Slashdot Mirror
Elizabeth Warren Introduces Bill That Could Hold Tech Execs Responsible For Data Breaches (theverge.com)
On Wednesday, Sen. Elizabeth Warren (D-MA) introduced a new piece of legislation that would make it easier to criminally charge company executives when Americans' personal data is breached. From a report: The Corporate Executive Accountability Act is yet another push from Warren who has focused much of her presidential campaign on holding corporations and their leaders responsible for both their market dominance and perceived corruption. The bill, if approved, would widen criminal liability of "negligent" executives of corporations (that make more than $1 billion) when they commit crimes, repeatedly break federal laws, or harm a large number of Americans by way of civil rights violations, including their data privacy. "When a criminal on the street steals money from your wallet, they go to jail. When small-business owners cheat their customers, they go to jail," Warren wrote in a Washington Post op-ed published on Wednesday morning. "But when corporate executives at big companies oversee huge frauds that hurt tens of thousands of people, they often get to walk away with multimillion-dollar payouts."
Roll it up in online and maybe expanded individual privacy rights? The right to be forgotten? Banning shadows accounts (facebook) on people that never even joined your system/applicaiton/social media...?
Now something like that might actually be healthy and helpful to the average US citizen....
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
Meet the CDBSO: Chief Data Breach Sacrificial Officer! Selected from the working peons, the CDBSO is catapulted from his labors in the basement IT room to the top floor with a plush closet and low 5 figure salary! Should a data breach occur, the CDBSO will lead the charge... sheet in a federal indictment.
I browse on +1 so AC's need not respond, I won't see it.
I don't really know, but maybe the idea is to motivate the execs to stop cock-blocking IT dept's security budget.
So you're telling me a CEO who is sitting on top of a corporation, who is multiple layers of operations removed is to be held responsible for data leaks?
Yes.
What about the people who are supposed to be applying the privacy policies?
what about them? They ultimately take their orders from the CEO.
What about the engineers and technicians?
Fuck you you snivelling little shitstain.
You think the technicians with the low salaries right at the bottom are somehow when the "profits first" CEO is puttng on all the pressure to cut corners etc? Fucking corporate apoligist. Of course you want the little guy to get it in the neck while the big rich man gets off.
Screw you.
There's nothing in it for the CEO if there is a security breach.
Are you simple?
Yes, yes you are.
There's money in it for the CEO to ruthlessly cut expenses to maximise profits.
SJW n. One who posts facts.
Do you know what "executive" means? Do you know why they make hundreds of times more money than the average developer? It's because they're supposed to be responsible. Of course you should hold the executive responsible for these breaches. They were the ones in charge.
You are welcome on my lawn.
Terrible analogy. They're not stealing the homeowner's stuff, they're stealing OUR stuff.
A closer analogy would be if someone broke into Public Storage and my stuff got stolen. If it could be proven that Public Storage was negligent (didn't spend money on increased security, even after being warned thieves where in the area), then yes, they should be charged with breach of conduct.
This analogy is closer, but still not all the way there, because we're dealing with a Public Storage that's somehow storing my stuff even when we don't sign up for it.
She passed the bar in 1976. That was before many people on here was born. She has taught at several universities including the University of Pennsylvania Law School as a full professor and Harvard Law School.
You may not agree with her politics, but you are being dishonest to call her incompetent.
Ninjas don't carry tic tacs
Wow someone has some real anger issues,
Not really, I'm just tired of shitheads advocating to fuck over the people with the least power. Congrats, you're one of those shitheads.
3) The CEO goes to jail, perhaps their family is destroyed, etc. That will show them.
Yes, the CEO put profits above user data. That's a crime and he went to prison.
4) Company XYZ still has the same people in charge of security. The ones who were responsible for the security holes still work there.
did the CEO increase security's budget by enough? Nope. So he's the one ultimately at fault.
But by golly, we got that CEO. That will learn them. /em.
Yeah it will. te next slew of CEOs will think "hmm maybe I could make a bit lees money and NOT got to prison. How about that?"
And then fund security properly.
Problem.
solved.
SJW n. One who posts facts.
She LIED about her heritage to take advantage of affirmative action laws. Should be disqualifying for being president or Senator right there. It disqualifies her from every making any moral argument against me or what I do.
You are saying lying should disqualify someone for being president or senator? Really? Is that what you are saying?
If so, you'd best address the gigantic orange elephant in the room.
If you read the proposed law (https://www.warren.senate.gov/imo/media/doc/2019.4.2%20Corporate%20Executive%20Accountability%20Act%20Text.pdf) it "establish criminal liability for negligent executive officers of major corporations" who "has the responsibility and authority to take necessary measures to
prevent or remedy violations."
So, if a corp has been found to be negligent in its handling of data, they aren't just fined, but the executives responsible can be sent to prison. She isn't an IT security expert. Neither are those executives. Still, there are industry standards. We would hold executives who manage our water supply responsible if it were sub-standard and they failed to correct the situation.
Ninjas don't carry tic tacs
SARBOX makes executives personally responsible for the accuracy of the financial data they put out. This has made them get serious about the source of that financial data within their own company. Maybe a bill like this would help with privacy the same way.
The problem with quotes on the internet, is that nobody bothers to check their veracity. -- Abraham Lincoln
it applies across the board, and includes lots more provisions to punish corrupt CEOs like the folks who crashed our economy in 2008.
The reason she's focused on tech firms is that the media narrative is that the tech firms and the Democrats are in cahoots, so that anything she proposes to regulate to general businesses would be framed in that narrative ("why are you going after such and such and leaving Silicon Valley alone Ms Warren, hmmmm?"). This is a smart political move to defang one of the chief distracting narratives that would normally be used against her. It hurts the bill a little bit with techy nerds, but we're a tiny, tiny minority, and a lot of us (like me) see what she's doing there.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
Don't you mean origin elephant?
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
If you read the proposed law (https://www.warren.senate.gov/imo/media/doc/2019.4.2%20Corporate%20Executive%20Accountability%20Act%20Text.pdf) it "establish criminal liability for negligent executive officers of major corporations" who "has the responsibility and authority to take necessary measures to prevent or remedy violations."
So, if a corp has been found to be negligent in its handling of data, they aren't just fined, but the executives responsible can be sent to prison. She isn't an IT security expert. Neither are those executives. Still, there are industry standards. We would hold executives who manage our water supply responsible if it were sub-standard and they failed to correct the situation.
One of the best peices of advice I ever got was that if you want to fix a problem, you make it the problem of the person who can fix it.
Right now, there really is no actual punishment. People go tsk, tsk, a janitor gets fired, and it's onto where the stockholder's meeting is going to be held discussions.
If the guy at the top is looking at some serious punishment, he or she will make certain that data security is taken seriously.
Most all of these breaches have been over seriously simple stuff that never should have happened.
The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
As a victim of identity theft, I can personally attest that the credit agencies don't just view this as "not their problem", but actively see it as the victim's problem. When my identity was stolen, a credit card was opened in my name and only a stroke of luck made the card go to me. (The card was mailed out before the identity thief's address change was processed.) When I called the company (*cough*Capital One*cough*) about it, they not only told me they couldn't give me information ("because if you go and shoot these people, we're liable" - but you're not liable for opening accounts under my name?!!). They insisted that my wife likely opened the account - when my wife was right next to me freaking out over this. Finally, they refused to let the police speak with them. They told the police that they needed to call a special line. That line went right to voicemail and it was never answered. I've heard of other times where credit agencies like Experian harassed identity theft victims, telling them that the fraudulent accounts would remain on their credit report unless the victims produced massive amounts of proof.
Basically, these companies treat identity theft and data leaks as minor annoyances. Close the account if someone complains, write off the tiny losses, push the burden of proof onto the victims, and then go back to raking in tons of money. If any actual laws are going to be put in place to protect consumers, fight those laws tooth and nail. They never suffer any actual consequences - just look at Experian's data breach. Millions of people's personal information leaked and what penalties has Experian suffered? They settled a $22 million class action lawsuit, but they earned $5.2 billion last year. I don't think 0.4% of their income really hurts them much. If I was fined $300, it might sting slightly, but it wouldn't really hurt. Especially not if what I was fined for made me that much in 1.5 days.
There need to be actual consequences or things aren't going to get better.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.