Congresswoman Destroys Equifax CEO Mark Begor About Privacy

An anonymous reader shares a report: In a congressional hearing on Tuesday, Representative Katie Porter (D-CA) asked whether Equifax CEO Mark Begor would be willing to share his address, birth date, and Social Security number publicly at the hearing. Begor declined, citing the risk of "identity theft," letting Porter criticize Equifax's legal response to the 2017 security breach that exposed almost 150 million people's data of that sort to an unknown intruder. The company had unsuccessfully asked a judge presiding over a class-action suit over the breach to dismiss it, saying the plaintiffs hadn't "sufficiently alleged injury and proximate causation" to bring suit, as Yahoo Finance reported late last month.

This guy should be in prison

[WCMI92]

But they won't do that. Because he's rich. Filthy rich.

Re:This guy should be in prison

[DickBreath]

The only way to fix this is to make data breaches MUCH more expensive than what it costs to make their systems secure. With a side order of mandatory executive jail time just to be sure.

Re:This guy should be in prison

[DickBreath]

The jail time would need to be an option for willful negligence where profit was prioritized over actual data security.

The point of a financial penalty IS to force them to prioritize correctly. The costs of investing in security will be less than the cost of a breach. That incentive is exactly backwards at present.

If this is willfully ignored, then the jail time option needs to become available.

Re:This guy should be in prison

[Puls4r]

100% Nope.

If someone climbs onto a piece of heavy machinery like a crane and proceeds to kill someone - they are still prosecuted. If someone picks up a handgun and shoots someone, they are still prosecuted even if they have no training or knowledge on how to use the handgun.

Ignorance is NOT a defense. Especially in a situation where someone is put into a position of power. You could even extend the prosecution to the people who PUT the CTO in the position, because they knew he / she didn't have the experience or knowledge necessary to execute the job.

Re:This guy should be in prison

[geekmux]

The jail time would need to be an option for willful negligence where profit was prioritized over actual data security...

Here, let me point out your first mistake; define "actual data security" for me.

And when I say define, I'm specifically talking in a highly technical and legally binding way that is actually worth a shit in a courtroom.

If you can't manage to do that, then you might as well stop bitching about the problem of prison time, because you can't even define the fucking problem to correct.

Re:This guy should be in prison

[Zmobie]

Or, you know, they could obey the laws like the rest of the country? I don't get how that is an excuse at all. Unless a person is planning to commit illegal acts they really shouldn't have an issue with some laws that mean they need to protect people. The only argument is they just don't like the risk, but we all have to take on risk proportionate to the reward and when you are making fuck-you levels of money it should be understood to have greater risk.

The argument, "ok, define it then" doesn't really hold up well either. We define what negligence and best efforts are all the time, why exactly do you think computer security can't have the same standards applied? Just because a person fails to define something on the spot, by themselves, without a law degree, doesn't mean we simply can't do it or shouldn't do it. Civil engineers get sued all the friggin time. When they are criminally negligent the charge(s) become criminal and not just civil. The person ultimately responsible for making the decisions should be held accountable

People still have this idea that software/IT is somehow so magically different from everything else in the eyes of the law, but it can be regulated in basically the same ways. Bring in some experts, talk to some damn congressional representatives, do the due diligence, and stop letting these ass holes skate the responsibility. Literally the only people that benefit from no liability are the C-suite execs. If you think it is acceptable to just let people's lives get destroyed to make a couple extra bucks then you need to examine your own morality and ethics.

Re:This guy should be in prison

[Zmobie]

If this is willfully ignored, then the jail time option needs to become available.

It was not willfully ignored. The CTO was a music major. All the evidence points to oblivious incompetence. There was no decision to be evil and greedy by trading security for profit, because they were too dumb to realize such a tradeoff even existed.

If we are going to incarcerate people for incompetence, we are going to need a lot more prisons.

Not really sure that is an excuse here though. This is a company that literally makes billions off of holding people's information in IT infrastructure. Don't you think that it should be obvious that they need to have a CTO and CIO at the very least educated on what the hell they are doing/in charge of? If they are not then that in and of itself constitutes willful negligence on the part of the board and those responsible for hiring them. If I hire an incompetent engineer to work on my team, knowing they do not have the background necessary to do the job, don't you think those above me are going to hold me accountable?

Why make excuses for company's failings at the most basic levels. It would be different if they had a state of the art system and it was still breached. Hell, it would be different if they were in the process of bringing an ancient system up to date, but they were running on horribly outdated systems and those in charge of making the decision to upgrade didn't even possess enough knowledge to know they should upgrade? That isn't an excuse, it is just being irresponsible.

and what?

[Tom]

So she got her 15 minutes of fame, but does it change anything? Aside from the headline, is there any effect?

Re:and what?

[AmiMoJo]

Well in theory he adds to the debate over privacy laws and corporate punishment for breeches, and also the positive publicity and public sentiment might encourage others to join her in supporting laws that address the issue.

Obviously the system is far from perfect, but it's perhaps not a total waste of time.

She didn't destroy anything

[rsilvergun]

not that it hurts to call folks out for their bullshit, but by itself it's little more than impotent rage. If you want change you need to get a lot more people like her in office. And that means showing up for primary elections so you have real choices in the general election.

Re:She didn't destroy anything

[EmagGeek]

Are you kidding me? It was a spectacle of epic proportions. She was doing nothing more than grandstanding.

There is a big difference between making persuasive, coherent arguments in favor of change, and acting like a petulant child and throwing a screaming temper tantrum at someone.

Everyone already knows that Equifax screwed up. We don't needs some blowhard reminding us of what we already know. If you want change you need FEWER people like her and MORE people who are willing to actually discuss the issue rationally and help each other cook up a solution.

It's too bad there isn't a single member of Congress I can use as an example.

Re:She didn't destroy anything

[thomn8r]

We don't needs some blowhard reminding us of what we already know.

Actually, we do. Otherwise people just forget about it an then it's as if it never happened in the fist place.

"Destroys" is a curious claim

"Destroys" is a curious claim. He goes back to his job tomorrow at the same salary and position, They keep running things the same way they have before. Minor blush over being called out in public and all is forgotten. But the congress critter will brag about how she said something smart rather than actually accomplishing anything.

This generation needs to learn, Words do not destroy, only actions do. Perhaps this misconception is part of the reason why people are so afraid of words. Or maybe they've watched too much Harry Potter and think the world is run by spoken magic spells. But even then, they forget that the spell has to be spoken in Latin to have any real effect.

Can congress stop throwing Zingers.

[jellomizer]

The problem I have with congressional hearings, it is that you a forced to go to a roasting session, and a scolding that one hasn't had sense they were 8 years old.
The problem is that these do little to fix the problems, politician zingers only really hurt people with political ambitions. A CEO doesn't need to win popular vote, He is fine being the most hated man in the world just as long as he gets his pay. Besides after the hearing, most CEO's will get out of the public eye, and most people will forget such insults and scolding told to him.
These hearings shouldn't be about punishing a guy, no matter how nasty they are. But trying to get information so Congress can craft laws and policies to prevent it from happening again.

I am sure Mark Begor as an adult, will fly home in his personal jet, and not loose much sleep, because a Congresswomen got a good zing on him.

A good start

[Opportunist]

You slapped him with words. I do appreciate this. Really.

Now let actions follow to match the bite to the bark!

Data Breach is not the Problem

[cellocgw]

The problem is that the USA has somehow allowed these credit rating companies to provide data to banks, loan agencies, corporate hiring departments, insurance agencies, etc., without any laws related to verification of the data provided.

It's easier to get your consciousness uploaded to Mr. Frostee than it is to get incorrect info removed from your credit report. There's nothing requiring the credit bureaus to fact-check and verify the sewage coming into their databases, let alone anything requiring them to change the contents of the database when correct material is supplied.

That's what needs to be fixed.

"destroys"

[roc97007]

Ok she had a great point, but can we stop using yahoo phrasing in our headlines?