Police Misconduct, Data Breaches, And The Ongoing Lack Of Accountability That Allows These To Continue

from the bad-cops-and-bad-corps dept

Data breaches occur daily, affecting thousands of people. And everyone shrugs and moves on with their lives, especially those running the affected companies. Why? Because nothing ever happens to companies which have carelessly exposed data, as Cory Doctorow points out:

Data breaches keep happening, they keep getting worse, and yet companies keep collecting our data in ever-more-invasive ways, subjecting it to ever-longer retention, and systematically underinvesting in security.

Why does this keep happening? Because it's affordable. In 2014, Home Depot breached more than 50,000,000 credit-cards; in 2016, they paid less than $0.34/customer in restitution.

There are longer-term reputational costs associated with breaches, but these are not generally factored into the quarterly-earnings-focused mindsets of corporate execs and strategists.

Two of the most damaging breaches in recent years involved millions of people who were given little or no choice in how much personal data of theirs was held by these entities. One was the Office of Personnel Management. Those seeking government jobs turn over a lot of info to the government, which then handles it carelessly.

The other -- Equifax -- was even worse, at least in terms of consent. There was none. No one voluntarily hands information to Equifax. It's gathered by Equifax which sells access to any number of companies seeking credit records. No one opts in and, more importantly, there's no way to opt out.

No one can hold these entities accountable, at least not to the extent it will deter future breaches. Because of that, the only thing we're guaranteed is more breaches. These companies and agencies will continue to exist, hoovering up even more personal data, and, eventually, leave it exposed where criminals can make the most of other people's finances.

From one wheelhouse to another, the same can be said for law enforcement agencies and police misconduct. In almost every case, a police officer sued for rights violations pays nothing for the wrongs committed. Neither does the agency employing the officer. This is from a study of police indemnification published by the New York University Law Review:

During the study period, governments paid approximately 99.98% of the dollars that plaintiffs recovered in lawsuits alleging civil rights violations by law enforcement. Law enforcement officers in my study never satisfied a punitive damages award entered against them and almost never contributed anything to settlements or judgments—even when indemnification was prohibited by law or policy, and even when officers were disciplined, terminated, or prosecuted for their conduct.

Officers are never made to personally feel the pain of a settlement. The officer often returns to work with only the minor black mark of a lost lawsuit on their record. Consequently, the violations continue because officers have nothing at stake. If they screw up, another government entity picks up the tab using taxpayer dollars.

The solution to this problem isn't as readily apparent as it might seem. Personal indemnification -- forcing officers to be held personally responsible for settlements stemming from rights violations -- seems like a good deterrent, but it has its downsides. Scott Greenfield has examined the issue and the flaws are right below the satisfying gloss covering the surface.

Often, the argument is that the solution to police violence is to make the cop personally liable for his conduct, shift the incentive system from the municipality, or more accurately its taxpayers, to the bad dude who did the dirty. Make him suffer.

The problem is that the cop may be judgment proof. If the cop has no wealth or assets, there is no fund from which to collect a judgment. You can’t get blood from a rock.

While this may be an effective deterrent, it doesn't do anything to make the plaintiff whole. Having a city cover the cost ensures the victim will be paid, but it lets the officer off the hook.

What's the solution? Perhaps it's a sharing of the burden. Officers could be made to carry their own litigation insurance. This would eliminate the free pass of outside indemnification by making every act of misconduct count. Get sued often enough and the insurance company will drop the officer. An officer without insurance is pretty much unemployable.

It's also a win for officers, who would no longer gripe about cities settling too easily with plaintiffs and other besmirching the barrel of apples by proxy. Sure, they won't be nearly as vocal about it when their own insurance coverage is on the line, but it will put their own insurance premiums where their mouths are, which would be small victory in and of itself.

Circling back outside to the original wheelhouse, what can be done to make companies actually care about data breaches? So far, nothing seems to be slowing the flow of carelessly exposed data. Doctorow has a suggestion, and it runs along the lines of the solution that (might!) work for law enforcement:

If companies were paying out damages commensurate with the social costs their data recklessness imposes on the rest of us, it would have a very clarifying effect on their behavior -- insurers would get involved, refusing to write E&O policies for board members without massive premium hikes, etc. A little would go a long way, here.

There are no perfect solutions. But we simply shouldn't settle for the status quo. Neither group will welcome increased accountability, but there's simply no reason we should continue to let them skate, either.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cybersecurity, data breach, police, police misconduct
Companies: equifax


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    That One Guy (profile), 19 Nov 2018 @ 12:41pm

    '... is found guilty of assault, but because they're poor, meh.'

    The problem is that the cop may be judgment proof. If the cop has no wealth or assets, there is no fund from which to collect a judgment. You can’t get blood from a rock.

    It seems under this argument a poor person could commit pretty much any crime they want so long as it's not one with a prison sentence and likewise be 'judgement proof' since they lack the funds to pay a fine. If a cop can't pay the entire amount in one batch due to it's size, then split it up into future payments, garnished from all future paychecks(police work or other) until they can pay it off.

    The idea of 'lawsuit insurance' that would be required if someone wanted to be a cop strikes me as a good idea to incentivize other cops to keep their own in line and get rid of the ones likely to raise the rates by their actions, but even then the insurance should only kick in after a certain amount is paid so that the primary penalty lands on the guilty party.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 Nov 2018 @ 5:51pm

      Re: '... is found guilty of assault, but because they're poor, meh.'

      If a cop can't pay the entire amount in one batch due to it's size, then split it up into future payments, garnished from all future paychecks(police work or other) until they can pay it off.

      Or put them in prison. Which is what we do when a poor person, for example, shoots an unarmed person who has their hands in the air and is surrendering.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 Nov 2018 @ 7:03pm

      Re: '... is found guilty of assault, but because they're poor, meh.'

      I wish this logic applied to copyright enforcement. It seems that all they ever do is harass people they know can't pay up, for statutory damages and fines they know can't be afforded.

      link to this | view in chronology ]

    • icon
      stderric (profile), 19 Nov 2018 @ 8:02pm

      Re: '... is found guilty of assault, but because they're poor, meh.'

      If a cop can't pay the entire amount in one batch due to it's size, then split it up into future payments, garnished from all future paychecks

      That makes sense for punitive damages, but for compensatory damages it might not be very helpful to a victim. As far as insurance goes, Greenfield mentions (in the comments to his own article/post) "the intentional crime problem, which many policies don’t cover as against public policy."; if a bad cop does something egregious enough, insurance wouldn't even have to cover it. Having the government as a final safety-net might work, but I'm willing to bet victims would have to sue their way to an award at that level, too.

      link to this | view in chronology ]

      • icon
        That One Guy (profile), 20 Nov 2018 @ 8:41am

        Re: Re: '... is found guilty of assault, but because they're poor, meh.'

        It's a rough idea that could be refined to be sure. As for compensating the victim in a large, immediate sum, you could perhaps take that from the insurance fund or the department's budget, to be paid back by garnishing the guilty party's wages until it's repaid.

        So long as the core remains the same in that the guilty party, the officer, pays, rather than offloading it to the taxpayers the fine details can be fiddled with to make it work.

        link to this | view in chronology ]

  • icon
    hij (profile), 19 Nov 2018 @ 12:58pm

    Or Just Not Treat Law Enforcement As Gods

    How about we just stop worshiping law enforcement officers. If certain people in power would be capable of recognizing that they are fallible human beings that are not deserving of unequivocal praise and power without question that might solve a whole host of problems.

    link to this | view in chronology ]

    • icon
      Bergman (profile), 19 Nov 2018 @ 10:46pm

      Re: Or Just Not Treat Law Enforcement As Gods

      If you shoot and kill a cop in self defense, does that make you a Godslayer? =P

      link to this | view in chronology ]

  • icon
    Anonymous Anonymous Coward (profile), 19 Nov 2018 @ 1:08pm

    Another profit center.

    The idea that insurance companies are the solution to anything is quite baffling to me. While I agree there may be some deletorious effects upon insured entities due to rate increases for egrgious behavior, the only real solution I see is for insurance companies' investors.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 Nov 2018 @ 4:38pm

      Re: Another profit center.

      Insurance is a scam. Didn't it originate with the mob?
      It also, in a way, is socialism.
      Just another middle man collecting a toll.

      link to this | view in chronology ]

      • icon
        Anonymous Anonymous Coward (profile), 19 Nov 2018 @ 4:45pm

        Re: Re: Another profit center.

        I am not against the idea of insurance. The way it has been implemented however. Insurance companies should be not for profit and with strict controls over administrative and compensation costs.

        There should also be controls over how they go about deciding whether or not to pay on claims. Indirectly, this would put a control on rates.

        There are probably more things needed to make the system work properly, making sure they retain sufficient funds for those payouts and how they are audited and invested, for example.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 19 Nov 2018 @ 6:23pm

          Re: Re: Re: Another profit center.

          Possibly, the biggest problem the for profit insurance folk have is the profit motive and being publicly traded. This drives middle management to cut expenses in hopes of a bonus, and we all know how they do that. What is the point of insurance if it never pays a claim and what exactly am I making payments for?

          I had a laugh the other day when one of those car maintenance "insurance" ads was on ... of course they had a bit about pre-existing conditions, for your car .... LOL.

          link to this | view in chronology ]

          • icon
            Anonymous Anonymous Coward (profile), 19 Nov 2018 @ 6:46pm

            Re: Re: Re: Re: Another profit center.

            One of the things that gets me with for profit insurance is that premiums are paid, then syphoned off to investors as dividends or something, or maybe as bonuses and huge compensation packages for executives. Then the insurance company claims they have no money to pay claims. They had the money, for its intended purpose, then gave it away .

            link to this | view in chronology ]

      • icon
        stderric (profile), 19 Nov 2018 @ 5:23pm

        Re: Re: Another profit center.

        I'm kinda going off-topic, but there's a book I read a while back (Chances Are... by Kaplan & Kaplan) that has quite a bit about the origins of insurance being rooted in maritime trade and the rebuilding of London after the Great Fire. It's not an exhaustive or detailed history, but it looks at insurance -- and a whole lot of other things, from predictive policing to success in Hollywood -- in terms of how society deals with and (mis)understands probability... not to mention, how it can be abused.

        link to this | view in chronology ]

        • identicon
          Anonymous Coward, 19 Nov 2018 @ 6:25pm

          Re: Re: Re: Another profit center.

          Interesting. I have wondered about its origin but never actually looked into it.

          link to this | view in chronology ]

          • icon
            stderric (profile), 19 Nov 2018 @ 7:37pm

            Re: Re: Re: Re: Another profit center.

            Note: I may be conflating the Kaplan book and Mlodinow's The Drunkard's Walk, but they're both pretty good reads in popular science/math/history. (At least, they're both fun enough to have kept me reading when I hit chapters about the damn insurance industry. No mean feat.)

            link to this | view in chronology ]

      • icon
        Bergman (profile), 19 Nov 2018 @ 10:52pm

        Re: Re: Another profit center.

        No, it didn't originate in either organized crime or socialism. It originated in a coffee shop.

        One wealthy young man made a wager with another wealthy young man, about a ship making port on time, intact, and with a good cargo. This became a popular thing to wager on, and eventually word of it got back to a ship owner, who placed his own wager. He bet that his ship would suffer misfortune. He lost the bet, but that was the basis of the insurance business.

        Lloyds Coffee Shop eventually became Lloyds of London, the most prestigious insurance company in the world. Insurance companies are legal casinos, even in places where gambling is otherwise illegal. You make a bet with the House, that you will suffer misfortune. The House analyzes the odds, and makes an asymmetric bet that you will be fine, the amount based on the odds.

        The House almost always wins, but that's okay to most people because the payoff if the House loses is so large, and will monetarily replace what they're wagering about.

        We call those wagers insurance premiums and insurance payouts today.

        link to this | view in chronology ]

      • icon
        Narcissus (profile), 20 Nov 2018 @ 12:41am

        Re: Re: Another profit center.

        "It also, in a way, is socialism."

        I'm not even going to disagree with that statement. With insurance the many pay for the individual. I think that as long as you don't call it communism I could go with the idea that is a socialistic concept. It was invented by capitalists (ever heard of Lloyd's?) but, hey, don't let that spoil your breakfast.

        Now please explain why insurance is a bad idea? There doesn't really need to be a middle man collecting a toll, you can have co-operative funds where the fund is only used to create a buffer for bad times. If the fund is judged to be big enough payments can decrease or stop.

        Insurance should be used to cover stuff that would go beyond your means if it happened to you. I think a general rule of thumb is that if the possible damage would be higher than 2 monthly salaries it should be insured. So a fire insurance for your house is a good idea. Of course, some due diligence into your insurer is also a good idea.

        I recently read that in the US more than half the people that get cancer completely wipe out their life savings and are left in debt. Feel free to check how big the chance is you will get cancer at some point in your life but I can assure you it's not small, especially if you plan on getting old. The socialists in North/West Europe do not have this problem though because their insurance covers that. At the same time the overall cost (combined government and private spending) is a fraction of the cost in the US but that's another discussion.

        Now, you keep rejecting insurance because it smells like dirty, unwashed socialists. Just don't complain when your house burns down or you get cancer.

        link to this | view in chronology ]

        • identicon
          Wendy Cockcroft, 21 Nov 2018 @ 5:45am

          Re: Re: Re: Another profit center.

          @ Narcissus, I find your screen name ironic because you actually *get* society.

          As you have correctly pointed out, we human beings are social creatures and when we go all rugged individual our success or failure at All The Things! is predicated on the slings and arrows of outrageous fortune.

          This is why the communitarian outlook we both subscribe to is superior; it doesn't pretend that nothing can go wrong if you work hard enough, etc., it acknowledges that even the best of us have bad days and that's when we need help we might to be able to access by ourselves.

          Americans who fear socialism are afraid of a word that is basically shorthand for tyranny, but tyranny comes in many flavours. Why is one flavour better than another? They all require you to be members of the "in" crowd.

          Even capitalism can't work on rugged individualism, you have to give up a certain amount of economic freedom when contracting to work with other individuals and groups. E.G. I can't work for another company at the same time as my employer without a conflict arising over my availability. I've ultimately got to choose between giving the bulk of my time to one or the other in order to realise the benefits of being employed by either.

          As I've said many times before, any philosophy predicated on a best case scenario is ultimately doomed to failure. I've never seen that statement contradicted.

          link to this | view in chronology ]

  • icon
    TKnarr (profile), 19 Nov 2018 @ 1:51pm

    I think the biggest thing would be to stop requiring judgements to be "reasonable" in the aggregate. Work up an average cost for an individual to deal with the results of a data breach (including their own personal time), then by law set the liability of the data collector per individual exposed at either that average or the actual documented costs, whichever is greater, plus legal costs and fees. 50 million records exposed at an average cost of $200 per person to fix? Total liability starts at $10 billion and goes up from there, plus lawyers' fees on top of that. No trying to figure a reasonable total penalty, you take the reasonable cost per individual and multiply it by the number of individuals and the company's responsible for contacting all individuals affected.

    link to this | view in chronology ]

  • icon
    ECA (profile), 19 Nov 2018 @ 5:00pm

    All the data.

    Iv had lots of problems Understanding how persons on the internet can Gather Terabytes of data...and no one noticed..
    No one, not even the automated system, Saw someone sitting on their servers for DAYS/WEEKS..

    We have Gas cans that even when FULL will never explode.. but we cant create a simple trick or monitoring program that WARNS us that someone has NOW looked at and downloaded 99% of your servers..

    Then we get to those WE PAY to be responsible for certain things in our lives. From police, mayors, Governors, and those TOP politicians..
    If your Boss told you what to do, and you didnt do it, or you made it worse, or.... YOU WOULD BE FIRED.
    How many of you have looked up and Seen what your congressman has done recently and in the past..AND what those bills he voted on, DID.. And how many days he Missed, not showing up for the job...

    THEY ARE ALL EMPLOYEES, and we have not checked up on them......

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 Nov 2018 @ 5:54pm

      Re: All the data.

      *We have Gas cans that even when FULL will never explode

      ...not really? I mean, in general any combustible will not explode even in the simplest container as long as that container is full, since an explosion would require oxygen. However, in practice full containers tend to lead to leaks as temperature fluctuations cause the pressure inside to exceed material tolerances (unless the material inside is non-volatile, which is rare, but does happen). For this reason, containers are rarely "full." Instead they are filled partially and the rest of the space filled with an inert gas (often nitrogen or carbon dioxide). Of course, this only works so long as proper use/maintenance procedures are followed, and explosions in storage facilities happen somewhat regularly.

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 19 Nov 2018 @ 6:29pm

        Re: Re: All the data.

        It's not the liquid that burns rapidly, it is the fumes from said liquid. Those videos of people pouring gas on logs and then lighting it are quite impressive in regard to the volume of fumes that ignites. It seems to catch them off guard.

        link to this | view in chronology ]

        • icon
          ECA (profile), 20 Nov 2018 @ 1:23pm

          Re: Re: Re: All the data.

          https://www.technokontrol.com/en/products/fuel-cans.php

          so you dont know this??

          there is a neat trick thats been used along time its like Steel wool that fills the can. and there is no way the cans will explode.. there are other ways also that limits the expansion of the fumes inside the can.

          link to this | view in chronology ]

          • icon
            Uriel-238 (profile), 20 Nov 2018 @ 1:56pm

            Steel wool in gas cans.

            Fun fact: Japanese Zeros were so stripped of weight to maximize their performance that they had neither radios nor the combustion proofing of their fuel tanks, and as a result the occasional lucky shot would pop them like TIE fighters.

            The Zero outperformed the US planes until the P38 Lightning which out-climbed the Zero.

            link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
    identicon
    surendra, 20 Nov 2018 @ 1:59am

    nice arctical

    link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 20 Nov 2018 @ 9:03am

    Not only are the fines pitiful, the victims are often left to deal with the fallout costing them well more than any settlement amount can put a dent in.

    Perhaps it is time to make the corporations responsible for fixing the damage. A $0.50 settlement is nothing to the bottom line... having to make other corporations whole for the millions of dollars in losses they are facing streamlines the process for the victims.

    We are always left to clean up the messes b/c these awesome 'better than us's" can't be held to the same rules the rest of us must be held under.

    link to this | view in chronology ]

    • identicon
      Wendy Cockcroft, 21 Nov 2018 @ 5:50am

      Re:

      Every company my company has to deal with has liability insurances. I presume these cover data breaches. By taking out such policies they are actually taking responsibility for the damage they do, however, that damage is quantified in economic terms.

      We need criminal penalties for negligence. When executive officers start doing jail time, we will see change.

      link to this | view in chronology ]

  • icon
    Uriel-238 (profile), 20 Nov 2018 @ 12:23pm

    The mob approach...

    ...is for the institution to pay the restitution so that the victim is adequately compensated, and then to charge the offender in question. When the offender has nothing to take, the institution takes digits, limbs and loved ones.

    This is not to say it's an appropriate solution for the government, rather it's where things fall back to if an appropriate solution isn't found.

    Many of our organized crime associations started in response to a state that wasn't adequately serving the public and leaving a lot of injustice lying about.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.