
Equifax's failure calls for judicial dissolution - dingoonline
https://www.wired.com/story/equifax-deserves-the-corporate-death-penalty/
======
rdtsc
> a lawsuit in state court to dissolve a corporation

Couldn't they just re-incorporate the next day in another jurisdiction.

Or it implies that the state can force them to sell all the assets, lay off
all the workers, and return the money to creditors.

Well in either case, it is a nice fantasy. Doubt anything like that would
happen. Even worse, after nothing happens, everyone who deals with such data
will watch and learn a valuable lesson - "Don't bother with security or data
protection much, just hire a PR firm and wait for online news to cool down for
a month, then continue as usual".

Look at their stock
[https://finance.google.com/finance?q=NYSE:EFX](https://finance.google.com/finance?q=NYSE:EFX)
was $140, crashed to $100 then recovering, now at $110. Only 20% down or so.
And that's after losing SSN, names, addresses, etc for large chunk of the US
population.

~~~
Kadin
In most states, when a corporation is dissolved, there's a period of time for
creditors to submit claims, and then those claims are paid out, and then any
remaining assets are distributed to company owners (shareholders).

I don't think there's a good legal framework for forcing a company into
dissolution, because the normal path is for assets to be distributed to the
shareholders, and if the shareholders didn't _want_ do dissolve the company,
they could presumably take those assets and continue the company's operations.

I love the idea of a "corporate death penalty", but I am not sure how it would
work under extant law. Maybe some sort of special "bankruptcy with prejudice",
where a company would be prevented from reorganizing or restructuring such
that it would be forced to sell itself for scrap in order to pay off a class
action judgement? That might do the job.

It's really a shitty hack, though. The real solution is to make the
undesirable conduct illegal, and ramp up both penalties and enforcement.
Mostly enforcement, because the most effective way to deter criminality is to
increase the chances that someone will get caught; increasing the penalty
while still leaving the odds of getting caught low isn't nearly as compelling
a disincentive (due to human cognitive biases around probability, from what I
can tell).

The "corporate death penalty" is satisfying in the same way that the actual
death penalty is -- it's not really about deterrence, it's social catharsis
through ritualized violence. Which is fine, at least in the abstract; it's
something that all societies do if you look hard enough, and I tend to think
it's better to do it in the open. But it's a mistake to say that it's about
deterrence.

We know how to do deterrence; in the context of business misbehavior, there
are all sorts of profitable but illegal things that businesses _just don 't
do_, because there are regulatory and enforcement structures that make it a
Bad Idea. That's how you do deterrence, but it requires a political consensus
that the action really needs to stop.

Right now, I am not sure there is a political consensus that what Equifax did
was wrong and that a new enforcement structure is needed to prevent a re-
occurrence. There's perhaps an emerging popular consensus, but I am not sure
that our government is in tune with that popular consensus on an actionable
level yet. How to get Congress there is really the challenge.

~~~
bowlich
For a "corporate death penalty" why would the state need to concern itself
with the notion of shareholders to begin with? Loss of stake would merely be a
part of the penalty. There's certainly precedent outside of the US for
nationalization of corporate resources.

~~~
JumpCrisscross
> _There 's certainly precedent outside of the US for nationalization of
> corporate resources_

You can’t just take shareholders’ stuff because you don’t like what management
did. More directly, protecting property rights is a cornerstone to our multi-
century economic success.

~~~
bostik
But you can forbid any government body to do business with them. And you can
extend that by forbidding government bodies from doing business with any
companies that in turn do business with the particular bad egg.

In case of Equifax, that would probably amount to a public execution.

~~~
JumpCrisscross
That’s fine, and I think it should be encouraged. I also think they should be
fined, held liable for money damages in court, and that their executives
should be investigated with the potential of resulting in jail time. You have
to find ways to take the money from the company, however, not directly from
the shareholders.

------
larrysalibra
Holding officers of the company criminally & civilly liable seems like it
would go further to solving the problem. If the CEO was worried about going to
jail or being fined, he would have made sure the organization was a lot more
focused on protecting individual data.

------
ewanm89
1) US government should cancel all contracts with Equifax,

2) US government should demand a list of all effected SSNs

3) US government should use pre-breach tax data to issue replacement SSNs to
all affected and send Equifax the bill for doing this.

3) US governments should ask the courts to consider any use of a breached SSN
on any credit issued after breach date to not be enough evidence alone for any
credit recovery processing (basically nullifing any credit after the breach
for an affected SSN without the Banks being more careful with regards to
identity checks).

~~~
infogulch
Except for the first #3 (counting is hard) I agree with all of these.

I just don't think it's practical to reissue millions upon millions of SSNs.
We need a more permanent and secure system than SSN entirely.

------
pdimitar
Individual liability of all the shot-callers. When you have to worry about
jail and losing your yacht, you'd be more vigilant.

------
martin1975
well nearly 30 class action lawsuits have been filed against Equifax... If
they come out on the other side any other way but in a proverbial corporate
coffin, it would truly be a miracle.

The thing to look out for, and call me paranoid if you wish, is now to
"rectify" the problem, government or corporations (or both), now start to
demand rfid biochip implants as a reliable means of authentication..... or
transacting business.

It sure looked far fetched before the Equifax breach, now not so anymore.

~~~
JumpCrisscross
> _If they come out on the other side any other way but in a proverbial
> corporate coffin, it would truly be a miracle_

The stock market appears to disagree with you.

~~~
martin1975
For now.

