Companies To Be Liable For Deals With Online Criminals 171
Dionysius, God of Wine and Leaf, sends us to DarkReading for a backgrounder on new rules from the FTC, taking effect in November, that will require any business that handles private consumer data to check its customers and suppliers against databases of known online criminals. Companies that fail to do so may be liable for large fines or jail time. In practice, most companies will contract with specialist services to perform these checks. Yet another list you don't want to get on. "The [FTC's] Red Flag program... requires enterprises to check their customers and suppliers against databases of known online criminals — much like what OFAC [the Treasury Department's Office of Foreign Asset Control] does with terrorists — and also carries potential fines and penalties for businesses that don't do their due diligence before making a major transaction."
Onerous Burden on Businesses? (Score:5, Insightful)
Is rootkit Sony on the list? (Score:5, Insightful)
Mistaken Idenity (Score:2, Insightful)
Maybe not such a great idea (Score:5, Insightful)
Worst case scenario: this turns out to be another vague No-Fly list that persecutes the innocent while doing little to no actual good. In any case, it will be more work and more liability for vendors.
Jail? (Score:5, Insightful)
They're going to put whole companies in jail?
But at any rate, after Sony's criminal rootkit vandalism of millions of computers, I'm going to have to see a CEO in shackles before I believe it. And Martha Stewart doesn't count.
For those of you unfamiliar with Sony's evil, deliberate vandalism, here are two links:
serious [wikipedia.org]
content-free [uncyclopedia.org]
*sniff* What's this here? (Score:2, Insightful)
Re:Onerous Burden on Businesses? (Score:5, Insightful)
Does that include the government itself? (Score:3, Insightful)
Your papers, please... (Score:4, Insightful)
As an adult, it's starkly clear to me that "permanent records" do exist for all of us, and they control our lives to a large degree. Credit reports, "no-fly" lists, and now this "red flag" list - somewhere out there grim people in small offices quietly compile lists of citizens whom they feel should be "less free".
What kind of oversight exists for this list? What does one have to do (or not do) to appear on it? If you're on it, how can you be removed?
I wish I could say I was surprised by this new step towards an Orwellian dystopia, but the past several years have numbed me to it.
Who does this apply to? (Score:5, Insightful)
http://www.ftc.gov/opa/2007/10/redflag.shtm [ftc.gov]
Only talks about financial institutions and creditors. It doesn't seem to indicate that Mary's Online Potpourri Barn has to do a background check on everybody that orders a lemon scented candle.
I'm doing business with Mastercard (Score:5, Insightful)
Why aren't these "known criminals" in jail? (Score:5, Insightful)
This kind of thing seems like it could lead to rampant abuse, or at least error if someone winds up on one of these lists that shouldn't be on it.
Re:Who does this apply to? (Score:3, Insightful)
I don't get it. (Score:4, Insightful)
2. Rights after you serve your time. So if the person was an online criminal and served his/her time. Is is really reasonable to block them for using the inernet ever again, espectially in a world with increasing demmand to use the internet for daily communication and comerse.
3. People on probation is such a small portion of a list that the forced blacklist is an undue burden.
4. These people are criminals... They have been proven to be untrustworthy, what makes it so they don't lie on an online form or use someone elses idenity.
5. Small ISP and companies don't have resources to do this. a 10-15k project for a big company is a drop in the bucket for for a small ISP it is a huge undertaking, which could kill it.
6. Why punish honest/trusting people. America's growth was based on contract by handshake. There are a lot of companies that still want to keep that type additude. But laws like this make it so you need a lawer for everthing... (on a side note why the hell do we keep electing lawers into government)
7. In a slumbing echonomy is it prudent to make it difficult for people to do business.
8. If it forces criminals to be smarter and hide their tracks more, doesn't it make it more difficult for authorities to track such people.
9. If the criminals cannot work online they will still be criminals and be on the street with guns and drugs.
10. What happends if your name matches a criminal.
All felonies? (Score:1, Insightful)
Since almost everything other than traffic tickts is being charged as "felony" something this could easily mean a loss a business to normal people, not internet criminals.
Again, it sounds great, but it's a knee jerk reaction that will create big undesired problems.
Re:Why aren't these "known criminals" in jail? (Score:4, Insightful)
Does not fly - will increase ID theft. (Score:5, Insightful)
Unless there's a swift and clear grievance system, this will cause so many false positives that positives will be worked around. And who says that any bad people wouldn't steal or set up identities under which to do business?
The end result in three years? There will be lots of news about false positives, and the bad guys will just use more ID theft. Which will put those with stolen IDs into still more of a mess.
I don't think that this passed the "run it by a six-year-old first" test.
Re:Onerous Burden on Businesses? (Score:3, Insightful)
Re:Onerous Burden on Businesses? (Score:4, Insightful)
A solution's effectiveness is a tertiary concern for a government agency when addressing a problem. The agency's primary concern is to increase its own power. The secondary concern is to receive public approbation by doing something very visible. A "no-fly list" like this one is the perfect implemention of an agency's two main goals.
That's only 90% crazy though. Sometimes, the function of law-enforcement is just to remind everyone that law enforcement exists. After all, whether any random soul will cross the line from dove to hawk mostly depends his assessment of law enforcement's effectiveness. Therefore, an appearance of effectiveness is often just as good as actual effectiveness.
But not in this case. The bad guys know exactly how to beat the list (fake or stolen credentials) and they can even test whether they've succeeded. Therefore, this "no-fly list" creates a false sense of security, which means that people will be overall less safe.
Re:Ex-cons 2 generatins ago (Score:3, Insightful)
There are some crimes where people can stop and others that cannot.
Sex Crimes are often due to mental problems which need to be addressed and monitored for a long time. (yet we lock them up vs. giving them the proper help)
However Internet Crimes such as Idenity Theft can be corrected by proper rehibelation.
Re:Onerous Burden on Businesses? (Score:3, Insightful)
If it's like OFAC's list... (Score:3, Insightful)
Which isn't to say this can't lead to rampant abuse -- it certainly can -- but the idea of the list is more along the lines of "this is a guy who is suspected of being involved in illegal activity right this very moment -- do not do business with him" rather than "this is a guy who just got out of jail last week -- do not do buseinss with him."
Re:Yes they are (Score:4, Insightful)
This is where a pardon is supposed to come in. Pardons aren't just for the wealthy and the connected. They're also for the 30-year-olds who did something stupid at 19 while drunk, paid their dues (fines, revocation of privileges such as driver's license, and/or jail time) and haven't had a criminal charge since. A successful pardon application, which may take a year or two to process, should also automatically (I hope!) remove your name from all criminal registries, including sex offender registries (though I imagine that these would be harder to get pardons for).
Ok, maybe I'm dreaming...
Re:Onerous Burden on Businesses? (Score:2, Insightful)
Oh, they don't want to do it ? Why not ? Because they're afraid of false positives ? Proof that the system is worthless.
It's quite simple: if Lex Luthor can't spend his dirty money in the USA, he'll drive up to Canada, get things done, then come back to the states to be a terrorists again. Not only does it NOT solve the crime problem, it actually diverts money away from the local economy.
Go FTC! keep it up, and in 20 years you can all become Canada's 11th province and get in on the lower taxes and subsidized health care, like every other modern civilized nation in the world.
Why are there known criminals free? (Score:3, Insightful)
They got the color wrong. (Score:3, Insightful)
Yep. And they got the color wrong, too.
This is not a "red flag". It's a government-maintained "blacklist":
- It creates a broad penalty for anyone they put on the list, making it virtually impossible for them to get or hold a well-paying job, buy a house, buy a car, or do most of the other big-ticket business of life.
- Putting people on it is done in secret and without legal due process, for reasons other than imposing statutory penalties for conviction of violating a published law. No opportunity to confront witnesses against them or challenge the process - either as they're being added or to remove themselves afterward.
- The list is effectively secret. It's known to the business people but is virtually unknown to the people on it, who get no notification that they've on it or even that it exists.
Welcome to the McCarthy Era, version 2.0.