Three Reasons Why Congress Has to Get Serious About Cybersecurity
Newsflash: The CIA Spies On People
This is my gut reaction to this morning’s bizarre media frenzy detailing the CIA’s efforts to compromise privacy protections for consumer technology and products. While the overreaction boarders on the absurd, it is one of three developments yesterday that underscore why congress must take decisive action if your member information is going to be protected to the fullest extent possible.
First, Wikileaks has dumped a large trove of CIA documents detailing the agency’s work to compromise a wide range of computer services and software, including Android and Apple cell phones. I haven’t used this one in a while; in the immortal words of Claude Rains, I am shocked to find out that gambling is going on in the casino.
Of course the CIA is trying to compromise these devices, and we are all safer for it. That being said, let’s not fool ourselves. In the world of data breach equipment and techniques, you can bet what the CIA is using today will find its way into the hands of hackers tomorrow. This is why Congress has to impose a national framework obligating every corporation and business to take steps consistent with its size and sophistication to guard against data breaches. This is not an issue of financial institutions verses retailers. It is a core matter of national security and economic growth. It is as if we are building roads without imposing speed limits.
Secondly, along comes the somewhat disturbing news, courtesy of the Krebs on Security blog, that “payment giant” Verifone is investigating a breach of its internal computer networks “that appears to have impacted a number of companies running its POS solutions.” According to Verifone, the breach never impacted its payment service network. Still, if you use Verifone you may want to investigate this story further.
Finally, OCC Comptroller, Thomas J. Curry, gave a speech yesterday on Financial Innovation in which he responded to critics of the OCC’s proposal to start issuing bank charters for FinTech companies. I will have more on this one in a future blog, stay tuned, but for now I just wanted to give you a heads up that the OCC is digging in its heels regarding its authority to issue such charters. It is also pushing back at critics who argue that a national FinTech charter would provide unscrupulous lenders a way around state level consumer protection laws. Instead of having a debate about the OCC’s powers, why doesn’t Congress lead a national discussion about what changes need to be made to the charters of all financial institutions to reflect 21st century realities?
Entry filed under: General.