"Credit monitoring company Equifax is now in the running for the worst handling of a data breach ever.
Not only did it potentially give up ready-made identity theft packages for more than half of all adult Americans, its response has been heartless verging on evil. The company should be prosecuted and severely financially damaged, but it's acting like it's above the law.
The "full names, Social Security numbers, birth dates, addresses, and, in some cases, driver license numbers." This is far worse than your usual name-and-email breach, or even name-email-and-password, because it gives thieves everything they need to open bank accounts, credit cards, and get loans in your name.
The data was accessed via a "US website application vulnerability." Let that sink in. A company with power over the financial destiny of most Americans—you cannot opt out of data collection if you want to participate easily in the modern American economy—let everyone's data be exposed through its public-facing website.
Equifax responded to the breach with supreme arrogance. After hiding it from the public for more than a month (giving the CFO a ), it directs people to a website where they have to enter the last six digits of their Social Security number to see if they've been pwned. Because, of course, right now you want to trust Equifax with your Social Security number. It then responds with a confusing message about signing you up for credit monitoring.
But oh, it only gets more sinister from there. Twitterer Zack Whittaker points out that even by checking to see if your info was stolen, you to sue Equifax for their malfeasance, which has since of regulators.
Equifax Must Be Punished
The government needs to come down on Equifax hard. The problem is that Equifax offers a privatized, quasi-government function. If you want to participate in the modern US economy, you're subject to the company's rating and arbitration. If you want to rent or buy a home, get a car loan or a cell phone plan, Equifax and its two interchangeable quasi-competitors get to decide your financial fate.
("Not so!" says one commenter, looking up from sewing his handmade clothes in his solar-paneled cabin which he paid for with cash. Okay, Mr. Unabomber, moving on.)
The Washington Post says by why Equifax is acting with such a tin ear. I'm not puzzled; the answer is impunity. When you feel like you have nothing to lose, like you're not under threat, you're going to do the absolute minimum in situations like this. That's what Equifax is doing.
Equifax Must Pay | Sascha Segan | PCMag.com
Friday, September 08, 2017
"This week saw the biggest public breach in the history of credit reporting, as Equifax reported a hack affecting as many as 143 million customers. The hack exposed Social Security numbers, birthdays, and, in some cases, even credit cards. The attackers gained access as early as May, so the data has now been circulating for months. For years, experts have said you should assume your Social Security number and birthday are already available on criminal marketplaces — and with more than half of the adult US population implicated, that logic is now hard to avoid.
Beyond the immediate damage, the breach reveals some deep absurdities in Equifax’s business model. The company was one of the central stores of personal data, the place you checked to make sure you weren’t writing a mortgage to an impostor. But now the impostors have the same data as everyone else. If you can’t keep it secure, why stockpile the data in the first place?
The same questions come up when you look at the data itself. It’s bad to have your Social Security number and birthday stolen because criminals can use that information to apply for credit in your name. Why make that data so useful in the first place? There’s nothing magical about a Social Security number. We only use them for credit reporting because every US citizen has one, and they’re all supposedly secret. But those numbers haven’t been truly secret for a long time. Before the Equifax breach, there was the Experian breach, the Anthem breach, and the OPM breach. For millions of people, authentication by Social Security number no longer works. So why are we still using a credit system that relies on breachable data?
THE ENTIRE CONCEPT OF A BREACH IS THE RESULT OF A FAILED IDENTITY MODEL
The credit bureau system is broken, and it’s been broken for a long time. The entire concept of a breach — hackers stealing corporate-held data for identity theft — is the result of a failed identity model that’s long outlived its usefulness. It’s easy to point to Equifax as the problem, and its poor handling of the breach (and possible insider trading) certainly doesn’t help. But the problem is bigger than any single company. In a world flooded with information, we’re still relying on a tiny set of sensitive data to protect us from fraud, and putting the burden on the average consumer when that data leaks out. We treat data as private when it’s already been exposed in breach after breach. This system has reached its breaking point. It’s time to burn it all down and start over.
In the most basic terms, credit bureaus work as a reputation service. You submit someone’s name and get back a report on all the money they’ve borrowed over the years and how it’s been repaid. That’s valuable information if you’re deciding whether to lend someone money, so businesses (or their customers) are often willing to pay for it. In that situation, the biggest risk to the lender is an impostor who runs up someone else’s tab and then skips town. So along the way, credit bureaus have become an identity service, too. Along with the potential client’s name, they ask for a Social Security number, and if those things don’t match, they know they’re dealing with fraud.
This is a terrible way to manage identity. From afar, a Social Security number looks kind of like a password. But you can change a password, and you shouldn’t use the same one with every service. To get slightly more technical, you can hash passwords, which lets services verify your identity without keeping your exact password easily available. Right now, I could count the number of places my Gmail password exists anywhere on one hand, whereas I’ve been writing my Social Security number on forms since I was 12. By now, hundreds of organizations have it, from old jobs to old dentists. That number was never going to be safe from scammers. The system was set up for failure from the very beginning.
Even worse, all this information is generally being shared without your consent. The three big credit bureaus — Equifax, TransUnion, and Experian — see their customers as the businesses checking people out, not the people themselves. They’re worried about keeping banks and car dealers happy, but the targets themselves are an afterthought. As a result, even basic inaccuracies can persist for years, bouncing between the three major bureaus. (Convincing credit bureaus that you’re not dead, for instance, is much harder than you think.) There have been a few regulations aimed at fixing that — most notably the Fair Credit Reporting Act — but it’s still an extremely clunky system, and the average consumer has little awareness or control over their own profile....
Our entire credit bureau system is broken - The Verge
Thursday, September 07, 2017
"The tech industry is leading the charge to pressure Congress to pass a bill to protect so-called Dreamers from deportation. But how effective will the push be?
President Donald Trump announced Tuesday that he's making good on a promise to officially end the Obama-era program Deferred Action for Childhood Arrivals, or DACA, which lets immigrants brought to the US illegally as children before 2007 stay without fear of deportation. The decision to rescind DACA could affect as many as 800,000 Dreamers, nicknamed after an earlier, failed piece of legislation.
The Trump administration said the program would get six months before the Dreamers lose their right to work and live in the US, giving Congress time to craft a legislative solution to the situation.
But that's a short window, considering how long the saga has gone on in Congress. For 16 years, advocates have tried -- and failed -- to pass legislation to protect these young immigrants from deportation."
'Saving DACA will be uphill battle for Facebook, Apple - CNET
Wednesday, September 06, 2017
Tuesday, September 05, 2017
Monday, September 04, 2017
"While many nervous eyes around the world are watching rogue nation North Korea and its latest nuclear test, billionaire worry-wart Elon Musk warns that an international artificial intelligence race is more likely to cause World War III than a 20th century-style arms race.
"China, Russia, soon all countries w strong computer science. Competition for AI superiority at national level most likely cause of WW3 imo," the Tesla Motors and SpaceX CEO tweeted early Monday."
Elon Musk: Artificial intelligence may spark World War 3 - CNET
"Samsung is a ship without a captain, a co-CEO of the company says, and that has him concerned.
Yoon Boo-Keun, the head of Samsung's electronics business, is worried about his company now that its leader, Jay Y. Lee, has been sentenced to five years in prison, he told Süddeutsche Zeitung at the IFA electronics show in Berlin.
"Nobody would get on a ship without a captain because you know it's dangerous," he said, according to the German newspaper. "We are on such a ship."
Yoon was in Berlin for IFA, where Samsung introduced three new wearables, a washing machine, cordless vacuum and various other electronics. Samsung's now best known for its phones, but it has a huge business selling other electronics, including TVs and home appliances. Yoon has overseen that business since 2012.
IFA came the week after a South Korean court said Lee would have to spend five years in prison for bribery and other charges. The 49-year-old has acted as de facto head of Samsung since his father, Samsung Chairman Lee Kun-Hee, suffered a heart attack in 2014. The younger Lee has been embroiled in the corruption scandal that led to the impeachment of now-former South Korean president Park Geun-hye. He's been detained since February, which has left Samsung without someone at the top."
Samsung is 'a ship without a captain,' says co-CEO - CNET
"Russian president Vladimir Putin has joined the war of words concerning the international race to develop artificial intelligence. Speaking to students last Friday, Putin predicted that whichever country leads the way in AI research will come to dominate global affairs.
Putin says the nation that leads in AI ‘will be the ruler of the world’ - The Verge
Sunday, September 03, 2017
"Eight years ago, Google was on top of the world. People across the political spectrum saw the search giant as a symbol of high-tech innovation. During the just-completed 2008 presidential campaign cycle, candidates as diverse as Ron Paul, John McCain, and Barack Obama had all made pilgrimages to Google's Mountain View headquarters to burnish their reputations for tech savvy.
Even better, Google soon had a close relationship to the newly elected president, Barack Obama. "Google was riding high on the fact that Eric Schmidt was campaigning for Obama," said Siva Vaidhyanathan, a media studies professor at the University of Virginia and a longtime Google critic. "There was a lot of attention paid in the press to the fact that Googlers were starting to work in the White House."
With so many Googlers in government, Google had an outsized influence on policymaking during the Obama years. But today, Google is in a different situation. Most obviously, Schmidt worked hard to get Hillary Clinton elected president, and Clinton lost.
The issues don't end there. Given Silicon Valley's liberal views on social issues and Schmidt's love for Democratic politicians, it was probably inevitable that conservatives would sour on the search giant. But the larger problem for the search giant is that the company has been losing support among Democrats as well.
A growing number of liberal thinkers believes that the concentration of corporate power was a major problem in the American economy. And few companies exemplify that concentration more than Google.
That's the real significance of this week's decision by the New America Foundation, a think tank that's heavily funded by Google, to fire the head of its Open Markets project. For the last eight years, the Open Markets team has been methodically building the intellectual case for more aggressive enforcement of antitrust laws—a project that could easily result in more regulatory scrutiny of Google.
Google is in no immediate danger on that front. Republicans are still largely committed to a hands-off approach to economic regulation, Democrats are out of power, and Google still has plenty of allies in the Democratic Party.
But the longer-term trajectory here could be ominous. The combination of Bernie Sanders-style populism on the left and Donald Trump-style populism on the right could lead to a future where Google faces hostility from policymakers across parties.
"There's been a really big breakthrough," says Barry Lynn, who led New America's Open Markets team before New America fired him. "It's not just the left. Interest in dealing with concentration of power, the fear of concentration of power is across the spectrum..."
Google is losing allies across the political spectrum | Ars Technica