I wonder how much the FTC earned in interest.
That is the question Techdirt asks.
I think it takes a lot longer to straighten out internal policies and procedures than it does to hire a lobbyist, pay a big fine, drum up some good press, and juggle a few positions.
Choicepoint was forced to pay the FTC $15 million, including $5 million for a victim’s assistance fund, after coughing up a bunch of personal data to a pack of scammers. Now it seems the FTC is in the best of health, as they have yet to “cough up” any of that dough.
They must be living off the interest.
The Washington Post’s security blog uncovered a phishing site using a valid SSL certificate, among other little tricks. Fortunately, the site was quickly shut down.
We knew this was coming down the pike. Phishers were already spoofing digital certificates, and using a real one was a logical next move. Scary. The fact that a big data warehouser, Equifax, pawned off this service a while back makes it kind of funny. That Choicepoint, (leaky as a $15MM sieve) helped out with this latest flub makes it even funnier.
Choicepoint, who lost hundreds of thousands of data records to scammers, and was rewarded for their ineptitude with some big government contracts, has settled with the FTC to the tune of $15 million. $10 million is a fine (that the government body will invariably lose itself), and the rest goes into a “victims fund.”
Of course the actual number of “victims” is yet to be determined – they are still coming out of the woodwork, and unless everyone on the list changes all their credit card numbers, they still will be for a long time.
Robert K. Brown’s blog has a running list of commentors complaining about getting hit with fraudulent charges. The list keeps on growing. Brown thinks the settlement should have been more like $50 million, but Choicepoint likely didn’t have that kind of money to spend after paying all those lobbyists.
Consumer advocate groups are cheering the news that Congress won’t be passing any new data theft laws anytime soon. State laws have been flying, and they are much more consumer friendly anyway.
That is a good thing, as big business only has to do a little move-and-shake lobbying to protect their interests, so you know any federal law is bound to be a little weak. The other good thing is we can look forward to continued SEC disclosures describing the foul-ups.
Choicepoint was the victim of a massive security breach earlier this year (or at least that is when we heard about it). Folks are still trying to figure out when we should hear about it – meanwhile Choicepoint keeps on rocking, picking up lucrative contracts as reward for their fine security.
The good news is at least someone is out busting some of the perpetrators.
How does the US Government reward companies that fail miserably? The same way the rest of corporate America does. CEOs of US companies are notorious for getting huge severance packages after being sacked for doing a bad job. Not much of an incentive to do a good one.
Now Choicepoint (you know, the folks who gather all kinds of error-prone data on you), are getting some of the same. After getting a bunch of their data hoisted, and that leading to a pack of identity thefts, Choicepoint has been rewarded for their screwup with an Internal Revenue Service contract.
It gets better..
Tamara Thompson over at PI News Link pointed out my misunderstanding regarding the regulation of personal information in the financial services industry (see PI News Link: ~ public thoughts on privacy ~), from my post regarding the need for regulation of the flow of personal data (see Credit Information Flow Should Be Regulated). I am not sure which part I am misunderstanding, so I am requesting some iteration.
But first a few points.