Warren's Regulatory Expansion Is Wrong Answer to Equifax Breach

The senator wants to force credit reporting agencies to offer useful services for free.

|

Sen. Warren
Oliver Contreras/Sipa USA/Newscom

In September, we learned that Equifax had suffered a massive data breach that exposed the personal information—including names, addresses, birthdates and Social Security numbers—of 145 million Americans. It was the latest in a string of cybersecurity breaches in recent years. The frequency of such attacks—with other prominent examples including breaches of systems belonging to Target, eBay, Yahoo and Home Depot—demonstrates the complexity of securing sensitive information in the internet age.

If there's one thing that all these breaches have taught us, it's that cybersecurity is hard. There's no easy legislative fix, and knee-jerk calls for new regulations on each industry that suffers from a breach offer no substitute for improving cybersecurity.

Nevertheless, a mere week after the Equifax breach, Sen. Elizabeth Warren, (D-Mass.), had the issue all sorted out. She introduced her legislative remedy, the Freedom from Equifax Exploitation, or FREE, Act, claiming that it "is a first step toward reforming the broken credit reporting industry."

The implication is that this incident is unique among all other cybersecurity breaches in that Equifax and the credit industry at large are the source of the problem. The truth is much more mundane. Equifax fell victim to an unpatched vulnerability installed by a contractor, and now a politician is exploiting the issue to increase government control over an industry.

This is not to say that Equifax deserves no blame. Quite the contrary. Not only was its response after the incident widely condemned as ham-fisted but also the vulnerability itself was disclosed months before the attack and should have been patched. But that kind of mistake is quite common, and the FREE Act would do nothing to fix it.

Instead, Warren focuses on promoting credit freezes by forcing credit reporting agencies to offer the service free of charge. That is troubling because it would be far too easy for consumers to get in the habit of using government to force businesses to provide useful services free. In addition, there is danger in the over-promotion of credit freezes, which, though a useful tool for consumers, come with the potential for economic downsides.

Consumer access to credit is important to the functioning of the economy, and the credit reporting industry plays a vital role. Without the information and the assurance that it provides to lenders, all but the most obviously dependable would find their access to credit considerably curtailed. Everything from buying a home or car to opening a store credit card would become much more difficult without access to the information provided by the credit reporting industry. Even those trying to register on the Obamacare exchanges are finding it much more difficult if they have frozen their credit.

Even if freezes wouldn't be more widely used or prove terribly disruptive, the new regulations would add friction at a key juncture of the economy. There are valid reasons individuals may wish to free their credit, but the government shouldn't pretend that it is a panacea or promote it without understanding the potential for unintended consequences.

The fact that major breaches have occurred at government agencies—such as the United States Office of Personnel Management, the U.S. Postal Service and the IRS—suggests that the government is unlikely to be holding a secret formula for solving the cybersecurity problem. Warren's heavy-handed price control regime wouldn't improve cybersecurity, and it would increase regulatory burdens on a sector that in truth needs the opposite.

The credit reporting industry is cartelized, thanks to past government interventions. The Fair Credit Reporting Act, now 47 years old, has served to limit competition and partially shield companies such as Equifax from legal claims. Instead of micromanaging the services that firms offer, the government should look to remove rules that prevent competition.

NEXT: Oldest Libertarian Organization, FEE, Looking for Publisher/Editorial Director

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. The credit reporting companies have themselves created a business model that focuses on collecting as much sensitive information (without consent) on every person in the country. They also created the idea that this information can tell if we are worthy of credit, jobs, housing and more. This information can be misused to ruin the lives of innocent people in ways such as taking out loans in their names and stealing tax refunds. Given the power that these companies have, it should be the right of all of us to limit the dissemination of this data as we see fit. This is not government over reach, it is the government stepping in to protect the public from companies who have shown over and over they are not willing to protect anyone.

    1. And yes, I do understand that access to credit and credit information is important to the modern economy, but since consumers can unfreeze their credit when needed, the economic impact will be quite minor.

      1. I’m making over $7k a month working part time. I kept hearing other people tell me how much money they can make online so I decided to look into it. Well, it was all true and has totally changed my life.

        This is what I do… http://www.onlinecareer10.com

      2. I’m making over $7k a month working part time. I kept hearing other people tell me how much money they can make online so I decided to look into it. Well, it was all true and has totally changed my life.

        This is what I do… http://www.onlinecareer10.com

    2. You know who else argued that the government needed to step in to protect the public from companies who have shown over and over they are not willing to protect anyone…?

      1. I got nothing…

      2. Almost everybody in the last 100 years?

      3. Bono?

      4. Every Liberal/Democrat in my lifetime?

      5. Not bad, folks, not bad, but the correct answer is “Supreme Chancellor Palpatine”.

    3. (without consent)

      Oh really?

      1. I mean, I suppose you could go cash only, not have utilities and live off the grid, no credit cards, no home or auto loans, and no insurance (thus no automobile), but it is rather difficult.

    4. They are doing this with your consent. Every time you apply for credit, the fine print specifies that the information you provide on the application form will be submitted to the credit reporting companies.

      The answer is to break the cycle by a private company offering credit and credit approval services based on an identity that is authenticated on a proof of knowledge basis.

      No one should never need to provide an identity that can be widely traced back to you. Security will always be problematic. Limited the fallout from failed security should be a high priority.

      1. There is a lot of information used by credit reporting companies that doesn’t come from credit activity and for which you didn’t consent to use of. For example, public record data.

        1. Then you should take that up with the government entities collecting it. By its nature “public” is giving anyone access to look it up. It doesn’t much matter if its Equifax or if its your nosy neighbor.

    5. “The credit reporting companies have themselves created a business model that focuses on collecting as much sensitive information (without consent) on every person in the country.”
      Bull
      .
      .
      .
      shit.

      1. God I hope you get the everloving fuck hacked out of your personal information that you “consented” to give these assholes. Wonder how much you’ll be sucking that nice big corporate cock then.

    6. Start earning $90/hourly for working online from your home for few hours each day… Get regular payment on a weekly basis… All you need is a computer, internet connection and a litte free time…
      Read more here,….. http://www.startonlinejob.com

  2. “the government shouldn’t pretend that it is a panacea or promote it without understanding the potential for unintended consequences.”

    You know what else the government pretended was a panacea and promoted without understanding the potential for unintended consequences…?

    1. A War on Drugs/Poverty?

    2. Net neutrality?

    3. Anything and everything that ever started with “The War On…” ?

      Anything and everything that promised to make All of us Safe From… [fill in the blank]… Forever and at No Cost …. ?

    4. All the above are correct, but again, what we were looking for was “AIDS”, people.

      That, or “the Emancipation Proclamation”. Whichever particular kind of offensive you’re in the mood for, basically.

    5. The Works Progress Administration?

  3. “Warren’s heavy-handed price control regime wouldn’t improve cybersecurity, and it would increase regulatory burdens on a sector that in truth needs the opposite.”

    You know what other socialist charlatan’s heavy-handed price-control scheme increased regulatory burdens on sectors that in truth needed the opposite and didn’t improve cybersecurity…?

    1. Jesus?

      1. God Jr.’s failures in web security are well-documented, but when did he control prices?

        1. Does dumping subsidized wine and fish on the market count?

          1. Nope. Comparative advantage, mother-effer.

    2. Nixon? Carter?

      …. Wage/Price Controls? was it about 40 years ago?

      1. Both perfectly serviceable answers, but the ones I had in mind were “Nicolas Maduro” and “Ptolemy I”.

    3. Sarbanes-Oxley?

  4. “She introduced her legislative remedy, the Freedom from Equifax Exploitation, or FREE, Act”

    Clearly written in a hurry- how else could she have missed the opportunity to instead present the Equifax Quite Unsatisfactorily, Insufficiently Licking I, Elizabeth’s Soles act?

    1. Elizabeth Warren…in Webster’s under the definition of “rump swab – douche bag”… and “insufferable”…a life time twofer!

      1. Found under the alias; Liawatha Fauxcahontas!

  5. I knew someone who was an astrologer because it provided all the trappings of an engineer without needing years of education: books of formulas and tables, calculations, plotting charts, and of course custom computer programs.

    I sometimes think that’s what’s up with political stunts like this. Business people get experience from years of making mistakes and rising through the ranks. Politicians want all the trappings of being experienced business leaders without the years of undignified toil in less-than-stellar jobs. They think getting votes is a good substitute for getting experience. It’s why they have so much in common with Hollywood — all you see of business people in movies is waving sheets of paper around or pointing to a computer screen, and barking orders. Jones! Fix this warehouse problem! It all looks so easy.

    1. Good analysis. It’s a close cousin to the reason mayors and governors find it easier to preach against global warming or world hunger than to fix their local subways and civil service pensions.

    2. This is one of the funny things about the socialist conceit that the economy can be centrally planned by a board of experts. Even if that were true, they’re lacking a critical ingredient: the experts.

    3. I must reiteratingly repeat myself Again…

      It’s NOT “Follow the Money”… It’s Follow The Money, The Power and The Control Over People…

      … engraved on the hearts of most politicians and all Liberals.

    4. How else would you portray biz people at work on screen?

  6. Come on, at least give Warren bonus points for using her key code word: FREE.

    In the progressive party almanac (2018 edition) this will continue to describe core policy, with promises of all things that will be free.

    (Note: do not confuse free with freedom, often used as code by other players.)

    1. More like free-dumb.

      Am’rite?
      Coz she’s dumb.

  7. Freedom from Equifax Exploitation, or FREE, Act

    Wow. I’m kind of speechless at the level of stupidity and hatred on display with this. Can you imagine how much damage this woman would cause if she – I’m not even going to say it.

    1. . . . . became commander and chief?

    2. Released a sex tape?

      1. You say this, and Dajjal is the one who got banned.

  8. Warren’s Regulatory Expansion Is Wrong Answer to Equifax Breach

    When has Warren ever had the right answer to anything?

    1. “I’ll take ‘do I have native American ancestry’ for$200 please Alex”

  9. Wait, so Lizzie Warren is shamefully demagoguing the Equifax security breach! No way!

    1. If shamefully demagoguing the latest mediapathic crisis is wrong, Lizzie Warren don’t wanna be right!

  10. The frequency of such attacks — with other prominent examples including breaches of systems belonging to Target, eBay, Yahoo and Home Depot?demonstrates the complexity of securing sensitive information in the internet age.

    The frequency of such attacks demonstrates that businesses are are incompetent at, or don’t care much about, cybersecurity.

    1. I think what it really demonstrates is that “cybersecurity” is a pipe-dream.

      1. According to the consultants my firm brought in to address cybersecurity, this is true. For businesses, it’s not about avoiding a breach – it’s all about how they respond when it inevitably happens.

        1. This. What one human puts in place to secure something, another human can find a way to circumvent.

          1. +1 “evolving threat landscape”

            1. Er’body trying to build a stronger barn door when they should be learning how to catch an escaped horse.

              1. In the case of Equifax, it might help to change the locks on the barndoor when it’s public knowledge that thieves have obtained the keys to their current set of locks.

  11. On the one hand, Warren is about the lowest form of pond scum imaginable. On the other, the public has no choice in whether or not Equifax gets their data…

    1. Without even seeing what Warren would propose, we can still be sure it is going to be a power-grab, not something that will actually protect or help the common citizen.

      After Equifax’s major screw-up, it’s hard to argue they shouldn’t be punished heavily. Especially once it came out they had lobbied for Congress to make them immune to any lawsuits relating to such a breach immediately before the debacle hit the news, and after they were aware it had happened.

      We will never really know the extent of the damage, because those who would abuse the information stolen will be able to do so for years to come.

    2. This data breach is different from most. In most, your credit card or password is leaked. You cancel/replace the card or change your password and you are protected.

      Equifax lost my name, address, SSAN, and DOB.
      –With great difficulty I could change my name on everything. The old name would still be out there.
      –I could sell the house and move.
      –But I cannot change my SSAN.
      –And I cannot change my DOB.

      Equifax has offered me protection for a year. This data will be on the loose forever. If my identity is stolen in 366 days, Equifax will have no obligation to help.

      Unless I subscribe to their service…for life. If I were a little more paranoid, I would wonder whether Equifax let this happen on purpose, taking the heat in order to sell services for life to 145,000,000 Americans. Let’s see: At $100 a year, that’s $14.5 Billion a year revenue. You can take a lot of bad press for $14.5 Billion.

      I don’t care about Warren’s free credit reports. I haven;t looked at a credit report since I bought the house 34 years ago. The cars are bought for cash.

      If Warren wants to do something that I would support, she should change the bill to require Identity Theft Protection (insurance) for free for life. This is completely in line with Libertarian principles. If you hurt someone, you should be required to make them whole. I don’t understand why it is so hard for people to get this.

      1. I like that idea A LOT!

        If Liz thinks the government is the best source of ideas for laws to protect us from companies who might have weak data security protection, yes… the government should also be on the hook for repairing the damages to individuals when the laws Fail to Deliver.

        Oh, wait… that’s still you and me paying for the repair….
        Oh, well…

  12. Consumer access to credit is important to the functioning of the economy[…]

    Uh, maybe to an economy based on the rapid expansion of the money supply. But America during the 19th Century was able to grow in leaps and bounds without consumers having access to credit.

    What organizations such as Equifax and others do is create phony electronically-generated reputations but like professor Falken told General Beringer: “You’re listening to a machine. Do the world a favor and don’t act like one.”

    There isn’t really any difference between relying on credit history from companies like Equifax and relying on a college degree to assess a person’s worthiness as a employee, as both can generate false knowledge that leads to errors in judgment.

    1. I agree with you that there can be large errors in judgment on any particular individual. But credit grantors use this information to make decisions on large numbers of people and they care only about the averages. The models used are statistically validated on a regular basis. So the decisions are “good” in that sense.

    2. “…without consumers having access to credit…”

      SHYLOCK
      Three thousand ducats, well.
      BASSANIO
      Ay, sir, for three months.
      SHYLOCK
      For three months, well.
      BASSANIO
      For the which, as I told you, Antonio shall be bound.
      SHYLOCK
      Antonio shall become bound, well.

  13. This is not to say that Equifax deserves no blame. Quite the contrary. Not only was its response after the incident widely condemned as ham-fisted but also the vulnerability itself was disclosed months before the attack and should have been patched. But that kind of mistake is quite common, and the FREE Act would do nothing to fix it.

    Equifax didn’t just ignore the vulnerability despite knowing about it before any breach, but they kept it secret after the breach. Then they went to Congress and asked for the government to make them immune to any liability for such a data breach, should it occur–knowing full well that the data breach had occurred.

  14. Imagine her dressed in 17th century clothes, with that self-righteous smirk, and accusing her neighbors of witchcraft.

    1. That’s ridiculous. The Cherokee wouldn’t have been near New Englanders in the 17th century. Iroquois, maybe.

  15. Weren’t we promised in a prior generation that the social security number would never be used for tracking us as citizens?

    Guess not.

    1. LOL, a few years back this old-timer that I know showed me his Social Security card. Printed right on the card was a message to that effect (don’t remember the exact wording).

      Oddly, my card has no such text…

      1. “For Social Security and Tax Purposes – Not For Identification”

        LAWN. OFF. NOW.

        1. LOL, I’m no kid myself, which tells you how long ago it was that the cards said that.

          1. I can tell you it was as recent as 50 years ago.

            1. But more than 44. My card doesn’t have those words printed on it anywhere.

            2. I’m over 50, but didn’t get my card until I was 9 or 10 years old.

        2. that’s what MY card says., I still have the original sent to me right after I turned sixteen. Fuel was 15 cents the gallon for regular, seventeen for high octane. Sometimes diesel was twelve…. and a year’s tuitioin at University of California was right at a thousand bucks.

      2. What was his soc #? 000-00-005?

    2. Silly Wizard, you BELIEVE anything gummit tells you?

  16. One thing you can be certain of, and that is Fauxcahontas, will always take the effort to promote additional governmental control, rather than freedom of private industry.

    1. Still looking for this emoji button… http://www.plusaf.com/homepage…..mb-up1.jpg

  17. We need regulations that regulate the regulations that we already have in place. When that fails we need regulations that regulate the regulations that regulate the regulations that we already have in place.

    With enough layers of regulations we will fix every ailment known to man.

  18. Comrades !

    Please let me tell you my story.

    Some moons ago this woman E Warren came to our tribe.

    She said she was a Cherokee squaw in search of her roots and perhaps a warrior to mate.

    Our medicine man, Flying Buffalo, was present and said to her, ‘come here and let me smell your hair.’

    She did as was told.

    Flying Buffalo took some of her hair, smelt it, winced, and then spoke:

    ” I don’t smell Cherokee squaw, I smell white liberal guilt and head and shoulder shampoo! Begone Fakahonutus!!!”

    E Warren turned bright red and fled.

    We all laughed at Flying Buffalo’s joke but also praised his wisdom to protect us from white she devil.

    1. “Begone Fakahonutus!!!””

      I actually showed up to mention (without link) that some lefty twit whined about a Trump tweet wherein he referred to Warren as “Pocahontas”
      He was being kind…

  19. One of the biggest threats to personal security is the way our Social Security Numbers are used as if they were an alias for our own names. Equifax, TRW, Experian have absolutely NO NEED for having our SSN’s. WHY? And why do not FedGov enforce the prohibition against using this number for anything besides “taxpayer identification”? Of course, we’re ALL “taxpayers” at one or many points along the way. But that is not the intent of that prohibition. It was intended, early on, to be a number exclusively for use as a FEDERAL TAXPAYER, as in IRS and income tax, identification tool to help sort out all our IRS account information.

    It is the use of THIS number for everything.. it is NOT a credit reporting account identifier. STOP using it as one!!!

  20. That is troubling because it would be far too easy for consumers to get in the habit of using government to force businesses to provide useful services free.

    Good joke. See, it’s funny because people are already in the habit of calling for government to force businesses to provide useful services for free.

    1. Businesses cannot actually provide anything for free. The closest they can come to that is to raise prices on other goods they offer, or on other groups of customers to make up the loss on the “free” stuff.

      The only way to make it actually free is to stop paying their employees, their untilities providers, and their suppliers.

      If the government forces me, as an employee,
      to keep working for a business that has ceased to pay me, than the government is promoting slavery, pure and simple. And to think Warren, I sure, would want to take down old Confederate statues. It sounds like she’s angling for some future Confederate statues of her!

  21. Elizabeth Warren, the ultimate Fabian Socialist. At least Barry and Bernie ran for president, she will never.

  22. Just love how Sen. Fauxcahontas demands that others give away valuable services yet whilst she was teaching at Hahvahd (at a pretty penny received) she charged top dollar for the legal services she was providing on-the-side to other entities. Princess speaketh with forked tongue.

  23. What a fucking joke. The credit reporting agencies enjoy broad legal protections, including a protected oligopoly that prevents new entrants. You can’t go start Acme Credit Rating Agency to compete with Equifax. They collect information without the consent of those being monitored. Even if you never apply for credit in your entire life the CRAs have a file on you with ALL of this personally identifying information. And when they fuck up and literally give away all of your personally identifying information to the entire goddamn internet we’re supposed to thank them for their valuable services? No, how about fuck you. You spied on me my entire life without my consent under the protection of a government oligopoly and you gave away all of that information in the blink of an eye to literally every single person in the world. Oh, and I’m not even allowed to sue you for it because your contract that I never signed giving you access to all of my information prohibits litigation. Nope, sorry. I hope the government crawls up your ass the same way you crawled up mine and fucks you just as hard as you fucked me. Alternatively I’ll take a nice big fat check to compensate me for the remaining years of my life that I will have to spend looking over my shoulder and paying out the fucking ass for security protection.

  24. Putting bureaucrats in charge of everything, creating new bureaucracies when opportun-absolutely necessary, is the answer to everything. It’ll get you far in Harvard and DC. It’ll get you elected in E. Podunck too, even if the voters there take pride in being hardscrabble, independent “small government” conservatives/libertarians. Heck, it’s great for empire building and drumming up $$$ after your senate career.

Please to post comments

Comments are closed.