Forgot your password?
typodupeerror

Congress Proposes Data Breach Disclosure Bill 101

Posted by Zonk
from the so-you-know-we-know-you'll-know-you-know dept.
segphault writes "A new data breach disclosure bill proposed by Senator Sensenbrenner (the same politician that sponsored the infamous Real ID Act) requires companies to inform federal law enforcement agencies if a database containing information on more than 10,000 citizens is infiltrated by hackers. The punishments for failing to disclose information about data breaches to federal law enforcement agents under this new bill include jail time and massive fines. Although this bill requires disclosure to the government, it does not require companies to inform the victims of data theft. Furthermore, it allows federal law enforcement agencies to prevent companies from voluntarily disclosing information about breaches to the public, even if the companies are required to do so by state laws. This law could potentially allow companies to circumvent and undermine state laws designed to protect consumers from identity theft."
This discussion has been archived. No new comments can be posted.

Congress Proposes Data Breach Disclosure Bill

Comments Filter:
  • by Morosoph (693565) on Friday May 12, 2006 @11:50PM (#15323374) Homepage Journal
    I was thinking "isn't this at odds with the authorities' view on white-hat hackers, and those who disclose flaws in security generally", but then I realised that the authorities wish to create and enforce law: that it "order"; individuals who act in such a way as to make such laws less necessary count as competition in the power struggle.

    Consider this Ambulance [bbc.co.uk] Driver [abd.org.uk].

    • Re:Authoritarianism (Score:3, Interesting)

      by arminw (717974)
      ....the authorities wish to create and enforce law.....

      whereby THEY can know when you've been screwed by a database break-in, but are may forbid the database holder from telling YOU that this happened, even if there are state laws that mandate the database holder tell their clients when such a data theft has occurred.
      • It always confused me to think that the party that fought a war against state's rights 150 years ago became obsessed with them some 50 years ago. Apparently we've now come full circle, as the CAN-SPAM act, this act, and probably some others I can't think of / don't know about.
    • I'm aware that my example is from the UK, rather than the US, but authorities are really pretty much the same everywhere.

      Only in some places, they get away with more than in others.

  • by omeomi (675045) on Friday May 12, 2006 @11:53PM (#15323389) Homepage
    What if those doing the infiltrating are NSA agents?
    • Oh, they are free game. Ofcourse, you will be marked a terrorist and sent on a secret CIA plane to some place in Europe to be secretly tortured if caught. You can get this also by paying down your credit cards too. Zie Heil King Chimpy.
    • What if those doing the infiltrating are NSA agents?
      From the summary: "Furthermore, it allows federal law enforcement agencies to prevent companies from voluntarily disclosing information about breaches to the public...."
      They just put a gag order on the company whose database the NSA breached.
    • That's a scary thought... and altogether too likely, given the current political climate. After all, who would be more likely to both create a data breach (in the course of an "investigation") AND not want the breached party to tell average citizens about it??

      One begins to wonder just exactly who actually authored this bill...

      Now look what you've done -- now I've got to get my tinfoil hat refitted!!

    • They'll get black marks on their next performance review because the company was able to determine that there was a security breach.
    • What if those doing the infiltrating are NSA agents?


      From the summary: "Furthermore, it allows federal law enforcement agencies to prevent companies from voluntarily disclosing information about breaches to the public, even if the companies are required to do so by state laws."
    • exactly the problem. Not even NSA trackable field agents but retired KGB agents ? perhaps.
  • Student hacks (Score:4, Interesting)

    by Oriumpor (446718) on Friday May 12, 2006 @11:55PM (#15323395) Homepage Journal
    Student Information Systems can easily contain over 10,000 student records. So, potentially, the kid who changes his grades could be tried by the fed in the future.
    • If 30% are foreigne students, they are not citizens, then the 10000 count is really 7000.

      But we dont expect politians to have a brain cell bigger than a turtle.

      Come on gen-xers, if your dad is a evil polly, tell him to get a clue.
    • Reread the article. Nothing has changed, unless the article left something out, from the end of who breaks in. The kid who changes his grades would be tried under the same laws as he would be today. (And, I would argue, rightfully so if he's in college, which he is if he's hacking a system with 10K students.)

      The changes in the laws effect the owner of the system which was hacked, not whoever hacked it.
      • I work in K12, we manage 2 SIS databases that contain between 16k and 40k student records. We aren't the norm, but there are much larger K12 databases out there.
  • Great...oh wait... (Score:3, Insightful)

    by MarkusQ (450076) on Friday May 12, 2006 @11:56PM (#15323398) Journal

    When I read this part of the summary:

    The punishments for failing to disclose information about data breaches to federal law enforcement agents under this new bill include jail time and massive fines.

    My first thought was, it's about damn time.

    Then I realized that they probably weren't talking about the sort of "data breaches to federal law enforcement agents" I was thinking they were.

    --MarkusQ

    P.S. If you missed my insightful post on the "poll says people want the NSA to spy on them" story [slashdot.org] there's still time to check it out.

  • Federal vs State (Score:3, Interesting)

    by dtfinch (661405) * on Friday May 12, 2006 @11:57PM (#15323400) Journal
    Bills in Congress usually win a few more votes if they add a clause giving state laws precedence, or so I've heard. That might make a difference with a bill like this one.
  • by Lacrocivious Acropho (741314) on Friday May 12, 2006 @11:59PM (#15323405)
    Um, House Judiciary Committee Chairman James Sensenbrenner is not actually a senator, but a congressman. http://www.house.gov/sensenbrenner/ [house.gov]
  • by stinerman (812158) <`nathan.stine' `at' `gmail.com'> on Friday May 12, 2006 @11:59PM (#15323407) Homepage
    Sensenbrenner [wikipedia.org] is a member of the House, not the Senate.
  • >This law could potentially allow companies to circumvent and undermine state laws designed to protect consumers
    > from identity theft.

    Yeah. It could also give the FBI time to track down the perps before general knowledge of the crime taints the witness pool. It's a pretty common practice at the local level for news organizations to keep quiet about evidence for the same reason.

    • Yes, but it also gives the perps more time to use the stolen stuff. I mean, if the fraud is at least reported to credit agencies, they can have a head's up. I mean, it's a lot better for the victim to stop this before money gets spent. And I'm sure the CC companies feel the same way.
      • I mean, it's a lot better for the victim to stop this before money gets spent. And I'm sure the CC companies feel the same way.

        The credit card companies don't care either way. They get paid no matter what, through higher rates and tax write offs. If they did care. credit card fraud would actually be difficult.
  • Um, no.... (Score:5, Insightful)

    by Internet Ronin (919897) <internet DOT ronin AT gmail DOT com> on Saturday May 13, 2006 @12:03AM (#15323415)
    Look, who gives a flying fuck if the government knows? I certainly don't. In fact, I'd rather they didn't.

    This government is getting way to nosy, IMHO. I don't care what the reason is, I'm sick and fucking tired of being saved from myself. Let me smoke my cigarette in my bar, and masturbate the Islamic terrorist porno, leave me ALONE.

    Hey old white bastards, how about a law that requires me to be informed when my companies data has been hacked? Or better yet, why don't you worry about things like maintaining roads. Why is it that the NSA knows what sort of hemorrhoid creme I prefer, and when my girlfriend's periods are, but I can't drive down I-20 for more than 3 hours without needing a new wheel alignment for my car?

    How about a fucking law that says I get to be informed every single time my personal information is accessed by the government? Every time I turn on the news I seem to be reading about how the Department of Homeland Security is making sure I'm following the latest terror alerts and that I'm not cooperating with al-Qaida via Xbox Live. I mean, Jesus, what the hell.

    Even better, the slashdot summary makes it sound like they can circumvent state legislation. Um, my constitutional skills may be a little rusty, but I'm pretty sure that's what the 10th Amendment was all about.

    While we're on the subject, what about the 9th Amendment? I'm pretty sure that that one said that we have rights that may not be explicitly mentioned in the Bill of Rights, and thus, we reserve those rights. It seems like America is serving up it's rights like a Shoney's smorgasbord. It's like 8.99 all-you-can-give-away at the Patriot Act Red Lobster. Jesus.

    Douglas Adams once said (forgive my horrible paraphrasing, as I don't have my copy of Salmon of Doubt with me) that Australians often say "We're the last place left mate," and it made him nervous because of the confidence with which he said it. Makes me wanna see if they're right, cuz quite frankly I'm sick of this place. It's not just the politicians, it's the people. How can my vote count if I realize for every vote I cast with some knowledge of the issues, there's fifty people are are being exploited by like-minded zealots whose sole purpose is to acquire power, and seek to retain that power.

    Madison, in Federalist 9 & 10, argued that mutual self-intrest will keep the 'factions' in line, draw them towards a central, middle ground, and thus make decisions that are best for everyone. The problem seems to be that no all 'factions' are allowed into the game. At this point, I've got to request that I be allowed to collect my chips and move to another table, cuz I think I'm getting screwed, and all I see is more Dick coming. ~a
    • living in, doesn't it?

      I'm going to assume, for my own personal sake, that this is not a unique situation for us, and that others have felt the same during prior portions of history.

      I only hope the damage is reversable without a dramatic loss of life.
      • I would assume, given your sig, that you already know this isn't the case. This time in history is unique because of the unprecedented level of communication and communication observation ability of most people. If you wanted to get lost in 1890, you could. You can't get lost today. DNA, fingerprinting, mandatory photo IDs, e-mail, telephones, RF communications, purchasing habits. You can be found in America. Sure, if you disappear into some caves in Afghanistan, no one can find you, but the second yo
        • Yes, I already know it isn't the case, hence the rather self-depreciating wording I used.

          Not only that, but I was a cog in the machine for a few years, so I know how it works. It really doesn't matter how I try to explain it, nor is it really a big deal of course, but I do have intimate knowledge of the laws and policies that some of these issues are governed by, or at least were governed by at some point in history.

          I've said for many years that I do not vote for the simple reason that the voters have been
        • If you wanted to get lost in 1890, you could. You can't get lost today. DNA, fingerprinting, mandatory photo IDs, e-mail, telephones, RF communications, purchasing habits. You can be found in America. Sure, if you disappear into some caves in Afghanistan, no one can find you, but the second you plug into the grid in modern America, you're there to stay. Jefferson is rolling over in his grave.

          This raises a quite interesting train of thought about the nature of choices. In order to effectively 'dissappea

    • The last place left (Score:3, Interesting)

      by MarkusQ (450076)

      Australia is nice, but it's far from being the "last place left." To pick just one example a tad closer to home, three of the last presidents of Costa Rica are in prison at this very moment.

      "Why?" you might ask. "Do they have particularly crooked politicians down there?"

      No, not really. Their politicians aren't much different that politicians anywhere. The difference is, they have a rather odd custom regarding the laws. When their politicians break the law they investigate, arrest, try, and eventua

      • Hrm, I do so love the Caribbean... Maybe I'll look into Costa Rica too. Thanks for the tip. ;-)

        • Before you go, you should know a few things about the place:
          • The food is generally wonderful, though not as spicy/salty as in the US
          • They have a higher literacy rate than the US
          • Honking your horn at random while you drive basically means "Hello, nice day, isn't it?"
          • The beaches are what you'd expect in the tropics, but the capital is about 70-75 degrees year round.
          • Petty crimes in some areas are more common than others (don't walk around downtown at midnight with your wallet hanging out of your pocket).
          • Vi
    • "How about a fucking law that says I get to be informed every single time my personal information is accessed by the government?"

      Hear bloody freakin' hear!! if we had such a law, it just might frighten some sense into the average citizen, and get them to realise that in Soviet Russia, they were no more spied upon than we are -- by our own respective governments.

      Someone once said that the true definition of totalitarianism is that your every move is tracked in SOME way, however trivial or seemingly innocuous
      • Why don't more people get this? And the pretense it's done under is so utterly stupid too. Terrorism is down there with lightning strikes as an unlikely way to die, but people are so easily cowed into accepting anything with that bogeyman.
        • Indeed... anything they can't poke with a stick, they're afraid of.

          And any time one of the OTHER sheep might get picked for slaughter, everyone keeps their head down and tries to avoid notice. Nothing pleases the wolf more than not having to work for his dinner.

          Take airline hijackings... It always amazes me that a couple guys with box cutters could intimidate a planeful of grown men with fists, and women with slugger-grade purses (not to mention the deck'em value of a high-heel spike in the temple). -- IMO
    • Re:Um, no.... (Score:2, Insightful)

      by farble1670 (803356)

      Let me smoke my cigarette in my bar

      don't flatter yourself. laws that disallow indoor smoking have nothing to do with saving you from yourself. is has to do with saving other people from you. it's about second hand smoke.

    • [The] summary makes it sound like they can circumvent state legislation. Um, my constitutional skills may be a little rusty, but I'm pretty sure that's what the 10th Amendment was all about.

      This is pretty clearly regulation of interstate commerce [wikipedia.org] -- and thus very much constitutional, so the 10th amendment does not apply. If it is constitutional, it trumps state law because of the Supremacy clause [wikipedia.org].

      (FWIW, I agree with your first four paragraphs.)
      LandruBek
  • by Anonymous Coward
    Will the government be required to disclose computer breaches? Will the public be informed? Who will get the fine or jail time when a computer breach occurs on government computer systems and no one reports it? Maybe this is to help fight the war on terrorism?

    The Department of Homeland Security, which is charged with setting the government's cyber security agenda, earned a grade of F for the third straight year from the House Government Reform Committee. Other agencies whose failing marks went unchange
    • Will the government be required to disclose computer breaches?

      Highly unlikely. After all, telling us about it would would, in itself, be a breach of security, right?

      Will the public be informed?

      Probably not.

      Who will get the fine or jail time when a computer breach occurs on government computer systems and no one reports it?

      Well, I don't know about fines or prison terms but I'm sure a few administrators might get passed over for promotion.

      Maybe this is to help fight the war on terrorism?

      H
  • by RyanFenton (230700) on Saturday May 13, 2006 @12:21AM (#15323460)
    I'm certainly no libertarian - and I hate the way that information about myself and my choices is being traded and used in the marketplace... but this seems like an unfunded mandate by way of criminalizing inaction after the fact. Seems more like a tool so that the government can punish people who embarass them after the fact, rather than an active step to secure this information.

    If they want to secure this information, either make it all illegal to use and hold in insecure ways (like on a networked computer), or fund a method of secure use of this information. Punishing the innevitable breach of security in the marketplace after the fact won't change the fact that such breaches are innevitable, and I very much doubt such punishments will improve this particular marketplace.

    Ryan Fenton
  • by freedom_india (780002) on Saturday May 13, 2006 @12:22AM (#15323461) Homepage Journal
    If am running a company, i would store exactly 9,999 records per database schema and ASP the rest.

    That way breached don;t affect me.

    Any concern that stores even a single record about anyone who is not an employee should be forced to disclose the details to the Feds and to the people whose records were compromised.

    The company should then be prevented to store any such records for the next decade. In addition the maximum of 250K should be automatically payable within 15 days to such people.

    Failure to pay the amount would result in jail time for the CEO and CTO.

    What am i talking? Laws are not made for logical reasons... laws are made in smoke filled backrooms where my senator can compromise my state's water rights for a few more air bases or National Guard bases....

  • by Weaselmancer (533834) on Saturday May 13, 2006 @12:36AM (#15323496)

    requires companies to inform federal law enforcement agencies if a database containing information on more than 10,000 citizens is infiltrated by hackers.

    If you have enough users, does "cat /etc/passwd" count?

  • Another law.... (Score:5, Interesting)

    by mikesd81 (518581) <mikesd1@ver[ ]n.net ['izo' in gap]> on Saturday May 13, 2006 @12:36AM (#15323497) Homepage
    That has great potential to do something..........then they get it backwards.

    Inform the gov't....why? It's the citizens put at risk when this happens. I want to know about it dammit. That's my information they lost.

    Furthermore, it allows federal law enforcement agencies to prevent companies from voluntarily disclosing information about breaches to the public, even if the companies are required to do so by state laws. What? Backwards I tell you.

    Don't mind my ranting demeanor. I've been on an ant-gov't rant since I listened to Michael Savage earlier.
  • by greenguy (162630)
    Senator Sensenbrenner (the same politician that sponsored the infamous Real ID Act)

    This is also the same guy whose immigration bill brought Latinos into the streets in unprecedented numbers to protest.

    That's some record this guy is racking up!
    • Would you expect any less from a Congressman is a lawyor, a right wing Republican, AND heir to the Kotex fortune? He also wants the Supreme Court to be overseen by Congress, one way that he urged to do this was by the creation of an "office of inspector general for the federal judiciary" to watch over the courts. Broadcast Music Inc. (BMI) must like what he is doing as their PAC was his top campaign contributor.
  • Old News ... (Score:2, Informative)

    by Anonymous Coward
    Data security bills have been kicking around for months now, and House Judiciary is actually running behind the pack. Senate Commerce moved a Smith bill (S. 1408) [gpo.gov]. Senate Judiciary moved bills authored by Chairman Specter (S. 1789) [gpo.gov] and Senator Sessions (S. 1326) [gpo.gov]. Representative Sterns introduced a bill, H.R. 4127 [gpo.gov], which was referred jointly to House Energy & Commerce and House Judiciary. Commerce voted it out, but Sensenbrenner has been sitting on it while working on his own bill.

    Every one of the abo
  • Although this bill requires disclosure to the government, it does not require companies to inform the victims of data theft.

    Of course not. If it did, it would be strongly opposed by the corporations, who everyone by now should know are the entities that are really in control of the government today.

    <sarcasm type="biting">
    Yes, this clearly is government of the people, by the people, and for the people. Makes me proud to be an American!1!!11!
    </sarcasm>

  • I wonder if ... (Score:4, Interesting)

    by MrNougat (927651) <`ckratsch' `at' `gmail.com'> on Saturday May 13, 2006 @12:47AM (#15323529)
    Is the telecom companies' (except Qwest!) disclosure of telephone call data to the NSA considered a 'data breach?' Would that have to be disclosed as well? Or would the president simply sign a set aside for that law so that the NSA could ignore it?

    Face it; it doesn't matter what laws are in place, the federal government can do whatever it wants. I'm actually to the point now where anytime I hear anyone associated with the government supporting A, or insisting that A is true, that I take it to mean that the government intends to do Not A or that Not A is true.

    I don't have a college degree, but I'm going to encourage my children strongly to get their own. Not so that they can get better jobs in the US - so that they can take up legal residence in Canada.
    • The telecoms are not prohibited from using, disclosing, or allowing access to customer information in order "to protect the rights or property of the carrier, or to protect users of those services and other carriers from fraudulent, abusive, or unlawful use of, or subscription to, such services;". This was a part of The Telecommunications Act of 1996. The NSA would just have to convince the telecoms that by giving it access to the call records, the companies would be protecting it's property and customers
      • grrr...that should be "their property"
      • "to protect the rights or property of the carrier, or to protect users of those services and other carriers from fraudulent, abusive, or unlawful use of, or subscription to, such services;"

        It's unfortunate that politics plays such a big role in determining whether the above is true for a given request. I expect that when that was written in 1996, more concrete evidence of threat was intended to be required.

        Now, it just depends on whether the person who makes the decision buys into the hype and fear-mongeri
  • by MikeRT (947531) on Saturday May 13, 2006 @12:53AM (#15323540) Homepage
    Congress passes laws all of the time that it has no constitutional authority to enact. The states should just flat out ignore these laws and go on their merry way. If the feds try anything, many states have more than enough law enforcement capabilities to overpower federal law enforcement and the loyalty of the guardsmen in the NG is going to be first and foremost with their families and communities.

    The states need to start knocking the feds down a few notches on the totem poll through things like not taking mandates, arresting DEA agents on capital murder charges for killing people in no-knock raids and things like that.
    • Some open rebellion period would be nice. I'm a firm believer in power structures being a two-way street, i.e. that it can only be given up, not really taken away, though there are so many open arms to those who would give it. What really gives me the willies is that this will probably pass, and one more little nugget of freedom will be passed through the American intestinal system, into the toilet of government. Personally, I'm always hoping for a population leveling event. Sick? Maybe, but I think it
    • Werd, however you know that the NSA is on your ass dude! hehe but seriously, think about how much money the government wastes on bullshit (aka $1 trillion war). Each state would be better off on it's own, or perhaps with a weak federal government.

      Divided we stand, better!
  • by Zadaz (950521) on Saturday May 13, 2006 @01:04AM (#15323567)
    Time to get a job with the Feds. They can't possibly have enough people on staff to respond to/enforce all of these laws. Just think how many people it takes to go through those tens of millions of phone calls from the hundreds of thousands of terrorists in the US.

    Seriously though, it's a shame they'd override the states rights. The only reason most data thefts see the light of day nationally is a California law that makes them do it. If you live in California, the company is required to notify the effected people that their data was mishandled.

    If they want to encourage tighter security, seems like bad PR for a whole company is at least as effective as sending some dork to Federal PMITA prison.

    I haven't looked up the numbers but I'd bet the penalty for having a stolen database would be worse than actually stealing one.

  • Hey, this could be a good thing. They're probably just making sure that everyone is protected. I mean, why do we need to know? We are the government!
  • Why not? (Score:3, Insightful)

    by PingXao (153057) on Saturday May 13, 2006 @01:43AM (#15323656)
    There are already many laws on the books that basically say to the people: you don't have any right to know about (fill_in_the_blank). What's one more? Want to know why you're on a do not fly list? Sorry, can't tell you that. Want your congressman to investigate exactly how far the president's seceret domestic program goes? Sorry, you're not allowed to know that. Want to know why gubmint investigators are snooping around your life? Sorry, can't tell you that. Want to know what crime they are going to charge you with? Sorry, that's none of your business. Want to know why the feel the Constitution doesn't apply anymore? Sorry, none of your business. Want to know exactly who they consider a terrarist? Sorry, you don't need to know that. Want to know if the gubmint has broken into your home looking to plant evidence against you? Sorry, you don't have a right to that information.

    Well fuck that. If Americans are willing to cede so much control to the gubmint and don't give a damn enough to see to it that the people who say "trust us" can actually be trustes then they deserve every single damn thing that happens to them, and I count myself among them, unfortunately. Democracy and freedom. Government of the people, for the people and BY the people. It was nice while it lasted. Now, back to a century or 2 of tyrrany I guess.
    • If Americans are willing to cede so much control to the gubmint and don't give a damn enough to see to it that the people who say "trust us" can actually be trustes then they deserve every single damn thing that happens to them

      While the underinformed, apathetic voter is truely an epidemic in this country; the simple fact is at this point it doesn't matter. Even when people DO care, one way or another, whether its by free speech zone or supreme court decision; the powers that be will do what they must t
  • This law could potentially allow companies to circumvent and undermine state laws designed to protect consumers from identity theft.

    I thought Republicans believed in state's rights. Silly me.
  • by MrZubi (553989)
    All the government needs now is some hackers.
  • by D4C5CE (578304) on Saturday May 13, 2006 @03:48AM (#15323887)
    Assuming and abusing someone else's identity to burden the victim with the cost and complaints stemming from the perpetrators actions... this is the activity which should clearly be crime, severely and thoroughly prosecuted and punished by sufficiently qualified (i.e. computer-literate) authorities.

    If this means jail time for the "top" several hundred spammers and scammers on counts of identity theft alone, this is only welcome [spamhaus.org] - and actually at least a decade late!

    Crime is best fought by apprehending the criminals, not by gag orders on the organisations who happen to have held enabling information in an insecure manner - which would make it even harder for the individuals affected to show they are completely innocent victims rather than crooks.

  • The biggest problem that I have with federal legislation is that it usually falls short of providing real protection to victims. Big business lobbies Congress to pre-empt existing state laws, such as California's, which do require notification of potential victims. So much for the Republican rhetoric about Federalism (state rights--look it up). This is one place I don't want to see interference from the current Congress.
  • ...are they going to protect us from the secret gov't data collection, done without notice or warrants?
  • "...requires companies to inform federal law enforcement agencies if a database containing information on more than 10,000 citizens is infiltrated by hackers."

    I've been hearing recently of the possibility that a huge hacking organization will be hacking into every database and monitoring customers continuously. I think the group is called something like the NSA or CIA or something. But they use some kind of social-engineering attack by repeatedly entering "terrorism" as the password.
  • "...requires companies to inform federal law enforcement agencies if a database containing information on more than 10,000 citizens is infiltrated by hackers .."

    What about _government_ databases that get comprimised? I think the public should be informed whenever one of those get "infiltrated by hackers", especially since the public is the government's primary paying customer.
  • I wish Americans were allowed to know when there was a breach of their privacy by the government for "terrorism" without having to be notified by reporters.

    Maybe a note "Hey, we are wiretapping everyone and recording who you call for data mining"

  • Sounded like a good idea from the first sentence or so. And then in typical congressional style, the more you read of the bill the less you like it. Makes you wonder if that's how the bills are written... starting out with a good noble cause, and being slowly, thoroughly perverted by the special interest groups until it's a seething pile of trash to be voted upon.
  • Well, after RTFB, I've changed my mind about this *slightly*.

    The bill says, in effect, that if any state laws that require public notification might hinder a federal investigation, then the notification would be suspended for 30 days or until it is deemed not to be an impediment to investigation. Of course, such an investgation could drag on for several months or years before the federal investigators deem it safe to notify the public.

    Otherwise, I'd say that the bill is, in sp
  • There's probably enough money between all of us to buy a nice cruise ship, sail into international waters, and make our own good laws! The perfect, sensible country.

    What do you guys say? Someone start the wiki to start planning this.
  • So Sensenbrenner requires corporations to disclose ID leaks to the government - that's to Sensenbrenner. He also requires every American to have a government ID, which can be leaked. Sounds like Sensenbrenner is building his own database to exploit, maybe when he retires, or just runs for reelection again - paid for by bribes from corporate ID leakers.
  • How do you know that a breach occurred? OK, in a few cases there are system logs, but there are bazillions of compromized Windoze machines out there, leaking information all the time. Does every crapware infestation found by Spybot S&D count as a data breach? It probably should.
  • This law could potentially allow companies to circumvent and undermine state laws designed to protect consumers from identity theft. Speaking as someone who works in the security field, this is one of the most ill conceived bills imaginable. Most network management organizations are stretched thin, constantly being beaten up over outages and in no mood to take on additional work. Companies have to have strong economic or criminal penalties to offset this situation or it will not change. The ONLY reason

When the weight of the paperwork equals the weight of the plane, the plane will fly. -- Donald Douglas

Working...