Police Misconduct, Data Breaches, And The Ongoing Lack Of Accountability That Allows These To Continue
from the bad-cops-and-bad-corps dept
Data breaches occur daily, affecting thousands of people. And everyone shrugs and moves on with their lives, especially those running the affected companies. Why? Because nothing ever happens to companies which have carelessly exposed data, as Cory Doctorow points out:
Data breaches keep happening, they keep getting worse, and yet companies keep collecting our data in ever-more-invasive ways, subjecting it to ever-longer retention, and systematically underinvesting in security.
Why does this keep happening? Because it’s affordable. In 2014, Home Depot breached more than 50,000,000 credit-cards; in 2016, they paid less than $0.34/customer in restitution.
There are longer-term reputational costs associated with breaches, but these are not generally factored into the quarterly-earnings-focused mindsets of corporate execs and strategists.
Two of the most damaging breaches in recent years involved millions of people who were given little or no choice in how much personal data of theirs was held by these entities. One was the Office of Personnel Management. Those seeking government jobs turn over a lot of info to the government, which then handles it carelessly.
The other — Equifax — was even worse, at least in terms of consent. There was none. No one voluntarily hands information to Equifax. It’s gathered by Equifax which sells access to any number of companies seeking credit records. No one opts in and, more importantly, there’s no way to opt out.
No one can hold these entities accountable, at least not to the extent it will deter future breaches. Because of that, the only thing we’re guaranteed is more breaches. These companies and agencies will continue to exist, hoovering up even more personal data, and, eventually, leave it exposed where criminals can make the most of other people’s finances.
From one wheelhouse to another, the same can be said for law enforcement agencies and police misconduct. In almost every case, a police officer sued for rights violations pays nothing for the wrongs committed. Neither does the agency employing the officer. This is from a study of police indemnification published by the New York University Law Review:
During the study period, governments paid approximately 99.98% of the dollars that plaintiffs recovered in lawsuits alleging civil rights violations by law enforcement. Law enforcement officers in my study never satisfied a punitive damages award entered against them and almost never contributed anything to settlements or judgments—even when indemnification was prohibited by law or policy, and even when officers were disciplined, terminated, or prosecuted for their conduct.
Officers are never made to personally feel the pain of a settlement. The officer often returns to work with only the minor black mark of a lost lawsuit on their record. Consequently, the violations continue because officers have nothing at stake. If they screw up, another government entity picks up the tab using taxpayer dollars.
The solution to this problem isn’t as readily apparent as it might seem. Personal indemnification — forcing officers to be held personally responsible for settlements stemming from rights violations — seems like a good deterrent, but it has its downsides. Scott Greenfield has examined the issue and the flaws are right below the satisfying gloss covering the surface.
Often, the argument is that the solution to police violence is to make the cop personally liable for his conduct, shift the incentive system from the municipality, or more accurately its taxpayers, to the bad dude who did the dirty. Make him suffer.
The problem is that the cop may be judgment proof. If the cop has no wealth or assets, there is no fund from which to collect a judgment. You can’t get blood from a rock.
While this may be an effective deterrent, it doesn’t do anything to make the plaintiff whole. Having a city cover the cost ensures the victim will be paid, but it lets the officer off the hook.
What’s the solution? Perhaps it’s a sharing of the burden. Officers could be made to carry their own litigation insurance. This would eliminate the free pass of outside indemnification by making every act of misconduct count. Get sued often enough and the insurance company will drop the officer. An officer without insurance is pretty much unemployable.
It’s also a win for officers, who would no longer gripe about cities settling too easily with plaintiffs and other besmirching the barrel of apples by proxy. Sure, they won’t be nearly as vocal about it when their own insurance coverage is on the line, but it will put their own insurance premiums where their mouths are, which would be small victory in and of itself.
Circling back outside to the original wheelhouse, what can be done to make companies actually care about data breaches? So far, nothing seems to be slowing the flow of carelessly exposed data. Doctorow has a suggestion, and it runs along the lines of the solution that (might!) work for law enforcement:
If companies were paying out damages commensurate with the social costs their data recklessness imposes on the rest of us, it would have a very clarifying effect on their behavior — insurers would get involved, refusing to write E&O policies for board members without massive premium hikes, etc. A little would go a long way, here.
There are no perfect solutions. But we simply shouldn’t settle for the status quo. Neither group will welcome increased accountability, but there’s simply no reason we should continue to let them skate, either.
Filed Under: cybersecurity, data breach, police, police misconduct
Companies: equifax
Comments on “Police Misconduct, Data Breaches, And The Ongoing Lack Of Accountability That Allows These To Continue”
'... is found guilty of assault, but because they're poor, meh.'
The problem is that the cop may be judgment proof. If the cop has no wealth or assets, there is no fund from which to collect a judgment. You can’t get blood from a rock.
It seems under this argument a poor person could commit pretty much any crime they want so long as it’s not one with a prison sentence and likewise be ‘judgement proof’ since they lack the funds to pay a fine. If a cop can’t pay the entire amount in one batch due to it’s size, then split it up into future payments, garnished from all future paychecks(police work or other) until they can pay it off.
The idea of ‘lawsuit insurance’ that would be required if someone wanted to be a cop strikes me as a good idea to incentivize other cops to keep their own in line and get rid of the ones likely to raise the rates by their actions, but even then the insurance should only kick in after a certain amount is paid so that the primary penalty lands on the guilty party.
Re: '... is found guilty of assault, but because they're poor, meh.'
Or put them in prison. Which is what we do when a poor person, for example, shoots an unarmed person who has their hands in the air and is surrendering.
Re: '... is found guilty of assault, but because they're poor, meh.'
I wish this logic applied to copyright enforcement. It seems that all they ever do is harass people they know can’t pay up, for statutory damages and fines they know can’t be afforded.
Re: '... is found guilty of assault, but because they're poor, meh.'
If a cop can’t pay the entire amount in one batch due to it’s size, then split it up into future payments, garnished from all future paychecks
That makes sense for punitive damages, but for compensatory damages it might not be very helpful to a victim. As far as insurance goes, Greenfield mentions (in the comments to his own article/post) "the intentional crime problem, which many policies don’t cover as against public policy."; if a bad cop does something egregious enough, insurance wouldn’t even have to cover it. Having the government as a final safety-net might work, but I’m willing to bet victims would have to sue their way to an award at that level, too.
Re: Re: '... is found guilty of assault, but because they're poor, meh.'
It’s a rough idea that could be refined to be sure. As for compensating the victim in a large, immediate sum, you could perhaps take that from the insurance fund or the department’s budget, to be paid back by garnishing the guilty party’s wages until it’s repaid.
So long as the core remains the same in that the guilty party, the officer, pays, rather than offloading it to the taxpayers the fine details can be fiddled with to make it work.
Or Just Not Treat Law Enforcement As Gods
How about we just stop worshiping law enforcement officers. If certain people in power would be capable of recognizing that they are fallible human beings that are not deserving of unequivocal praise and power without question that might solve a whole host of problems.
Re: Or Just Not Treat Law Enforcement As Gods
If you shoot and kill a cop in self defense, does that make you a Godslayer? =P
Another profit center.
The idea that insurance companies are the solution to anything is quite baffling to me. While I agree there may be some deletorious effects upon insured entities due to rate increases for egrgious behavior, the only real solution I see is for insurance companies’ investors.
Re: Another profit center.
Insurance is a scam. Didn’t it originate with the mob?
It also, in a way, is socialism.
Just another middle man collecting a toll.
Re: Re: Another profit center.
I am not against the idea of insurance. The way it has been implemented however. Insurance companies should be not for profit and with strict controls over administrative and compensation costs.
There should also be controls over how they go about deciding whether or not to pay on claims. Indirectly, this would put a control on rates.
There are probably more things needed to make the system work properly, making sure they retain sufficient funds for those payouts and how they are audited and invested, for example.
Re: Re: Re: Another profit center.
Possibly, the biggest problem the for profit insurance folk have is the profit motive and being publicly traded. This drives middle management to cut expenses in hopes of a bonus, and we all know how they do that. What is the point of insurance if it never pays a claim and what exactly am I making payments for?
I had a laugh the other day when one of those car maintenance “insurance” ads was on … of course they had a bit about pre-existing conditions, for your car …. LOL.
Re: Re: Re:2 Another profit center.
One of the things that gets me with for profit insurance is that premiums are paid, then syphoned off to investors as dividends or something, or maybe as bonuses and huge compensation packages for executives. Then the insurance company claims they have no money to pay claims. They had the money, for its intended purpose, then gave it away .
Re: Re: Another profit center.
I’m kinda going off-topic, but there’s a book I read a while back (Chances Are… by Kaplan & Kaplan) that has quite a bit about the origins of insurance being rooted in maritime trade and the rebuilding of London after the Great Fire. It’s not an exhaustive or detailed history, but it looks at insurance — and a whole lot of other things, from predictive policing to success in Hollywood — in terms of how society deals with and (mis)understands probability… not to mention, how it can be abused.
Re: Re: Re: Another profit center.
Interesting. I have wondered about its origin but never actually looked into it.
Re: Re: Re:2 Another profit center.
Note: I may be conflating the Kaplan book and Mlodinow’s The Drunkard’s Walk, but they’re both pretty good reads in popular science/math/history. (At least, they’re both fun enough to have kept me reading when I hit chapters about the damn insurance industry. No mean feat.)
Re: Re: Another profit center.
No, it didn’t originate in either organized crime or socialism. It originated in a coffee shop.
One wealthy young man made a wager with another wealthy young man, about a ship making port on time, intact, and with a good cargo. This became a popular thing to wager on, and eventually word of it got back to a ship owner, who placed his own wager. He bet that his ship would suffer misfortune. He lost the bet, but that was the basis of the insurance business.
Lloyds Coffee Shop eventually became Lloyds of London, the most prestigious insurance company in the world. Insurance companies are legal casinos, even in places where gambling is otherwise illegal. You make a bet with the House, that you will suffer misfortune. The House analyzes the odds, and makes an asymmetric bet that you will be fine, the amount based on the odds.
The House almost always wins, but that’s okay to most people because the payoff if the House loses is so large, and will monetarily replace what they’re wagering about.
We call those wagers insurance premiums and insurance payouts today.
Re: Re: Another profit center.
“It also, in a way, is socialism.”
I’m not even going to disagree with that statement. With insurance the many pay for the individual. I think that as long as you don’t call it communism I could go with the idea that is a socialistic concept. It was invented by capitalists (ever heard of Lloyd’s?) but, hey, don’t let that spoil your breakfast.
Now please explain why insurance is a bad idea? There doesn’t really need to be a middle man collecting a toll, you can have co-operative funds where the fund is only used to create a buffer for bad times. If the fund is judged to be big enough payments can decrease or stop.
Insurance should be used to cover stuff that would go beyond your means if it happened to you. I think a general rule of thumb is that if the possible damage would be higher than 2 monthly salaries it should be insured. So a fire insurance for your house is a good idea. Of course, some due diligence into your insurer is also a good idea.
I recently read that in the US more than half the people that get cancer completely wipe out their life savings and are left in debt. Feel free to check how big the chance is you will get cancer at some point in your life but I can assure you it’s not small, especially if you plan on getting old. The socialists in North/West Europe do not have this problem though because their insurance covers that. At the same time the overall cost (combined government and private spending) is a fraction of the cost in the US but that’s another discussion.
Now, you keep rejecting insurance because it smells like dirty, unwashed socialists. Just don’t complain when your house burns down or you get cancer.
Re: Re: Re: Another profit center.
@ Narcissus, I find your screen name ironic because you actually get society.
As you have correctly pointed out, we human beings are social creatures and when we go all rugged individual our success or failure at All The Things! is predicated on the slings and arrows of outrageous fortune.
This is why the communitarian outlook we both subscribe to is superior; it doesn’t pretend that nothing can go wrong if you work hard enough, etc., it acknowledges that even the best of us have bad days and that’s when we need help we might to be able to access by ourselves.
Americans who fear socialism are afraid of a word that is basically shorthand for tyranny, but tyranny comes in many flavours. Why is one flavour better than another? They all require you to be members of the “in” crowd.
Even capitalism can’t work on rugged individualism, you have to give up a certain amount of economic freedom when contracting to work with other individuals and groups. E.G. I can’t work for another company at the same time as my employer without a conflict arising over my availability. I’ve ultimately got to choose between giving the bulk of my time to one or the other in order to realise the benefits of being employed by either.
As I’ve said many times before, any philosophy predicated on a best case scenario is ultimately doomed to failure. I’ve never seen that statement contradicted.
I think the biggest thing would be to stop requiring judgements to be "reasonable" in the aggregate. Work up an average cost for an individual to deal with the results of a data breach (including their own personal time), then by law set the liability of the data collector per individual exposed at either that average or the actual documented costs, whichever is greater, plus legal costs and fees. 50 million records exposed at an average cost of $200 per person to fix? Total liability starts at $10 billion and goes up from there, plus lawyers’ fees on top of that. No trying to figure a reasonable total penalty, you take the reasonable cost per individual and multiply it by the number of individuals and the company’s responsible for contacting all individuals affected.
All the data.
Iv had lots of problems Understanding how persons on the internet can Gather Terabytes of data…and no one noticed..
No one, not even the automated system, Saw someone sitting on their servers for DAYS/WEEKS..
We have Gas cans that even when FULL will never explode.. but we cant create a simple trick or monitoring program that WARNS us that someone has NOW looked at and downloaded 99% of your servers..
Then we get to those WE PAY to be responsible for certain things in our lives. From police, mayors, Governors, and those TOP politicians..
If your Boss told you what to do, and you didnt do it, or you made it worse, or…. YOU WOULD BE FIRED.
How many of you have looked up and Seen what your congressman has done recently and in the past..AND what those bills he voted on, DID.. And how many days he Missed, not showing up for the job…
THEY ARE ALL EMPLOYEES, and we have not checked up on them……
Re: All the data.
*We have Gas cans that even when FULL will never explode
…not really? I mean, in general any combustible will not explode even in the simplest container as long as that container is full, since an explosion would require oxygen. However, in practice full containers tend to lead to leaks as temperature fluctuations cause the pressure inside to exceed material tolerances (unless the material inside is non-volatile, which is rare, but does happen). For this reason, containers are rarely "full." Instead they are filled partially and the rest of the space filled with an inert gas (often nitrogen or carbon dioxide). Of course, this only works so long as proper use/maintenance procedures are followed, and explosions in storage facilities happen somewhat regularly.
Re: Re: All the data.
It’s not the liquid that burns rapidly, it is the fumes from said liquid. Those videos of people pouring gas on logs and then lighting it are quite impressive in regard to the volume of fumes that ignites. It seems to catch them off guard.
Re: Re: Re: All the data.
https://www.technokontrol.com/en/products/fuel-cans.php
so you dont know this??
there is a neat trick thats been used along time its like Steel wool that fills the can. and there is no way the cans will explode.. there are other ways also that limits the expansion of the fumes inside the can.
Re: Re: Re:2 Steel wool in gas cans.
Fun fact: Japanese Zeros were so stripped of weight to maximize their performance that they had neither radios nor the combustion proofing of their fuel tanks, and as a result the occasional lucky shot would pop them like TIE fighters.
The Zero outperformed the US planes until the P38 Lightning which out-climbed the Zero.
nice arctical
Not only are the fines pitiful, the victims are often left to deal with the fallout costing them well more than any settlement amount can put a dent in.
Perhaps it is time to make the corporations responsible for fixing the damage. A $0.50 settlement is nothing to the bottom line… having to make other corporations whole for the millions of dollars in losses they are facing streamlines the process for the victims.
We are always left to clean up the messes b/c these awesome ‘better than us’s” can’t be held to the same rules the rest of us must be held under.
Re: Re:
Every company my company has to deal with has liability insurances. I presume these cover data breaches. By taking out such policies they are actually taking responsibility for the damage they do, however, that damage is quantified in economic terms.
We need criminal penalties for negligence. When executive officers start doing jail time, we will see change.
The mob approach...
…is for the institution to pay the restitution so that the victim is adequately compensated, and then to charge the offender in question. When the offender has nothing to take, the institution takes digits, limbs and loved ones.
This is not to say it’s an appropriate solution for the government, rather it’s where things fall back to if an appropriate solution isn’t found.
Many of our organized crime associations started in response to a state that wasn’t adequately serving the public and leaving a lot of injustice lying about.