In theory, organizations such as the FTC exist to protect American citizens. In practice, all too often, these organizations are much more accountable to the companies they are supposed to regulate than the citizens whose rights they protect. Last week, the FTC announced an agreement with Equifax, in which the stolen people, that is everyone in the United States, were entitled to $ 125 compensation. Given the scale and importance of the data Equifax has been able to steal, one might think that this type of minimal compensation would be the less the company could offer, since it has leaked social security numbers, addresses, phone numbers, birth dates and names.
Now, however, the FTC has changed its tone. Too many people have registered for the $ 125 settlement. According to the proposed settlement structure, only $ 31 million has been set aside to provide these repayments. That's $ 125 for 248,000 people. Equifax hacking affected 147 million people. In other words, according to the FTC, only 0.16% of Americans would ask for $ 125. Our government is now asking its own citizens to accept a virtually worthless free credit watch (which literally costs nothing to provide to Equifax) rather than asking for a small cash settlement in exchange for one. the most glaring database thefts of all time.
The new blog of the FTC is title "Equifax data breach: choose monitoring of free credit reports." Robert Schoshinski, deputy director of the Privacy and Identity Protection Division, writes:
The monitoring of free credit is worth a lot more – the market value would be several hundred dollars a year. And this monitoring service is probably stronger and more useful than anyone you already have because it monitors your credit report with the three credit reporting agencies nationwide and offers credit card services. Identity theft and individualized identity restoration of up to $ 1 million.
The FTC blog does not not It should be noted that the only reason the volume of money for refunds is so small is that the agreement between the FTC and Equifax allocates only $ 31 million to the relevant fund. Although the agreement with Equifax provided up to $ 425 million in assistance to victims of the offense, the overwhelming majority of the money is allocated to. other purposes. It's treated separately Press release. The government also do not note that under the terms of the agreement, it will be extremely difficult for anyone to prove that identity theft is related to the theft of the Equifax database, as this database has never been detected for sale on a hacking site. This implies that he was stolen by a state actor rather than by a conventional hacker.
Hurray. R0ckH4rd69Lvr does not have your data; Russia or China probably. It's much better.
Most financial websites do not subscribe to the FTC's assertion that free credit monitoring is worth "a lot more." To quote Levar Burton, "You do not have to take my word for it." Here is a sample of quotes and links on the subject:
NerdWallet: "NerdWallet recommends avoiding such offers from credit bureaus."
US News & World Report: "This is useful if you are a victim of identity theft, but its value is rather narrow."
CNBC: "Credit monitoring services may not be worth the cost"
CNN Money: "Most of what these products provide, you can do it yourself, for free".
LendingTree: "Paid credit monitoring services do not necessarily control your reports better than a free service."
The Attorney General of Maryland, Brian Frosh, summed up the spirit of the problem much better in his comments on the settlement last week. Speaking of some 147 million victims of Equifax hacking, I noted, "Most of them – most of us – did not register … We did not choose Equifax," said Frosh. "He chose us. He collected our personal information, compiled it, analyzed it and sold the product and some of the raw data to other people. Their imprudence with our personal data may cause harm to millions of Americans. "
Slate's argument, advanced last week, was that customers had a moral obligation claim this funding, send a message to Equifax and other companies about the critical importance of data security and hold them responsible for failing to do so. No one chooses to do business with Equifax, TransUnion or Experian. These institutions establish financial records and credit reports on Americans without consent, in order to provide aggregate information about their credit history. There is no way to voluntarily withdraw from the system and solvency checks are so important to so many life events that there would be little practical solution for the wealthiest Americans to do so. .
Cambridge Analytica was fined $ 5 billion for Facebook, but Equifax was fined $ 671 million. According to the FTC, this was a deliberate decision to protect Equifax. "We want to make sure we do not bankrupt or shut down the company," Maneesha Mithal, data and privacy expert at the FTC. said Ars Technica "We want to make sure that they have the funds and resources necessary to protect consumers in the future."
Yes Because nothing says how important it is to protect consumers as a slap when a company loses the data of 147 million Americans. Nothing fosters trust, as the FTC publishes a shameful and scathing blog stating the value of worthless surveillance services that the company fined can be provided without charge.
Details on how to object to the settlement, if you wish, are available in the FAQ on the EquifaxBreachSettlement page. You can not ask the court to change the rules, but you can argue for approval or refusal. A payment of $ 125 for a few million Americans was already serious enough, but the government's behavior in this case, not to mention the terms of the regulation itself, is insulting.
The US Customs and Border Protection (CBP) has confirmed that a data breach has updated the personal information of travelers entering and leaving the United States. The data would include photos and travel documents, but the real problem is that the data was not stored on a CBP network. The agency points to an anonymous vendor who has copied CBP data to his network where he was later stolen.
According to CBP, he was informed of the breach at the end of May. The agency, charged with ensuring border and customs security, said his network was not the target of the attack. The unnamed contractor would have transferred the data to its own network, in violation of CBP rules. Although someone at CBP has granted the company sufficient access to allow it to exfiltrate an unknown amount of sensitive data. CBP's hands are not clean in this respect. Civil liberties groups blame CBP for the collection and retention of data.
It is difficult to know exactly what has been disclosed and how many travelers are affected because of the nature of the violation. Until now, CBP has only indicated that it includes photos, passport / visa images and license plate images. This could be millions of people, including US citizens and foreign nationals. On the other hand, the subcontractor may have copied only a small amount of data without authorization.
CBP has not yet named the subcontractor, but the document describing the attack bears the name "Perceptics" in the title. This company claims to supply all license plate readers used at US borders. The photos in question are most likely those taken by border patrols when checking documents. Other reports indicate that airport operations have not been affected, suggesting that the data is limited to level crossings. Recent media reports have claimed that data stolen from Perceptics is available at various places on the dark Web. We do not know yet if these events are related, but it seems to be a safe bet.
Border Patrols have been working on a facial recognition system that has been strongly criticized for its accuracy and usefulness, but there is no evidence that Perceptics has any connection to this system. However, if you want to create a facial recognition database, a photo cache associated with government-issued IDs, such as a passport, would be a perfect set of data.
Top Photo Credit: US Customs and Border Patrol
According to a report in the The Federal Trade Commission (FTC) is currently investigating Facebook and is investigating whether the founder and CEO of Facebook should be held responsible for the data processing and privacy issues of the company.
Facebook and the FTC have been discussing for over a year the agency 's investigation of the company. Sources close to these discussions say the FTC is considering an unusual decision to hold Zuckerberg accountable for leaks and violations.
The FTC does not routinely charge executives to impose penalties or other penalties for the wrongful acts of a company. However, according to some critics, the federal government could try to give the example of Zuckerberg and send a message to the other inhabitants of Silicon Valley.
High lawmakers who spoke to the Publish seem to come back holding Zuckerberg responsible.
"Zuckerberg was not only aware of the invasion of consumer privacy by Facebook, I approved it and I publicly downplayed the legitimate concerns," he said. Sen. Richard Blumenthal. "Holding Mark Zuckerberg and other Facebook executives personally responsible and responsible for new acts of conduct would send a powerful message to business leaders across the country: you will pay a heavy price to circumvent the law and mislead consumers."
The FTC in March 2018 she had opened an investigation into the social network as a result of the Scandal Cambridge Analytica. The Cambridge Analytica revelations have shown that data belonging to 87 million Facebook users were "incorrectly shared" with a political company.
Facebook's data and privacy issues have not improved as a result of the revelation of the Cambrige Analytica breach. Earlier this year, the largest social networking platform in the world was breaking Apple's policies to: collect data from teenagers. A new report this month revealed that Facebook exposed Millions of Instagram user passwords by storing them in plain text.
The Publish reports obtained from the FTC show that the agency had previously considered hitting Zuckerberg with targets for future privacy breaches on Facebook under a 2011 deal with the company. However, the FTC did not follow it at that time.
"It's a mistake on my part and I'm sorry," Zuckerberg told the House Committee on Energy and Trade at a meeting. following the data breach of Cambridge Analytica in 2018. "I launched Facebook, I run it and I'm responsible for what's going on here."
That the founder and CEO of Facebook does exactly what is personally responsible for the misdeeds of his company could eventually lead to another story. Maybe Zuckerberg might end up regretting those words.