Posted on 09/09/2017 6:56:10 AM PDT by Wolfie
Where Are The Damned Handcuffs?
It's time to start locking people up and destroying businesses with federal criminal indictments.
The Internet has made many things very easy -- and fast. But it has also made many things quite-insecure, especially when corners are cut.
I can design and implement extremely secure internet-connected data facilities and services. I not only have done so they're in active use right now. Some are more-important than others, but all are important to me. Among other things my home is connected via same, never mind the work product I've developed for the last, oh, 30ish years when working on various pieces of computer-technology.
It has never been penetrated.
Do you know why? Because to get in you need cryptographic keys that you don't have, and as technology has advanced so has my willingness to regenerate said keys to keep step with same, along with taking proper security precautions with the necessary components to issue said credentials.
In other words I do my ****ing job.
Equifax did not. Nor did all of the other places that have had ridiculous data breaches over the last few years. Nor did the people who called me a couple of years ago in a panic because one of their "senior" IT people stripped the protection from their master key and stuck it on a network volume that was backed up to the cloud for convenience purposes. For the record, that person was not fired and the firm in question did not immediately re-generate all the keys issued by same.
So far I haven't read anything in the paper about them being compromised, but that doesn't mean they haven't been. It just means it didn't hit the papers.
Yet.
Equifax, along with Trans-Union and Experian, hold data on virtually every US Citizen over the age of about 18 and a large number of those who are not adults. If you have any sort of credit relationship with anyone they have a file on you. That file is indexed by something that until about 20 years ago was stamped on the face of said card "Not for Identification" -- your Social Security number.
Congress has permitted these firms to pervert that which it designated not for identification use, but only for the use of the Federal Government in administering retirement and disability benefits under the Social Security program, with the IRS having access to it so as to make sure your contributions to same were accurately recorded. Since deliberately turning its back on the outrageous abuse of same by private industry Congress has then gone even further and not only allowed and mandated its use by other firms, such as banks, for identification purposes it has effectively barred you from having any such account or access without same.
This, despite the fact that on the face of said cards until fairly recently it was explicitly stated: NOT FOR IDENTIFICATION as that was written into the original law that resulted in the issuance of same.
But what's even worse than that perversion for which every Congresscritter and Executive Branch member should be tried and imprisoned for the rest of their lives is what Congress and the Executive have not done since -- on purpose.
They have not enforced the law with regard to intentional and willful misconduct when it comes to cyber security in these large data stores nor do they give a damn about the material and incalculable harm these large firms inflict on consumers when your data is either stolen or misused because of their intentionally lax security. Further, the Congress and Executive allow effective extortion of every consumer in the nation by allowing these companies to charge you to freeze your credit, thus denying scammers access, they can charge you again to "unfreeze" it temporarily if you wish to obtain new credit and they deem said data "theirs" instead of "yours" which means you can't insist that they either not collect and store it or delete it.
See, proper security costs money and can be inconvenient. Having access to such data only when properly-secure machine certificates are used to encrypt same and all communication all the way back to a traceably-secure device would mean that "instant credit" decisions at millions of cash registers (e.g. to sell you a credit card while in the checkout line) could not be made.
Forcing these companies to allow consumers to turn "on" and "off" access to their credit files whenever they want, without cost, would mean that these companies couldn't sell your data to anyone and everyone who has a few bucks, and they'd have much smaller businesses than they have now. And prosecuting and jailing the executives of firms who put convenience for their customers, which are businesses -- not consumers -- ahead of security would mean they'd have no business at all. But at the same time it would make defending against someone opening a credit account in your name and stealing your identity very easy since you could disable access to your credit information any time you wish without having to pay to turn it on and off.
Because of how these firms operate and their business practices, choices they have voluntarily made, you get screwed -- again. This breach is so large and so egregious that no amount of "monitoring" and "credit watching" will do a damn thing. You're going to get ****ed as a consequence of this and your obsession with posting crap on Facesucker, Twatwaffle and Instrascrew instead of immediately demanding that strong, effective action be taken to put a stop to this crap.
The solution is to force Equifax to eat the cost of ANY fraud that ensues and all costs of its cleanup including liquidated damages for your time and effort on a permanent basis since they, and not you, decided to use an identifier never intended for that purpose and in addition they, and not you, were grossly negligent in failing to secure said data. In addition forcing all of these firms to allow no-cost lock and unlock options for consumers where locking your file at one bureau does so at all of them and can be done at zero cost at any time for any reason on a permanent basis would actually mitigate said risk. Finally, deeming any credit opened while you have locked your file as conclusively fraudulent and uncollectable with liquidated damages payable to you if someone does it anyway would shift the burden from you for said incidents to them.
And finally we can start by indicting right now the executives at Equifax who sold stock after the breach occurred and before it was reported along with indicting the company itself under federal Racketeering statutes -- they claim they didn't know but I call bull**** on that and demand an immediate felony criminal investigation of both the executives and company including but not limited to the immediate seizure of every single electronic device owed by said executives and the company that might hold evidence documenting that they're lying.
But instead of doing the right thing what we get is more mealy-mouthed bull****, and you, America, sit for it.
The breach is Equifax's fault.
The lack of immediate prosecutorial and policy response by the government is your fault, America, because you refuse to demand that it happen right damn now backed up by immediate and no-holds-barred protest, up to and including destroying all credit-issuing businesses through lawful economic action until the above occurs.
The penalties in terms of financial and criminal prosecution are not severe enough for businesses to secure the data.
While they made millions in bonuses and charged YOU for YOUR data, they neglected securing the data.
We are a nation of laws, not a nation of “Whatever-Nutjob-Blogger-Karl-Denninger-Thinks-Is-Appropriate”.
This country’s corruption has gone way past handcuffs. It’s going to take rope and bullets to return the rule of law and save this republic.
Calling all reporters to visit with Martha Stewart and Martin Shkreli.
Bet there are some pithy quotes and parallels that could be extracted.
But, alas....lap-dog media will let this one pass.
“Nation of Laws”.
That’s the whole point.
There’s one set of laws for “us”, and another set of laws for those who finance the members of the swamp.
I foresee the mother of all lawsuits.
>>Thats the whole point.
>>Theres one set of laws for us, and another set of laws for those who finance the members of the swamp.
Exactly! Because they get to write the laws that govern them....and they get to write the laws that govern us. Our free market has almost turned into a kleptocracy.
All brought to you by corporate lobbyists and their payoffs to congress.
I foresee the mother of all lawsuits.
The Lawyers get rich...The people get $1.00 at the most.
Led by lawyers, IMO the root of our problems.
Lawyers turned judges, lawyers turned politicians. Lawyer politicians writing laws to primarily require lawyers and lawyer/judges to decipher them.
America has become a lawyer works program. Tagline.
I think it would be instructive for Equifax to be on the receiving end of a law suit that would threaten their continued existence.
Might get other’s attention.
“”We are a nation of laws, not a nation of Whatever-Nutjob-Blogger-Karl-Denninger-Thinks-Is-Appropriate.””
And you don’t think having the public hold the lawmakers responsible for putting through legislation to stop this is worthwhile?
Pressure put on every stinkin’ congress critter by US is something that needs to take place. They are as unconcerned about US as the three at Equifax who sold their stock UNLESS we make them aware it’s their job to introduce legislation with many of the points brought up in the article. WE are not responsible for the lack of security nor should we ever be responsible for the debts piled up by thieves.. Of course, congress may have trouble determining just who we are calling “thieves.”
Correct.
And if penalties are applied, they will use their leverage to get out of it. Credit scores are used for everything now. From loans to getting a job (a friend of mine had to defend his credit report at an interview).
The amount of power the metadata companies hold is vast. They will not be prosecuted, because they can’t be.
I think it would be instructive for Equifax to be on the receiving end of a law suit that would threaten their continued existence.
Might get others attention.
___________________________________________________________
A lawsuit would only punish the shareholders. What these executives need is an executive suite at San Quentin.
That would get everyone’s attention.
Yes but the price those foreign companies gave to create and maintain the software was such that major bonuses could be awarded to the executive staff.
A data breach of this magnitude might have the unintended consequence of rendering every credit score worthless for any purpose. If I had to defend my credit score in a job interview and it wasn’t very high, I would just tell them that my records were compromised by Experian and there are now 50 Mexicans running with fraudulent credit cards in my name.
Maybe.
But when the parties of the lawsuit find their credit rating destroyed...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.