur the threat of jail time, including CxO positions and less senior ones.

There's plenty of competition for those roles.

Re:This guy should be in prison

[Cederic]

The CTO was a music major

The Chief Security Officer at the time of the breach was a music major, not the CTO.

Which is also incidentally entirely fucking irrelevant. E.g. Brian Honan has a Diploma in Industrial Relations, and good luck hiring someone more qualified than him.

Re:This guy should be in prison

[mjwx]

100% Nope.

If someone climbs onto a piece of heavy machinery like a crane and proceeds to kill someone - they are still prosecuted. If someone picks up a handgun and shoots someone, they are still prosecuted even if they have no training or knowledge on how to use the handgun.

Ignorance is NOT a defense. Especially in a situation where someone is put into a position of power. You could even extend the prosecution to the people who PUT the CTO in the position, because they knew he / she didn't have the experience or knowledge necessary to execute the job.

I presume you mean "accidentally kills someone".

That is the difference between murder and manslaughter in the UK. A murder is an intentional death, manslaughter is unintentional death with manslaughter being the lesser penalty (the US makes a similar distinction but I don't know the terms, feel free to look them up yourselves). A further distinction is between deliberate and accidental manslaughter, accidental being the lesser penalty. This is why being ignorant of the danger is a legal defence. Any half retarded barrister will try to get your charge downgraded to accidental manslaughter by attempting to demonstrate that you were unaware of the danger or potential for death.

Ignorance is a defence, not all legal defences are all or nothing, a lot of them are designed to get you down to a lesser charge with a more lenient penalty.

This applies to this case, CxO's will claim that this was done without their knowledge, it then becomes the onus of the prosecutor to demonstrate that they had knowledge. I know this seems shitty but justice is blind, so a rich person should have the same presumption of innocent as a poor one.

Re:This guy should be in prison

[Jahta]

The jail time would need to be an option for willful negligence where profit was prioritized over actual data security.

This is the critical point. I've worked on many IT projects and there is a stark difference between things an executive can be held personally responsible for and scenarios where they can hide behind "corporate responsibility". When executives are personally responsible, those items become top priorities for the project. When executives are not personally responsible then items that don't add directly to the bottom line (like data security) will get dropped in a heartbeat if the project is over-running on time or cost.

Re:This guy should be in prison

[geekmux]

Here, let me point out your first mistake; define "actual data security" for me.

And when I say define, I'm specifically talking in a highly technical and legally binding way that is actually worth a shit in a courtroom.

Infosec SME here. Don't be an ass, the law is not "highly technical" and you know it. The definition you are looking for would take many hours of deposition and a hefty bill, but the short version is this: best practices.

I find it hard to believe you're an Infosec SME who fails to understand exactly what happens after a breach occurs. What the hell do you think lawyers use to nail corporations against the wall with? They're not winning multi-million dollar settlements with generic bullshit statements like "failed to implement best practices". No, they're detailing out exactly how many accounts were hacked, or exactly how many credit cards and/or identities were stolen. And they're getting this detail through the highly technical analysis that occurs after every major breach.

That's also why I challenged the parent to define "actual data security". If you cannot define it, you sure as shit aren't going to defend yourself in a courtroom.

and what?

[Tom]

So she got her 15 minutes of fame, but does it change anything? Aside from the headline, is there any effect?

Re:and what?

[AmiMoJo]

Well in theory he adds to the debate over privacy laws and corporate punishment for breeches, and also the positive publicity and public sentiment might encourage others to join her in supporting laws that address the issue.

Obviously the system is far from perfect, but it's perhaps not a total waste of time.

Re:and what?

"So she got her 15 minutes of fame,"

Um, what? Why is it that some people always assume that everyone else is crooked, corrupt and have a secret agenda? No, she couldn't possibly be making a point here. No, she's just going for her 15 minutes of fame! That must be it!

Re:and what?

[Opportunist]

That's to be seen.

I'm still celebrating a congressperson doing something for their constituents for a change. Could we just have that? It's not like those moments are so numerous that we shouldn't cherish them.

Re:and what?

Laws won't address these issues, as you can see looking around the world.

In fact, laws are the primary reason companies like Equifax are able to put everyone's financial data at risk in the first place.

Re:and what?

[Sir_Eptishous]

So she got her 15 minutes of fame, but does it change anything? Aside from the headline, is there any effect?

Probably not.

It's kind of like the Senate hearing yesterday with all the heads of the pharmas getting grilled about drug prices.
A republican senator was annoyed by the answer from the Pfizer guy about how they manipulate patents to keep price gouging going.
The senator made a comment about how, since he was on the judiciary committee they would "take a look at that".
Sure you will.

How much does pharma contribute to their campaigns?

Re:and what?

If she really wanted to "destroy" him as the headline erroneously claims, she should have followed up on his response by saying:

"Oh, well, that's too bad, because for the public record, you live at XXXX and your phone number is YYYY and your social security number is ZZZZ and your kids go to school at AAAA. Have a nice day, asshole. Welcome to everyone else in America's world."

All she did was ask him a "gotcha" question that made him think a bit about what he's done. For fuck's sakes, can we have judges who are willing to punish CEOs better than kindergarten teachers punish children?

Re:and what?

Why? Because she's a politician. Now, I happen to know her, and she has as much integrity as a sheet of saran wrap and s much intellectual depth as mud puddle, but she says votes with the party line and says exactly what the polls tell her to say, so she's a successful politician. But, in general, if a politician's lips are moving, it's merely a re-election ploy.

Re: and what?

The problem is, hierarchical structures used in businesses provide a mechanism for plausible deniability. This fact is very well known and abused quite regularly in organizational structures around the world. Businesses work as layers and layers to insulate the largest investors and shareholders who provide direction to the CEO at the very top (with additional protections to separate C*O level legal actions from shareholders).

Wealth and power is able to perform corrupt acts by very carefully using those around them indirectly in these structures to achieve their goals. You don't need wealth to do this, but money makes it far easier to manipulate those around you indirectly by simply changing the flow of money as positive or negative reinforcement, allowing the intent to be abstracted and ambiguous.

Re:and what?

Why is it that some people always assume that everyone else is crooked, corrupt and have a secret agenda?

"Congresswoman"

Re:and what?

How much does pharma contribute to their campaigns?

I think you are talking about Charles Grassley.

Re:and what?

[Shotgun]

What did she do? I'm more inclined to think that the question was just a reminder that his "campaign contribution" payment was late.

Re:and what?

[aaarrrgggh]

I would argue the headline is the effect. Hopefully it will be another notch in the idea that this data is too powerful for people to hold, or that it is worthless. Either outcome works.

Re: and what?

Bingo. "DeStRoYs!!!!!!!111111" - nah fam, the congressbitch just got stone cold played like a bitch.

Re:and what?

[terrycarlino]

To be fair she is a member of congress. That puts her credibility just below the media and use car salesmen.

Re:and what?

[scottrocket]

So she got her 15 minutes of fame, but does it change anything? Aside from the headline, is there any effect?

Well now, he did let us know - via the attempt to persuade a judge to dismiss a court class-action suit - that such personal information of millions of people exposed was "no harm done"; but if the same information about him was exposed, it would be simply devastating! Glad he cleared that up, and all thanks to our "useless" open congressional investigations process. /sarcasm

Re:and what?

Sociopaths don't map their problems onto other people. What we call the "Golden Rule" will not connect with them at all.

IF you throw them under a bus then they'll act the same way as anyone else would, and they'll raise hell. They have no concerns throwing someone else under a bus.

Re:and what?

[Tom]

I got that, but

a) CEOs of this type are often psychopaths. They have no problem with this kind of conflicting information. (I don't mean that as an insult, it's a proven fact that some personality types are more common among top-level managers than in the general population)

b) what exactly does this change except confirming a suspicion? That's the point. Will it have any effect on the court case? Will it have any effect on stock prices? Revenue? Anything?

Re:and what?

[Tom]

It's not the first headline of this type, and not the first case of someone protecting his own privacy while playing it fast and loose with others.

So again, what it actually accomplishes?

It's the same question I ask about political comedians and satire. I enjoy it a lot, but I always wonder if it doesn't provide a harmless outlet for dissatisfaction that should better make efforts towards change their outlet.

Re:and what?

[Tom]

Nice link there.

So the answer is "not enough". They rank somewhere in the middle and he just may have dropped them a hint to move up into a more... preferable... position.

Re:and what?

[Tom]

But what exactly did she do?

Has a law been changed? A fine been issued? A court case been filed? Has the company or the executive been in any way punished? Or just mildely inconvenience for two minutes?

She didn't destroy anything

[rsilvergun]

not that it hurts to call folks out for their bullshit, but by itself it's little more than impotent rage. If you want change you need to get a lot more people like her in office. And that means showing up for primary elections so you have real choices in the general election.

Re:She didn't destroy anything

[EmagGeek]

Are you kidding me? It was a spectacle of epic proportions. She was doing nothing more than grandstanding.

There is a big difference between making persuasive, coherent arguments in favor of change, and acting like a petulant child and throwing a screaming temper tantrum at someone.

Everyone already knows that Equifax screwed up. We don't needs some blowhard reminding us of what we already know. If you want change you need FEWER people like her and MORE people who are willing to actually discuss the issue rationally and help each other cook up a solution.

It's too bad there isn't a single member of Congress I can use as an example.

Re:She didn't destroy anything

There is a big difference between making persuasive, coherent arguments in favor of change, and acting like a petulant child and throwing a screaming temper tantrum at someone.

But enough about the President....

Re:She didn't destroy anything

[sycodon]

"Destroys"

Slashdot editors are 7th graders. It's a wonder they aren't posting shit in Text Speak.

Re:She didn't destroy anything

[Opportunist]

Yes, they screwed up. But so far I have not seen a single congresscritter to do more than shrug and click their tongue while rolling their eyes. Maybe finally we'll see some kind of movement.

Please let me hope.

Re:She didn't destroy anything

[LostMyAccount]

What we need is ranked choice voting.

The primaries are manipulated contests that usually involve party insiders pushing other favored insiders.

And if you live in a one-party district like me, the "real" election is the primary because the other party candidate is usually some total freak who's only running because the other party will literally let anyone brave enough to run do so. But because of party manipulation and the "endorsed" label that gets handed out by the party's internal process, the primary isn't the real contest it should be.

Re:She didn't destroy anything

Everyone already knows that Equifax screwed up

Except Equifax. As the summary states:

the plaintiffs hadn't "sufficiently alleged injury and proximate causation"

Her point was to underline how Equifax management, surprise, wasn't quite on board with that. Even if you think it's not the same, I think most people would believe it's close enough.

Re:She didn't destroy anything

Well of course *WE* know, but it takes a spectacle of epic proportions to get through the heads of legislators. It is important to note that this show isn't aimed at techies, nerds, or anyone else who actually has education or training in technology-related industries. It is aimed at legislators and (to a lesser degree) business and civic decision-makers.

If we had another fifty or hundred of people in congress like her we might actually see concrete action on this particular subject. (I don't know her in particular, so no idea if that'd be a good idea on any other topic. But it almost certainly would be in regards to the legalities of how corporations get to handle personal info)

Re:She didn't destroy anything

" If you want change you need to get a lot more people like her in office."

Meh. Subpeona the shit out of the companies, then publish the results to the press.

Re:She didn't destroy anything

[Mordaximus]

"Destroys"

Slashdot editors are 7th graders. It's a wonder they aren't posting shit in Text Speak.

Should have been pwns, obviously!

Re:She didn't destroy anything

[Bite+The+Pillow]

The context was a question about actual harm. Giving out your private information raises the potential for actual harm. A breach likewise does not mean actual harm. Until you can point to specific people who suffered identity theft, there is no actual harm.

And sadly after so many breaches it gets harder to say that it was this particular breach that caused injury.

The difference between potential and actual is important.

Re:She didn't destroy anything

[Shotgun]

But, did she introduce legislation to fix anything. She wasn't elected to tell us that the toilet is backed up. She was elected and handed a plunger.

Re:She didn't destroy anything

"Destroys"

Slashdot editors are 7th graders. It's a wonder they aren't posting shit in Text Speak.

Should have been pwns, obviously!

No one says pwn. That's more ratchet than ratchet is ratchet.

Re:She didn't destroy anything

[JaredOfEuropa]

Isn’t “nothing more than grandstanding” pretty much the definition of congressional hearings?

Re:She didn't destroy anything

You're pretty well flat out wrong. She's not the type that's actually going to do anything, and congress is FULL of chest-puffing loud-mouths that love to grandstand during hearings and public confrontations of CEOs of companies that have essentially given the American people the double middle finger salute. It convinces folks like yourself that they're really doing something, when in actual fact all they're doing is regurgitating talking points that us angry piss-ants have been saying for months in a public setting, then taking their bribes to let the same CEOs go back to business as usual and ignore whatever problem their actions have caused.

This shit isn't doing anything, and having more do nothing while grandstanding politicians would put us...well, right where we're already at truth be told. Since that's pretty much all politicians. "LISTEN TO MY WORDS! I'M REALLY HELPING!" Except they aren't helping anybody but themselves by stuffing their pockets in whatever way they can.

Re: She didn't destroy anything

In the primary, Hilary had about 16m votes, Bernie about 13m votes. Hilary won the primary popular vote, the regular delegate vote, the super delegate vote, the general election popular vote. Everything but the electoral college vote, which is why Trump is President.

If you want to say Bernie won, then you have no more proof of that than of Boaty McBoatface not being King of the Navy.

Re:She didn't destroy anything

[EmagGeek]

Okay okay I laughed a little.. hah...

Re:She didn't destroy anything

[AmiMoJo]

Welcome to click-bait YouTube politics, where every other video is "X DESTROYS feminazi sjw" but if you actually have the misfortune to watch it that's almost never the case.

Re:She didn't destroy anything

[thomn8r]

We don't needs some blowhard reminding us of what we already know.

Actually, we do. Otherwise people just forget about it an then it's as if it never happened in the fist place.

Re:She didn't destroy anything

[sycodon]

Social Media will be the downfall of the West.

Re:She didn't destroy anything

[WaffleMonster]

Are you kidding me? It was a spectacle of epic proportions. She was doing nothing more than grandstanding.

There is a big difference between making persuasive, coherent arguments in favor of change, and acting like a petulant child and throwing a screaming temper tantrum at someone.

She was getting Mark to make a public contradictory statement on the record about value of privacy given Equifax's lawyers have argued to the contrary in court.

Derisive characterizations "petulant child" "screaming temper tantrum"...are in my view absolutely ridiculous having listened to the exchange.

Everyone already knows that Equifax screwed up. We don't needs some blowhard reminding us of what we already know.

What to do about it is still very much in play on multiple levels. As a lawmaker it's important to get a read on the extent to which industry gives a fuck / recognizes a problem and willing to change themselves when considering policy options.

Re:She didn't destroy anything

Oh oh...and "Kim Kardashian 'shuts down' XYZ." like celebrities are the arbiters of all discussion and have the right to terminate any discussion with the final word, no matter what that is.

Nobody has "shut down" anyone, and nobody has "destroyed" anyone. They had a fight and there was some yelling but mostly it's just clickbait to bring in page views and ad revenue.

Re:She didn't destroy anything

go take your nap

"Destroys" is a curious claim

"Destroys" is a curious claim. He goes back to his job tomorrow at the same salary and position, They keep running things the same way they have before. Minor blush over being called out in public and all is forgotten. But the congress critter will brag about how she said something smart rather than actually accomplishing anything.

This generation needs to learn, Words do not destroy, only actions do. Perhaps this misconception is part of the reason why people are so afraid of words. Or maybe they've watched too much Harry Potter and think the world is run by spoken magic spells. But even then, they forget that the spell has to be spoken in Latin to have any real effect.

Re:"Destroys" is a curious claim

[hey!]

Words do not destroy, only actions do.

And actions don't come out of nowhere. They come from words, which have immense hold over the human mind. Words like "traitor", and "illegal"; "thug" and "animal". If words were so powerless, people wouldn't have slogans, or dog-whistle language. Propagandists wouldn't strive to put them in peoples' mouths.

The headline doesn't err by overestimating the power of *words*. He errs over what most people are paying attention to and how universal his feelings are. Projecting your own feelings onto other people is a pretty common mistake. I warned my fellow Democrats about that in the last primary.

Re:"Destroys" is a curious claim

[kamakazi]

No, they have to be spoken in fake Latin.

Re:"Destroys" is a curious claim

Remember when the word "destroy" used to mean something? Pepperidge Farm remembers.

Re:"Destroys" is a curious claim

[k6mfw]

Yes, they are bankrupting that word. I see this all the time, however, when I first saw this expression I first thought, "wow, that famous person used C4 on another famous person?" For the rest of us should not use that expression or may get an inquiry from law enforcement personnel.

Can congress stop throwing Zingers.

[jellomizer]

The problem I have with congressional hearings, it is that you a forced to go to a roasting session, and a scolding that one hasn't had sense they were 8 years old.
The problem is that these do little to fix the problems, politician zingers only really hurt people with political ambitions. A CEO doesn't need to win popular vote, He is fine being the most hated man in the world just as long as he gets his pay. Besides after the hearing, most CEO's will get out of the public eye, and most people will forget such insults and scolding told to him.
These hearings shouldn't be about punishing a guy, no matter how nasty they are. But trying to get information so Congress can craft laws and policies to prevent it from happening again.

I am sure Mark Begor as an adult, will fly home in his personal jet, and not loose much sleep, because a Congresswomen got a good zing on him.

Re:Can congress stop throwing Zingers.

[Nidi62]

The problem I have with congressional hearings, it is that you a forced to go to a roasting session, and a scolding that one hasn't had sense they were 8 years old. The problem is that these do little to fix the problems, politician zingers only really hurt people with political ambitions. A CEO doesn't need to win popular vote, He is fine being the most hated man in the world just as long as he gets his pay. Besides after the hearing, most CEO's will get out of the public eye, and most people will forget such insults and scolding told to him. These hearings shouldn't be about punishing a guy, no matter how nasty they are. But trying to get information so Congress can craft laws and policies to prevent it from happening again.

I am sure Mark Begor as an adult, will fly home in his personal jet, and not loose much sleep, because a Congresswomen got a good zing on him.

Committees are mostly about sound bites, nothing more. Half the time the committee members aren't even asking questions, they are just making statements. Every now and then you get something big out of a committee, but that only happens in an actually bipartisan committee which is rare these days.

Re:Can congress stop throwing Zingers.

[Fly+Swatter]

The whole point is to look like you care all while in reality few in government really gives a damn, and those that do are too small in number to accomplish anything. I don't know if term limits would help to flush out the constipated career politicians, but it would be a great start. Then do something about corporate lobbyists.....

Re:Can congress stop throwing Zingers.

[hey!]

I think this is a necessary part of the political process. In an ideal world we'd all dispassionately weigh our opinions, carefully ensuring that they're consistently applied to ourselves and others. But we don't, not most of us. We live in a world controlled by the snap judgments of millions of voters, snap judgments informed by voter preconceptions. So it's strategically important to shape those preconceptions.

This is why corporations hire public relations people to cover their tracks on things like privacy. That's why PR is a 17 *billion* dollar industry in the US. That's about 10% of the size of the agriculture industry, which is astonishing if you think about it. The PR industry produces more "value" than all the wheat farmers in the US combined (about 11 billion).

All the privacy advocacy groups in the country couldn't scratch the budget a company like Equifax has to cover its ass. So yes, an occasional public hiding is called for, although you're right we shouldn't consider the job *done* once a CEO has been publicly humiliated.

It's also not true that a CEO can simply ignore these things. Administered to a vulnerable CEO at the right time, it can end his career. John Stumpf had to resign as Wells Fargo after this Congressional PR flogging.

Re:Can congress stop throwing Zingers.

To be fair..

You can't fix a problem until you have enough political "points" to do so.. and you get those points by lighting a fire under the collective asses of those in the hot seat but also those watching.. so when they come a'calling to say vote for me.. you will remember that and WHY you should vote for them.

Does the grilling serve a purpose.. yes.. There are so many problems that need to be addressed, but the voting public (masses) only remembers the last one that was big enough and hit close to home enough that they say.. yeah, lets stop screwing with THOSE guys.. and focus on what will hurt ME!. So yes.. its a grandstanding.. but grandstanding with a purpose.. If you remember the show, then you remember the impact.. if you don't remember the show.. then the impact is just swept under the rug until the next one.

Re:Can congress stop throwing Zingers.

[jeff4747]

These zingers are how you help build a narrative that can be used in campaigns to change who gets elected to Congress.

From that, you can actually change things. If the elections go your way.

It's a slow and tedious process thanks to all the veto points in our political system. If you'd prefer something that could react more quickly, we'd need some major changes in the fundamentals of how our government works.

Re:Can congress stop throwing Zingers.

Please mod up. "Mistakes were made." being part of the official record won't punish all the people who are currently involved. But, sometimes it gets die hard defenders of bad ideas to actually honestly admit their mistakes. Sadly, very few people actually listen. That's partly Congress' fault because its members strive to polarize voters with lies. Yet at the same time, it's also the people's fault for failing to do the adequate research and have an open mind willing to listen to what is plainly said.

So, perhaps this hearing meanings nothing like the Facebook and Google hearings. Or it'll take dozens or even hundreds of years to realize just how horrible fucked up the position of data collection and privacy is treated by corporations. The EU seems to have at least somewhat woken up to the threat, even if not completely. I don't have a lot of hope the US will wake up very soon, though, given our absurd trust in corporations who constantly fuck us over. Even in 2008, the US could barely muster anything beyond general contempt for government propping up corporations/banks temporarily. Not one word was spoken about actually trying to fix any of the problems--just the creation of another regulatory agency which like Greenspan would be complacent and "trust the market" over time.

Re:Can congress stop throwing Zingers.

[sjames]

It's only a zinger because he has no good answer to it and no valid defense against it. I know it's a long shot, but if enough legislators are paying attention, they will remember that next time legislation that might limit data collection comes up.

Nothing matters

[DalM]

Nothing matters. This has no meaning. He won't lose his job. He won't even lose a second of sleep. He doesn't care about this or anything. Nothing matters.

Because he's rich. Wealth is the only virtue American culture acknowledges.

Re:Nothing matters

[Scroatzilla]

>> Wealth is the only virtue American *Progressive* culture acknowledges.

FTFY.

Re:Nothing matters

[DalM]

True. Conservatives also value their traditional racial and masculine authority and their right to threaten and intimidated minorities and women as they see fit... and wealth.

Progressives are mostly just wealth.

public referendum system using blockchain?

take our national pulse daily? vote early & often..

Re:Crabkeys

[barakn]

You're claiming a user with a 3-digit uid is a Russian troll? Idiot.

hadn't "sufficiently alleged injury..."

[barakn]

Millions of people were forced to spend their time getting credit reports because of the breach, and time is money, so clearly millions of people were injured to the tune of at least a couple of bucks apiece.

Re:hadn't "sufficiently alleged injury..."

Millions of people were forced to spend their time getting credit reports because of the breach, and time is money, so clearly millions of people were injured to the tune of at least a couple of bucks apiece.

minimum one-two hours per person, so closer to $14-$70 each.

A good start

[Opportunist]

You slapped him with words. I do appreciate this. Really.

Now let actions follow to match the bite to the bark!

Soft Fuzzy Feelings

[GregMmm]

This is what someone calls "destroying" they need to be put in a bubble the rest of their lives. That CEO has had much tougher talks and dealings to get to where he is now. Not easy climbing the corporate ladder.

Besides, this is just politics. It's only popular right now. This will be forgotten and gone soon enough.

did child make that headline

[iggymanz]

"Destroyed"? Hardly. This congressional hearings do nothing anyway, they are a waste of time. Congress critters hold them to make it look like they are "doing something".

Congresswoman Destroys Equifax CEO Mark Begor Abou

[thereddaikon]

So what did she do? Send him to the shadow realm? Hit him with a good 'ole Kamehameha?

Nope. She just chewed him out. Can we chill with the over dramatic headlines? I want to destroy modern journalism and replace with something that just tells me what happened.

stupid show

This is a show, waste of money and time. If they are serious, shutdown EQUIFAX and distribute all profit to people victimized.

Next drama... move along

[sdinfoserv]

If -anyone- really cared about security, you wouldn't post mind-numbing personal details about yourself on social media. You wouldn't buy an always on spyware devices like Alexa or Google home, or Nest (Wait? What? NEST has a microphone? - yep), you wouldn't tolerate smart phones and apps constantly digesting your behavior and movement.
So long as you don't care about your privacy, corporations won't either.

Re:Next drama... move along

I don't have a smart phone, nor an Alexa, nor a Nest anything. I'm not on social media. But, without my permission, Equifax et al have decided they can gather and sell my information.

Re:Next drama... move along

[david_thornley]

How are all of those things I allow to leak about me going to allow people to use and trash my credit record or saddle me with fake debt? I know what I'm allowing out, and I'm fine with it. If I'm not fine with it, it doesn't get to the net.

Re: Crabkeys

In Soviet Russia, the long game plays you.

Eventually everyone's info will be compromised

This is the real topic we should be talking about.
So yesterday company/organization X got hacked and/or left info open to the public.
Tomorrow it will be company Y.
And so on, and so on.
No amount of cost or any other form of deterrence will prevent this from continuing to happen. So long as the risk is worth the reward to someone then it will continue to happen.

So then the question becomes about how to have a sustainable form of identity moving forward. We need to be thinking about what "identity" is and how to separate it from financial ruin. Maybe money, in all it's forms, should not be tied to identity at all in the future?

The difference - Trump IS PROVABLY a traitor

And I'm warning you right now, you're backing a proven traitor, you faggot punk ass bitch denialist of no value. Trump will die in prison. Watch and learn faggot.

Re:The difference - Trump IS PROVABLY a traitor

[hey!]

Dog whistles are like salt -- you don't want to use too much. The whole point is to *sound* reasonable.

Trump changed the landscape

Since his campaign there have been nothing but name calling and zingers and other attention getters. It's depressing that more people are willing to fall in with that rather than fall out. Schoolyard talk has taken over at the cost of debate and discussion.

Re:Trump changed the landscape

[Shotgun]

Don't be fooled. History did not start with Trumps election. A large percentage of the voting public feels that there was nothing but name calling and zingers coming from Democrats for many years. For goodness sake, very single Republican since Reagan, no matter how conciliatory, has been labeled as a racist. Trump seems to be the first Republican elected to national office that has had the cajones to throw some of the bullshit back.

You can't blame someone for fighting back against an attack.

Re:Trump changed the landscape

I've seen political attack ads previously but nothing like we've seen straight from the horse's mouth with childish nicknames, calling people out and making baseless accusations to outright lies like this trash. Standards were never this low, and now actual news is in on it as well, seeing a much greater divide between tabloid journalism and actual reporting.

"destroys"????

[sconeu]

Damn, the devolution of Slashdot into a clickbait headline service is now complete.

Number 7 will shock you!

Re:"destroys"????

Damn, the devolution of Slashdot into a clickbait headline service is now complete.

Number 7 will shock you!

Another hyperbolic headline such as this will Break The Internet !!

Strong Words

Of condemnation. I'm sure they are shaking in their boots. Probably learned their lesson too. The lesson is: when you have access to peoples personal information without their consent due to government usage of your product, don't pay extra money for security because even if you compromise ALL the data due to negligence NOTHING will happen monetarily to impact you.

Re:Crabkeys

To be fair, we first started having Soviet Russia jokes during the time of 3 digit uids.

dialogue on the record

A more meaningful dialogue would have been something like
- Porter - would you take this $100 bill to post your information on line now, or even $1000, I have the cash in hand
- Begor - that's personal information
- Porter - how about $10,000, I have a suitcase of cash here
- Begor - Congresswoman, I don't want to engage in this sort....
- Porter - answer the question yes or no
- Begor - this sort of hypothetical...
- Porter - let the record show that Begor wouldn't not take $10,000 to post his personal information on line and that should be the starting amount, per person, for a payout in any settlement in a class-action lawsuit against Equifax

Then that might have some legal implications, and not just be grandstanding

Re:Crabkeys

Why not? Run some of those huge username-password pair dataleaks against users who have not logged in for some time. Instant credibility.

It's what I would do if I was a professional troll.

Re:Congresswoman Destroys Equifax CEO Mark Begor A

[Shotgun]

I would have accepted "She introduced legislation."

Data Breach is not the Problem

[cellocgw]

The problem is that the USA has somehow allowed these credit rating companies to provide data to banks, loan agencies, corporate hiring departments, insurance agencies, etc., without any laws related to verification of the data provided.

It's easier to get your consciousness uploaded to Mr. Frostee than it is to get incorrect info removed from your credit report. There's nothing requiring the credit bureaus to fact-check and verify the sewage coming into their databases, let alone anything requiring them to change the contents of the database when correct material is supplied.

That's what needs to be fixed.

No incentive

DNC knows you are too stupid to vote for anyone besides them no matter how corrupt they are.
They could literally rig a primary and you would still vote for them.
They could take $450 million in personal bribes to sell nuclear material to Russia and you would still vote for them.
They could pass a bill that legalizes killing live born babies and you would still vote for them.
(Note, they have done all the above)

With idiots like you voting blindly, what is the incentive for them to even attempt to do the right thing?

Re:No incentive

[Opportunist]

It's not like there's any sensible alternative.

"destroys"

[roc97007]

Ok she had a great point, but can we stop using yahoo phrasing in our headlines?

Lenders are the problem. Not data loss.

[140Mandak262Jamuna]

The banks and lenders want to lend without any delay. Anytime anyone has an impulse to borrow and spend, these lenders want to lend before that impulse passes. That is why they lend without proper verification. Crooks take advantage of it, give false data, take the money and run.

Now the banks come after the name on their record. Now it is up to the innocent victim who has to prove he/she was not the person who borrowed.

Right now, a bank with all its financial muscle can accuse someone of defaulting on a loan. The alleged defaulter needs to spend time, and energy to fight it off. And in the end you can't get the money spent on defense back from the bank.

We just have to change the law to say, "If a lender falsely accuses someone of default, it should pay the accused the amount claimed as restitution and the cost of defending the claim". Banks will become lot more diligent in processing the loan application, and be a lot more careful before it brings in the muscle to collect.

Re:Lenders are the problem. Not data loss.

We just have to change the law to say, "If a lender falsely accuses someone of default, it should pay the accused the amount claimed as restitution and the cost of defending the claim". Banks will become lot more diligent in processing the loan application, and be a lot more careful before it brings in the muscle to collect.

This is already the law, with the exception of recovering the "amount claimed against you" (the defendant). It is perfectly proper to counter-claim for damages for libel and slander, for example, as well as to request costs on a solicitor and client basis, and for punitive or exemplary damages.

Re:Lenders are the problem. Not data loss.

[140Mandak262Jamuna]

You must demonstrate injury and loss and prove it. It is very difficult to actually win these cases against big corporations. It should be made easier for individuals to prevail in such cases.

Long term care insurance for Identity Theft

Penalty should be
1. Pay fine to states/federal government
2. Pay at least $100 fine to each and every person whose information was stolen
3. Pay for 2 years of ID theft monitoring and ID theft repair services
4. Pay 25% of the premium for a long term care type of insurance for ID theft monitoring and ID theft repair services which extends from date of breach until death of the affected person

So immediate penalty to govt, affected persons get some money whether or not they are ID theft victim and insurance for life.

At what date past the 1 year of paid credit monitoring does my SSN, name, birthdate, etc become invalid?

Msmash, you should write for the tabloids.

[TigerPlish]

The World Weekly News is right up your alley, too bad they folded in 2007.

Or you could try the Sun, or the Daily Fail.

Seriously. Destroyed? Destroyed would be 50 years in prison, forfeit the car, homes, boats, jets, possessions. That would be "Destroyed."

*sigh*

Dear Slashdot

Fuck off with your clickbait style bullshit. This isnt Huffpost you dickheads. No one was destroyed.

This guy Bill the liar should be in prison

Bill, you're a lying faggot. Go drink your "sterile blood plasma" you lying faggot.

OMG, I bet he is sorry now

What a fucking joke. He probably had to take the next day off to recover over a round of golf.

Unleash your inner kadashnian

[thegarbz]

Is I was like OMG dat Congress woman like totally *destroyed* that equinox CEO. It was so incredible I like literally could not even anymore. I literally died right there and I'm still dying now.

Re:Unleash your inner kadashnian

yah i know right, dis bitch was like so will you tell everyone all your secrets and then he was all like NO WAY and she was like i told you sooooooo but it's okay because he's like super-rich, so nothing really happened but like she totally started a conversation and holy shit did you see what she was wearing, like my god okay

DNC = Gutter campaigns

2004 They ran a TV ad of Bush and Hitler claiming the 2 were the same
2008 They ran a TV ad showing Paul Ryan rolling an old lady off a cliff in a wheelchair
2006 They ran a Newsprint calling General Paterus "General Betray Us" the day he testified to Congress, before his testimony

Not sure where the fuck you've been. The DNC ran to the gutter over a decade ago. You seem to be upset it is being thrown back at the baby killers/ KKK Klansmen / Rapist supporters.

I wouldn't want jail time

[rsilvergun]

it would be too easy to use a data breach as a form of attacking somebody's company. Some breaches are going to happen and be genuinely out of the person's control.

Large breaches should be treated as negligence cases. That'll help. But a better and real long term solution is to force companies to build systems that prevent breaches from causing problems. Somebody shouldn't be able to get a mortgage with a SS# and a smile. It doesn't help that such loans are often guaranteed, often sold by salesmen on commission and usually the company involved has no incentive to risk losing a sale.

We agree that journalism is broken, eh?

[shanen]

Do you even have a suggestion to make it better?

My own suggestion involves solutions linked to the problems the journalists keep telling us about.

Re:We agree that journalism is broken, eh?

[thereddaikon]

Yes journalism is broken and has been for a long time. I think the combination of the lack of money in reporting these days and the consolidation of news media has led us to this point. Now everything is over sensationalized for clicks and reporters flaunt their own opinions and agendas blatantly. That's not to say that there wasn't a problem with journalism in the past either, this same shit helped start the spanish american war. To fix it I think the first step is breaking up the media empires we have now into smaller independent news organizations. I'm open to hearing other suggestions on what to do afterwords. I think any kind of rules that try to enforce objectivity are 1: unconstitutional and 2: backfire anyways. So something has to be done to incentivize the market to want to turn back to honest factual reporting.

Re:We agree that journalism is broken, eh?

[shanen]

Hm... Is your handle some sort of radish joke?

Anyway, on the substance, I think you are focusing on one of the old financial models, the eyeballs (or earlobes) for advertisers model. The main proponent of that model these days is probably CNN rather than the clickbait websites. I think it works extremely badly, especially since con artists like #PresidentTweety know how to milk it for free publicity. But it has MANY flaws and weaknesses because time is linear and real news is not.

I think the most successful model was actually the public service model, but that was based on frequency monopolies that have almost no relevance now. Then there is the last-newspaperman-standing model, which is mostly the battleground of the NY Times versus WaPo. There was also a reader subscription model, but the Internet has really thrashed and shredded that one because it's way too hard to compete with "free". The most successful model of the day seems to be paid propaganda with pretenses of journalism to increase the credibility of the spam, a la FAUX "news".

But I asked about SOLUTIONS. My own favored approach would be to focus more on solutions. I see (or imagine) a fundamental symmetry between the problems that are reported by the journalists and the solutions to those problems.

The Blue Wall

You are referring to The Blue Wall. Judges and prosecutors collude to protect corrupt police officers. That is why I am a fan of body cameras, dash cameras, and instant streaming.

Vietnam knows what to do with Corrupt Execs

The death penalty!

Re:Crabkeys

[grep+-v+'.*'+*]

You're claiming a user with a 3-digit uid is a Russian troll? Idiot.

No NO, you don't GET it, do you? They've been planning this for a long, LONG time, and now it's almost come to fruition!

That, or remember: they're hackers, maybe they've hacked into /. . Well good, maybe they can fix the unicode problem as well. *I'D* vote for that, even if I didn't!

She should have insisted

His company argued in court that the plaintiffs were not harmed by the breach. So under penalty of perjury he should have been forced to either admit that his attorneys knowing filed a false rebuttal to the court, divulge his personal information or be held in contempt of Congress. She did not push this line of questioning far enough.

Re:Crabkeys

You're claiming a user with a 3-digit uid is a Russian troll? Idiot.

Accounts can be sold, and compromised. However, your fundamental reasoning is correct: the burden of proof is on the one making the claim.

Re:Crabkeys

[Tom]

Someone pays for a 3-digit /. ID? What's the going rate?

Re:Crabkeys

[Tom]

Actually not. We started having "first post" jokes back when I joined. Soviet Russia came later. Maybe they existed before, but the time when they became popular was a couple years later.

Re:Crabkeys

[Tom]

Crab Keys is in America, actually.

https://fr.wikipedia.org/wiki/...

Re:This guy should be in prison - NOPE

Not this CEO, but the one before. You know, the one who actually was in charge during the events that occurred, rather than the dude that was airdropped in after the whole mess was exposed.

Doesn't change the fact that the current CEO is probably no less of a sleazebag, considering his lawyers are trying to argue the information is "public", thus no damage has occurred. Put up or shut up.

Though Equifax should have suffered a corporate death penalty for what they did.

Re:Crabkeys

[strikethree]

You're claiming a user with a 3-digit uid is a Russian troll? Idiot.

Lower ID accounts can be bought...

But Tom has been posting regularly for a long time. It doesn't seem like the account switched owners/users.