Politicians Cynically Using JP Morgan Hack To Try To Pass Laws To Diminish Your Privacy

from the you're-doing-it-wrong dept

So, as you probably heard last week, JP Morgan revealed more details of how it had been hacked, noting that the number of households impacted shot up to 76 million, thus impacting a pretty large percentage of Americans. The hack involved getting access to customer names, addresses, phone numbers and emails. It doesn't appear to have gotten anything else, but that's plenty of information to run some sophisticated phishing attacks that could lead to some serious problems. It's expected that the fallout from this could be quite long lasting.

Almost immediately, politicians leapt into action... but not in any good way. They're cynically using this as an excuse to push questionable cybersecurity legislation. Specifically, Senator Angus King used it to push CISA, a bill that actually undermines privacy, rather than protect it, by giving companies incentives to share info more freely, opening up greater opportunities for leaks and breaches. CISA gives those companies a blanket get-out-of-jail-free card by taking away any liability in sharing such info.

What no one explains is how something like CISA would actually have helped stop the JP Morgan hack. That's because it wouldn't have helped. Congressional supporters of cybersecurity legislation keep playing the "something must be done!" card, without ever bothering to explain how the something (CISA) will actually help. They just make vague promises that by somehow letting companies share info without liability, we'll magically all be better protected. Given the recent revelations about how government has regularly abused access to information, it's hard to accept the "just trust us" explanation for why companies should just hand over more information.

Even worse is that King went for the FUD-based "cyber Pearl Harbor" claim -- one that's been trotted out regularly, usually by intelligence community folks who just want access to your data, when the reality is that even James Clapper has admitted that there's little real chance of such a thing happened. But that doesn't stop King:
“Congress must work to pass legislation that will improve our capabilities and protect us against more attacks like these,” King added. “The next Pearl Harbor will be cyber, and shame on us if we're not prepared for it.”
Okay, sure. Shame on us if we're not prepared, but how will this law help us prepare for it? This is a question that no one in Congress seems willing to answer. They just insist we have to "do something."

King wasn't the only one:
Sen. Ed Markey called the hack “yet another example of how Americans’ most sensitive personal information is in danger.”

"It is time to pass legislation to protect Americans against these massive data breaches,” he added.

Rep. Yvette Clarke tweeted that the U.S. “must keep up on cybersecurity.”
Right, but again, how will the proposed law actually help? The problem is that no one answers because the truth is that it's unlikely to actually help keep companies and your data secure, though it might just make it easier for the intelligence community to get their hands on your data.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 6 Oct 2014 @ 4:06am

    I wonder why the government isn't investigating JPM or trying to pass laws that would legitimately strengthen the security of finan- ohhh now I get it

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Oct 2014 @ 4:17am

    Perhaps laws put in place that protect white hat hackers and punish companies for not responding to white hat hackers that report flaws in their systems are what's needed.

    reply to this | link to this | view in chronology ]

    • icon
      Bt Garner (profile), 6 Oct 2014 @ 4:35am

      Re:

      I do not think that anyone in the US Government is savvy enough to distinguish between a white hat and black hat hacker. They hear these terms and all they can think of is "ZOMG, a cyberterrorist with different colored hats!"

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 6 Oct 2014 @ 5:05am

      Re:

      That makes sense and won't make money for corporations. So it's bad.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 6 Oct 2014 @ 7:31am

      Re:

      And by punish I obviously mean civil, not criminal. If a company gets warned of a flaw, fails to correct it, a customer is later injured due to the flaw, they can successfully sue.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Oct 2014 @ 4:34am

    The only difference is that this time, the criminals accessing private data have a badge.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Oct 2014 @ 4:41am

    What is the governments recovery plan for when, as will likely happen, Bluffdale is hacked into?

    reply to this | link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 6 Oct 2014 @ 4:41am

    It is a shame there are no journalist left to ask the Senator to explain exactly how this bill would make us more secure.
    I think it would be amazing to see his brain freeze up and try to spit out catch phrases to bypass the question and a real journalist saying, but this bill does not do this in the text and point out what it allows for.

    Shame we don't live in a free country with a free media that can actually get answers for citizens.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Oct 2014 @ 5:09am

    Because of the risks of falling in bathtubs we are introducing a law that will make bathrooms safer. We plan to outlaw hot water and soap in the bathroom environment and put up camera's to see if you use your bathroom properly...

    reply to this | link to this | view in chronology ]

  • identicon
    Bengie, 6 Oct 2014 @ 5:20am

    Simple issue

    "“Congress must work to pass legislation that will improve our capabilities and protect us against more attacks like these,” King added. “The next Pearl Harbor will be cyber, and shame on us if we're not prepared for it.”"

    The problem isn't the law, it's idiots and laziness causing the issue. Congress should just outlaw being stupid and lazy for important positions like programmers and sysadmins.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 6 Oct 2014 @ 5:26am

      Re: Simple issue

      "The problem isn't the law, it's idiots and laziness causing the issue."

      But solving actual problems is too hard (some would even decry it as "big government" while ignoring or even supporting blatant fascism) and won't make the highest bidder any richer.

      "Congress should just outlaw being stupid and lazy for important positions like programmers and sysadmins."

      Like Congress would even dare try to sign anything that would criminalize themselves.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Oct 2014 @ 5:33am

    What does this legislation, or others like it, do to encourage corporations to protect the information they are being entrusted with?

    Nothing? Yeah, that's what I thought.

    It is a ruse and an excuse to implement additional draconian measures.

    reply to this | link to this | view in chronology ]

  • identicon
    Matthew A. Sawtell, 6 Oct 2014 @ 5:53am

    Good grief... even Angus?

    It was Angus that said this? The Independent-ist Senator from Maine? Aw nuts... Bad enough when both sides of the aisle acts like this, but the center as well?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Oct 2014 @ 6:06am

    Some suggestions:

    1) Don't trust big corporations or the government with sensitive personal data. They haven't earned trust and have actively earned mistrust in many cases.

    2) Avoid mass centralized storage of sensitive personal data. The more data that are stored in one place the higher value it becomes as a target.

    3) Don't pass any security undermining trojan horse BS like CISPA. Do the opposite and pass law to protect data and shut down the data theft free-for-all that has developed over the past 15 year.

    4) Don't let corrupt, ignorant fools like Anus King anywhere near "cyber" policy.

    reply to this | link to this | view in chronology ]

    • identicon
      Just Another Anonymous Troll, 6 Oct 2014 @ 7:33am

      Re:

      "4) Don't let corrupt, ignorant fools like Anus King anywhere near "cyber" policy."
      I was about to warn you about the typo, but then I realized it was probably intentional.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Oct 2014 @ 7:04am

    One way that increased sharing could provide greater prevention of hacks like this

    Shield the companies from all liability for disclosing information, then encourage them to preemptively post everything they know to their public web sites. Ta da. No more hacks, because now you can get whatever you want without breaking in anywhere. There's also no privacy, but hey, at least with my way, even stalkers who couldn't hack their way out of a paper bag can get in on the action. Bonus, it'll make companies look silly and/or suffer massive fraud if they keep up with the stupid idea that knowing a SSN, mother's maiden name, etc. somehow proves the knower is the person he/she claims to be.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Oct 2014 @ 7:21am

    business as usual

    Isn't this just another case of "the facts being fixed around the policy" - as the leaked Downing Street Memo eloquently put it. People like King (and his supporters) might seem like raving idiots spewing nonsense, but usually they're crafty as foxes and know exactly what they're doing.

    reply to this | link to this | view in chronology ]

  • icon
    Ninja (profile), 6 Oct 2014 @ 8:00am

    It was expected. Why point at the incompetency of JP when you can tout your totalitarian agenda?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Oct 2014 @ 8:18am

    If these corps insist on keeping my private info, they should be liable when they loose it. But the slap on the wrist just doesnt push them into really protecting from these hacks.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Oct 2014 @ 9:24am

    Well, if "something must be done", why don't they go and do a poo?

    reply to this | link to this | view in chronology ]

  • icon
    Stosh (profile), 6 Oct 2014 @ 9:49am

    Government: "Just give US all your personal, financial and medical data and we'll keep it safe for you"

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Oct 2014 @ 10:04am

    the NSA must love these politicians. Every time there is an incident they try to shovel more citizens private data into NSA servers.

    Data sharing would only give the NSA more exploits to use upon Americans and everyone else. It would not protect anyone.

    We don't need more offensive weapons we need defensive ones.

    reply to this | link to this | view in chronology ]

  • identicon
    tomczerniawski, 6 Oct 2014 @ 10:10am

    The government we trusted to keep us safe is becoming a metastasizing cancer. Soon, it will have to be excised.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Oct 2014 @ 12:29pm

    "What no one explains is how something like CISA would actually have helped stop the JP Morgan hack. That's because it wouldn't have helped."


    Thank you Mike, for stating the main issue with CISA. Sharing information 'after' a company has already been hacked, doesn't prevent the hack from occurring. Obviously.

    Add to it that most financially institutions are already required to disclose data breaches to the Feds, and I fail to see what this bill will accomplish.

    Other than setup some kind of massive information sharing network for hackers to target. Completely defeating the purpose of the bill and making us all less safe and secure.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 6 Oct 2014 @ 2:18pm

      Re:

      and I fail to see what this bill will accomplish.

      It will allow the NSA to get a direct connection to every US companies database.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Oct 2014 @ 2:05pm

    Uhh uhh... pick me!

    I have the greatest idea on how we stop cyber criminals! We make sure to never encrypt our stuff and we give out massively unsecured software for free to everyone!

    reply to this | link to this | view in chronology ]

  • identicon
    Greg Soilder, 6 Oct 2014 @ 3:56pm

    Interesting just one day after Congressman and former FBI agent Mike Rodgers says he will do everything he can to push CISA S.2588 The next day JP Morgan online banks are hacked?

    3 Points

    1st Point: Well it is funny a day before this Cybersecurity attack his JP Morgans back, according to the Hill Congressman Mike Rodgers from Michigan a Republican and a Former FBI agent SWORE TO PUSH BY ANY MEANS NECESSARY CISA or S.2588 CYBERSECURITY THIS YEAR http://thehill.com/policy/technology/219429-house-chairman-fears-political-tantrums-could-sink-cyber -bill You know I speak for my self Not TECHDIRT, this is Congressman Rodgers last year because he is retiring from Congress THIS YEAR and considering he is a former FBI Agent I would not put it passed him to call some of are American FBI or CIA working double agents and tell them to hack JP Morgan and inform JP Morgan Chairman Jamie Diamond to let the HACK go through so Congressman Rodgers can push this CISA bill considering CISA matches Congressman Rodgers CISPA Cyber Spying bill in the House. That is point 1.

    Point 2 it is amazing the Senator Ed Markey a suppose it Progressive or Democrat from the State Of Massachusetts would try to push CISA S.2588. I thought that Senator Markey was for Net Neutrality http://www.markey.senate.gov/news/press-releases/to-protect-net-neutrality-markey-leads-senate-dems- in-call-to-reclassify-broadband-as-a-utility YET CISA or S.2588 gets rid of Net Neutrality http://www.usnews.com/news/articles/2014/07/07/nsa-net-neutrality-fears-overshadow-senate-cybersecur ity-vote

    So Senator Markey what gives are you FOR OR AGAINST NET NEUTRALITY because CISA or S.2588 gets rid of Net Neutrality online. That is my Second Point.

    Third Point

    Senator Angus King an Independent from Maine who took the former Republican Senator Olympia Snowe's job. Angus says he is more Democrat then Republican http://www.king.senate.gov/newsroom/press-releases/-king-highlights-affordable-care-act-successes-in -maine but if the Republicans take back the Senate in 2015 Angus King of Maine will switch parties and become Republican and vote against Obamacare http://www.newsmax.com/Politics/Senator-Angus-King-Maine-Republicans/2014/04/11/id/565067/ As you can see Senator Angus King is an opportunist who doesn't vote on principal, rather whatever party LINES HIS POCKETS THE MOST in this case the Republican Chamber of Commerce and Koch Brothers. Now you know why Senator King supports the Cyber Spying Security bill CISA or S.2588 whether it damages the American people's privacy or not, KING ONLY CARES ABOUT HOW MUCH LOBBYIST MONEY IS IN HIS POCKET http://reason.com/blog/2014/10/06/senator-exploits-jp-morgan-data-breach-t

    So the point is, My trust of the US Government is low, and again Considering Congressman Rodgers is a former FBI Agent and is about to retire http://www.washingtonpost.com/blogs/post-politics/wp/2014/03/28/rep-mike-rogers-to-retire-launch-nat ional-radio-show/ I am sure he would want to pass one bill with his name on it and doesn't give a BS if it hurts are privacy or not. What does this Congressman have to lose by calling some FBI Double Agents in to hack JP Morgan so the Congressman can pass his CISPA bill and ruin the internet. Bottom line is once again politicians will do whatever it takes to get there bills passed and lying in my opinion to the American people about a BOGUS (MU OPINION) hack on JP Morgan is just the way to push Cyber Spying. As I showed you before Congressman Rodgers SWORE CISA would be on the table this year and after Congressman Rodgers said that JP Morgan was hacked. Coincidence I DOUBT IT STRONGLY, Rep Rodgers FBI Hacked JP MORGAN. **CALL YOUR SENATORS AT 2022243121 and tell them NO TO S.2588 CISA and let them know Rodgers and his FBI will NOT FOOL YOU. Sign this petition from the Electronic Frontier Foundation to stop CISA Cyberspying S.2588 https://act.eff.org/action/stop-the-cybersecurity-information-sharing-act-of-2014

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 6 Oct 2014 @ 8:24pm

    Isn't it an amazing coincidence that every time one of these anti freedom laws is about to be passed something like this happens that fires up the public to support their rights being removed.

    A more cynical person might think that the government deliberately engages in false flag operations to cloud people's minds with the long term effect this will have on their lives.

    reply to this | link to this | view in chronology ]

  • identicon
    Zonker, 7 Oct 2014 @ 10:57am

    It all makes sense when you realize that JP Morgan needs CISA passed in order to avoid liability for the breach of 76 million account holders personal information. Under CISA it would just be "sharing". You didn't think that Congress actually gave a shit about protecting your privacy, did you?

    reply to this | link to this | view in chronology ]

    • identicon
      Wide awake, 7 Oct 2014 @ 11:15pm

      Re:

      It's not really what's kept on your computer or device that can reveal all your secrets; its the little trail of breadcrumbs you've left behind you out in the cloud.
      Anonymity is an illusion in the digital age and all attempts to hide behind it are only further acts of self incrimination. All day long people obsessively write their own confessions: every search, every click, every comment, every poll, every like, every chat, every status update, every friend, every call, every e-mail, every photo, every purchase, every connection - everything everyone does on their computer, phone, or tablet is in some way captured and filed and cross referenced, to be sold or shared however its true owners desire.
      Each fragment may reveal only a tiny glimpse of their most private selves, but these tech - blinded people never stop to think that someone could be out there reassembling their full, explicit picture in every revealing detail.

      That phone you carry has got a microphone and a camera, so it can see and hear whatever's around it. It can recognize a face, understand words, and match a voiceprint. It's got an accelerometer, so it knows when you sit, when you stand, and which way you're walking. Its got a GPS receiver that tracks where you are within a five foot circle. And whether you know it or not, you've signed over your permission to strangers to monitor and make a record of all those things every minute of the day. Google is a quarter of a trillion dollar company but they give away almost every product they make for free. Don't you know what they're selling to make all that money? They're selling you.
      You wouldn't trust your best friend with what that phone knows about you, and yet you trust all those strangers lurking out there in the cloud, who've all said time and again that privacy is a relic of the past and a man's wish for it is a cause for suspicion. If you're dumb enough to believe that way, then go right ahead.

      reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Special Affiliate Offer
Anonymous number for texting and calling from Hushed. $25 lifetime membership, use code TECHDIRT25
Report this ad  |  Hide Techdirt ads
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.