recommended reading

Senators Launch Probe of Massive Data Breaches

Sen. Elizabeth Warren declared that Congress needed to adopt tighter data-security protections.

Sen. Elizabeth Warren declared that Congress needed to adopt tighter data-security protections. // Jacquelyn Martin/AP

Several senators repeated calls for legislation to ward off massive data thefts during a hearing Monday to review the vulnerability of the nation's digital-payment systems, the first in a trio of sessions this week examining the enormous breaches sustained recently at retailers around the country.

Sen. Elizabeth Warren declared that Congress needed to adopt tighter data-security protections and heighten the Federal Trade Commission's authority to police businesses failing to adequately protect consumer data.

"The FTC should have the enforcement authority it needs to protect consumers and it looks to me like it doesn't have that authority right now," Warren, a Massachusetts Democrat, said during a Senate Banking subcommittee hearing. "Data-security problems aren't going to go away on their own, so Congress seriously needs to consider whether to strengthen the FTC's hand."

The FTC has the authority to punish "unfair" business practices, a standard that continues to remain legally murky. While the FTC has used the standard to go after some companies that have failed to ensure adequate data-security standards, pending legal challenges levied by Wyndham Hotel and LabMD seek to challenge the authority.

"You're describing a fairly demanding standard, since as you say, it's more than breach, more than the fact that people have been injured, more than the fact that a company had very lax standards," Warren told Jessica Rich, director of the FTC's Bureau of Consumer Protection, during the hearing. "This is a real problem, that the FTC's enforcement authority in this area is so limited."

Rich largely agreed with Warren's admonitions, noting that "that's one of the reasons we're supporting general data-security legislation."

Subcommittee Chairman Mark Warner, a Virginia Democrat, repeatedly called for quick action to upgrade security features on plastic card payment methods as a stopgap measure to prevent further data breaches from occurring. He hammered home his conviction that debit and credit cards need to have the same standards of data protection. Currently, credit cards typically afford more protection.

"It would seem to me that equalizing cards on the same standard makes a lot of sense," Warner said. He then asked the second panel to "give me a reason why" the two plastic forms of payment shouldn't be aligned in their protective measures. All witnesses agreed.

But Warner also cautioned that upgraded technology—so-called chip and PIN protections—could only serve as an interim solution and would only be partially effective for online shopping.

Senators and witnesses alike agreed that more needed to be done to secure customer data to prevent more wide-scale breaches, both at retail stores and in online shopping.

"Our card-payment system is outdated and prone to attack," noted James Reuter, executive vice president of FirstBank. "The fraudsters rely on our systems being so porous."

Some steps, like ensuring people use more-complex passwords, are relatively easy matters of customer education.

But more-complicated challenges, such as varied state reporting requirements when a data breach occurs, serve to undercut consumer protections. Congress is considering legislation that would create one federal reporting standard. Separately, Ranking Member Mark Kirk, an Illinois Republican, said he planned to introduce legislation that would mandate a 25-year prison sentence for those found guilty of violating federal data-theft law.

The Senate subcommittee meeting is the first of three Congress is holding this week to examine consumer data vulnerabilities in the wake of colossal breaches at national retail chains. Executives from Target and Neiman Marcus will testify before the Senate Judiciary Committee on Tuesday, and will do so again Wednesday in front of a House Energy and Commerce subcommittee.

Target's breach was the first in an avalanche of data thefts to come to light in recent months, a heist that stole the names, addresses, phone numbers, and credit-card information of as many as 110 million customers.

Threatwatch Alert

Accidentally leaked credentials / Misplaced data

Hospital Breach Affects Thousands of Patients

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

    Download
  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    Download
  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

    Download
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    Download

When you download a report, your information may be shared with the underwriters of that document.