recommended reading

Senators Launch Probe of Massive Data Breaches

Sen. Elizabeth Warren declared that Congress needed to adopt tighter data-security protections.

Sen. Elizabeth Warren declared that Congress needed to adopt tighter data-security protections. // Jacquelyn Martin/AP

Several senators repeated calls for legislation to ward off massive data thefts during a hearing Monday to review the vulnerability of the nation's digital-payment systems, the first in a trio of sessions this week examining the enormous breaches sustained recently at retailers around the country.

Sen. Elizabeth Warren declared that Congress needed to adopt tighter data-security protections and heighten the Federal Trade Commission's authority to police businesses failing to adequately protect consumer data.

"The FTC should have the enforcement authority it needs to protect consumers and it looks to me like it doesn't have that authority right now," Warren, a Massachusetts Democrat, said during a Senate Banking subcommittee hearing. "Data-security problems aren't going to go away on their own, so Congress seriously needs to consider whether to strengthen the FTC's hand."

The FTC has the authority to punish "unfair" business practices, a standard that continues to remain legally murky. While the FTC has used the standard to go after some companies that have failed to ensure adequate data-security standards, pending legal challenges levied by Wyndham Hotel and LabMD seek to challenge the authority.

"You're describing a fairly demanding standard, since as you say, it's more than breach, more than the fact that people have been injured, more than the fact that a company had very lax standards," Warren told Jessica Rich, director of the FTC's Bureau of Consumer Protection, during the hearing. "This is a real problem, that the FTC's enforcement authority in this area is so limited."

Rich largely agreed with Warren's admonitions, noting that "that's one of the reasons we're supporting general data-security legislation."

Subcommittee Chairman Mark Warner, a Virginia Democrat, repeatedly called for quick action to upgrade security features on plastic card payment methods as a stopgap measure to prevent further data breaches from occurring. He hammered home his conviction that debit and credit cards need to have the same standards of data protection. Currently, credit cards typically afford more protection.

"It would seem to me that equalizing cards on the same standard makes a lot of sense," Warner said. He then asked the second panel to "give me a reason why" the two plastic forms of payment shouldn't be aligned in their protective measures. All witnesses agreed.

But Warner also cautioned that upgraded technology—so-called chip and PIN protections—could only serve as an interim solution and would only be partially effective for online shopping.

Senators and witnesses alike agreed that more needed to be done to secure customer data to prevent more wide-scale breaches, both at retail stores and in online shopping.

"Our card-payment system is outdated and prone to attack," noted James Reuter, executive vice president of FirstBank. "The fraudsters rely on our systems being so porous."

Some steps, like ensuring people use more-complex passwords, are relatively easy matters of customer education.

But more-complicated challenges, such as varied state reporting requirements when a data breach occurs, serve to undercut consumer protections. Congress is considering legislation that would create one federal reporting standard. Separately, Ranking Member Mark Kirk, an Illinois Republican, said he planned to introduce legislation that would mandate a 25-year prison sentence for those found guilty of violating federal data-theft law.

The Senate subcommittee meeting is the first of three Congress is holding this week to examine consumer data vulnerabilities in the wake of colossal breaches at national retail chains. Executives from Target and Neiman Marcus will testify before the Senate Judiciary Committee on Tuesday, and will do so again Wednesday in front of a House Energy and Commerce subcommittee.

Target's breach was the first in an avalanche of data thefts to come to light in recent months, a heist that stole the names, addresses, phone numbers, and credit-card information of as many as 110 million customers.

Threatwatch Alert

Social Media Takeover

Qatar News Agency Says Hackers Published Fake Stories

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.