undefined | Better HN

0 pointsarduanika7y ago0 comments

C) Wipe out the stockholders

Sending some fall guy to jail is shooting the messenger. The message from the stockholders is: we don't care about security or privacy. The message the feds should send back to them is: well you should.

Conversely, no one's going to "rethink the core paradigms" without some money on the line.

0 comments

6 comments · 2 top-level

passive7y ago· 4 in thread

I think this is probably where this needs to go (prison time is interesting, but if we can't get it for financiers who profit off of crashing the economy, we'll never get it for ostensible negligence).

Establish standards for the value of stolen data. Something like the worst possible case. So for Equifax, which is potentially a gold mine for identity theft, fine them the average stolen identity cost (~$1300), for each of the 143 million records. 200 billion dollars (probably even 20 billion) seems it would be sufficient enough incentive to properly secure our data.

I also suspect we would need some kind of regular auditing, to ensure companies could afford a breach. Something like this would be a substantial drain on startups, as it would add another significant risk factor.

In the long run, what probably needs to happen is some kind of "data insurance", and we just expect that all companies working with our personal data carry it (or possibly even legislate that they carry it, similar to automobiles). It would make things easier for startups, who would pay much cheaper rates while their adoption was low, while also incentivizing them to limit their data collection to only what they needed.

Disclaimer: I work in the insurance industry, focused particularly on property insurance for disaster prone areas. Lately it feels like there are a lot of parallels between how personal data is stored these days, and Florida in the 90s.

txcwpalpha7y ago

Doing cybersec consulting, the majority of the clients I worked with already had data breach insurance. The funny thing is that such insurance actually just makes it easier for these companies to cheap out on actual security. What's better for the bottom line, paying $50 million for a strong security program (that will probably get hacked anyway), or pay $20 million for a good insurance policy that will just cover all our damages when we get hacked? (the actual path chosen is usually somewhere in the middle, but I hope you see my point)

saurik7y ago

If the insurance company had to pay out $20B, the plans would either cost a _lot_ or they would have tons of actually legitimate requirements with inspections (like you see with fire insurance of super expensive buildings: you don't get to just buy cheap fire insurance without having tons of procedures in place for mitigating fire).

1 more reply

icebraining7y ago

Equifax's market cap is $11B, so yeah, I'd say a $20B fine would get them to stop mishandling user data, as they'd go bankrupt.

TheCoelacanth7y ago

That sends a very loud message to shareholders of other companies: make sure that management is securing whatever data the company has or risk having your entire investment be wiped out.

mtgx7y ago

It's not particularly about security and privacy, but this would also be a step in that direction:

> Warren wants to eliminate the huge financial incentives that entice CEOs to flush cash out to shareholders rather than reinvest in businesses. She wants to curb corporations’ political activities. And for the biggest corporations, she’s proposing a dramatic step that would ensure workers and not just shareholders get a voice on big strategic decisions.

Warren hopes this will spur a return to greater corporate responsibility, and bring back some other aspects of the more egalitarian era of American capitalism post-World War II — more business investment, more meaningful career ladders for workers, more financial stability, and higher pay.

https://www.vox.com/2018/8/15/17683022/elizabeth-warren-acco...

More details here:

https://www.theguardian.com/commentisfree/2018/aug/18/capita...

j / k navigate · click thread line to collapse