Slashdot Mirror

← Back to Stories (view on slashdot.org)

Congresswoman Destroys Equifax CEO Mark Begor About Privacy (fastcompany.com)

Posted by msmash on from the check-mate dept.

An anonymous reader shares a report: In a congressional hearing on Tuesday, Representative Katie Porter (D-CA) asked whether Equifax CEO Mark Begor would be willing to share his address, birth date, and Social Security number publicly at the hearing. Begor declined, citing the risk of "identity theft," letting Porter criticize Equifax's legal response to the 2017 security breach that exposed almost 150 million people's data of that sort to an unknown intruder. The company had unsuccessfully asked a judge presiding over a class-action suit over the breach to dismiss it, saying the plaintiffs hadn't "sufficiently alleged injury and proximate causation" to bring suit, as Yahoo Finance reported late last month.

39 of 195 comments (clear)

  1. This guy should be in prison by WCMI92 · · Score: 5, Insightful

    But they won't do that. Because he's rich. Filthy rich.

    --
    Corporatism != Free Market
    1. Re:This guy should be in prison by DickBreath · · Score: 5, Insightful

      The only way to fix this is to make data breaches MUCH more expensive than what it costs to make their systems secure. With a side order of mandatory executive jail time just to be sure.

      --

      I'll see your senator, and I'll raise you two judges.
    2. Re:This guy should be in prison by DickBreath · · Score: 4, Insightful

      The jail time would need to be an option for willful negligence where profit was prioritized over actual data security.

      The point of a financial penalty IS to force them to prioritize correctly. The costs of investing in security will be less than the cost of a breach. That incentive is exactly backwards at present.

      If this is willfully ignored, then the jail time option needs to become available.

      --

      I'll see your senator, and I'll raise you two judges.
    3. Re:This guy should be in prison by kaizendojo · · Score: 3, Informative

      Which is correct of course, but never going to happen under this administration.

    4. Re:This guy should be in prison by Puls4r · · Score: 5, Insightful

      100% Nope.

      If someone climbs onto a piece of heavy machinery like a crane and proceeds to kill someone - they are still prosecuted. If someone picks up a handgun and shoots someone, they are still prosecuted even if they have no training or knowledge on how to use the handgun.

      Ignorance is NOT a defense. Especially in a situation where someone is put into a position of power. You could even extend the prosecution to the people who PUT the CTO in the position, because they knew he / she didn't have the experience or knowledge necessary to execute the job.

    5. Re:This guy should be in prison by Zmobie · · Score: 3, Insightful

      Or, you know, they could obey the laws like the rest of the country? I don't get how that is an excuse at all. Unless a person is planning to commit illegal acts they really shouldn't have an issue with some laws that mean they need to protect people. The only argument is they just don't like the risk, but we all have to take on risk proportionate to the reward and when you are making fuck-you levels of money it should be understood to have greater risk.

      The argument, "ok, define it then" doesn't really hold up well either. We define what negligence and best efforts are all the time, why exactly do you think computer security can't have the same standards applied? Just because a person fails to define something on the spot, by themselves, without a law degree, doesn't mean we simply can't do it or shouldn't do it. Civil engineers get sued all the friggin time. When they are criminally negligent the charge(s) become criminal and not just civil. The person ultimately responsible for making the decisions should be held accountable

      People still have this idea that software/IT is somehow so magically different from everything else in the eyes of the law, but it can be regulated in basically the same ways. Bring in some experts, talk to some damn congressional representatives, do the due diligence, and stop letting these ass holes skate the responsibility. Literally the only people that benefit from no liability are the C-suite execs. If you think it is acceptable to just let people's lives get destroyed to make a couple extra bucks then you need to examine your own morality and ethics.

    6. Re:This guy should be in prison by Zmobie · · Score: 3, Insightful

      If this is willfully ignored, then the jail time option needs to become available.

      It was not willfully ignored. The CTO was a music major. All the evidence points to oblivious incompetence. There was no decision to be evil and greedy by trading security for profit, because they were too dumb to realize such a tradeoff even existed.

      If we are going to incarcerate people for incompetence, we are going to need a lot more prisons.

      Not really sure that is an excuse here though. This is a company that literally makes billions off of holding people's information in IT infrastructure. Don't you think that it should be obvious that they need to have a CTO and CIO at the very least educated on what the hell they are doing/in charge of? If they are not then that in and of itself constitutes willful negligence on the part of the board and those responsible for hiring them. If I hire an incompetent engineer to work on my team, knowing they do not have the background necessary to do the job, don't you think those above me are going to hold me accountable?

      Why make excuses for company's failings at the most basic levels. It would be different if they had a state of the art system and it was still breached. Hell, it would be different if they were in the process of bringing an ancient system up to date, but they were running on horribly outdated systems and those in charge of making the decision to upgrade didn't even possess enough knowledge to know they should upgrade? That isn't an excuse, it is just being irresponsible.

    7. Re:This guy should be in prison by dnaumov · · Score: 3

      My country can and does put CEOs in jail and we seem to have little trouble filling the positions.

    8. Re:This guy should be in prison by terrycarlino · · Score: 2

      Exactly. The CTO of a company which keeps a database of individual's private information "Should have known" they were incompetent to fulfill that job with their present knowledge. They "should have known" they needed to hire people competent in the field of security to ensure that data, which contain data harmful to individuals if released, was secure.

      The fact that they did nothing makes them culpable for the harm that resulted.

    9. Re:This guy should be in prison by Anubis+IV · · Score: 2

      This guy should be in prison. But they won't do that. Because he's rich. Filthy rich.

      So, you're in favor of jailing innocent people?

      After all, Mark Begor was not the CEO when the leak happened (that would be Richard Smith), nor was he even the CEO who handled most of the aftermath (that would be Paulino do Rego Barros Jr.). Mr. Begor only started as CEO in April 2018, nearly a year after the leaks were first discovered. He may be as slimy as the rest for all I know, but he wasn't a part of what happened back then. So far as I can see, he's simply the guy trying to clean up the mess.

      It's fine if you don't like the guy (I don't either), but it's comments like yours that make me VERY glad we have a justice system that doesn't mete out punishment according to the rule of mob.

  2. and what? by Tom · · Score: 5, Insightful

    So she got her 15 minutes of fame, but does it change anything? Aside from the headline, is there any effect?

    --
    Assorted stuff I do sometimes: Lemuria.org
    1. Re:and what? by AmiMoJo · · Score: 4, Insightful

      Well in theory he adds to the debate over privacy laws and corporate punishment for breeches, and also the positive publicity and public sentiment might encourage others to join her in supporting laws that address the issue.

      Obviously the system is far from perfect, but it's perhaps not a total waste of time.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    2. Re:and what? by Sir_Eptishous · · Score: 2

      So she got her 15 minutes of fame, but does it change anything? Aside from the headline, is there any effect?

      Probably not.

      It's kind of like the Senate hearing yesterday with all the heads of the pharmas getting grilled about drug prices.
      A republican senator was annoyed by the answer from the Pfizer guy about how they manipulate patents to keep price gouging going.
      The senator made a comment about how, since he was on the judiciary committee they would "take a look at that".
      Sure you will.

      How much does pharma contribute to their campaigns?

      --
      We play the game with the bravery of being out of range
  3. She didn't destroy anything by rsilvergun · · Score: 5, Insightful

    not that it hurts to call folks out for their bullshit, but by itself it's little more than impotent rage. If you want change you need to get a lot more people like her in office. And that means showing up for primary elections so you have real choices in the general election.

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
    1. Re:She didn't destroy anything by EmagGeek · · Score: 2, Insightful

      Are you kidding me? It was a spectacle of epic proportions. She was doing nothing more than grandstanding.

      There is a big difference between making persuasive, coherent arguments in favor of change, and acting like a petulant child and throwing a screaming temper tantrum at someone.

      Everyone already knows that Equifax screwed up. We don't needs some blowhard reminding us of what we already know. If you want change you need FEWER people like her and MORE people who are willing to actually discuss the issue rationally and help each other cook up a solution.

      It's too bad there isn't a single member of Congress I can use as an example.

    2. Re:She didn't destroy anything by sycodon · · Score: 3

      "Destroys"

      Slashdot editors are 7th graders. It's a wonder they aren't posting shit in Text Speak.

      --
      When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
    3. Re:She didn't destroy anything by Opportunist · · Score: 2

      Yes, they screwed up. But so far I have not seen a single congresscritter to do more than shrug and click their tongue while rolling their eyes. Maybe finally we'll see some kind of movement.

      Please let me hope.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    4. Re:She didn't destroy anything by LostMyAccount · · Score: 2

      What we need is ranked choice voting.

      The primaries are manipulated contests that usually involve party insiders pushing other favored insiders.

      And if you live in a one-party district like me, the "real" election is the primary because the other party candidate is usually some total freak who's only running because the other party will literally let anyone brave enough to run do so. But because of party manipulation and the "endorsed" label that gets handed out by the party's internal process, the primary isn't the real contest it should be.

    5. Re:She didn't destroy anything by Bite+The+Pillow · · Score: 2

      The context was a question about actual harm. Giving out your private information raises the potential for actual harm. A breach likewise does not mean actual harm. Until you can point to specific people who suffered identity theft, there is no actual harm.

      And sadly after so many breaches it gets harder to say that it was this particular breach that caused injury.

      The difference between potential and actual is important.

    6. Re:She didn't destroy anything by Shotgun · · Score: 3, Interesting

      But, did she introduce legislation to fix anything. She wasn't elected to tell us that the toilet is backed up. She was elected and handed a plunger.

      --
      Aah, change is good. -- Rafiki
      Yeah, but it ain't easy. -- Simba
    7. Re:She didn't destroy anything by thomn8r · · Score: 4, Insightful

      We don't needs some blowhard reminding us of what we already know.

      Actually, we do. Otherwise people just forget about it an then it's as if it never happened in the fist place.

    8. Re:She didn't destroy anything by sycodon · · Score: 2

      Social Media will be the downfall of the West.

      --
      When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
  4. "Destroys" is a curious claim by Anonymous Coward · · Score: 2, Insightful

    "Destroys" is a curious claim. He goes back to his job tomorrow at the same salary and position, They keep running things the same way they have before. Minor blush over being called out in public and all is forgotten. But the congress critter will brag about how she said something smart rather than actually accomplishing anything.

    This generation needs to learn, Words do not destroy, only actions do. Perhaps this misconception is part of the reason why people are so afraid of words. Or maybe they've watched too much Harry Potter and think the world is run by spoken magic spells. But even then, they forget that the spell has to be spoken in Latin to have any real effect.

  5. Can congress stop throwing Zingers. by jellomizer · · Score: 5, Insightful

    The problem I have with congressional hearings, it is that you a forced to go to a roasting session, and a scolding that one hasn't had sense they were 8 years old.
    The problem is that these do little to fix the problems, politician zingers only really hurt people with political ambitions. A CEO doesn't need to win popular vote, He is fine being the most hated man in the world just as long as he gets his pay. Besides after the hearing, most CEO's will get out of the public eye, and most people will forget such insults and scolding told to him.
    These hearings shouldn't be about punishing a guy, no matter how nasty they are. But trying to get information so Congress can craft laws and policies to prevent it from happening again.

    I am sure Mark Begor as an adult, will fly home in his personal jet, and not loose much sleep, because a Congresswomen got a good zing on him.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    1. Re:Can congress stop throwing Zingers. by Nidi62 · · Score: 2

      The problem I have with congressional hearings, it is that you a forced to go to a roasting session, and a scolding that one hasn't had sense they were 8 years old. The problem is that these do little to fix the problems, politician zingers only really hurt people with political ambitions. A CEO doesn't need to win popular vote, He is fine being the most hated man in the world just as long as he gets his pay. Besides after the hearing, most CEO's will get out of the public eye, and most people will forget such insults and scolding told to him. These hearings shouldn't be about punishing a guy, no matter how nasty they are. But trying to get information so Congress can craft laws and policies to prevent it from happening again.

      I am sure Mark Begor as an adult, will fly home in his personal jet, and not loose much sleep, because a Congresswomen got a good zing on him.

      Committees are mostly about sound bites, nothing more. Half the time the committee members aren't even asking questions, they are just making statements. Every now and then you get something big out of a committee, but that only happens in an actually bipartisan committee which is rare these days.

      --
      The only thing necessary for evil to triumph is for it to be pitted against a slightly greater evil
    2. Re:Can congress stop throwing Zingers. by hey! · · Score: 2

      I think this is a necessary part of the political process. In an ideal world we'd all dispassionately weigh our opinions, carefully ensuring that they're consistently applied to ourselves and others. But we don't, not most of us. We live in a world controlled by the snap judgments of millions of voters, snap judgments informed by voter preconceptions. So it's strategically important to shape those preconceptions.

      This is why corporations hire public relations people to cover their tracks on things like privacy. That's why PR is a 17 *billion* dollar industry in the US. That's about 10% of the size of the agriculture industry, which is astonishing if you think about it. The PR industry produces more "value" than all the wheat farmers in the US combined (about 11 billion).

      All the privacy advocacy groups in the country couldn't scratch the budget a company like Equifax has to cover its ass. So yes, an occasional public hiding is called for, although you're right we shouldn't consider the job *done* once a CEO has been publicly humiliated.

      It's also not true that a CEO can simply ignore these things. Administered to a vulnerable CEO at the right time, it can end his career. John Stumpf had to resign as Wells Fargo after this Congressional PR flogging.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
    3. Re:Can congress stop throwing Zingers. by jeff4747 · · Score: 2

      These zingers are how you help build a narrative that can be used in campaigns to change who gets elected to Congress.

      From that, you can actually change things. If the elections go your way.

      It's a slow and tedious process thanks to all the veto points in our political system. If you'd prefer something that could react more quickly, we'd need some major changes in the fundamentals of how our government works.

  6. Nothing matters by DalM · · Score: 4, Interesting

    Nothing matters. This has no meaning. He won't lose his job. He won't even lose a second of sleep. He doesn't care about this or anything. Nothing matters.

    Because he's rich. Wealth is the only virtue American culture acknowledges.

  7. Re:Crabkeys by barakn · · Score: 3, Informative

    You're claiming a user with a 3-digit uid is a Russian troll? Idiot.

    --
    "I'm so moist I'm sticking to the leather." -Kermit the Frog on The Late Late Show
  8. hadn't "sufficiently alleged injury..." by barakn · · Score: 2

    Millions of people were forced to spend their time getting credit reports because of the breach, and time is money, so clearly millions of people were injured to the tune of at least a couple of bucks apiece.

    --
    "I'm so moist I'm sticking to the leather." -Kermit the Frog on The Late Late Show
  9. A good start by Opportunist · · Score: 3, Insightful

    You slapped him with words. I do appreciate this. Really.

    Now let actions follow to match the bite to the bark!

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  10. Soft Fuzzy Feelings by GregMmm · · Score: 2

    This is what someone calls "destroying" they need to be put in a bubble the rest of their lives. That CEO has had much tougher talks and dealings to get to where he is now. Not easy climbing the corporate ladder.

    Besides, this is just politics. It's only popular right now. This will be forgotten and gone soon enough.

  11. did child make that headline by iggymanz · · Score: 2

    "Destroyed"? Hardly. This congressional hearings do nothing anyway, they are a waste of time. Congress critters hold them to make it look like they are "doing something".

  12. Congresswoman Destroys Equifax CEO Mark Begor Abou by thereddaikon · · Score: 4, Funny
    So what did she do? Send him to the shadow realm? Hit him with a good 'ole Kamehameha?

    Nope. She just chewed him out. Can we chill with the over dramatic headlines? I want to destroy modern journalism and replace with something that just tells me what happened.

  13. Re: Crabkeys by Anonymous Coward · · Score: 2, Funny

    In Soviet Russia, the long game plays you.

  14. dialogue on the record by Anonymous Coward · · Score: 2, Interesting

    A more meaningful dialogue would have been something like
    - Porter - would you take this $100 bill to post your information on line now, or even $1000, I have the cash in hand
    - Begor - that's personal information
    - Porter - how about $10,000, I have a suitcase of cash here
    - Begor - Congresswoman, I don't want to engage in this sort....
    - Porter - answer the question yes or no
    - Begor - this sort of hypothetical...
    - Porter - let the record show that Begor wouldn't not take $10,000 to post his personal information on line and that should be the starting amount, per person, for a payout in any settlement in a class-action lawsuit against Equifax

    Then that might have some legal implications, and not just be grandstanding

  15. Data Breach is not the Problem by cellocgw · · Score: 3, Insightful

    The problem is that the USA has somehow allowed these credit rating companies to provide data to banks, loan agencies, corporate hiring departments, insurance agencies, etc., without any laws related to verification of the data provided.

    It's easier to get your consciousness uploaded to Mr. Frostee than it is to get incorrect info removed from your credit report. There's nothing requiring the credit bureaus to fact-check and verify the sewage coming into their databases, let alone anything requiring them to change the contents of the database when correct material is supplied.

    That's what needs to be fixed.

    --
    https://app.box.com/WitthoftResume Code: https://github.com/cellocgw
  16. "destroys" by roc97007 · · Score: 4, Insightful

    Ok she had a great point, but can we stop using yahoo phrasing in our headlines?

    --
    Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
  17. Lenders are the problem. Not data loss. by 140Mandak262Jamuna · · Score: 2
    The banks and lenders want to lend without any delay. Anytime anyone has an impulse to borrow and spend, these lenders want to lend before that impulse passes. That is why they lend without proper verification. Crooks take advantage of it, give false data, take the money and run.

    Now the banks come after the name on their record. Now it is up to the innocent victim who has to prove he/she was not the person who borrowed.

    Right now, a bank with all its financial muscle can accuse someone of defaulting on a loan. The alleged defaulter needs to spend time, and energy to fight it off. And in the end you can't get the money spent on defense back from the bank.

    We just have to change the law to say, "If a lender falsely accuses someone of default, it should pay the accused the amount claimed as restitution and the cost of defending the claim". Banks will become lot more diligent in processing the loan application, and be a lot more careful before it brings in the muscle to collect.

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact