Home > politics, Safety > What’s a citizen to do about Equifax?

What’s a citizen to do about Equifax?

My professional career has revolved around software contracts. Initially, I negotiated and managed them; now I reference them heavily while performing a different kind of work. Throughout, I’ve been especially interested in terms related to Information Security (“InfoSec”).

Some software publishers offer customers fairly robust InfoSec protections. I generally felt pretty good about companies (1) whose starting positions guaranteed specific measures to ensure protection of customer data and (2) who promised some kind of compensation if customer data became available because of the publisher’s software and/or hardware offerings. Such software publishers had “skin in the game,” or incentive to really ensure their customers’ data was protected. Why would they be lax when they’d experience specific, sometimes severe consequences for breach resulting from failure to do so?

On the other end of the spectrum were publishers who offered vague assurances with no guaranteed compensation for any breach. This was the opposite of having skin in the game: “We’ll totally check our software once every other year for major flaws and give commercially reasonable efforts to fix them. If there’s a breach that reveals bunches of your data, we’ll send you cake.” I was much more concerned with these publishers, whose lackadaisical approach to InfoSec practically screamed, “We care more about the money you’re required to give us than your ability to stay afloat!”

This all left me with a keen interest in InfoSec, especially when I saw how much less care companies give individual citizens* compared to paying corporate customers. If corporate customers at the very least got a cake, individual citizens got … nothing. Giving more than nothing would cut into profit margins!

I’ve subscribed and unsubscribed to bunches of InfoSec newsletters over the years. The only one I continue to follow now is KrebsOnSecurity.com. Brian Krebs’s coverage of the Equifax breach is a perfect example of why. He critically analyzes the breach and presents it in language even distant non-experts can follow. More importantly, he lets individual citizens know what they can do to limit their exposure.

If you’re concerned about what to do following the Equifax breach of 143 Americans’ credit data, Brian’s “The Equifax Breach: What You Should Know” is a great place to start. If you’d like more excellent analysis of the breach, I’d suggest “Here’s What to Ask the Former Equifax CEO.” His proposed questions for U.S. legislators to ask reveal a great deal about companies that give prominent indications they care much, much less about citizen data protection concerns than for whatever revenue they can milk from citizens. If protecting citizen data costs money (uuuuugh, maintaining software and hardware is expensive!), they’ll cut corners and hope for the best.

As individual citizens, we don’t have the financial leverage to demand better protections the way individual corporate customers can. This means that it’s critical for individuals to (1) find and use those protective measures that are available to individuals (thanks for highlighting them, Brian!) and (2) consider how re-regulation** impacts citizens’ ability to collectively mitigate citizen costs created when some corporate entities treat InfoSec not as a valuable investment in citizen well being but a drain on profits.

Otherwise? It’s important to remember: Unlike corporate customers, we individuals won’t even get a cake. 

* I originally typed “consumer,” so prevalent is such phrasing in reporting, but I reject that. We individuals are far more than consumers. We are citizens, and are far more valuable than the dollars we spend.

** There is no such thing as deregulation, only reregulation. Changes to regulation typically called “deregulation” aren’t neutral but heavily lobbied for by specific corporate beneficiaries. As Kate Raworth puts it here,

There’s always going to be regulation shaping what can and can’t be done, you’re just shifting the regulatory space. You ask how are those shifts benefiting, or how are the costs and benefits of that shifting re-regulation falling on other people? So financial deregulation actually just shifts the costs and benefits of financial crisis onto a different group of people.

 

Advertisements
  1. October 16, 2017 at 7:24 am

    Thank you for the links! I am going to bookmark and read later today when I have the time. I so agree with your definition of ‘citizen’ vs. ‘consumer’ especially when it comes to these spaces where we have very little say in how we are viewed/reported. The issues surrounding regulation in this area are also of critical concern, especially where we, as citizens, are so affected.

    Thank you again for this.

  1. No trackbacks yet.

Please weigh in--kindly!

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: