Senator Richard Blumenthal introduced a new online security bill that will punish companies who are careless with their customers' information. These are companies like Sony who got royally hacked earlier this year by Anonymous, an attack that compromised the data of 77 million subscribers to the Playstation network and cost Sony an estimated $171 million. Blumenthal says, "The Sony data breach has became a poster child of why we need this law." The ever attention-hungry hacktivists at Anonymous must be thrilled.
The law's details read like a win-win for both customers and companies. Nick Bilton explains the broad strokes at The New York Times:
The bill presented by Senator Blumenthal would introduce regulations for companies that store online data for more than 10,000 people. These rules would require companies to follow specific storage guidelines and ensure that personal information is stored and protected correctly. Companies that do not adhere to these security guidelines could be subject to stiff fines.
The win for customers is a no-brainer. Most people don't even realize when they're a victim of a breach, and the government has an increasingly embarrassing track record of keeping citizens safe from cybercrime, so anything helps. At first glance, though, a phrase like "subject to stiff fines" doesn't read like a benefit to companies, but we need only look back up at what this spring's Anonymous attack ultimately cost Sony to realize how the new law is actually designed to save companies money. The fines are pretty steep, though. "The Justice Department will be able to fine firms that violate the law $5,000 per violation per day, with a maximum of $20 million per violation," reports The Hill. "Individuals affected by violations of the law will also have the ability to bring civil actions against the businesses involved."
But there's another big threat for companies: the Big Brother-y notion that the government needs to regulation on an area that's always been self-regulated. Precedent shows that big online players like Facebook and Google tend to push back against any new regulations. They say they can stifle innovation, threaten the industry and ruin America (more or less). Their argument makes some sense. Companies that fail to protect their customers' data will lose those customers and eventually go out of business. However, the extent to which groups like Anonymous and LulzSec have waltzed into the databases of giants like Sony and PayPal shows how the hackers might be outpacing the companies ability to keep their data secure. Even Facebook has admitted that they can't keep up with weak spots in their infrastructure, as evidenced in their recent project that actually pays hacker-types that find weaknesses in the system.
Regardless of whether or not the bill passes, Blumenthal's introducing it is a gesture worth noticing. If lobbyists didn't pushed back against this law, they'll redouble their efforts on new regulations. As for Anonymous, the hackers that love it when the government acknowledges them as a threat, they'll surely redouble their efforts, too.