Slashdot Mirror
Elizabeth Warren Introduces Bill That Could Hold Tech Execs Responsible For Data Breaches (theverge.com)
On Wednesday, Sen. Elizabeth Warren (D-MA) introduced a new piece of legislation that would make it easier to criminally charge company executives when Americans' personal data is breached. From a report: The Corporate Executive Accountability Act is yet another push from Warren who has focused much of her presidential campaign on holding corporations and their leaders responsible for both their market dominance and perceived corruption. The bill, if approved, would widen criminal liability of "negligent" executives of corporations (that make more than $1 billion) when they commit crimes, repeatedly break federal laws, or harm a large number of Americans by way of civil rights violations, including their data privacy. "When a criminal on the street steals money from your wallet, they go to jail. When small-business owners cheat their customers, they go to jail," Warren wrote in a Washington Post op-ed published on Wednesday morning. "But when corporate executives at big companies oversee huge frauds that hurt tens of thousands of people, they often get to walk away with multimillion-dollar payouts."
Roll it up in online and maybe expanded individual privacy rights? The right to be forgotten? Banning shadows accounts (facebook) on people that never even joined your system/applicaiton/social media...?
Now something like that might actually be healthy and helpful to the average US citizen....
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
Awesome. Somebody needs to be held responsible.
Time is what keeps everything from happening all at once.
You can't treat us like people!
This won't pass anyway, but even if it did what's really going to change if we can't enforce existing laws against executives when they perpetuate fraud or break other laws?
If you really want to make companies care about security and data privacy, make it easier for consumers to sue companies in civil court for these kinds of breaches. Companies care far more about threats to their bottom line, and are going to respond far more quickly to things which threaten it.
Meet the CDBSO: Chief Data Breach Sacrificial Officer! Selected from the working peons, the CDBSO is catapulted from his labors in the basement IT room to the top floor with a plush closet and low 5 figure salary! Should a data breach occur, the CDBSO will lead the charge... sheet in a federal indictment.
I browse on +1 so AC's need not respond, I won't see it.
it about time someone proposed a bill like this.
I fully back this IF the politicians, like Elizabeth Warren, can also go to jail for their failures. I'm sure she will agree to this......
Otherwise, how will this be workable? So you're telling me a CEO who is sitting on top of a corporation, who is multiple layers of operations removed is to be held responsible for data leaks? What about the people who are supposed to be applying the privacy policies? What about the engineers and technicians? This just seems like a "witch hunt" and political posturing.
Her statements make it sound like the CEO is trying to "cheat their customers" by having a security breach? There's nothing in it for the CEO if there is a security breach. If a CEO is stealing from someone, then ya, book them.
This seems like a way to get some vote and wanting to stick it "to the man". I'm sure it will feel good, but it's not going to change security breaches in large corporations.
not if management forced them to with time/money/'user experience' constraints.
They hold more data on people than anyone on government computers. and they have proven they can be hacked. (OPM, etc.)
They should be required to take just as much care of it than any business. And they should face the same penalties. Maybe even retired Execs on whose watch systems stagnated for 10 or more years.
I don't really know, but maybe the idea is to motivate the execs to stop cock-blocking IT dept's security budget.
All successful legislation has some sort of memorable/cute/catchy acronym. "CEA" just doesn't cut the mustard. Something like the Corporate Responsibility After Pwnage Act would have had a much better shot.
Do you know what "executive" means? Do you know why they make hundreds of times more money than the average developer? It's because they're supposed to be responsible. Of course you should hold the executive responsible for these breaches. They were the ones in charge.
You are welcome on my lawn.
Exactly, the rich one who has the power to tell the not rich one "forget about security, just get it done." Next time, maybe think about the topic for 10 literal seconds before posting.
That's not a good analogy. When you have something stolen from your house, it doesn't damage other people. When my data is stolen, it harms me.
I don't respond to AC's.
What in the hell are you talking about? You have to hold the people in charge accountable, not the people who follow orders.
I don't respond to AC's.
Terrible analogy. They're not stealing the homeowner's stuff, they're stealing OUR stuff.
A closer analogy would be if someone broke into Public Storage and my stuff got stolen. If it could be proven that Public Storage was negligent (didn't spend money on increased security, even after being warned thieves where in the area), then yes, they should be charged with breach of conduct.
This analogy is closer, but still not all the way there, because we're dealing with a Public Storage that's somehow storing my stuff even when we don't sign up for it.
She passed the bar in 1976. That was before many people on here was born. She has taught at several universities including the University of Pennsylvania Law School as a full professor and Harvard Law School.
You may not agree with her politics, but you are being dishonest to call her incompetent.
Ninjas don't carry tic tacs
EU did this with their data protection act. The result was that every time you opened Google or any other Google service that a banner popped up telling you to authorize them to do whatever they were doing without your consent to that point. If you didn't confirm, you couldn't use any Google service anymore. Imagine telling that to your boss if work needs to be done...
Naw, what this proposal would accomplish (if it actually passed and wasn't just a campaign talking point) is to increase the level of executive pay for anyone who might be caught and prosecuted under the law. Less people on the margin who want the job becomes less competition for the job becomes higher compensation for the job to attract the best candidates, the ones with other options. Basic economics, which Warren hasn't ever demonstrated she understands, of course.
Now let's see the laws about holding the government bureaucrats and politicians responsible for all their own many personal data breaches. Still waiting for that to happen...
The party of stupid and the party of evil get together and do something both stupid and evil, then call it bipartisan.
No, we don't charge homeowners from being burgled. But of course, that's an analogy so flawed only some kind of corporate-owned troll would even raise it.
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.
In this area she is "incompetent" here expertise is in law and finance, she knows nothing about technology. She is right about executives and making them culpable and there are all kinds of areas to do that but without evidence of negligence this isn't one of them.
It is impossible to completely prevent a data breach and coming as close to it as you can would make it impossible for a company to actually operate. Including, perhaps especially, the rest of the technology pieces. Many companies are dangerously close to the breaking point as it is.
There is only one solution to the problem, back off your technology massively and rebuild your structure from the ground up with an eye on optimizing the places it makes the most sense with technology. Stay away from technologies that make tech resources cheaper, your tech resources will be the ones who want them because they make their jobs easier. Just hire more tech people instead, they won't all need to be top dollar top end resources. Just hire a couple of those guys and lots of high school grads to train on the job. Minimize code, intelligent, dynamic, programmable, anywhere and everywhere you can and absolutely minimize in house code. Where you do need it make it open source.
Every piece of tech in your organization adds linearly to the overall attack surface of your organization. Every layer of house developed code (or configuration flexible enough it might as well be a script or code) easily adds an order of magnitude. There are some things you can do to protect that attack surface but remember they add at minimum linear attack surface of their own and the more dynamic and flexible they are the more they add. Intelligent systems are even worse because they don't follow the predictable and secure patterns your work force follow. For the most part solutions to "protect" you are snake oil.
And whatever you do, for the love of all that is holy stay the fuck off the cloud, devops, and if you can't avoid hiring any devs at all don't even let them use any library less than 7yrs old or anything the actual admins say is a bad plan and don't deploy their code until it has been tested in dev and staging for at least 6 months and then phase in per admin and security requirements.
How about instead she proposes the "Politian Accountability Act"?
"The Politician Accountability Act is yet another push from Warren who has focused much of her presidential campaign on holding corporations and their leaders responsible for both their market dominance and perceived corruption. The bill, if approved, would widen criminal liability of "negligent" politicians when they commit crimes, repeatedly break federal laws, or harm a large number of Americans by way of civil rights violations, including their data privacy. "When a criminal on the street steals money from your wallet, they go to jail. When small-business owners cheat their customers, they go to jail," Warren wrote in a Washington Post op-ed published on Wednesday morning. "But when politicians oversee huge frauds that hurt tens of thousands of people, they often get to walk away with multimillion-dollar payouts."
Very likely she knows NOTHING about technology.
Well said. Where we are at as a society/culture and level of tech makes this bill kinda stupid. I agree that there has to be some incentive to keeping data you control safe, but doing so will break most of what the average person has come to expect. People want their cheap goods to buy, their free social networks, etc. If you raise the bar on security then these things that people want will either have to go away, change radically, or start costing money.
If you take the average facebook user and ask them if they want their privacy, they will say yes. If you tell them that will mean a monthly subscription, they would rather it be unsafe. If you tell them that things won't share as easily, they will want it unsafe, etc, etc, etc.
She LIED about her heritage to take advantage of affirmative action laws. Should be disqualifying for being president or Senator right there. It disqualifies her from every making any moral argument against me or what I do.
You are saying lying should disqualify someone for being president or senator? Really? Is that what you are saying?
If so, you'd best address the gigantic orange elephant in the room.
If you read the proposed law (https://www.warren.senate.gov/imo/media/doc/2019.4.2%20Corporate%20Executive%20Accountability%20Act%20Text.pdf) it "establish criminal liability for negligent executive officers of major corporations" who "has the responsibility and authority to take necessary measures to
prevent or remedy violations."
So, if a corp has been found to be negligent in its handling of data, they aren't just fined, but the executives responsible can be sent to prison. She isn't an IT security expert. Neither are those executives. Still, there are industry standards. We would hold executives who manage our water supply responsible if it were sub-standard and they failed to correct the situation.
Ninjas don't carry tic tacs
And I do agree, "It is impossible to completely prevent a data breach". Its like trying to prevent a burglary or an assault. You can make it more difficult, but you can't stop it 100%. Multiple US Presidents have been shot, and they have arguably the best security money can buy. That said, if the President was assassinated and the Secret Service were found to be negligent, heads would roll.
Ninjas don't carry tic tacs
Not quite. Otherwise there wouldn't be laws regarding the safe secure storage of firearms, laws requiring immediate report of theft of firearms, etc.
Not that most of us gun owners wouldn't do all of that anyway... but you know... gotta pass laws.
Don't blame me, I voted for Kodos
Yup. And hopefully some protection for the poor geek at the end of the line, who is being told the CxO (or Provost in my case) is PO'd as heck and "just create those 100 instructor accounts with the same default password and tell them what it is to get them started" when the password still works and cant be changed after LDAP credentials are linked/added (after the other part of ITS did their job) ....
Don't blame me, I voted for Kodos
SARBOX makes executives personally responsible for the accuracy of the financial data they put out. This has made them get serious about the source of that financial data within their own company. Maybe a bill like this would help with privacy the same way.
The problem with quotes on the internet, is that nobody bothers to check their veracity. -- Abraham Lincoln
You are saying lying should disqualify someone for being president or senator? Really? Is that what you are saying?
If so, you'd best address the gigantic orange elephant in the room.
This is the nature of the right these days. They are the party of morals, for other people... Trump is going to be at false or misleading claim 10000 fairly soon here, and they don't bat an eye, they just make up some story about how heaven works in mysterious ways and he is the chosen one to fulfill those ways.
Ain't it convenient when you can just:
1. Start with a goal.
2. Support any actions taken to reach that goal as some convoluted will of god thing.
Really, if you have to apply, but its okay because, it probably isn't okay...
If it was up to the security guys 100% of the budget would go to security practices, training, and equipment.
A lack of security is never ever the fault of those implementing them.
Staff, software, and equipment, sure.
Training or certification? Might as well burn the money.
1. She did not use her heritage to gain admittance to any school. That's a lie.
2. Using the word "Pocohantas" is, indeed racist.
3. The free market is not the guiding principle of our entire society. We need regulation. the free market isn't a cure-all.
4. Yes, company leaders do need to be exposed to personal liability. If not, then who is held accountable for a crime by a large company? The millions of stockholders? Should we arrest everybody who owns a share of stock of a company when that company breaks the law? I'd bet that 99% of people with an IRA or 401(k) own shares of Google, Facebook, etc, at least indirectly.
I don't respond to AC's.
PLEASE.
You care about privacy to protect what you have, and what you have gets less and less every year.
This isn't a shot at tech companies. She just did that so it's harder to criticize her (after all, the tech companies just love liberals). No, this is a shot at the folks who crashed the economy in 2008. After that working class Americans lost trillions in wealth. That wealth wasn't destroyed, it was pocketed by the rich. It was the single biggest wealth transfer in my life. Maybe in history.
The trouble here is we focus to much on how Facebook knows what color car we like best or our favorite restaurant and not enough on the massive wealth grab that happens every 10 years when corrupt businessmen and politicians crash the economy and then buy up our assets at rock bottom prices while we're laid off.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
it applies across the board, and includes lots more provisions to punish corrupt CEOs like the folks who crashed our economy in 2008.
The reason she's focused on tech firms is that the media narrative is that the tech firms and the Democrats are in cahoots, so that anything she proposes to regulate to general businesses would be framed in that narrative ("why are you going after such and such and leaving Silicon Valley alone Ms Warren, hmmmm?"). This is a smart political move to defang one of the chief distracting narratives that would normally be used against her. It hurts the bill a little bit with techy nerds, but we're a tiny, tiny minority, and a lot of us (like me) see what she's doing there.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Don't you mean origin elephant?
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
If you read the proposed law (https://www.warren.senate.gov/imo/media/doc/2019.4.2%20Corporate%20Executive%20Accountability%20Act%20Text.pdf) it "establish criminal liability for negligent executive officers of major corporations" who "has the responsibility and authority to take necessary measures to prevent or remedy violations."
So, if a corp has been found to be negligent in its handling of data, they aren't just fined, but the executives responsible can be sent to prison. She isn't an IT security expert. Neither are those executives. Still, there are industry standards. We would hold executives who manage our water supply responsible if it were sub-standard and they failed to correct the situation.
One of the best peices of advice I ever got was that if you want to fix a problem, you make it the problem of the person who can fix it.
Right now, there really is no actual punishment. People go tsk, tsk, a janitor gets fired, and it's onto where the stockholder's meeting is going to be held discussions.
If the guy at the top is looking at some serious punishment, he or she will make certain that data security is taken seriously.
Most all of these breaches have been over seriously simple stuff that never should have happened.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
A common problem with laws like this is it's hard to write legal verbiage precisely enough to have teeth yet not be so specific that it leaves work-arounds and loopholes.
If you use generalizations and leave interpretation to judges and juries, they'll confuse it every which way, often depending on the manipulation prowess of the lawyers involved.
It may do nothing but make lawyers rich and everybody else confused.
Table-ized A.I.
And I do agree, "It is impossible to completely prevent a data breach". Its like trying to prevent a burglary or an assault. You can make it more difficult, but you can't stop it 100%.
Yup, and we tend to make perfect the enemy of good.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
That's not what happened here, but you do seem to grasp the correct usage of a red herring, you knob.
You are welcome on my lawn.
It's better to hold the executive responsible rather than the managers or developers who chose poor security practices because s/he's the rich one!
Has nothing to do with money. Has everything to do with who holds the power. Managers? not much. Developers, none. CEO? they want to protect those millions they make.
We've become so weird in this country. The part that is related to money is that with a big paycheck should come big responsibility. Yet we go in the opposite direction, making that big paycheck owner absolved and immune from all guilt.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
This does nothing but shift the blame from the Hackers to the Execs while doing jack shit to address the issue. What the Government needs to do is introduce a National Data Security Standard and most likely an Agency to work with Universities and the Industry to Draft that standard as well as be proved a means of oversight and enforcement. The Government should also provide free tools, services and libraries that the public can use to secure their data in accordance to those standards. But I fear that anything the Government tries to do would result in more confusion and chaos than anything, and most likely harm or outright destroy tech innovation from small sized startups
Is there any candidate who both isn't corrupt and NOT an obnoxious rabid zealot?
the term 'covered corporation' means a corporation that generates more than $1,000,000,000 in revenue on an annual basis
Why should how much a company makes dictate CRIMINAL liability of executive officers? Why should during an off-year when yearly revenues dip below some magic threshold the same executive officer have less CRIMINAL liability or vis versa? Why should executive officer of a small million dollar company have less CRIMINAL liability for the same exact behavior as a larger company?
Making law that targets people you don't like so specifically in this way is a practice I find particularly sleazy and disgusting.
It shall be unlawful for an executive officer of a covered corporation to negligently permit or fail to prevent a violation of law described in paragraph
Leave it to the lawyers to keep trying to make everyone liable for something even if they had nothing to do with it. Its getting old.
(C) any criminal or civil violation of Federal or State law, for which the covered corporation was convicted or found liable, as the case may be, that was committed while the covered corporation was operating under a civil or
criminal judgment of any court
Nice a law that turns arbitrary uncategorized unspecified civil violations into criminal ones.
Define "negligent" executives - is it "negligent" to hire a competent staff, but the staff makes a mistake?
Ken
I'm all for this bill to be honest.
This is how the military operates. Take a ship for example.
If you are the Commanding Officer of a ship, then everything about that ship is ultimately your responsibility. Good or bad.
If something stupid happens it's YOUR fault because there is likely something YOU could have done to prevent it.
( Be it better training for your crew, better judgement from your Officers, knowing everything about your ship inside and out, etc. etc. )
You don't get to blame it on a scapegoat. YOUR command, YOUR responsibility. Period.
Your glory if you get it right, your shame if you don't.
The same thing should apply to the CEO's of any corporation.
If you want the big salaries, they should come with real risks. Not Golden Parachute retirements while everyone else goes down with the ship.
The risk alone will deter all but the most serious candidates to even apply for the job.
Hell, it may even ensure that CEO's take security seriously. ( for once )
You're ignoring human nature. Executives would just think they can do the job, won't make stupid mistakes and won't be caught screwing up as they're better.
https://en.wikipedia.org/wiki/Inverted_totalitarianism
Poe's Law can be annoying sometimes.
Just as the Republicans did to Obama, so what's your point?
That tactic is now being used against them and all of a sudden it's a problem? They fucking invented it.
https://www.politico.com/story/2010/10/the-gops-no-compromise-pledge-044311
https://www.politico.com/magazine/story/2016/12/republican-party-obstructionism-victory-trump-214498
http://apps.frontline.org/divided-states-of-america-the-frontline-interviews/moments/the-opposition-strategy.html
Ass, meet bite.
Just wait till roles reverse again (they always do) and the D's use the Nuclear Option for confirmations. The R's will have a shit fit then as they didn't learn the consequences when the D's did the same thing, which of course, came back to bite the D's in the ass.
Politicians never fucking learn. When you use dirty tactics, expect them to be repaid in kind. Karma baby!
Donald Trump, on a crusade to make Nixon look respectable
Whataboutism ? That's your only reply? Warren didn't just lie, she falsely claimed to have Indian heritage when she did not. That's a HUGE crime by leftist standards. And yet she's in your tribe, and these things aren't wrong when you do them.
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
Your post reads as "welp, massive data breaches are inevitable!"
I am glad i don't work for any company you work for!
Punishing executives *finally* would reign in these corporations. It sends a message; get your shit together or get out of the fucking game.
-
Sorry, have you never met a poor criminal before? I guarantee they would jump at the chance to make 150k per year, despite the threat of possible jail. They are a criminal, so they already live with that threat daily.
You are basically saying that no one risks going to jail for low amounts of money which is hilariously not true. People take shit jobs for 30k a year and you don't think you can find someone to do a cushy executive one for far more than that?
Some people will always want to be in a highly paid executive position. And you are saying she is the one doesn't understand basic economics?
-
Good thing that's a straw man, then. If your network is attacked by a zero-day exploit, particularly one done by a state intelligence agency, then there's not much you could have done and thus you wont face prison time. You host critical customer data on an unpatched Windows 2008 Server machine that's open to the internet? You're going to jail.
I get a giggle from your very correct train of thought. In the military, people personally liable (if you can't pay it back in three months salary, pack your bags for fed prison) for tens or hundreds of millions of dollars in cash only make around 60-90K a year.
When European bank managers said they needed salaries roughly equal to ten percent of their vaults (which might be close in responsible magnitude, if not less), I spat coffee. It's almost as if they then, and the tech execs soon, are willfully admitting to incredible risk, since they demand incredible compensation. So maybe a ground up security overhaul is needed.
In other thoughts, who the hell is managing Warren now? Two not shit ideas in a row, if you count here RTR talk.
-This signature is strictly to prevent comments ending with questions or propositions.-
Uh, she got into Harvard just when they were desperate for minority applicants. It takes a special kind of naivete to think that was a coincidence. This is Harvard, the university that readily and openly discriminates on race.
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
But if a bank gets robbed, and the bank's customers' money is stolen, we don't put the bank manager in jail, we put the robber in jail. A corporation that got breached is far more like a robbed bank than it is a pickpocket.
If she wants to change the law to call a corporation that fails to do its due diligence in protecting user data criminally negligent, that's fine. If she wants to take a company that was taking reasonable precautions but got breached anyway, and send the executives to prison for having been robbed, that's absurd.
Therew is no need to understand technology to understand acountability.
The problems she is handeling are not technical problems, they are social problems.
If I tell kids that there is nbo need to look around when they want to cross the road, you do not need a traffic enigneer, you need a normal human with common sence, to understand that that is wrong. Even if they have right of way, it is still wise to pay attention.
This is about accountability. If the COO did everything in his power and there still is a zero day hack, he will go free. If there was negicence somewherem then he is accountable.
It has been a LONG time that people in power where held acountable in the IS that we all have forgotten how it should be. The fact that a law that does is is even needed shows this.
Don't fight for your country, if your country does not fight for you.
As a victim of identity theft, I can personally attest that the credit agencies don't just view this as "not their problem", but actively see it as the victim's problem. When my identity was stolen, a credit card was opened in my name and only a stroke of luck made the card go to me. (The card was mailed out before the identity thief's address change was processed.) When I called the company (*cough*Capital One*cough*) about it, they not only told me they couldn't give me information ("because if you go and shoot these people, we're liable" - but you're not liable for opening accounts under my name?!!). They insisted that my wife likely opened the account - when my wife was right next to me freaking out over this. Finally, they refused to let the police speak with them. They told the police that they needed to call a special line. That line went right to voicemail and it was never answered. I've heard of other times where credit agencies like Experian harassed identity theft victims, telling them that the fraudulent accounts would remain on their credit report unless the victims produced massive amounts of proof.
Basically, these companies treat identity theft and data leaks as minor annoyances. Close the account if someone complains, write off the tiny losses, push the burden of proof onto the victims, and then go back to raking in tons of money. If any actual laws are going to be put in place to protect consumers, fight those laws tooth and nail. They never suffer any actual consequences - just look at Experian's data breach. Millions of people's personal information leaked and what penalties has Experian suffered? They settled a $22 million class action lawsuit, but they earned $5.2 billion last year. I don't think 0.4% of their income really hurts them much. If I was fined $300, it might sting slightly, but it wouldn't really hurt. Especially not if what I was fined for made me that much in 1.5 days.
There need to be actual consequences or things aren't going to get better.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
I would argue, that based on what you say (not saying it is or isn't true because I don't really care), then she is in fact a very competent and successful liar. That actually should be looked at as favorable for the job she wants, because every POTUS has lied through their teeth every day of their term, before their term, and after their term.
Yeah but you aren't following the tree. The COO knows nothing about it. The problem with holding someone accountable for doing everything they could is you are looking through a 20/20 lens of hindsight which never matches reality.
This is a set of books that no amount of accountability and budget can resolve. To people who aren't involved it sounds we in security are saying "oh we can't make it perfect so why bother" or the ever popular "its about raising the effort required to get in". But it isn't that. If we do everything per best practices with no exceptions people can't actually do their jobs and it breaks in ways that are difficult to explain to people who don't do their highly technical jobs. At some point, you can't dumb it down and still capture the detail and at it also becomes hard to remember all the details when you aren't in the moment. The jobs are ridiculously complex and you don't have the body count to catch things slipping through the cracks. Any company that genuinely had best practices applied across the board would spend more on security than it grosses. They are ALL going to look negligent in hindsight.
It is worse than that though. That is just best practices. But a bright attacker looks through a new lens and our strong sphere of security built on "best practices" instantly looks like a circle he is looking down on and can just poke right into the middle of. And there aren't three or four dimensions to be found, there are millions. Once you've seen that angle, you can't unsee it so again, any effort that has been made is going to seem negligent.
In this case someone will always have some firedoors chained shut somewhere. If they didn't they wouldn't be able to do their jobs. There is no way to both follow all the best practices and operate in even close to a reasonable efficient way. There are things an exec could do to help if they legitimately understood that but it wouldn't eat into profits it would eliminate it and only reduce not eliminate the problem.
And here we see how a serial rapist like Bill Clinton became president and they cover for him to this day. The DNC also supports KKK members like Northam without shame.
They also propose legalizing killing live babies and then tell you that you have no right to fly on an airplane.
This is the DNC today, infanticide while making you a criminal for eating steak. Congratulations on your moral superiority.
The medical term is called a fetus. Its not an infant until it is born, which coincidentally is exactly when "moral" conservatives such as yourself quit giving a shit and refuse to pay for any assistance.
No one cares what your captcha was
Houston TX, USA
"So, if a corp has been found to be negligent in its handling of data, they aren't just fined, but the executives responsible can be sent to prison."
A sufficient amount of scrutiny will always find them negligent. It is impossible to operate without "negligence" when it comes to security. The fact is that most of the best practices exist for a reason, in practice do little to reduce risk, and dramatically hamper operations. The more strict you are in enforcing best practices the more negligent people will seem because they have to violate the rules in more and more brazen ways to get their jobs done.
Can you post on Slashdot from work? Use slack or any cloud services with third party personal? Are people allowed to have cell phones in your organization? Have on premise wifi? Do your developers spin up cloud instances and test things on them? All of those things severely violate security best practices and those are the least of them.
"Elizabeth Warren has never served in combat in the military"
At her age and gender, she wouldn't have been allowed to.
Ninjas don't carry tic tacs
"I'm tired of these lefty politicians telling us how to run our legal system. Leave it to the cops and soldiers!"
You know, 3 of the last 4 presidents never served either. And the one who did was in the Air National Guard and never saw combat.
Ninjas don't carry tic tacs
By that token, perhaps politicians (e.g. senators) should be held responsible for government data breaches.
E.g. the Office of Personnel Management breach of 2015.
https://www.youtube.com/watch?...
Lying is not a sign of incompetence, every one lies. Excessive lying is a sign of dishonesty, and should disqualify you being president, but it clearly doesn't. In a democracy it is up to the public to decide if that lying is excessive.
Which of these CV items has anything to do with "competence"? I see "passing the bar" and "teaching" as things she has done. Having no law experience, I can't speak to the competence needed to pass the bar. I can only assume "competent test taker." As a former student, I have had both competent and incompetent teachers; so, regardless of where she has taught, why would I accept her teaching experience as evidence of her competence? In conclusion, why would I attribute "competence" to her ability to lead?
I will say that her Instagram beer video show *incompetence* when it comes to acting as a normal human being.
Next we are going to make Execs take responsibility for Turing's Halting Problem, and for the correct interpretation of Quantum Mechanics.
Agreed. Noteworthy, while people are flying off the rails about how she doesn't know 'tech' to describe this problem we have an actual business-case.
Equifax. They need to be heavily regulated to operate in their oligopoly. Regulation does not mean you need to know 'tech'. They left their front door unlocked, and filing cabinets available for all to see after business hours... they don't care about your data
They only care about making sure that those users who came in after hours are cut off from their 'free trial' turn into paying customers
They settled a $22 million class action lawsuit, but they earned $5.2 billion last year. I don't think 0.4% of their income really hurts them much
Experian's settlement of 22 million, is equivalent to a $124 to your average American
*Based on the median single income [not household] in America is roughly $31.1k per year in 2017
They leaked the personal information of millions. Their consequence was less than most speeding tickets to your average American.
No, you dongleberry, that is not how it works. An executive would get punished for *not doing enough*. If a corp such as Experian skipped securing the database because it was an unnecessary expense the CEO would face jailtime. If the code for securing the database was flawed but implemented, the responsible party would still be the programmer. The bill suggests that those CEOs that do not take sufficient measures face the music (for once), not that they have to debug the security measures by hand.
Uh, except she never applied to anything as a minority candidate. Aren't you wingers supposed to be big on merit? I don't much care for Warren - because she hasn't actually changed since she was a proud Republican in the Reagan era, she only seems lefty because both parties have gone so very very far to the right - but she is a smart enough and hard working enough person to earn the positions she has held. Bill Clinton is a loathsome person, but even his most deranged haters on the right (he spent both terms pushing right wing policy yet you hate him for it) would have to admit he's a smart person and gifted politician.