
Obama to beef up laws on privacy and data breaches - escapologybb
http://www.bbc.co.uk/news/technology-30779848
======
tempodox
> _One will require companies to let customers know within 30 days if their
> personal information went astray in a data breach._

What, we will know when the NSA grabbed our data, then? Too good to be true...

~~~
rayiner
The law is aimed at commercial loss and identity theft stemming from data
breaches. Whatever you think of the NSA, there's not a high risk its going to
start selling data it collects on the black market for use in identity theft.

~~~
swombat
_Whatever you think of the NSA, there 's not a high risk its going to start
selling data it collects on the black market for use in identity theft._

That's a big assumption considering you're talking about an agency which
openly flaunts the law or lobbies it out of existence as needed (thereby
showing very little respect for the rule of law) and whose individual agents
have shown very variable levels of judgement in the use of those systems (e.g.
the LOVEINT stuff).

On the contrary, I think that once that data is in the possession of a large
amorphous non-accountable organisation with relatively few checks and
balances, it is inevitable that said data will end up on the black market. Why
wouldn't it? There's money to be made.

~~~
rayiner
This sort of slippery slope argument is precisely why I'm so anal-retentive
about pointing out that the NSA programs that have been revealed thus far seem
designed with a careful attention to toeing the line of various well-
established legal precedents. You may not like Smith v. Maryland, but there's
a big difference between the NSA following an interpretation of the law you
don't like, and flouting the law entirely. And that difference is wholly
salient to the question of whether the NSA would engage in conduct that's
obviously illegal, such as selling private information on the black market.

~~~
swombat
Let me quote from today's article by Cory Doctorow: (
[http://boingboing.net/2015/01/13/what-david-cameron-just-
pro...](http://boingboing.net/2015/01/13/what-david-cameron-just-propos.html)
)

> _If your Whatsapp or Google Hangouts has a deliberately introduced flaw in
> it, then foreign spies, criminals, crooked police (like those who fed
> sensitive information to the tabloids who were implicated in the hacking
> scandal -- and like the high-level police who secretly worked for organised
> crime for years), and criminals will eventually discover this
> vulnerability._

The police, the NSA, etc, cannot be trusted not to misuse information which
they obtain. In fact, you can quite reliably trust them to misuse that
information, if history is any guide (and it is).

Whether the misuse will include actually boldly grabbing some private
information that's currently valuable and selling it on Evolution or Silkroute
3 or whatever, is a purely academic question. If the information is on NSA
servers, and is valuable, and someone at the NSA knows about it, it probably
will be misused in some way.

~~~
tptacek
If your Whatsapp or Google Hangouts has an embedded elliptic curve public key
in it, will criminals eventually discover the private key? Are we using an
especially generous definition of "eventually"?

------
maerF0x0
This is the grand dichotomy of government ethics. Its ok to enforce rules on
others, but not themselves. They uphold neither privacy, nor attack data
breaches from the NSA, for example.

------
coldcode
Obama isn't able to beef up much with Congress voting on the laws first. That
might prove difficult given the current makeup of Congress.

~~~
icehawk219
The cynic in me thinks that's the entire point. Things like this an the free
community college are great but he has to be going into it with confidence
that it'll never happen under the current climate. For the community college
proposal I'd go so far as to say it can't work in America at all because
American's don't care about each other enough to support something like that.
But now that he's at the second half of his second term he can at least
propose these things and go out saying "I tried ...".

~~~
jarin
I'm not so sure that Americans don't care enough about each other to support
the community college proposal. I haven't really heard any opposition to it
from any of my friends or acquaintances. In fact, it's actually quite
difficult to argue against. The GOP-controlled Congress is going to have a
pretty hard time building support for opposition to the proposal, although I'm
sure they'll figure out some way to do it.

~~~
icehawk219
Comments sections on some sites have had the regular "way to waste money ..."
types of comments but that's hardly indicative of the nation as a whole. The
reason I believe it will run up against a lot of opposition is because every
year when my town sends out the breakdown of how taxes were spent I can't
count the number of people I hear whining about school taxes already. "I don't
have any kids in school so why the hell should I have to pay for it!?" is a
VERY common theme in my area. Maybe it's not as common everywhere, this is a
big diverse place after all, but it's common enough that some places have
started to implement charter schools as a response to it.

The best argument I've heard, that I agree with in a way, is that we should
first focus on fixing our broken pre-college school system. I don't see why we
couldn't do both at the same time but if we're forced to pick one or the other
I'd agree that that is probably of greater importance. Though that's a
separate debate :)

~~~
innguest
Yeah, I don't see why you folks couldn't fix both the school and the college
system at the same time. You should be free to fix your problems in any order
you want.

Just remember that I don't have kids in school nor in college, and taking my
money to pay for more unfireable teachers is not "fixing".

------
bsimpson
> Obama to beef up laws on privacy and data breaches

I hate headlines like this. The President is a figurehead. He can't really do
anything (shy of directing federal agencies not to enforce certain laws)
without Congressional action.

~~~
diminoten
Executive orders beg to differ.

Admittedly, the next guy can just come in and get rid of those orders, but
it's not like he can't do _anything_.

It's also powerful if the President says, "All federal agencies are no longer
allowed to use Google or Microsoft until they comply with these new privacy
standards."

------
Dirlewanger
More placebos.

>Another will attempt to give people more control over what can be done with
the data companies gather about them.

Key word is attempt. One can be sure Google and friends will be lobbying hard
for no such control, and if something does perchance pass, it won't be for
years whatever it is is implemented and will be purposely difficult to reach.

------
Arnor
This conversation is important. It's a bit disappointing that we see
legislation instead of dialogue. The initiatives here sound kind of knee-jerk
and rather difficult to enforce.

Companies should be held accountable for the data they collect and how it is
used. Most TOS are unconscionable. I'm sure some of the folks here read the
entire TOS of every web service they use, but I've never met a person in real
life who does. I think a framework for TOS that is basically just a check box
"Do you collect: A, B, C" "Do you distribute: X, Y, Z" could be really useful.
There could be some pretty cool strategies between web sites and browsers to
help users determine what the site is doing and whether they want to proceed.

This is a time for a dialogue that builds a working framework, not a burst of
legislation that pacifies the public and accomplishes at best a couple of
short term goals.

~~~
dragonwriter
> It's a bit disappointing that we see legislation instead of dialogue.

Legislative _proposals_ are part of dialogue. You can talk all day about
generalities and get nowhere, having specific proposals to discuss -- and
either criticize or propose alternatives to -- is what moves the dialogue
forward.

~~~
Arnor
It can, but I don't think these will. It looks like this dialogue is already
framed in "regulation vs no regulation" without much depth. I think that a
long drawn-out discussion among professionals would be more effective (if
slower than) sound-byte politics.

~~~
dragonwriter
> It looks like this dialogue is already framed in "regulation vs no
> regulation" without much depth

If you read even the news articles on this particular proposal you'd see
that's not the case:

(1) There are people who are simply set against regulation, (2) There are
people who believe regulation is necessary, and favor the status quo of state-
by-state regulation without federal regulation, (3) There are people who
believe regulation is necessary, see value in federal regulation, but are
concerned that federal regulation may be counterproductive if it fails to be
as good as some of the existing state regulations and preempts them, (4) There
are people who believe regulation is necessary, but that patchwork state-by-
state regulation is itself counterproductive, so that it is important that
consistent regulation be adopted at the federal level.

And there are fairly sophisticated arguments for all those positions.

> I think that a long drawn-out discussion among professionals would be more
> effective (if slower than) sound-byte politics.

This proposal is one of the products of the decades-long drawn-out discussion
among professionals (and others) that have been going on about this issue
(which has intensified in the last 1-2 decades with the growth of online
commerce, but started long before that.)

------
wtbob
The actual headline is more accurate: 'Barack Obama calls for stronger data
privacy laws' (at the time that I'm writing this it is 'Obama to beef up laws
on privacy and data breaches').

The President of the United States is not able to 'beef up' federal laws; he
can execute the ones that exist and call for new ones to be passed.

------
closetnerd
I'm quite certain that all my consumer rights are sufficiently protected by
the actual bill of rights.

Moreover, my concern is that these laws will give government even more
oversight into the management of user data, and therefore the data itself, in
order to enforce the laws.

~~~
Zikes
Yep, plenty of laws in place already.

It's the enforcing of those laws that's currently lacking, and I don't see
this fixing that at all.

------
returnofdjedi
Okay,guys,any solutions to the current scenario?

