Slashdot Mirror
Elizabeth Warren Introduces Bill That Could Hold Tech Execs Responsible For Data Breaches (theverge.com)
On Wednesday, Sen. Elizabeth Warren (D-MA) introduced a new piece of legislation that would make it easier to criminally charge company executives when Americans' personal data is breached. From a report: The Corporate Executive Accountability Act is yet another push from Warren who has focused much of her presidential campaign on holding corporations and their leaders responsible for both their market dominance and perceived corruption. The bill, if approved, would widen criminal liability of "negligent" executives of corporations (that make more than $1 billion) when they commit crimes, repeatedly break federal laws, or harm a large number of Americans by way of civil rights violations, including their data privacy. "When a criminal on the street steals money from your wallet, they go to jail. When small-business owners cheat their customers, they go to jail," Warren wrote in a Washington Post op-ed published on Wednesday morning. "But when corporate executives at big companies oversee huge frauds that hurt tens of thousands of people, they often get to walk away with multimillion-dollar payouts."
Terrible analogy. They're not stealing the homeowner's stuff, they're stealing OUR stuff.
A closer analogy would be if someone broke into Public Storage and my stuff got stolen. If it could be proven that Public Storage was negligent (didn't spend money on increased security, even after being warned thieves where in the area), then yes, they should be charged with breach of conduct.
This analogy is closer, but still not all the way there, because we're dealing with a Public Storage that's somehow storing my stuff even when we don't sign up for it.
She passed the bar in 1976. That was before many people on here was born. She has taught at several universities including the University of Pennsylvania Law School as a full professor and Harvard Law School.
You may not agree with her politics, but you are being dishonest to call her incompetent.
Ninjas don't carry tic tacs
EU did this with their data protection act. The result was that every time you opened Google or any other Google service that a banner popped up telling you to authorize them to do whatever they were doing without your consent to that point. If you didn't confirm, you couldn't use any Google service anymore. Imagine telling that to your boss if work needs to be done...
APK's software is complete shit and hosts for security is a complete joke. APK Hosts File Engine is a glorified string sorting program and offers no real security. It can't even do wildcards like blocking *.facebook.com, let alone any sort of whitelisting to protect from unknown threats. Hosts just aren't a good solution. Plus, APK won't open the source to his program, so there's no telling what sorts of malware is lurking in those binaries. Avoid it at all costs. The software is complete shit and so is its author.
If you read the proposed law (https://www.warren.senate.gov/imo/media/doc/2019.4.2%20Corporate%20Executive%20Accountability%20Act%20Text.pdf) it "establish criminal liability for negligent executive officers of major corporations" who "has the responsibility and authority to take necessary measures to
prevent or remedy violations."
So, if a corp has been found to be negligent in its handling of data, they aren't just fined, but the executives responsible can be sent to prison. She isn't an IT security expert. Neither are those executives. Still, there are industry standards. We would hold executives who manage our water supply responsible if it were sub-standard and they failed to correct the situation.
Ninjas don't carry tic tacs
Why should how much a company makes dictate CRIMINAL liability of executive officers?
Because such a company has sufficient resources to actually fix the security holes identified by their security team.
Also, plain-ol' negligence gets the job done on smaller companies. Larger ones just factor the cost of fines and/or lawsuits into the decision.
Why should during an off-year when yearly revenues dip below some magic threshold the same executive officer have less CRIMINAL liability or vis versa?
Such line-crossing is not all that common. And you have to have some line to differentiate between a Mom-and-Pop and Equifax.
Why should executive officer of a small million dollar company have less CRIMINAL liability for the same exact behavior as a larger company?
The smaller company is usually restrained by the danger of lawsuits - they could actually destroy the business. Executives at larger companies (there's a reason I cited Equifax above) aren't.
Leave it to the lawyers to keep trying to make everyone liable for something even if they had nothing to do with it.
You should probably learn a bit about the concept of Negligence before commenting.
"We got hacked" isn't negligence. "Sir, There's a massive security hole here!", "I don't want to spend the money to fix it" is. The executives are in charge of making such a decision. That's why they get the big bucks.
Nice a law that turns arbitrary uncategorized unspecified civil violations into criminal ones.
Well, the fine executives over at ol' Equifax decided it was cheaper to just keep the security holes in place, and paid a pittance in civil liability.
Generally, financial crimes don't involve prison time because there's no physical harm done. The economic harm is pretty easy to eliminate simply by adjusting the economics. i.e. You make the fine for putting profits above user data security so large that no CEO will put (typical) profits above user data. There's no need for prison sentences; that's just malicious victim-blaming because you're unable to find the thief. Remember, the CEO of the company holding your data isn't the one who stole your data - some hacker did. That's the true criminal. At worst, the company inadequately protected your data, or collected data that you may not have particularly wanted them to collect but you agreed to let them do it. Both are problems which are easily solved with economic disincentives. No need for prison.
The dynamic that's going on here is that in property theft, if the company that's holding property has it stolen, they're out the stolen property. That financial loss creates an incentive for them to adequately protect that property in proportion to its value. But in the case of data, the "stolen" data is merely copied by the thieves. The company is not out the data, and their ability to use it in whatever manner they previously were to generate revenue, is unaffected. The lack of that economic loss when they're hacked is what creates the entire problem. So the simplest solution is just adding an economic loss as a disincentive.
If you immediately jump to prison sentences, the only thing you're going to accomplish is making all these companies move their operations overseas, with all their executive officers located outside the U.S., and only keeping operational staff in the U.S. Your data will still be stolen just as it is now, because you didn't want to add an economic disincentive, and the companies found it easier just to move their executive officers out of the country rather than have them face prison time.
Uh, she got into Harvard just when they were desperate for minority applicants. It takes a special kind of naivete to think that was a coincidence. This is Harvard, the university that readily and openly discriminates on race.
Shutting down free speech with violence isn't fighting fascism. It IS fascism!