Instead we let them get away with - no more than a handful of Canadians were affected - followed by - oops, yup lots of Canadians - followed by - holy heck, how many Canadians are there way up there?
We don't need to go along with this. Yet it never seems to get better.
Did you meet with them?
These things only get fixed when people speak up.
I met with my MP over the weaponization of autonomous systems. I've put a ton of work into understanding where all this is headed. I spoke up at the hearing on electoral reform about the cybersecurity risks of computerized elections, but I'm only one man. I've been able to get some things through, like pressuring the Liberal Government to put up more resources but political will lags public outcry. If you want something changed you can't just complain online in your little bubble.
 I was one of only two people that spoke up about it and it was added to the final report. The world is changeable. What it takes is showing up and pushing hard.
And yet I've only ever received token replies and seen zero change. No one I ever really wanted to vote in to a major seat has won. And Congress really can't see what's wrong with the Equifax breach on their own?
Fuck all of them. I've given up on our political system maintaining much more than panem et circenses.
I personally believe it is because politicians have to listen to voter blocks. Since American families and homeowners have fallen to record lows they have no consistent voter base from individuals anymore. Homeowners and Familiy's used to be the two biggest voting blocks. They no longer are; businesses are the only voters that will be guaranteed to stick around until the next election.
No. This is just factually incorrect.
American are moving at historically low levels.
Homeownership is certainly not at historic lows.
https://www.marketwatch.com/story/homeownership-rate-reaches... (data for 2017, 2018 is higher: https://www.census.gov/housing/hvs/data/index.html )
Note that I'm referring to policy, not rhetoric.
It's only harder in the US. You guys have ten times the people per representative which means political victory is governed by opinion polling and, unfortunately, monied advertising. Citizens United made it ten times worse.
From my vantage point in Toronto, it looks like action towards fixing the political system is the top priority right now. So many things are wrong that it's hard to figure out where to even start.
There will be a breaking point though. As demographics continue to change if the GOP continues to win despite losing the popular vote I can see some sort of general protest or riot forming.
The only place where citizens seem to have an impact is Switzerland where with enough signatures you can request a referendum. Good luck implementing that in other countries.
Somebody one day told me this little bit of wisdom:
In a dictatorship, the government wants you to shut the hell up but in a democracy they let you keep talking because they don't listen and do not give a single fuck about you.
The world's political systems are broken.
I for one do not bother to vote anymore and the cynicism transpires in my daily life where on many issues I find myself thinking that if nobody cares, why should I?
That's progress apparently.
Example: a slightly larger majority of my town than that wanted a slightly better deal of waste management, so they voted for a town-wide contract. Now I'm forced to pay for a recycling program that is so inconvenient I pay to use a different one anyway. Enough people (that it will probably happen) are now pushing for a measure to make it as convenient as it used to be, but raise taxes to pay for all the abuse that ruined things. I don't want better voting, I want the ability to opt out and be left alone.
That "works" in Switzerland because Switzerland is an entire country with a smaller population than New York City. Even then, it doesn't prevent pretty horrible laws from passing in Switzerland, because a majority of the electorate can be convinced to demonize a minority pretty easily.
Direct democracy like this doesn't scale up well at all, and we can look at California's proposition system to how that turns out at a larger scale.
The town hall comment jumps out to me. I have this sense that more local communication, or dare I say "organizing" -- not in a politically-specific sense but in a more general "community getting to know each other" sense -- is the way forward.
Has anyone ever participated in a town hall or other forum for communicating with fellow citizens that has gone well? I'm curious to know.
I actually did and ended up with a purely political answer blaming the difficulty of regulation and consumer-beware-ism. Even though in this particular case there really is no opportunity to beware - its either go with the banks that are all part of this or live on a commune singing about flowers -- and it is way too cold here in the winter for that!
Consider the comment only aimed at those that don't take action.
Politicians need better topic advisors that represent their average constituent.
Reducing the equation of politics down to mere financial stakeholders is how you get to the position the United States is in in the first place.
I get that we all like to laugh about those quaint ideals, but it truly SHOULD be the first thing on a politicians mind.
Also, EVERY Congressman has the option of retaining researchers who have the job of becoming experts on every topic imaginable. Never mind access to one of the most extensive libraries known to man. Expertise is easier to come by than you seem to think.
A Congressman being spoonfed information by lobbyists without having his/her own staff doing some digging and USING their powers to subpoena is a Congressman in sore need of replacing.
Nevermind that we don't bother enforcing statutes that make it a felony to lie before Congress.
It’s not sustainable for a population to continually apply political pressure on each and every issue. Particularly to lobby against well funded opponents.
The result of a system where we can’t trust elected officals is going to be a failing system. Voters will understand they’re being screwed but won’t understand the issues. So they’re end up voting for someone offering simple solutions, like Trump.
Source: Am American, moved to Canada, experienced this personally.
If we're so outraged and thus there's a market for it, why didn't banks start offering their own credit cards with guarantees not to share your data with any third parties?
Also, why should it be risky for someone to know your name, address, and social security number? Yes, I agree it is risky, but it shouldn't be. Those things are not me. They're not even secrets. Knowing those things should not give you superpowers.
Why? Why should it be the victims job to find and prosecute criminals?
Should victims also be responsible for breaking up monopolies? Or cleaning up oil spills? Or to keep hospital patient records private? How much time and money should victims be required to invest in lawsuits, to bring justice against illegal mistakes made by entities with thousands of people and million/billions of dollars?
Wouldn't it be better if we had government agencies draft and strictly enforce regulations to prevent this. Like say, an EPA for environment, or HIPAA for healthcare, or GDPR for consumer/business data?
For this specific case, I think energetically enforced regulation would be clearly better. But in general, I'm not so sure. The American system of "let people do what they want; if there's harm, they can sue" allows a lot more room for innovation than a system of up-front regulation.
I think the difference for me lies in the extent to which an issue is a) in a stable context, b) causes significant harm, and c) is unlikely to be fixed through market mechanisms or self regulation.
Here, since consumer privacy is basically an externality to these companies and the market is an oligopoly, I think stronger regulation is a pretty good bet. But in general I think private right of action is underappreciated. Especially class action suits, which aren't burdensome for most plaintiffs.
As a tiny example, look at phone calls. They used to be absurdly expensive. In college I remember having phone bills costing ~30 hours of (minimum-wage) labor. Now it would be hard to explain to an 18-year-old what a long-distance call even was. These days I have effectively unlimited calling from anywhere to anywhere via a handheld device that costs ~7 hours of (minimum-wage) labor/month, and I see lower-cost vendors that provide it for ~4 hours/month.
If we had taken a regulation-first approach, where each new service had to get regulatory approval, I could imagine us still being stuck in the old paradigm, where each phone call had to go through a monopoly operator, and things like Skype were illegal. Or maybe we'd be part-way along the curve, but with incumbents pushing to increase regulatory burden and hobble startups.
So I agree the problem with a default-permit model is that you have more problems to fix, and some can be big. But the problem with a default-deny model is that you miss out a lot of gains. And those, being hypothetical, are easy to underweight against the benefits of the status quo.
Yes! Since the state enforcing this creates a legal threat. If the individual has to prosecute there is a good chance that nobody comes after them, making it viable from the companies position to be a bit too relaxed. If the state strictly goes after it the risk calculation is different.
When people sign up for credit cards they agree to the terms and conditions, and sharing data with credit scoring agencies is one of them.
Equifax is the one to sue -- they are the ones who let the data become public.
And frankly there are a good reasons we have credit scoring agencies. Getting rid of them would make it more difficult for creditworthy people to prove they are creditworthy in order to obtain credit. If there were not credit scoring agencies, lenders would need to rely on methods of determining creditworthiness that are more invasive of privacy than credit histories. Getting a credit card would be like getting a mortgage, and lenders would demand bank statements, pay stubs, proof of past payments, etc.
Yes it did. The complaint can be found below.
Which we won't be able to do at all in a few years thanks to the ubiquitousness of forced arbitration clauses?
Is this not the case already? I know that it could be an incredible hassle to prove that you didn't take out the loan and that someone else has stolen your identity. (There's also the question of who has the onus of proof -- you or the bank.) But if it's a fraudulent loan and you could prove it was fraudulent (which I agree could be difficult to prove), can you be held responsible?
The simple answer to this is "no." Identity theft can take time and, occasionally, a small amount of money to clean up. This has a very real cost if you happen to be a person that has little of these resources. But you can never* be held responsible for a loan you didn't take out.
This is also the core reason why Equifax has not suffered many consequences: it's because the real world harm of their negligence simply wasn't that significant. I don't even know if there is any data to show that the number of identity thefts has increased in the wake of their breach.
*Unless I guess you receive a summons to a court date and don't show up and someone gets a default judgment against you. "Never," here, as usual, means "extremely rarely."
One thing I hate about massive corporations is that there's no semblance of accountability. I'm not looking for Hamurabi's law, but as long as companies can act with impunity in the face of the law we're in for a rough future :[
Amongst many things, recall how banks got away with a slap on the wrist for the whole Robo-Signing scandal. (see: https://en.wikipedia.org/wiki/2010_United_States_foreclosure...)
If an average individual had done this, they would face charges (and they should.) But mysteriously when it is done tens of thousands of times it somehow becomes legitimate. I'm a pretty liberal person but I am deeply disappointed in the previous US administration for not pursuing this scandal towards justice.
Just issue public/private keys to citizens. They sign with their private key, banks verify with their public key. Anyone can request your public key from the Social Security Administration via API. Done.
The SSN acting both as the identifier and the password is the real problem, and throwing the blockchain into the mix just complicates things more.
We still need a central agency. It's the authentication method that is pathetically worthless.
Keybase is the only one getting this right, and people are now claiming they're ignoring security in order to do it. It would be a dumpster fire to trust government agencies to get the design requirements right.
For the last several decades, many of us Americans have become too skeptical about what government can do in terms of technology, even while it's completely true that government often gets it wrong.
There are very few government officials worldwide who truly know technology or how to effectively engage the real experts in an agile way rather than just government contractors. That seems to be the main problem to me.
Even in the US, the US Digital Service and 18F have done great work. And Canada has at least one backbencher MP who's a Linux and free software geek, asking legitimately knowledgeable questions in committees on topics like IPv6, copyright, and plenty of unrelated topics too.
Of course I realize those organizations and people are exceptions. But they, and the Belgian and Estonian examples, indicate what can be.
Maybe we can figure out how better to make technologists interested in serving in government, or working closely with it from the outside.
I'm holding out some hope that Estonia will be able convince their fellow EU member states to pick their game up now that they have the rotating presidency of the EU council .
But one thing Estonia has going for it (or working against it, depending on perspective) is its close proximity to a technologically advanced hostile nation. Estonia's rapid progress has been spurred in large part by the necessity of protecting itself from Russian cyberattacks, a Big Issue if I'm remembering the New Yorker article correctly.
You'd think that crypto proponents would have learned after the first five major bitcoin breaches and millions of dollars of losses without recourse, that having trusted people with the power to change transaction history is a good thing.
This it's why we needed GDPR. The courts have been totally unwilling to combat this kind of corporate malpractice, assessing the costs of a breach to be puny.
My opinion is, if your business is sensitive data then being careless with it should be an existential threat to that business.
What we really need is regulation to limit the amount of information that can be used for credit checks (and insurance premium calculations while we're at it). Actually that is partly done in the UK - e.g. gender cannot be used while calculating car insurance premiums. But sadly they can still ask for your profession, marital status, etc.
In the case of Equifax, they are a third-party processor. Under GDPR, you would have to be informed if the processing was necessary under contract basis. Once the contract is finished, you can request that your data is removed and the original processor must inform all third party processors. So Equifax would be required to remove the data. For legitimate interest or consent basis, you can ask to be removed at any time. You don't have the right to be removed wrt data collected for regulatory reasons.
I think the key here is that Equifax (being a third party processor) does not have to respond to you if you say "Please remove all of my data". I think you have to go to the original processor (which sucks, because you have to track down how they got your information). I may be wrong about that, though (the company I work for doesn't collect 3rd party info, so I didn't pay much attention to that part of the law).
How is that bad? An insurance works by collecting slightly higher premiums than the expected insurance payout. The more acurately the insurance can predict risk, the better. And if they calulate that some profession/gender/lifestyle/whatever carries a higher risk, it's only fair that those people have to pay more, after all they also cost the insurance more.
Having people pay for their risk is also a net-positive force for society. If some profession causes people to be sleep-deprived and have more car accidents, their premiums go up, producing pressure to either reduce the risks or choose other professions. If you don't let insurances factor this in, you are just subsidizing those with riskier lifes.
For insurance to work as intended, it has to be spread across a large population and it needs to cover a wide variety of perils.
Where insurance can be a force for societal good it should be allowed to discriminate. For example, insisting on better fire safety. Or basing your car insurance rate on your car’s safety rating.
P.S. Insurance works by making money off the float, not by collecting more in premiums than they pay out. The expected payout is around 100% over the long run, but the payout happens over time. Until it does, the insurance company holds the money and uses it to make money. (Granted, in this low-interest-rate environment insurance companies may set the payout ratio a bit more favorably since the float makes them less money, but competition effectively helps keep a cap on that).
Mutual insurance companies (owned by their policy holders) are different. Any profit of a returned to the policy holders, so there’s no incentive to set rates higher than required. However the tragedy of the commons kicks in: if they offer lower rates to high-risk groups, they tend to attract the worst of those groups, causing higher losses - especially with health insurance. That’s part of the reason government regulation of insurance is the way it is, the other being gross mis-management causing insurance companies to go bankrupt and be unable to pay out during times when people need it the most.
> P.S. Insurance works by making money off the float, not by collecting more in premiums than they pay out.
This really doesn't matter. Float happens to be of similar magnitude to profits. It could be significantly more or less. I'd say it's more of a coincidence than anything whenever the two align.
How in the world would you know that?
This is the classic correlation/causation fallacy that is why sadly we have needed explicit anti-discrimination laws in other contexts.
When I added my partner to my car insurance policy, at a time before prohibiting the use of gender to determine premiums, our payments went down quite significantly despite now covering two drivers. When I asked why, they told me that statistically women are safer drivers than men, and since my wife had a good track record with no accidents, that meant our risk together was now lower.
The thing is, at that point I had been driving regularly for many years, while my partner had also passed a test many years earlier but had hardly driven since. We both had clean sheets, but as you'd expect given our vastly different levels of experience, she was not as safe a driver as I was and would have been the first to admit it. However, the insurer's questions hadn't identified any of this, and had reached an obviously absurd conclusion.
Even after the policy change, in practice I was almost always still driving anyway, so clearly whatever my level of risk was before, our combined level of risk was still similar afterwards. But again, nothing asked when we adjusted the cover or since would have picked that up.
This is the trouble with almost any profiling based on personal data, from insurance calculations to targeted police actions to screening job applicants: in principle, it might be a reasonable thing to do, but if your model doesn't properly incorporate all relevant facts, it can actually be worse than nothing because not only does it give an incorrect assessment, it also instils false confidence in that assessment.
Also, someone who hardly ever drives is very safe from the insurer's perspective. They may not be very skilled, but they also don't have many opportunities to get in accidents.
Of course. But as long as they can't form a sufficiently complete picture to make fair decisions -- that is, pricing based on actual risk -- discriminating on easier grounds that are correlated with risk but also happen to be incorrect in many cases isn't fair, so we make laws that stop them doing that.
Insurance is supposed to spread risk. If your logic were taken to its limit, everyone would pay in the same amount that they were expected to cost - with an added amount to line the pockets of the insurance companies. Then why bother with insurance at all?
What a curious thing to say in 2018. Would you also argue that women take more time off to have babies so it’s only fair on employers not to hire them?
No, hiring no women simply because they get babies would be silly.
How long the person will likely stay with the company and which extended leaves they will be taking is of course a factor in the hiring decision. Both of those events incur a real and measurable cost to the company. But there are many reasons why males and females leave or take time off, babies are only one of them. And it is only one factor among many. Expected job performance, personality, the effects of certain team compositions, customer perception, etc all have a bigger effect on the company than the baby factor and thus should be weighed accordingly.
The EU could fine a corporation with 10 billion turnover 10$ but they also could fine up to 200 million $. It doesn't mean they have to fine atleast 10 million once you're over the 2% switchover.
It's part of the calculation for the _maximum_ penalty, which is max(€20m, 4% of global turnover)
If they meant the opposite of that, then that's a really weird way to express it.
Intentional data breach is basically the business model where you sell private information without getting meaningful consent from your users. Do you think that is okay because you need that to stay competitive with US companies?
It should come as no surprise that the legislative enforcement arm is unwilling to also. I know you dream of laws like the GDPR working, but it doesn't and neither did its predecessor. Instead of asking for new laws, why are you not asking for enforcement of existing ones? And what makes you think a new law will be magically enforced where current ones aren't?
Didn't it? Maybe I'm biased, but I don't remember breaches like Equifax's or Target's in the EU. I also don't remember the records of 154 million EU voters being exposed.
According to this report, the "U.S. accounted for 728 of the 974 incidents around the globe in the first half of 2016." They do say part of the difference may be the disclosure laws, but is that all?
I am in the EU, and I got a letter from Equifax saying they'd leaked all kinds of stuff about me and offering some token countermeasures several months too late to provide much meaningful protection against any additional risks I faced as a result.
So if you don't remember it ever happening, what did the laws curb again? I'm talking about the effectiveness of adding laws... going from 0 to 0 demonstrates no effectiveness much less the effectiveness required to overcome the societal cost of compliance.
If anything, your argument explains the embedded big business cultural differences and laws like the GDPR added nothing wrt data breach enforcement/prevention.
This idea that the US is the breadwinner of the world and a paragon for all to strive for is such a tired old misconception born from not-so-subtle nationalism. The US is not a utopia of happy, well-fed people with homes. You got a big army though, that's for sure.
Of course I think it had an effect. I just believe it was/is a net negative effect. When I say doesn't/didn't work, I mean what I perceive the intended goal is vs societal costs. Akin to saying anti-drug laws don't work and are ineffective... nobody is saying they have no effect. I believe, if reasonably drafted and incrementally applied, data protection laws could have a positive effect.
> Why do you think it won't happen again, apart from your deep-rooted revulsion to mostly all forms of market regulation?
I'm talking about data protection regulation. Based on my research, many companies were violating existing data protection statues and the regulatory bodies were not punishing them out of apathy and limited resources.
Why do you assume I have an issue with all forms of market regulation? That's false and I'm not sure where I said that. All of the rest of your post is attacking some other kind of argument that I never presented.
Attacking this and attacking that, I'm describing a mentality that I come across as a European on HN a lot. It has a little bit to do with you, as I said, I'm picking up on this same sense of "lol look at those dumb Europeans, they don't know what's best for the market," I think you'd agree that this mentality is fairly strong in the US. The US is many things, but humble is not a word I'd use.
The laws might have curbed what would have happened if they didn't exist - and did end up happening in places without it, like the US. Remember that the Data Protection Directive is from 1995, before companies were so connected and exposed, so a lack of such breaches before it passed is not very indicative of its lack of effectiveness. But a comparison with other countries might be.
embedded big business cultural differences
Maybe, but law shapes culture too, so that's hard to separate. As an European myself, I'm kind of skeptical that our business people would intrinsically care much more about data protection when their money is on the line.
You can't determine the past effectiveness of increased future legislation, especially if it's in an environment with a history of lax enforcement.
All contracts / inquiries that require use of the identity signature would also need to register that use; ideally the government would run an observation oracle that mirrors the publicly published signatures each agency hosts on their own (which would be a defacto place to check for use/abuse of the signatures).
This would also oblivate the need for services like equifax to exist at all.
And that's why it will never happen. This is one of my biggest complaints about the Hacker News community: so many of us are engineers who see a problem and immediately think "here's a solution, technical or otherwise."
We can't "solve" humanity -- it's pure hubris to think otherwise. Any national ID will run the same risks the befall SSNs, passports, licenses, passwords, or any other form of identification. Which, simply put, is that the weakest link is always the person behind them. All it takes is one screw-up -- your passport falls out of your bag on a busy street, a thief breaks into your home and steals the safe with your SSN card inside, someone accidentally makes a list of password hashes public -- and the "secure, reliable, traceable" goes out the window.
I don't have a solution. But I think those of us who are engineers owe it to the general public to stop kidding ourselves into thinking we can come up with "solutions" -- technical or otherwise -- that aren't (1) flawed in some other fashion, (2) unacceptable due to societal norms, or (3) require the elimination of personal freedoms and liberties that at least we in the U.S./Canada/Europe seem to enjoy.
In the EU you need to fake a plastic card that has your photo, has holograms and whatnot. If its lost I get a new one with anew number. For anything serious like opening a back account, applying for credit you need to show this card in person.
This is why identity theft crimes are more than 10 times higher in the US.
Making it public record also implies that there's a Cert Revocation List check (during the submit to the central monitor(s) oracles) and also gives everyone the ability to monitor those lists FOR unauthorized use they aren't yet aware of.
The thing is, Social Security Numbers just suck. All I want is to add a verification digit at the end, like my credit card has, so that forms that require my SSN can throw an error if I make a typo. You don't have to "fix humanity" to do that; it's just adding one more digit and using it to tell if somebody accidentally entered a 4 when they should've entered a 5. Most identification numbers use this; the SSN is really the odd duck here.
I think it's totally unreasonable to tell us to stop trying to innovate. We have solved so many of the world's problems, why should we stop now?
I think if there is anyone who is well suited to tackle this, it's.. banks. There are so many bank locations, most people have an existing relationship with a local bank.
If we allow tellers in banks responsible for verifying identity of people (the same way a social security office or DMV office verifies a person: birth certs and records checking), they could be be paid to be the hands and feet of something like national ID system.
E.g. here in Finland TUPAS (https://en.wikipedia.org/wiki/TUPAS) is used by both government sites and private companies. It relies on two-factor bank credentials that almost everyone here has. Two-factor has been standard since online banking became a thing in the 90s and all banks are part of the ~10 bank groups so there aren't any small unsupported banks that I'm aware of. Government sites also support ID cards but no-one uses that option.
I believe some other countries have working, but different, digital authentication schemes as well. Maybe Estonia and Belgium?
These don't work over the phone, though, and asking for address and your identity code (or some part thereof) remains a common over-the-phone "verification" method, at least here. So the identity code / social security number issue still exists, at least to some extent.
Credit reporting agencies are basically a data warehouse for financial event history. If such a thing didn't exist in some form, how would a lender check whether you made previous payments on time? They can't contact every possible creditor that you could have interacted with.
Maybe a better architecture is possible than storing all the data centrally and creating a massive single point of failure, though.
This would do nothing about any other data, but to draw a parallel to merchant breaches, we mostly see stolen credit cards as a nuisance and a matter for the banks to deal with, rather than something we really worry about.
It isn't as it this data has some chain of custody that can show which actor sold it to another and whom used it for a spearfishing campaign. Our secrets are laid bare to whomever has the will to partake of them.
Sometimes I wonder why it is considered immutable that human malice is an unstoppable force. I want my kids to live in a world where those who leak data and those that use it to malign others are rare and held accountable in a manner that is truly commensurate with their cost.
You don’t need to figure out who was the cause of a specific misuse, you just punish the data being leaked in the first place.
Though I guess you need to figure out a way for companies not to hide the leak then.
Nearly all of the dire predictions made at the time of the breach have been wrong to date.
(When in this case, to stretch the metaphor, the droplets all had strong profit incentives related to storing and making decisions based on peoples' data, and that they were pretty demonstrably negligent at protecting their charge?)
All I'm really saying is, these breaches won't ever stop if the cost of a response remains substantially lower for these companies, than the profitability of being the (ir)responsible ones and maintaining the data in a negligent state.
> Tell that to my coworker who spent all day on the phone last week fighting identify fraud with his bank.
I'm saying that identity theft happened before the Equifax breach, and the Target breach, and the Yahoo! breach, etc. It will continue to happen. What we need is some sort of reform, like a national ID system with stronger ways to identify people (like fingerprints) and strong penalties for the criminals, not the organizations that get victimized. Note that anything like this will probably result in restricting access to credit or raising the cost of it.
People like to blame the CRAs for this, but it's the businesses that don't do due diligence in verifying identity that are at fault.
I would like, if you are one of the entities with control over this situation, if you bet against this. How much will it cost me to get you, as a service provider, to start betting against this?
And that's acceptable to virtually everyone.
2) It's still a bit early to trust the data, but so far identity theft rates do not appear to be up significantly in the aftermath of the equifax breach.
It wasn't inadvertently, they made decisions and said "eh whatever"
Pfft. They've been required to offer credit account locking and unlocking services without charging individuals for the privilege. That's a serious blow to executive bonuses. Surely they'll all have moved on to other companies with a more encouraging compensation structure, leaving Equifax a shell of its former self.
(Seriously though, the use of the same word to describe data loss and data theft is problematic; depending on the nature of the data, one well typically be far more serious than the other.)
“Hemorrhage,” perhaps. :)
The actual report makes for better reading than Tech Crunch.
You can have a credit rating of zero just because you don't use credit - even though you have plenty of money in the bank.
If you are running a business, why not avoid equifax and other credit raters and use a different mechanism?
If you are looking to startup a business - doesn't this look like an area that needs disruption?
Wikipedia has more of this guy's greatest hits. I especially love this one: "In January 2018, Mulvaney canceled an investigation into a South Carolina payday lender that had previously donated to his congressional campaigns."
And after trying to shut down the database of consumer complaints, turns out "8 of the 10 firms with the most complaints about them had contributed to Mulvaney's campaigns."
Just like all the big banks in 2008.
And of wholesale regulatory capture.
So, U.S. public, what are you going to do about it? Bolster organizations who can effectively mitigate (public or private, to put that agnostically), or let the wave carry you under?
> Going toe to toe with Equifax’s representative in front of a judge, Haigh won $8,000.
That's better. But you could still argue that it's not adequate.
If individuals could win....
The problem is that it's not easy to secure. Physical things can be stuck in a vault or watched over by armed guards. Electronic IP can be swiped in the blink of an eye and replicated many times once obtained.
It's a hard problem. To date, only ham-fisted excessive financial fines have been used to scare the general public. That technique isn't viable for the long term-- we need something better.
That said, I have no doubt there’s a vibrant underground market for all this data, and its likely being used in more surgical attacks already, and could, one day, be the basis of a broad attack (once an appropriate attack vector becomes available).
Uhh, no.... clearly they didn't learn from their mistakes and don't care.
But truly it just seems like sustained outrage is just not high enough to bring about justice.
The only solution I can see is through legislation, strictly forbidding and creating institutions to prevent corporate interferance in government.
1) Outlawing lobbying more broadly, improving campaign financing, etc.
2) Reforming the government to promote greater adaptability and efficiency, mimicking how companies improve themselves through competition.
There are quite a few examples of countries with good control over corporations (Japan I think is quite strict at least in terms of election financing and advertising), and good alignment of government and human values. But many others, notably by the US, turn more and more the opposite way towards corporate/economic absolutism.
It's been said before, but people put a little too much fear into AI takeover when gigantic, scalable, self-improving systems with trivial values (economic output) are already almost taking over the world.
Fear The Corporation.
Seriously though, internet + mass-media-driven outrage on a topic like this is probably much smaller than people think whereas less squeaky outrages (e.g. the ACA) have huge angry-yet-silent bases.
They are a company whose sole purpose is to track how reputable a consumer is, which is entirely extrajudicial and arbitrary. How do you fine/hurt/stop something which is pure made up bullshit and had no purpose to begin with?
It is for that reason that we should be especially unhappy about the way the law handles breaches like the one that happened at Equifax. These are companies that have decided to insinuate themselves in a crucial component of the consumer finance industry, and they should be held to a higher standard than we're holding them now.
If theres a market for more detail than that, it's a bullshit market, because how that report gets generated is entirely arbitrary.
From experience helping family members: you can be hundreds of thousands of dollars in debt before bankruptcy becomes a real option. Entire sectors of the consumer finance market are dedicated to keeping them out of bankruptcy, where they become total writeoffs to creditors. I watched creditors offer to settle mid-5-figure delinquencies for nickels on the dollar simply because that was the best they were going to get with a bankruptcy on the table.
The idea that creditors could simply extend credit uniformly to everyone who hasn't declared bankruptcy in the past is ludicrous.
Even today, people (in effect) steal thousands of dollars from creditors, essentially for sport, by exploiting the FCRA and the procedural difficulty of enforcing contracts and collecting delinquencies. The courts are not a realistic option for underwriting consumer credit.
We really should be improving our judicial system rather than letting private industry determine what we as a society should consider when someone wants to take out a loan.
There are all sorts of cases where a person is not trustworthy with money that do not show up in the public record. That's why credit bureaus came to exist, and although their business practices and data security leave much to be desired, I understand why they exist in the first place.
If they broke the contract, it's on you to bring them to court. Apparently companies thought it was to expensive to enforce contracts, so they decided to create this extrajudicial system.
My point is, if you can't physically pay your debts, you can file for bankruptcy. That is the public record.
To quote Inigo Montoya, you keep using that word. I do not think it means what you think it means.
You don't go bankrupt when you are late paying back a loan or miss payments or even default on a loan completely.
IANAL but I still think Equifax itself is in the wrong. You can't expect businesses that deal in credit to skip due diligence on their customers. Equifax (and the other 2) get to define creditworthiness for all these other businesses.
They do not. The CRAs provide the information, and the individual businesses decide what their limits are. A lot of businesses standardize on FICO scores, which just use CRA data. So a business decides what's acceptable, based on the info from CRAs and the model from FICO.
For those who defend the credit history system, where was the consideration that I was mature enough to limit my spending and save for future expenditures rather than use a credit card? Where was the consideration to avoiding unnecessary risk entirely and still paying my bills?
Whenever I'm at the bank I get asked, "Have you considered taking a credit card to start building your credit?" When I patiently explain why I can't do that, their response is usually to just reiterate how important it is and how irresponsible I'm being.
I've never seen a salesperson in any other industry do this. When I ask waiters for non-pork substitutes, they don't come back with, "Listen, I know you don't eat pork but you should get the bacon anyway because it's really good."
One time the lady asked me, how they are supposed to make money from zero-interest loans? How should I know? You're the finance expert. I didn't come in here looking for a loan. You asked me!
The biggest con job on the American middle class was the 401k though, how else could people be so fashioned against their own interests than to emotionally tie their future so intimately with how the stock market is doing.
I'm not holding my breath on things changing though...
The last place I rented started the eviction process the very same afternoon the "grace period" ended -- think I was off doing reserve stuff that weekend or simply forgot -- and that caused me to not be able to move into a fancy apartment complex once upon a time (though, mostly, they were using it as an excuse to discriminate against a "dirty truck driver" who didn't fit the kind of people they wanted in their yuppie complex, which they basically told me) but my current landlord could care less, as long as you pay your rent (not necessarily on time) and don't cause any problems you're golden.
If your employer paid you late because they were "bad at paying their bills" you'd be pretty upset, as would most people.
If I, in my perpetual slackitude, can acquire all the necessary things to live then someone who does pay their bills on time but doesn't believe in credit should have no problems at all is all I'm saying.
If they fall outside of the grace period, you should have a legal means to arbitrate and make it public record.
They were also kind of sketchy when I had to break my lease because my reserve unit got called up to active duty, apparently they were trying to say I had to keep paying until my mom (who was handling my finances while I was gone) threatened to get the army lawyers after them which made them change their tune real quick.