Ramblings

by Carlo Longino




ChoicePoint Promises To Write 'Personal Information Should Be Protected' 500,000 Times, Promises Not To Do It Again

from the pointless dept

ChoicePoint had already been hit with $15 million in fines and damages for, what was at the time, the largest credit-card data leak ever (though it lost that title to TJX earlier this year). But 44 states have gotten in on the action, hitting the company with a staggering $500,000 more and an agreement that it will put better security in place. ChoicePoint says it has reformed its ways and is working to solve its problems, but forgive us for being skeptical -- particularly when the company seems to have another big problem, in the form of incorrect data. The new deal with the states says that ChoicePoint will extend the same, supposedly better level of protection to all its consumer records, instead of just those covered by the Fair Credit Reporting Act, as required by the FTC settlement, and ChoicePoint says it will more stringently check out new customers for its data. A ChoicePoint exec brags that the company "has become a model of privacy protection" since the breach -- but if it's so concerned about consumer privacy, why did it take these further steps only as part of a settlement with the attorney generals, and not on its own? Never mind the fact that it apparently only decided security was important after a massive breach. It's really hard to believe that ChoicePoint, or indeed any other company in a similar situation, has any interest in proactively improving its security, since there's little financial incentive for them to do so. Instead, they can just leak data, pay the miniscule fines, make some changes, issue a press release, and move on.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    me, 1 Jun 2007 @ 5:28pm

    Choicepoint is implementing much stronger security measures internally through leveraging open source software.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 1 Jun 2007 @ 7:33pm

      Re:

      I certainly hope that was a joke. Having source code readily available (hence open source) makes it SO much easier to break . I'm going to assume it's a joke, but some people really can't tell sarcasm (with text I'm at a loss half the time on the web) and they should know that if that comment ISN'T a joke that it should be.

      reply to this | link to this | view in chronology ]

      • identicon
        Charles Griswold, 1 Jun 2007 @ 8:14pm

        Re: Re:

        I certainly hope that was a joke. Having source code readily available (hence open source) makes it SO much easier to break.
        Open Source makes flaws in software easier to find (for both black-hats and white-hats), but it also makes it much easier patch. When a major flaw is found in open-source code, someone will typically have a patch for it in a matter of days (if not hours). That is a much better response time than is typical for most closed-source projects.

        And FYI, none of that was intended as sarcasm.

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 2 Jun 2007 @ 6:33pm

          Re: Re: Re:

          Hours are all you need to steal data.

          reply to this | link to this | view in chronology ]

          • identicon
            Semicharm, 3 Jun 2007 @ 9:35am

            Re: Re: Re: Re:

            Hours are all you need to steal data.
            Yes hours can be bad, but you fail to mention the alternative, that with closed source software, thieves usually have at lest a week to a month to run amok. Now, which sounds better to you?

            reply to this | link to this | view in chronology ]

  • identicon
    me2, 1 Jun 2007 @ 6:09pm

    I certainly hope they are doing better than sudo... they would be better off with Symark's full suite of Power products... God help them if they went with CA however...

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 1 Jun 2007 @ 6:58pm

    correction

    Please correct: "attorney generals" should be "attorneys general" Thank you

    reply to this | link to this | view in chronology ]

  • identicon
    Tarky7, 2 Jun 2007 @ 7:34am

    *seething rage*

    Fume, Fume, Fume...

    Rage, Rage, Rage...

    *mumbling*

    'One of these days were going to have a real necktie party !'

    reply to this | link to this | view in chronology ]

  • identicon
    Brad Eleven, 2 Jun 2007 @ 7:41am

    Hear, hear

    Of course only the AC will bash Open Source from the long-disproven assertion that it's somehow less secure because the source code can be read by anyone.

    Open Source is superior and more secure for exactly this reason. Pop quiz: When's the last time *you* read any Open Source? Do you think that in the source archive, there's a plain text file called "FOR SECURITY PERSONNEL ONLY" that outlines all of the known vulnerabilities?

    You're either an idiot, a corporate shill, or both, AC. That little FUD turd dried up back in the 90s. You're an embarrassment to whomever's paying you.

    Bonus question: When was the last time you heard of an Open Source security hole? If you actually did, how long before it was closed? Now compare/contrast to Microsoft's track record.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 2 Jun 2007 @ 6:35pm

      Re: Hear, hear

      Hmmm. Respecting someone who spouts ad hominem ad nauseum? Screw that.

      reply to this | link to this | view in chronology ]

      • identicon
        SailorRipley, 4 Jun 2007 @ 8:52am

        Re: Re: Hear, hear

        After your first reply and FUD about open source, your access to the moral high ground has been denied.

        reply to this | link to this | view in chronology ]

    • identicon
      Charles Griswold, 2 Jun 2007 @ 10:38pm

      Re: Hear, hear

      When was the last time you heard of an Open Source security hole? If you actually did, how long before it was closed? Now compare/contrast to Microsoft's track record.
      Actually, I've heard about quite a few security holes in open source software. I usually hear about them because a security patch was being released, so the answer to your second question is "immediately". :-) In contrast, Microsoft's track record isn't quite as good.

      reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Insider Shop - Show Your Support!

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.