It’s the kind of top-down, one-size-fits-all, heavy-handed regulation that corporate America despises. The exact type of mandate that businesses pay lobby shops millions to tweak and twist into oblivion. Except this time, America’s big-box stores are begging Congress to boss them around.
Reeling from high-profile privacy fumbles at Target and Neiman Marcus, retailers are asking Congress to require them to notify customers when shoppers’ information has been put at risk.
Currently, when firms spill data, they’re subject to a patchwork of state rules: 46 states, plus the District of Columbia, have their own privacy-breach notification laws. For a company like Target, which has stores in every state save Vermont, that means a massive compliance struggle.
Backers of a unified standard say a federal requirement would not only make companies’ lives easier but would also help firms serve their customers better by giving businesses a quick and comprehensive way to address hacks. And with tens of millions of Target and Neiman Marcus customers wondering if their credit cards are about to be used for someone else’s shopping spree, the issue has new momentum in an otherwise gridlocked Congress.
Rep. Lee Terry, the chairman of the House Commerce, Manufacturing, and Trade Subcommittee, has planned a data-security hearing, featuring testimony from a Target executive, for the first week of February.
Senate Judiciary Committee Chairman Patrick Leahy introduced a data-breach bill earlier this month, with the support of fellow Democratic Sens. Chuck Schumer, Al Franken, and Richard Blumenthal. Leahy, who has pushed similar legislation since 2005, said he also plans to hold a hearing on the issue.
But even with major retailers and business associations calling for a national standard, the legislation’s supporters have struggled to convince some Republicans that the bill isn’t just another nanny-state intrusion into companies’ private affairs.
Indeed, educating conservatives is a big part of the effort, said Mary Bono, a former House Republican from California turned data-security adviser for FaegreBD Consulting.
“This is not an antibusiness move — this is actually pro-business. It’s sort of counterintuitive,” she said.
Democrats have their qualms as well: They worry that a weak federal standard would preempt tougher state protections. And they want any national law to cover geo-location data, emails, and other personal records, not just financial information.
Those impulses, coupled with Congress’s generally constipated legislative process, may be why Bono was unable to gain much traction when she pushed a data-breach bill during her final term before losing her seat in 2012.
Her bill cleared the Commerce, Manufacturing, and Trade Subcommittee in 2011, when Bono was chairwoman, but it never received a vote in the full Energy and Commerce Committee. Bono said Energy and Commerce Chairman Fred Upton was supportive, but the issue was never a high enough priority to make it onto the panel’s calendar.
And while outrage over the Target breach has brought more urgency to the issue, it has also highlighted some sticking points. For example, Democrats and consumer advocates want to go beyond ensuring that consumers are informed when their privacy has been compromised; they want to punish companies that fail to protect their customers’ data.
The Federal Trade Commission has claimed that it already has the power to go after companies for inadequate data security under its authority to police “unfair” business practices. But the Wyndham Hotel chain and the medical laboratory LabMD have challenged the FTC’s actions against them, and the federal courts could decide to strip the FTC of its power in the area.
Many Democrats want any data-breach bill to explicitly grant the FTC the authority to fine companies that don’t take reasonable steps to protect their data. The law wouldn’t have to dictate specific security practices, but companies that recklessly put their customers’ sensitive information at risk should pay a price, they argue. Right now it is expensive for businesses that get hacked to comply with the various state notification rules — and that’s a good thing, consumer advocates say.
“One of the most important elements of a data-breach requirement is that it’s painful,” said Justin Brookman, the director of consumer privacy at the Center for Democracy and Technology. “If all federal data-breach legislation did was to make it easier to have a data-breach event, I’m not sure that would be a great outcome for consumers.”
Leahy’s bill includes new data-security requirements, but a GOP aide for the House Energy and Commerce Committee said the panel is focused only on the notification issue.
And even as the industry pushes Congress for regulation, it is warning lawmakers not to go too far. Many businesses say they would balk at expanding the federal government’s power to meddle in their security practices. It’s in their own interest to safeguard their data, they argue; they don’t need government bureaucrats telling them what kind of passwords to use.
They just need Washington to tell them what to do when those passwords get hacked.
What We're Following See More »
Before we get to the specifics of this exposé about escorts working the Iowa and New Hampshire primary crowds, let’s get three things out of the way: 1.) It’s from Cosmopolitan; 2.) most of the women quoted use fake (if colorful) names; and 3.) again, it’s from Cosmopolitan. That said, here’s what we learned:
- Business was booming: one escort who says she typically gets two inquiries a weekend got 15 requests in the pre-primary weekend.
- Their primary season clientele is a bit older than normal—”40s through mid-60s, compared with mostly twentysomething regulars” and “they’ve clearly done this before.”
- They seemed more nervous than other clients, because “the stakes are higher when you’re working for a possible future president” but “all practiced impeccable manners.”
- One escort “typically enjoy[s] the company of Democrats more, just because I feel like our views line up a lot more.”
No matter where you stand on mandating companies to include a backdoor in encryption technologies, it doesn’t make sense to allow that decision to be made on a state level. “The problem with state-level legislation of this nature is that it manages to be both wildly impractical and entirely unenforceable,” writes Brian Barrett at Wired. There is a solution to this problem. “California Congressman Ted Lieu has introduced the ‘Ensuring National Constitutional Rights for Your Private Telecommunications Act of 2016,’ which we’ll call ENCRYPT. It’s a short, straightforward bill with a simple aim: to preempt states from attempting to implement their own anti-encryption policies at a state level.”
Much has been made of David Brooks’s recent New York Times column, in which confesses to missing already the civility and humanity of Barack Obama, compared to who might take his place. In NewYorker.com, Jeffrey Frank reminds us how critical such attributes are to foreign policy. “It’s hard to imagine Kennedy so casually referring to the leader of Russia as a gangster or a thug. For that matter, it’s hard to imagine any president comparing the Russian leader to Hitler [as] Hillary Clinton did at a private fund-raiser. … Kennedy, who always worried that miscalculation could lead to war, paid close attention to the language of diplomacy.”
The New Covenant. The Third Way. The Democratic Leadership Council style. Call it what you will, but whatever centrist triangulation Bill Clinton embraced in 1992, Hillary Clinton wants no part of it in 2016. Writing for Bloomberg, Sasha Issenberg and Margaret Talev explore how Hillary’s campaign has “diverged pointedly” from what made Bill so successful: “For Hillary to survive, Clintonism had to die.” Bill’s positions in 1992—from capital punishment to free trade—“represented a carefully calibrated diversion from the liberal orthodoxy of the previous decade.” But in New Hampshire, Hillary “worked to juggle nostalgia for past Clinton primary campaigns in the state with the fact that the Bill of 1992 or the Hillary of 2008 would likely be a marginal figure within today’s Democratic politics.”
At first, “it was pleasant” to see Trevor Noah “smiling away and deeply dimpling in the Stewart seat, the seat that had lately grown gray hairs,” writes The Atlantic‘s James Parker in assessing the new host of the once-indispensable Daily Show. But where Jon Stewart was a heavyweight, Noah is “a very able lightweight, [who] needs time too. But he won’t get any. As a culture, we’re not about to nurture this talent, to give it room to grow. Our patience was exhausted long ago, by some other guy. We’re going to pass judgment and move on. There’s a reason Simon Cowell is so rich. Impress us today or get thee hence. So it comes to this: It’s now or never, Trevor.”