Companies keep losing your data because it doesn't cost them anything


#1

Originally published at: https://boingboing.net/2018/11/15/cheap-thrills.html


#2

I’ve often felt that the should be a starting statutory fine of $1 per data field lost. Higher for particulary senitive data (i.e. $100 for SS#). Treble if you hide the breach for more than X days (plus possible criminal penalties). This would have three effects:

  1. Collect less data
  2. Protect data better
  3. Timely disclosure

#3

To make this happen, you’d need to first write a bill. Then you need to shop around Washington to pay off a few politicians to introduce and support the bill. Oh, and you’ll need more cash on hand than the tech sector is willing to spend on killing your bill. Otherwise this neat idea is dead on arrival.


#4

But there’s a kind of Law of Diminishing De-turns. The 98th time your data is leaked is a lot less painful then the first.


#5

This is so true, and conservative politicians keep scamming the American people, breaking the law and running roughshod over the Consitution and being treasonous bloody bastards because they too, never pay a price. I’m all for public executions for rogue politicians. I can think of one right now.


#6

There used to be a law here in America, that held corporations to operate in good faith with citizens of this nation. Their chairmen would have to appear before a board annually and prove they were operating in the interests of the general publicc and not just their shareholders. It was done once, it can be done again. If we’re just going to throw up our hands and look at these unethical and immoral practices as insurmountable, than all is truly lost. Why even vote? We just won a huge Progressive victory in the U.S. and it was s a bigger blue wave than conservatives would have you think. We need to build on this and make our lives better.


#7

No one is throwing up there hands here. I’m just relating the actual method to make something like this happen. You may think it unethical or immoral but simply stomping your feet to say you refuse to participate in the system isn’t actually a strategy for change. It’s a way to make sure you get nothing done in Washington.

I’m curious about “there used to be a law”. What law was that?

Look, I’m a progressive. I hate that there is so much money and corruption in politics and if you want to talk about getting money out of politics then we can have that discussion. But until money is taken out of politics, you are going to have to play the game. Good faith and moral purity isn’t going to do a damned thing for anyone.


#8

as alexis ohanian said last night in a live podcast every ceo needs software engineering as a numero uno

#samsheffer


#9

Yet another reason that the first principle under law should be: an individual’s personal data is owned first and foremost by the individual. That would set the stage for the individual specifying standard terms under which it is shared with and stored by other parties.


#10

The same argument could be applied to other corporate misbehavior. Tax evasion, money-laundering, sloppy record-keeping leading to invalid foreclosures or repossessions, secretly opening accounts or charging illegal fees to bank customers, pollution, etc. etc. will all continue as long as the potential rewards are greater than the costs. When the fines for misbehavior amount to little more than a slap on the wrist, there’s no incentive to change.

Corporations are, for the most part, perfectly amoral: they are guided by profit and loss (more than ever these days, when they’re all slaves to the almighty shareholders). The only reliable way to get them to behave properly is to make the costs of behaving badly so significant that bad behavior becomes uneconomic.


#11

Bottom line, is that good corporate behavior is just not where the money is. All the easy money is made, now the only way to make bank is to redistribute money rather than try to make it by creating wealth.

Capitalism as an organizing principle is over. Until the externalities are put on the books, we get more feudalism.


#12

Alternately or in addition, tax the sale/license of data. Rate determined by the type of data. Anonymized, 10%. Identifiable, 50%. Include certain types of data (i.e. SS#) and it’s another 50% each. And as much as I hate price fixing, there might need to be a minimum price to avoid gimmicks such as “We paid $999 for toaster and got the data for free.”

I originally thought the money should go to the person. But this creates a perverse incentive for people to give their data to anybody and everybody. Instead, just send the money into a fund to be split between law enforcement of identity theft and SS.

2 benefits of all this: Increased price means fewer sales. And if it’s taxed, the transaction is recorded more carefully.


#13

Hhmmmm… strange that a Google search did not provide more, but I’m also at work and only did a quick check. Here are a couple of links that shed some light on this:

https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2621849


#14

I’m with Citizen Anotherone on this one…what was this mythical law that bade CEOs answer to the public good on an annual basis? Did it have a name, how was it enforced, who recorded the proceedings?

Your abstract doesn’t really answer these questions at all. Much like social conservatives’ magical thinking that the 1950s were an ideal time of domestic bliss*, invocation of a mythical corporate accountability law strikes me as a similar form of cognitive distortion romancing about the past one wishes we all had.

  • if you were white hetero and OK with a lil domestic violence, of course

#15

That Equafax leak a couple of years ago really, really made me mad.

The reason why information leaks like this are bad is because Equafax and the other reporting agencies are crap at identification management. The liability to the rest of us comes from Equafax (and others) not doing their job correctly. “We can’t do it right” they claim.

But they also offer a service that protects you from… them. They claim that they can’t protect everyone, and then they offer a service saying that they can protect anyone.

All of the credit reporting agencies should be required by law to offer as much protection as they can for everyone, and be liable in the event that they fail with your identity management and that they are responsible for any losses. If someone fakes your identity and buys a car after they verified your information, it should be there problem, not yours. If someone opens a credit card in your name, they should pay the bill.

And on top of that - they released everyone’s data and turned it into a “One Year FREE TRIAL of our PROTECTION SERVICE to PROTECT YOU from US” sale? And you need a credit card up front to sign up for the reoccurring billing?

IMHO, they should have been sued into oblivion for that.


#16

You’re right; we the living are comprehensively fucked.

On the other hand, every year in the US over 3.5M babies are born. Initially Big Data has nothing on them. If the rules were changed next year, by 2030 there’d be over 30M people - in the US alone - about whom Big Data knows next to nothing. By 2040 those kids will be entering adulthood. When we do nothing, we knowingly condemn those folks to the same shitty situation we unwittingly stumbled into.


#17

If this were a much more violent society, such problems would cease to exist. Those problems would be replaced by others for sure…but nothing focuses the mind like oblivion.


#18

I’ll find it… I’ll find it…


#19

Good idea. The real challenge in any case is to get people to treat their personal data with the same care they treat their money. The corporations already consider them equivalents and could easily welcome this principle without taking a hit, since so many people are already shockingly careless when it comes to spending or investing money.


#20

Okay, in looking at this further, there was not one particular law, but a series of corporate charter laws that held corporations in check as designated during the founding of the United States. You can visit the link. As to the actual laws, I won’t be digging for this, mainly because they no longer exist and would be difficult to discover. I still stand by my initial remark, corporations were held to an ethical standard to make sure they did not breech the public will or trust. Those laws were broken down and circumvented because eventually corporations grew too large and they bought off the state legislatures, which sounds eerily familiar to today.

http://reclaimdemocracy.org/corporate-accountability-history-corporations-us/