Monday, February 26, 2007

Some Follow Up On A Couple Of Posts: Data Breaches & Iran's Misbehaviors

Massachusetts Bill Wants Stores To Pay More In Data Breaches

Being a Massachusetts native, I am proud to say, despite the dysfunction of the Massachusetts General Court and the biases that some judges seated on the Massachusetts bench seem to have, the laws in Massachusetts are far more protective of consumer rights, tenant rights and civil liberties. In fact, MGL 93A allows a consumer to seek triple damages from a retailer (or any commercial entity) found guilty of violating a consumer's rights. The retail industry is also required to provide vigilant updating of their UPC/SKU codes and prices or face a $500 fine for each item that rings up with the wrong price (usually one that benefits the retailer) than what is advertised or marked on the counter where the item is stocked. That last little law is why most retailers, especially the grocery stores, offer the customer the item free if an over price rings up at the register, and the lesser price if a lower price rings up. Even in terms of tenant-landlord laws, there are a lot of protections for tenants, even if the judges do not often allow tenants such rights if they do not have a lawyer present.

So, after writing a worrisome post about data breaches and IT security issues, I stumbled upon this report:
Businesses would have to reimburse banks for costs stemming from data security breaches, under a Massachusetts bill that could be mimicked by other states and in Congress.

In what appears to be the first stab at such an approach, the proposal would require any "commercial entity" that handles personal financial data to foot the bill for various banking costs caused by hacks or other intrusions into their systems. The bill, which does not yet have a public hearing date set, is being put forward by Boston-based Rep. Michael Costello, a Democrat in the Massachusetts House of Representatives.

The costs would include any fees associated with canceling or reissuing credit cards, opening and closing bank accounts, and restoring customers' account balances after fraudulent transactions. The bill defines "commercial entity" as including everything from corporations to governmental agencies to associations, whether for-profit or not-for-profit.

The bill's backers say their goal is to urge any business or organization that handles sensitive personal information--whether they be retailer TJ Maxx, the U.S. Department of Veterans Affairs, or the American Red Cross--to place more stringent security controls on their systems.

"Anything that places an incentive on commercial entities to keep that information as secure as possible is a good thing," said Adam Martignetti, Costello's chief of staff. "If that incentive happens to be financial, which it is in the case of our legislation, then perhaps the commercial entities will follow through and will take extra precautionary measures to make sure the information is not lost."

After stumbling upon this little gem, I also stumbled upon a report, thanks to a fellow blogger (Winter Patriot), that outlines that much of the intelligence offered by the US authorities on the nuclear program in Iran. Given our previous experience with intelligence run afoul of reality in regard to weapons of mass destruction before our invasion of Iraq, we have to ask if we are being fed another line of bovine fecal material from the Bush gang of fascist thugs in pursuit of yet another application of the Bush Doctrine. Add to this the fact that NONE of the allegations about the higher levels of Iranian government officials being involved in supplying Iraqi insurgents with weapons has any real evidence demonstrating Iran's direct involvement or collusion (c.f. Jon Stewart's "Mess O' Potamia: Iran aired on 02-25-07) and that the Bush administration, including President Bush himself, is busy spinning "hints" that they actually know something. Unfortunately, in order to get such reports, we have to seek it from the foreign press because the MSM in our nation is a bit slow on the uptake.

Iran Intelligence 'Incorrect'
Most US intelligence on Iran shared with the International Atomic Energy Agency has proved to be inaccurate and failed to lead to discoveries of a smoking gun inside the Islamic Republic, The Los Angeles Times reported on its website on Saturday.

Citing unnamed diplomats working in Vienna, the newspaper said the CIA and other Western intelligence services have been providing sensitive information to the IAEA since 2002.

But none of the tips about Iran's suspected secret weapons sites provided clear evidence that the Islamic Republic is developing a nuclear arms arsenal, the report said.

"Since 2002, pretty much all the intelligence that's come to us has proved to be wrong," the paper quotes a senior IAEA diplomat as saying.

Another official described the agency's intelligence stream as "very cold now" because "so little panned out," The Times reported.

US officials privately acknowledge that much of their evidence on Iran's nuclear programs remains ambiguous, fragmented and difficult to prove, the report said.

The IAEA has its own concerns about Iran.

In November 2005, UN inspectors discovered a 15-page document in Tehran that showed how to form highly enriched uranium into the configuration needed for the core of a nuclear bomb, The Times said.

Iran said the paper came from Pakistan, but has rebuffed IAEA requests to let inspectors take or copy it for further analysis.

However, diplomats working for the IAEA were less convinced in 2005 by documents recovered by US intelligence from a laptop computer apparently stolen from Iran, the paper said.

0 Comments:

Post a Comment

<< Home