Congress Proposes Data Breach Disclosure Bill 101
segphault writes "A new data breach disclosure bill proposed by Senator Sensenbrenner (the same politician that sponsored the infamous Real ID Act) requires companies to inform federal law enforcement agencies if a database containing information on more than 10,000 citizens is infiltrated by hackers. The punishments for failing to disclose information about data breaches to federal law enforcement agents under this new bill include jail time and massive fines. Although this bill requires disclosure to the government, it does not require companies to inform the victims of data theft. Furthermore, it allows federal law enforcement agencies to prevent companies from voluntarily disclosing information about breaches to the public, even if the companies are required to do so by state laws. This law could potentially allow companies to circumvent and undermine state laws designed to protect consumers from identity theft."
Authoritarianism (Score:4)
Consider this Ambulance [bbc.co.uk] Driver [abd.org.uk].
Re:Authoritarianism (Score:3, Interesting)
whereby THEY can know when you've been screwed by a database break-in, but are may forbid the database holder from telling YOU that this happened, even if there are state laws that mandate the database holder tell their clients when such a data theft has occurred.
Really old vs. less old vs. new Republicans (Score:2)
UK and US (Score:1)
Only in some places, they get away with more than in others.
Government is as Government does (Score:3, Interesting)
Re:Government is as Government does (Score:2)
Re:Government is as Government does (Score:2)
Don't you mean "Sieg heil"?
Re:Government is as Government does (Score:1)
From the summary: "Furthermore, it allows federal law enforcement agencies to prevent companies from voluntarily disclosing information about breaches to the public...."
They just put a gag order on the company whose database the NSA breached.
Re:Government is as Government does (Score:3, Insightful)
One begins to wonder just exactly who actually authored this bill...
Now look what you've done -- now I've got to get my tinfoil hat refitted!!
Re:Government is as Government does (Score:2, Insightful)
Re:Government is as Government does (Score:1)
From the summary: "Furthermore, it allows federal law enforcement agencies to prevent companies from voluntarily disclosing information about breaches to the public, even if the companies are required to do so by state laws."
Re:Government is as Government does-TOS (Score:2)
If it's all legal, how do you explain the $5 billion lawsuit filed against Verizon on Friday that uses the 1986 telecommunications act that gives consumers the right to sue for $1000 for each violation of their confidential records? It might be legal, and then again
Re:Government is as Government does (Score:1)
Student hacks (Score:4, Interesting)
not if 30% are foreigners (Score:2, Offtopic)
But we dont expect politians to have a brain cell bigger than a turtle.
Come on gen-xers, if your dad is a evil polly, tell him to get a clue.
Re:Student hacks (Score:2)
The changes in the laws effect the owner of the system which was hacked, not whoever hacked it.
Re:Student hacks (Score:2)
Great...oh wait... (Score:3, Insightful)
When I read this part of the summary:
The punishments for failing to disclose information about data breaches to federal law enforcement agents under this new bill include jail time and massive fines.
My first thought was, it's about damn time.
Then I realized that they probably weren't talking about the sort of "data breaches to federal law enforcement agents" I was thinking they were.
--MarkusQ
P.S. If you missed my insightful post on the "poll says people want the NSA to spy on them" story [slashdot.org] there's still time to check it out.
Federal vs State (Score:3, Interesting)
Re:Federal vs State (Score:1)
"Identity-Theft Disclosure Laws" [schneier.com]
(about half way down the page)
Promoted to Senator for Spewing Silly Ideas? (Score:3, Informative)
Representative Sensenbrenner (Score:3, Informative)
Keeping quiet isn't always bad (Score:2, Interesting)
>This law could potentially allow companies to circumvent and undermine state laws designed to protect consumers
> from identity theft.
Yeah. It could also give the FBI time to track down the perps before general knowledge of the crime taints the witness pool. It's a pretty common practice at the local level for news organizations to keep quiet about evidence for the same reason.
Re:Keeping quiet isn't always bad (Score:3, Insightful)
Re:Keeping quiet isn't always bad (Score:1)
The credit card companies don't care either way. They get paid no matter what, through higher rates and tax write offs. If they did care. credit card fraud would actually be difficult.
SK? (Score:2)
Steven King?
Super Kmart?
Saskatchewan?
Scandanavia?
Hard to follow an example when you cannot follow the example, as it makes no sense. SK?
Um, no.... (Score:5, Insightful)
This government is getting way to nosy, IMHO. I don't care what the reason is, I'm sick and fucking tired of being saved from myself. Let me smoke my cigarette in my bar, and masturbate the Islamic terrorist porno, leave me ALONE.
Hey old white bastards, how about a law that requires me to be informed when my companies data has been hacked? Or better yet, why don't you worry about things like maintaining roads. Why is it that the NSA knows what sort of hemorrhoid creme I prefer, and when my girlfriend's periods are, but I can't drive down I-20 for more than 3 hours without needing a new wheel alignment for my car?
How about a fucking law that says I get to be informed every single time my personal information is accessed by the government? Every time I turn on the news I seem to be reading about how the Department of Homeland Security is making sure I'm following the latest terror alerts and that I'm not cooperating with al-Qaida via Xbox Live. I mean, Jesus, what the hell.
Even better, the slashdot summary makes it sound like they can circumvent state legislation. Um, my constitutional skills may be a little rusty, but I'm pretty sure that's what the 10th Amendment was all about.
While we're on the subject, what about the 9th Amendment? I'm pretty sure that that one said that we have rights that may not be explicitly mentioned in the Bill of Rights, and thus, we reserve those rights. It seems like America is serving up it's rights like a Shoney's smorgasbord. It's like 8.99 all-you-can-give-away at the Patriot Act Red Lobster. Jesus.
Douglas Adams once said (forgive my horrible paraphrasing, as I don't have my copy of Salmon of Doubt with me) that Australians often say "We're the last place left mate," and it made him nervous because of the confidence with which he said it. Makes me wanna see if they're right, cuz quite frankly I'm sick of this place. It's not just the politicians, it's the people. How can my vote count if I realize for every vote I cast with some knowledge of the issues, there's fifty people are are being exploited by like-minded zealots whose sole purpose is to acquire power, and seek to retain that power.
Madison, in Federalist 9 & 10, argued that mutual self-intrest will keep the 'factions' in line, draw them towards a central, middle ground, and thus make decisions that are best for everyone. The problem seems to be that no all 'factions' are allowed into the game. At this point, I've got to request that I be allowed to collect my chips and move to another table, cuz I think I'm getting screwed, and all I see is more Dick coming. ~a
Feels great to know the history you're already (Score:2)
I'm going to assume, for my own personal sake, that this is not a unique situation for us, and that others have felt the same during prior portions of history.
I only hope the damage is reversable without a dramatic loss of life.
Re:Feels great to know the history you're already (Score:3, Insightful)
Re:Feels great to know the history you're already (Score:3, Insightful)
Not only that, but I was a cog in the machine for a few years, so I know how it works. It really doesn't matter how I try to explain it, nor is it really a big deal of course, but I do have intimate knowledge of the laws and policies that some of these issues are governed by, or at least were governed by at some point in history.
I've said for many years that I do not vote for the simple reason that the voters have been
Re:Feels great to know the history you're already (Score:2)
This raises a quite interesting train of thought about the nature of choices. In order to effectively 'dissappea
The last place left (Score:3, Interesting)
Australia is nice, but it's far from being the "last place left." To pick just one example a tad closer to home, three of the last presidents of Costa Rica are in prison at this very moment.
"Why?" you might ask. "Do they have particularly crooked politicians down there?"
No, not really. Their politicians aren't much different that politicians anywhere. The difference is, they have a rather odd custom regarding the laws. When their politicians break the law they investigate, arrest, try, and eventua
Re:The last place left (Score:1)
Some things to be aware of... (Score:3, Interesting)
Before you go, you should know a few things about the place:
Re:Some things to be aware of... (Score:1)
Re:Some things to be aware of... (Score:1)
"# They have no army, but a large fraction of the citizens carry guns.
# The people are generally extremely nice, and very polite"
I suspect some relation between these two facts.
There we go, much better.
Re:Some things to be aware of... (Score:2)
Yup. Because Costa Ricans are nicer and more polite than Amercians, they can actually handle the responsibility of carrying guns.
Re:Um, no.... (Score:2)
Hear bloody freakin' hear!! if we had such a law, it just might frighten some sense into the average citizen, and get them to realise that in Soviet Russia, they were no more spied upon than we are -- by our own respective governments.
Someone once said that the true definition of totalitarianism is that your every move is tracked in SOME way, however trivial or seemingly innocuous
Re:Um, no.... (Score:2)
Re:Um, no.... (Score:2)
And any time one of the OTHER sheep might get picked for slaughter, everyone keeps their head down and tries to avoid notice. Nothing pleases the wolf more than not having to work for his dinner.
Take airline hijackings... It always amazes me that a couple guys with box cutters could intimidate a planeful of grown men with fists, and women with slugger-grade purses (not to mention the deck'em value of a high-heel spike in the temple). -- IMO
Re:Um, no.... (Score:2, Insightful)
Let me smoke my cigarette in my bar
don't flatter yourself. laws that disallow indoor smoking have nothing to do with saving you from yourself. is has to do with saving other people from you. it's about second hand smoke.
Re:Um, no.... (Score:2)
I wholeheartedly recant and apologise for my remarks, Mr Vice President.
Supremacy clause (Score:1)
This is pretty clearly regulation of interstate commerce [wikipedia.org] -- and thus very much constitutional, so the 10th amendment does not apply. If it is constitutional, it trumps state law because of the Supremacy clause [wikipedia.org].
(FWIW, I agree with your first four paragraphs.)
LandruBek
What about gov computers? (Score:2, Insightful)
The Department of Homeland Security, which is charged with setting the government's cyber security agenda, earned a grade of F for the third straight year from the House Government Reform Committee. Other agencies whose failing marks went unchange
Re:What about gov computers? (Score:2)
Highly unlikely. After all, telling us about it would would, in itself, be a breach of security, right?
Will the public be informed?
Probably not.
Who will get the fine or jail time when a computer breach occurs on government computer systems and no one reports it?
Well, I don't know about fines or prison terms but I'm sure a few administrators might get passed over for promotion.
Maybe this is to help fight the war on terrorism?
H
Hooray for unfunded mandates! (Score:4, Insightful)
If they want to secure this information, either make it all illegal to use and hold in insecure ways (like on a networked computer), or fund a method of secure use of this information. Punishing the innevitable breach of security in the marketplace after the fact won't change the fact that such breaches are innevitable, and I very much doubt such punishments will improve this particular marketplace.
Ryan Fenton
change the requirements... (Score:4, Insightful)
That way breached don;t affect me.
Any concern that stores even a single record about anyone who is not an employee should be forced to disclose the details to the Feds and to the people whose records were compromised.
The company should then be prevented to store any such records for the next decade. In addition the maximum of 250K should be automatically payable within 15 days to such people.
Failure to pay the amount would result in jail time for the CEO and CTO.
What am i talking? Laws are not made for logical reasons... laws are made in smoke filled backrooms where my senator can compromise my state's water rights for a few more air bases or National Guard bases....
Ok, but could you be a little more vague? (Score:4, Insightful)
requires companies to inform federal law enforcement agencies if a database containing information on more than 10,000 citizens is infiltrated by hackers.
If you have enough users, does "cat /etc/passwd" count?
Another law.... (Score:5, Interesting)
Inform the gov't....why? It's the citizens put at risk when this happens. I want to know about it dammit. That's my information they lost.
Furthermore, it allows federal law enforcement agencies to prevent companies from voluntarily disclosing information about breaches to the public, even if the companies are required to do so by state laws. What? Backwards I tell you.
Don't mind my ranting demeanor. I've been on an ant-gov't rant since I listened to Michael Savage earlier.
Rep. Senselessbrenner (Score:2, Interesting)
This is also the same guy whose immigration bill brought Latinos into the streets in unprecedented numbers to protest.
That's some record this guy is racking up!
Re:Rep. Senselessbrenner (Score:2)
Re:Rep. Senselessbrenner (Score:2)
Old News ... (Score:2, Informative)
Every one of the abo
Tell the people? Oh, no, of course not... (Score:1)
Of course not. If it did, it would be strongly opposed by the corporations, who everyone by now should know are the entities that are really in control of the government today.
<sarcasm type="biting">
Yes, this clearly is government of the people, by the people, and for the people. Makes me proud to be an American!1!!11!
</sarcasm>
I wonder if ... (Score:4, Interesting)
Face it; it doesn't matter what laws are in place, the federal government can do whatever it wants. I'm actually to the point now where anytime I hear anyone associated with the government supporting A, or insisting that A is true, that I take it to mean that the government intends to do Not A or that Not A is true.
I don't have a college degree, but I'm going to encourage my children strongly to get their own. Not so that they can get better jobs in the US - so that they can take up legal residence in Canada.
Re:I wonder if ... (Score:1)
Re:I wonder if ... (Score:1)
Re:I wonder if ... (Score:2)
It's unfortunate that politics plays such a big role in determining whether the above is true for a given request. I expect that when that was written in 1996, more concrete evidence of threat was intended to be required.
Now, it just depends on whether the person who makes the decision buys into the hype and fear-mongeri
Comment removed (Score:5, Interesting)
Re:We need some open state rebellion (Score:1)
Re:We need some open state rebellion (Score:1)
Divided we stand, better!
Please explain (Score:2)
Can someone please explain how taking the vote for senators out of the hands of people and placing it in the state government will help things? My mind is open on this one. Not slamming the idea, just not understanding how it will help anything.
Time to get a new job (Score:3, Insightful)
Seriously though, it's a shame they'd override the states rights. The only reason most data thefts see the light of day nationally is a California law that makes them do it. If you live in California, the company is required to notify the effected people that their data was mishandled.
If they want to encourage tighter security, seems like bad PR for a whole company is at least as effective as sending some dork to Federal PMITA prison.
I haven't looked up the numbers but I'd bet the penalty for having a stolen database would be worse than actually stealing one.
Alright, it's not funny anymore you guys! (Score:1)
Why not? (Score:3, Insightful)
Well fuck that. If Americans are willing to cede so much control to the gubmint and don't give a damn enough to see to it that the people who say "trust us" can actually be trustes then they deserve every single damn thing that happens to them, and I count myself among them, unfortunately. Democracy and freedom. Government of the people, for the people and BY the people. It was nice while it lasted. Now, back to a century or 2 of tyrrany I guess.
Re:Why not? (Score:2)
While the underinformed, apathetic voter is truely an epidemic in this country; the simple fact is at this point it doesn't matter. Even when people DO care, one way or another, whether its by free speech zone or supreme court decision; the powers that be will do what they must t
Now wait a minute here . . . (Score:2, Interesting)
I thought Republicans believed in state's rights. Silly me.
great (Score:1)
Punishing the "right" wrongs: ID theft for a start (Score:4, Insightful)
If this means jail time for the "top" several hundred spammers and scammers on counts of identity theft alone, this is only welcome [spamhaus.org] - and actually at least a decade late!
Crime is best fought by apprehending the criminals, not by gag orders on the organisations who happen to have held enabling information in an insecure manner - which would make it even harder for the individuals affected to show they are completely innocent victims rather than crooks.
federal legislation falls short (Score:2)
But when... (Score:1)
News of large hacking group attempting this (Score:1)
I've been hearing recently of the possibility that a huge hacking organization will be hacking into every database and monitoring customers continuously. I think the group is called something like the NSA or CIA or something. But they use some kind of social-engineering attack by repeatedly entering "terrorism" as the password.
Only companies? (Score:2)
What about _government_ databases that get comprimised? I think the public should be informed whenever one of those get "infiltrated by hackers", especially since the public is the government's primary paying customer.
Wish they would follow this (Score:2)
Maybe a note "Hey, we are wiretapping everyone and recording who you call for data mining"
Started good... (Score:2)
Bill keeps public in dark for only 30 days (Score:1)
The bill says, in effect, that if any state laws that require public notification might hinder a federal investigation, then the notification would be suspended for 30 days or until it is deemed not to be an impediment to investigation. Of course, such an investgation could drag on for several months or years before the federal investigators deem it safe to notify the public.
Otherwise, I'd say that the bill is, in sp
Re:Why prevent companies from informing victoms??? (Score:1)
Ugh, Let's Start Our Own Country, Slashdot (Score:2)
What do you guys say? Someone start the wiki to start planning this.
Mine, All Data Mine (Score:2)
How do you know? (Score:2)
Stupid, Stupid, Stupid (Score:1)