Ha well a nice strong fine then to discourage this stupid behavior of adding tracking scripts from 3rd party fines. I’d still like to see the executive that approved this spend 1 night in jail to prove a point that stupid has personal consequences
I'm not sure jailing the low level employee that pasted some javascript into a footer template, or the low level employee that sent them the link with an email saying "this is the script we need to add to our signup flow" is going to achieve very much.
This stuff happens because there isn't an exec approval process...
Then make an example and disband the company and all shareholders lose all equity. Have people realize they will lose money if they don't pay attention to details.
Alternatively, maybe this could be the excuse for the IRS to walk away from that horrible deal they made with the tax prep companies. That's why they don't just automate the forms, fill them out for me, and send me the damn draft to approve or dispute. Like in other countries.
It's not like I have secret income the IRS isn't aware of. And for people who do have secret income, they'll either voluntarily report it or won't.
So what is the line, then? Inadvertently sucking up people's tax return info and sending to who knows where because they get a few incentives for it is fine? What about a VoIP company sending call metadata? Or a burglar alarm company sending when you are home or not? At what point can we say 'make your money decently and don't sell customer data for a few pennies or you get made an example of'?
It's far too little. The executives should be given the death penalty for this. They and the rest of the surveillance capitalists have waged war against society and deserve guillotines for it. We need to put a firm stop to this madness before the surveillance industry locks us all into a global panopticon. The stakes couldn't be higher.
> Then make an example and disband the company and all shareholders lose all equity. Have people realize they will lose money if they don't pay attention to details.
do you not make mistakes, or do you not work with anything that matters?
the US criminal justice system, which isn't very popular, seems to be more tolerant to human error than you.
At some point we have to acknowledge that data is important and that it is easy to collect and hard to secure. Do it right or don't collect it. The 'we have been hacked' or 'we messed up' and now all your data is somewhere else is not OK. If we made their existence dependent on securing this data, don't you think they would start to take it seriously?
All employees should lose their jobs because an incompetent engineer made a mistake? What’s with some people and irrational mob justice? Does it make them feel good or what…
An orderly revocation of a corporate charter isn't mob justice.
People calling for companies to be dissolved are pretty likely to be calling for an orderly process (if they weren't interested in an orderly process they'd likely be talking about using violence on the executives or shareholders or whatever).
Here’s my take which happens to agree with the parent commenter: the incompetent executive is responsible for the actions of this engineer and (in this hypothetical) the incompetent executive allowed their business to be destroyed by something which was easily avoidable.
I don’t think anyone lower than an executive should go to jail for this. Ultimately they get rewarded when things go right so they would be punished even thing go wrong. That they didn’t make the direct implementation should not matter, it was their responsibility and they were the captain when the accident happened.
* The Tax Prep companies? That would be fair: they are obligated to handle private user data in a responsible manner
* The ad tech companies? That would not be fair: they didn't want the data, didn't know it was being sent, and almost assuredly didn't use it for any kind of ad serving, measurement, or optimization.
If I send you a video camera and tell you to put it in your retail store and stream me the video and you put in your changing room and send me the data and I don't tell you to stop, am I free from liability?
Alternate analogy: an IoT thermometer vendor sells you a device to track temperature in your room, but you decide to stick it up someone's butt. Will the IoT vendor know the temperature reading is personal and rectal? Should they be held liable for not proactively attempting to scrub-out numbers which may represent gluteal climate?
It seemed flawed on first reading but I think this analogy holds if one assumes (for the sake of argument) that it’s Definitely Illegal to be accepting these readings. It would be pretty hard to be sure about filtering out arbitrary strings of numbers (ie SSN) when one is also intending to accept such strings.
I certainly hope I'm free from liability from you sending me illegal videos of naked people unless I've explicitly requested illegal videos of naked people.
More to the point, if companies are required to forensically analyse the hashes sent to their API endpoints to check they haven't received anything sensitive, the internet in its modern form would essentially cease to exist.
If you were doing that to millions of people and automatically analysing the video streams you get back for general trends then you wouldn’t really have a way to know that’s happening
Thanks! It will be interesting to see how this plays out. In the case of software the user is the one preparing the return and not the software itself. Although people using software on behalf of someone else would be guilty.
I am almost certain Meta has some basic filtering in place to make sure they aren't storing, say, obvious credit card numbers, SSNs, etc. So I would say they're open to at least a little liability if they failed to match on financial info.
