Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Companies To Be Liable For Deals With Online Criminals

kdawson posted more than 6 years ago | from the sees-you-when-you're-sleeping dept.

Government 171

Dionysius, God of Wine and Leaf, sends us to DarkReading for a backgrounder on new rules from the FTC, taking effect in November, that will require any business that handles private consumer data to check its customers and suppliers against databases of known online criminals. Companies that fail to do so may be liable for large fines or jail time. In practice, most companies will contract with specialist services to perform these checks. Yet another list you don't want to get on. "The [FTC's] Red Flag program... requires enterprises to check their customers and suppliers against databases of known online criminals — much like what OFAC [the Treasury Department's Office of Foreign Asset Control] does with terrorists — and also carries potential fines and penalties for businesses that don't do their due diligence before making a major transaction."

cancel ×

171 comments

Hm.. (2, Interesting)

kvezach (1199717) | more than 6 years ago | (#23197100)

Does the crime of Slashdot first-posting get you on that list?

Re:Hm.. (1, Funny)

OrochimaruVoldemort (1248060) | more than 6 years ago | (#23197158)

no, but im sure that modding unfairly is

Onerous Burden on Businesses? (4, Insightful)

Apple Acolyte (517892) | more than 6 years ago | (#23197128)

This sounds like quite an onerous burden on businesses, and I imagine it will be struck down by the courts soon enough unless it's much narrower and specific a regulation than the story makes it appear. Private parties should not be expected to do the job of law enforcement.

Re:Onerous Burden on Businesses? (1, Informative)

Anonymous Coward | more than 6 years ago | (#23197200)

They aren't being asked to do the job of law enforcement. They are being asked to check already existing databases, which are available on a per transaction basis for what is supposedly a fairly small fee. It's no different than running a credit check on a potential customer or a background check on an prospective employee.

Running a business entails costs, and this is one of them. I see nothing wrong with this regulation.

I'm doing business with Mastercard (5, Insightful)

MacDork (560499) | more than 6 years ago | (#23197384)

Mastercard is the one doing actual business with terrorists... why aren't THEY responsible for this "small" fee?

Re:I'm doing business with Mastercard (3, Informative)

bcwright (871193) | more than 6 years ago | (#23197878)

I think if you read the actual proposed regulation that's published at http://www.ftc.gov/ [ftc.gov] you'll see that that's exactly what happens. This regulation does not appear to apply to businesses who merely accept credit cards, but rather to those who issue credit cards or other forms of credit.

Re:Onerous Burden on Businesses? (1)

Hijacked Public (999535) | more than 6 years ago | (#23197460)

Insurance companies (in the US at least) having been doing this type of thing since shortly after 9/11.

Prior to paying a claim they have to check the recipient against a list of people associated with terrorism. The fine for a violation is 7 figures.

Re:Onerous Burden on Businesses? (2, Informative)

Anonymous Coward | more than 6 years ago | (#23198210)

The thing is, such "bad guy" databases, if maintained in realtime and accessed online can be monitored for access by the database maintainer (let's call them TLA).

That transaction log itself contains great data mining material for TLA:

This is simplified, but imagine the query sent to TLA by PoopyCorp was "SELECT * FROM BAD_GUYS WHERE NAME='Joe Bloggs'". Now, TLA knows that Joe Bloggs does business with PoopyCorp - possibly very valuable information if Joe Bloggs is a politician and PoopyCorp manufactures sex toys, or hell, if Joe Bloggs is a startup company founder and PoopyCorp supplies loans (uhoh, looks like BloggsCo is in financial difficulties, they're looking for a loan).

If the query was checking *any* more involved stuff, it could be an even more catastrophic leak of information to TLA.

If PoopyCorp instead just got a copy of the whole database from TLA each time (i.e. "SELECT * FROM BAD GUYS"), and does the checking to see if Joe Bloggs is in that without involving TLA further, great, no information leak to TLA - except then PoopyCorp knows everyone on the list, an information leak in the other direction.

In short, the idea of mandating this sort of check is deeply evil, though optional checking is less problematic (Joe Bloggs can take his business elsewhere if PoopyCorp *wants* to check with TLA to protect its interests).

Re:Onerous Burden on Businesses? (2, Insightful)

CSMatt (1175471) | more than 6 years ago | (#23198824)

Not surprising. If I ran an insurance agency I wouldn't want to give life insurance to someone who's just going to strap a bomb to his chest.

Yes they are (0)

Anonymous Coward | more than 6 years ago | (#23198254)

They aren't being asked to do the job of law enforcement.

Punishing criminals is a job of law enforcement, not private businesses. HOW they do it doesn't matter.

Furthermore, businesses are being asked to turn down potential sales, which impacts their bottom line. Not only that, but they have to pay to do this, which increases their costs of doing business. Both of these are negatively impactful to the vendors, and ultimately make vendors responsible for something that law enforcement should already be taking care of.

We are also running headlong into an age of "lifelong punishment," where 50 year old men are denied needed services because of a crime they commited when they were 19 and drunk, and which they would not commit now that they have grown up. This sort of thing is happening *today*, is utterly unjust, and will only get worst if we continue with this sort of personal data tracking.

I will add that we have seen mistakes with this sort of thing happen already. People who's names are similar to someone on the list get unjustly denied services they need. People get put on the list erroneously, are harmed by it, and have no effective means of getting their names expunged. The list itself can be compromised, causing even further harm to innocents, and possibly causing extra unjust harm to the criminals (vigilantism). In order to try to prevent some of this, there winds up being a push for even *more* identity tracking and verification of non-criminals, thus further exposing them to the potential for identity theft, governmental oppression, privacy violations (employers peeking into details to which they should not have access), and general hassle.

I understand the benefits, but the costs are just to great. This has "bad idea" written all over it.

Re:Yes they are (3, Insightful)

Tanktalus (794810) | more than 6 years ago | (#23198952)

We are also running headlong into an age of "lifelong punishment," where 50 year old men are denied needed services because of a crime they commited when they were 19 and drunk, and which they would not commit now that they have grown up. This sort of thing is happening *today*, is utterly unjust, and will only get worst if we continue with this sort of personal data tracking.

This is where a pardon is supposed to come in. Pardons aren't just for the wealthy and the connected. They're also for the 30-year-olds who did something stupid at 19 while drunk, paid their dues (fines, revocation of privileges such as driver's license, and/or jail time) and haven't had a criminal charge since. A successful pardon application, which may take a year or two to process, should also automatically (I hope!) remove your name from all criminal registries, including sex offender registries (though I imagine that these would be harder to get pardons for).

Ok, maybe I'm dreaming...

Re:Onerous Burden on Businesses? (1)

cHiphead (17854) | more than 6 years ago | (#23198766)

You obviously don't run a business. Any small business will be explicitly burdened by this requirement. This appears a violation of due process for the government to require this, as it assumes people will have a criminal background, and it does not PROMOTE commerce, it limits commerce above any beyond any traditional regulatory requirement when its required for all businesses. Perhaps this could be 'legal' if only required for international transactions.

You don't seem to understand that the databases in question are law enforcement by their very essence of usage.

If some mafia connected kid comes into a retail store and buys a bag of cement and chains, the retail store is not responsible for the death of guy they make shoes for and drop into a lake. Imagine having to submit to a criminal check every time you go thru the checkout lane at Walmart, thats what this is akin to.

Cheers.

Re:Onerous Burden on Businesses? (2, Insightful)

billcopc (196330) | more than 6 years ago | (#23198956)

IMHO, the job of law enforcement should be to print off this list, go visit these "terrorists" one by one and pop them.

Oh, they don't want to do it ? Why not ? Because they're afraid of false positives ? Proof that the system is worthless.

It's quite simple: if Lex Luthor can't spend his dirty money in the USA, he'll drive up to Canada, get things done, then come back to the states to be a terrorists again. Not only does it NOT solve the crime problem, it actually diverts money away from the local economy.

Go FTC! keep it up, and in 20 years you can all become Canada's 11th province and get in on the lower taxes and subsidized health care, like every other modern civilized nation in the world.

Re:Onerous Burden on Businesses? (5, Insightful)

Serenissima (1210562) | more than 6 years ago | (#23197312)

Well fortunately, online criminals have no way of pretending to be someone else so it should be a relatively painless procedure for businesses to check their identities.

Re:Onerous Burden on Businesses? (1)

calebt3 (1098475) | more than 6 years ago | (#23197366)

You left off the part where you need to get back to your email because paypal is saying you need to verify your data.

Re:Onerous Burden on Businesses? (0)

Anonymous Coward | more than 6 years ago | (#23197480)

I didn't know whether to mod Insightful or Funny. I went with Insightful - someone else can add Funny. The problem is that taking the statement at face value, it is idiotic, because it is satire. There needs to be a "Satire" mod.

Re:Onerous Burden on Businesses? (1)

CSMatt (1175471) | more than 6 years ago | (#23198864)

Indeed.

Re:Onerous Burden on Businesses? (1)

Moryath (553296) | more than 6 years ago | (#23197746)

Indeed, but what's that saying again - "anything too good to be true..."?

Hold companies liable for dealing in bad deals, absolutely. Please, please apply this to the companies that deal with spammers; if companies know it's illegal to contract with the spam companies (because the spam companies break the law in countless ways, what with the botnets and packet/header fraud any everything else), spam will finally start drying up.

Re:Onerous Burden on Businesses? (2, Insightful)

HalAtWork (926717) | more than 6 years ago | (#23198028)

Why do they have to check them if no crime is being committed? This is just like gathering a bunch of information on people that could be used as evidence in case a crime will be committed in the future. Do we have to start reading people their miranda rights every time a transaction occurs on the internet?

Re:Onerous Burden on Businesses? (3, Insightful)

inviolet (797804) | more than 6 years ago | (#23198068)

Well fortunately, online criminals have no way of pretending to be someone else so it should be a relatively painless procedure for businesses to check their identities.

A solution's effectiveness is a tertiary concern for a government agency when addressing a problem. The agency's primary concern is to increase its own power. The secondary concern is to receive public approbation by doing something very visible. A "no-fly list" like this one is the perfect implemention of an agency's two main goals.

That's only 90% crazy though. Sometimes, the function of law-enforcement is just to remind everyone that law enforcement exists. After all, whether any random soul will cross the line from dove to hawk mostly depends his assessment of law enforcement's effectiveness. Therefore, an appearance of effectiveness is often just as good as actual effectiveness.

But not in this case. The bad guys know exactly how to beat the list (fake or stolen credentials) and they can even test whether they've succeeded. Therefore, this "no-fly list" creates a false sense of security, which means that people will be overall less safe.

Re:Onerous Burden on Businesses? (1)

billcopc (196330) | more than 6 years ago | (#23199070)

Sometimes, the function of law-enforcement is just to suck more money out of our pockets without having to undergo the public scrutiny of an official budget. The asshats that "check your license" for a burnt headlight aren't reducing crime or improving safety, they're just looking for excuses to stick you with a random fine so the mayor can pay off the stripper who's blackmailing him.

Don't believe me ? Come live in Ottawa for a few months, I'll introduce you to said ex-mayor and stripper.

If cops were truly interested in controlling crime, they wouldn't be driving around with radar guns. Stop one speeder, and 200 more will zoom by while the cop's taking his sweet time writing up a ticket. It's a drop in the bucket and it still doesn't stop people from being killed every day in the stupidest of motoring accidents.

Re:Onerous Burden on Businesses? (1)

SamLJones (930806) | more than 6 years ago | (#23198758)

I used to find Slashdot delightful
But my feelings of late are more spiteful
My comments sarcastic
The iconoclastic
Keep modding to +5 (Insightful).

http://limerickdb.com/?138 [limerickdb.com]

Re:Onerous Burden on Businesses? (1)

Serenissima (1210562) | more than 6 years ago | (#23198886)

http://xkcd.com/301/ [xkcd.com]

Yeah, no kidding. I thought I would get modded as +5 Smartass

:D

Re:Onerous Burden on Businesses? (1)

CSMatt (1175471) | more than 6 years ago | (#23198938)

Wrong source. [xkcd.com]

Re:Onerous Burden on Businesses? (3, Interesting)

tha_mink (518151) | more than 6 years ago | (#23197330)

This sounds like quite an onerous burden on businesses, and I imagine it will be struck down by the courts soon enough unless it's much narrower and specific a regulation than the story makes it appear. Private parties should not be expected to do the job of law enforcement.
It depends on how easy it is to do. I think for the most part, businesses that will be affected by this will probably want to insure that they are not helping criminals. I know I can speak for our business.

Plus, this thing kinda reminds me of the Payment card industry standard which, among other things, requires business that accept credit and bank cards to adhear to a strict policy of security when dealing with these cards. Every year, even on the smallest level, companies should be filling out a "self test" which requires you answer questions about your card security. Among the questions is a whole bunch of requirements you'd expect of a data center but not, say, a restaurant. Glass walls, biometric access, camera systems, etc. Fines start at $100,000 and you risk losing your ability to take credit cards. The published standard is here. [pcisecuritystandards.org]

I'm sure that 99% of small businesses that accept Visa/MC/AMEX etc have *no idea* about this standard and even if they did, they have no resources to adhear to it. That's why this "Red Flag" deal reminds me of it.

Re:Onerous Burden on Businesses? (0)

Anonymous Coward | more than 6 years ago | (#23197662)

After a careful reading of the proposed regulation on http://www.ftc.gov, it does not appear to me that this new regulation applies to businesses who accept credit cards, but rather to those businesses who issue credit cards or other forms of credit (automobile loans, for example). That's still an awful lot of businesses, but it means that this new regulation does not apply to the much larger number of businesses who just rely on their bank's or credit card processor's transaction processing system (whether electronic or manual as their business requires).

How about bars that let you run a tab? (1)

davidwr (791652) | more than 6 years ago | (#23198062)

Hmmm?????

Re:Onerous Burden on Businesses? (1)

deman1985 (684265) | more than 6 years ago | (#23197876)

I wouldn't be as opposed to these regulations if it didn't basically require the use of third party background checks. If the information were freely and readily available from various agencies for performing your own automated checks, I would be all for it. However, I refuse to have the government impose upon me to pay company X some arbitrary fee $XX to perform checks on my customers.

That's not to say that I wouldn't be doing this as part of my own policy for larger customers for our own protection, but for the government to fine me if I don't do their work for them is ridiculous and wrong. It's worse than the IRS forcing you to use (and pay) a third party to E-File your taxes. Is it not cheaper for them to accept an electronic filing, after all?

I'm all for doing my part to help prevent terrorism or other criminal activity, but this attitude that a business (even a small business) should not only be held liable but also severely fined if it doesn't do law enforcement's work for them is outrageous.

And people wonder why businesses are moving out of the US.

Re:Onerous Burden on Businesses? (1)

magarity (164372) | more than 6 years ago | (#23198440)

Why do they not strictly follow it? Because Requirement 6: Develop and maintain secure systems and applications is a simple, easy to understand sentence that represents thousands of worker hours and millions of dollars to implement for a large corporation with multiple systems. It's almost certainly cheaper to pay the fine. What's more effective is a loud shame campaign letting customers know about lapses and another positive campaign about compliers. The customers will make quite effective 'fines' by going to the compliant companies.

Re:Onerous Burden on Businesses? (0)

Anonymous Coward | more than 6 years ago | (#23197560)

Here is a link to information from the FTC:

http://www.ftc.gov/opa/2007/10/redflag.shtm

IANAL by my reading is that this is a regulation for credit issuers like banks and a tiny portion of independent businesses. It does not directly apply to merchants who just accept credit cards.

Note that the source article is really about a product that seems to be selling unneeded insurance. Flag the article as FUD

Re:Onerous Burden on Businesses? (1)

conlaw (983784) | more than 6 years ago | (#23198036)

Absolutely right, Coward. If one follows your link to the actual text of the regulations, it's clear that they are directed only at major banks and their subsidiaries. Further, these regulations are only designed to catch identity theft by making a bank where I'm opening an account or have an existing account ensure that I really have changed my address to somewhere in Transylvania.

In fact, the cumulative effect of this regulation when added to the numerous other identity checking rules established by the federal and state authorities may have more of an effect on consumers than on banks and other businesses. [sarcasm]Maybe we all need to have the "Real ID" chip containing all of our private information implanted in our left shoulder?'[end sarcasm]

Re:Onerous Burden on Businesses? (1)

Talderas (1212466) | more than 6 years ago | (#23198648)

Absolutely right, Coward. If one follows your link to the actual text of the regulations, it's clear that they are directed only at major banks and their subsidiaries. Further, these regulations are only designed to catch identity theft by making a bank where I'm opening an account or have an existing account ensure that I really have changed my address to somewhere in Transylvania.

In fact, the cumulative effect of this regulation when added to the numerous other identity checking rules established by the federal and state authorities may have more of an effect on consumers than on banks and other businesses. [sarcasm]Maybe we all need to have the "Real ID" chip containing all of our private information implanted in our left shoulder?'[end sarcasm]

Isn't that how the Lifelock identity theft protection system works?

Online criminal? (1)

Tisha_AH (600987) | more than 6 years ago | (#23197578)

What if you are an offline criminal?

You know, some of those still exist.

Turn on, tune in, drop out.

Re:Onerous Burden on Businesses? (1)

NoCowardsHere (1278858) | more than 6 years ago | (#23198014)

The article is a little vague, but by "Customers and suppliers," I assume it means customers and suppliers of private consumer data. In other words, before your favorite magazine/credit card/social networking site sells your (and everyone else's) contact information to interested third parties, they have to make sure that said third parties haven't been convicted of identity theft or fraud. That sounds pretty reasonable to me.

Re:Onerous Burden on Businesses? (1)

FurtiveGlancer (1274746) | more than 6 years ago | (#23199170)

Actually, the government already requires similar actions by it's contractors. Before letting a subcontract, the prime contractor must ensure that the subcontractor is not banned from working under government contracts. This is done by accessing a government provided database, via the web.

Now, if only we can keep the "online criminals" from hacking the database with a SQL injection exploit... :-O

Major Transaction? (0)

Anonymous Coward | more than 6 years ago | (#23197154)

How do they define a "Major Transaction"?

Is rootkit Sony on the list? (5, Insightful)

MacDork (560499) | more than 6 years ago | (#23197166)

No? How about forged packet Comcast? No again? What about exposing most of the internet to id theft and cross site scripting Barefruit? Not a very thorough list, is it?

Re:Is rootkit Sony on the list? (2, Interesting)

Kartoffel (30238) | more than 6 years ago | (#23197294)

Exactly. The FTC needs to clearly define the penalties for doing business with "criminals". If I do business with Comcast (presumably, a known criminal entity) just what, exactly, am I liable for? Can I still buy a Sony PS3, or will there be additional fines for having done business with an criminal organization?

Re:Is rootkit Sony on the list? (1)

Smidge204 (605297) | more than 6 years ago | (#23197488)

What about companies that pay for ads distributed by spam botnets? If you can't attack the spammers directly, attack their source of revenue.

=Smidge=

Mistaken Idenity (2, Insightful)

DiceRoller (1178315) | more than 6 years ago | (#23197170)

.. but what happens if I Jason Smith am not a criminal and there happens to be a Jason Smith criminal out there that isn't me. Also who in their right mind uses their real name on the internet? Just gives the goverment more knowledge where you are on the internet. ( I'm still stuck on Baker St on the internet).

Changing Idenity (2, Interesting)

iamsamed (1276082) | more than 6 years ago | (#23197268)

.. but what happens if I Jason Smith am not a criminal and there happens to be a Jason Smith criminal out there that isn't me. Also who in their right mind uses their real name on the internet?

Aaaaaannnnnd, changing identity is easy. It's nothing to create a corporate entity - and that's a real one. Fake ones? Ha! So, while they're checking their all seeing database of criminals, the crooks are changing their identity.

It's even done by legal, although unethical, businesses. Get too many complaints to the Better Business Bureau just change your business' name.

Re:Mistaken Idenity (1)

UncleWilly (1128141) | more than 6 years ago | (#23198812)

In a secret building somewhere...

"Okay boys, we finally have a line on Jason Smith!"

ebay (0)

Anonymous Coward | more than 6 years ago | (#23197180)

i'll bet ebay gets a kick out of this

Maybe not such a great idea (5, Insightful)

Kartoffel (30238) | more than 6 years ago | (#23197186)

At first this sounds like an incentive for businesses not to conduct transactions with criminals. Take identity theft, for example. I don't want vendors consorting with thieves, should somebody steal my credit card info. But how should vendors know it's a thief and not me? It's not reasonable.

Worst case scenario: this turns out to be another vague No-Fly list that persecutes the innocent while doing little to no actual good. In any case, it will be more work and more liability for vendors.

Re:Maybe not such a great idea (0)

Anonymous Coward | more than 6 years ago | (#23197360)

Worst case scenario: this turns out to be another vague No-Fly list that persecutes the innocent while doing little to no actual good. In any case, it will be more work and more liability for vendors.
That sounds like the best-case scenario.

Re:Maybe not such a great idea (1)

iminplaya (723125) | more than 6 years ago | (#23198698)

It's not a "do good" measure. It's a feel good thing. Just like most every law written since the 9/11. More bureaucrats digging in and securing their positions. And mass media will present it in such a way that genpop will happily hand over their authorization on a silver platter.

Pointless (1)

damn_registrars (1103043) | more than 6 years ago | (#23197190)

Won't the criminals just switch to doing business with foreign companies instead, to avoid the reach of US laws?

Oh wait, many of them already have. Just take a look at the guys on the spamhaus list - they do their work just fine without help from US companies.

Government... (0)

Anonymous Coward | more than 6 years ago | (#23197194)

HMMMM...lets see what other parts of our jobs we can outsource to the people so we can do less work for more money....we get calls from the county demanding to know what boats we have on our lots...THATS NOT MY JOB..AHHHHHHHHHHHHHHHhhhhhhh I'm going mad!

I am really starting to DESPISE those who claim to represent our country...It's gotten to where I cannot even read the news anymore without getting sick to my stomach.

Re:Government... (1)

tha_mink (518151) | more than 6 years ago | (#23197356)

I am really starting to DESPISE those who claim to represent our country...It's gotten to where I cannot even read the news anymore without getting sick to my stomach.
Well, there's always Canada. Of course, you can vote, organize a protest, write your congressman...but then, ah it's just easier to bitch about it and go back to sleep.

Re:Government... (1)

ArsenneLupin (766289) | more than 6 years ago | (#23197594)

Well, there's always Canada.
You mean the country where they put you in jail, torture you and deny you access to a lawyer, all for the heinous crime of having no family that will inquire about your whereabouts?

And no, friends and lovers don't count: Canada's stringent data protection laws prevent authorities to admitting to any wrongdoings to an unrelated person.

No thanks, I prefer Red China any days. At least it doesn't try to pretend to be a democracy. And it treats its tourists better.

Re:Government... (0)

Anonymous Coward | more than 6 years ago | (#23198410)

all for the heinous crime of having no family that will inquire about your whereabouts?

Sounds like the US, though Immigration here doesn't torture people, they just throw them in jail... even if they do have family to vouch for their citizenship status.

http://www.mcclatchydc.com/227/story/25392.html [mcclatchydc.com]
http://www.npr.org/templates/story/story.php?storyId=11086544 [npr.org]

Jail? (4, Insightful)

sm62704 (957197) | more than 6 years ago | (#23197198)

Companies that fail to do so may be liable for large fines or jail time

They're going to put whole companies in jail?

But at any rate, after Sony's criminal rootkit vandalism of millions of computers, I'm going to have to see a CEO in shackles before I believe it. And Martha Stewart doesn't count.

For those of you unfamiliar with Sony's evil, deliberate vandalism, here are two links:
serious [wikipedia.org]
content-free [uncyclopedia.org]

Re:Jail? (1)

arieswind (789699) | more than 6 years ago | (#23197544)

hate to rain on your sony crusade, but the person who would end up in jail is the person who was responsible for running the check. that may be a salesman, or a manager, or whoever. when it comes to this kind of fine/jail time, there is a lot of finger pointing and assigning blame, and companies will go to great lengths to make sure the blame is placed right. granted, this is more likely to be applied to larger purchases than your 20$ book purchase off amazon.

Martha Stewart does (0)

Anonymous Coward | more than 6 years ago | (#23197564)

And Martha Stewart doesn't count.
She does count. Just in small whole numbers, fractions, and cups.

Red Flag? (1)

EricWright (16803) | more than 6 years ago | (#23197216)

OK, I'm just a bit confused. A quick search for FTC Red Flag returned this site [ftc.gov] , which exclusively talks about misleading weight loss claims. What does this have to do with vetting customer lists against known criminal lists?

Re:Red Flag? (2, Interesting)

EricWright (16803) | more than 6 years ago | (#23197296)

Bad form... replying to self... get over it.

Not paying enough attention, I missed this link [ftc.gov] from TFA. This notice is all about identity theft, while the summary indicates that companies will be required to check customer lists against known criminals.

If someone steals my identity and uses it to buy something, it will be my name in the customer database, not the criminal's. How would checking the customer list help? As far as I know, I'm not a known criminal or terrorist.

Although, I guess I would (incorrectly) end up on the list after a hypothetical incident.

Re:Red Flag? (1)

Kartoffel (30238) | more than 6 years ago | (#23197380)

If someone steals my identity and uses it to buy something, it will be my name in the customer database, not the criminal's. How would checking the customer list help? As far as I know, I'm not a known criminal or terrorist.

Unless your name happens to be Robert Johnson or Dan Brown. The TSA has wisely identified all persons having those names to be complete terrorists. ;)

*sniff* What's this here? (2, Insightful)

BenParr (1276718) | more than 6 years ago | (#23197230)

Is it just me, or does this stink of lobbyists?

EU Export (3, Informative)

Tiberius_Fel (770739) | more than 6 years ago | (#23197254)

To my knowledge, European Union regulations already require you to check the people to whom you are shipping goods, to see if they are on a list of known terrorists and their associates.

Re:EU Export (2)

dargaud (518470) | more than 6 years ago | (#23198128)

check the people to whom you are shipping goods, to see if they are on a list of known terrorists
If they know his name and address, why don't they go and arrest him ? And if he's too small-fishy to warrant an arrest, why can't the guy purchase his porn online like anybody else...?

Re:EU Export (1)

korbin_dallas (783372) | more than 6 years ago | (#23199068)

Oi, lessee....

laden, laden....hmmm

oh yes here it tis....

o. samabin laden
666 CaveofBears Drive
Aghila, Afghanistan, 66666

SHIP IT!

Uh I predict, oh swameee, that they only catch STUPID criminals with this one.
Also predict, theres some company here in the States that the Feds are after.

Prepare for an increase in identity theft (1)

davidwr (791652) | more than 6 years ago | (#23197258)

When the laws make something illegal, suddenly people are willing to break other laws to continue doing it.

This is especially true if they believe they have a moral or legal right to keep doing what they were doing.

It's a legal travesty when they actually DO have a moral or legal right to keep doing what they are doing: The government is in effect enticing people to break the law.

These days this means laws regarding lying about who you are, forging identity documents, and identity theft.

Does that include the government itself? (2, Insightful)

Reality Master 201 (578873) | more than 6 years ago | (#23197324)

Or are we only counting criminals that aren't considered above the law?

Your papers, please... (3, Insightful)

GogglesPisano (199483) | more than 6 years ago | (#23197332)

I remember a common threat in grade school was "this will be on your permanent record". We used to joke about it - it seemed ridiculous.

As an adult, it's starkly clear to me that "permanent records" do exist for all of us, and they control our lives to a large degree. Credit reports, "no-fly" lists, and now this "red flag" list - somewhere out there grim people in small offices quietly compile lists of citizens whom they feel should be "less free".

What kind of oversight exists for this list? What does one have to do (or not do) to appear on it? If you're on it, how can you be removed?

I wish I could say I was surprised by this new step towards an Orwellian dystopia, but the past several years have numbed me to it.

Re:Your papers, please... (1)

alen (225700) | more than 6 years ago | (#23197444)

probably anyone who has a conviction in a court of law for a crime committed online will be on this list. kind of like a registered sex offender

Re:Your papers, please... (1)

Shadow-isoHunt (1014539) | more than 6 years ago | (#23197992)

I hope they do put me (a convicted felon) on that list. Then I can sue them, because I was a minor, and it got expunged. That'd make me a happy camper, because I'd be able to ensure the death of the program.

Re:Your papers, please... (1)

jeti (105266) | more than 6 years ago | (#23198004)

You mean the "Sexual and Violent Offender Registry". I recently read an article [thedailywtf.com] about it. Somehow I don't think that it will be effective against cyber criminals.

Re:Your papers, please... (0)

Anonymous Coward | more than 6 years ago | (#23198278)

Simple. If you're a commie, you're on the list. If you stand for democracy and behind our military and believe in the american dream (tm) then you're safe.

Re:Your papers, please... (1)

iminplaya (723125) | more than 6 years ago | (#23198884)

What does one have to do (or not do) to appear on it?

That's a secret, but demanding oversight or asking too many questions is probably one way to get on it. Your interest in the matter will be considered "unhealthy" or "excessive". You wouldn't be so concerned if you don't have anything to hide. Trust them :-/

If you're on it, how can you be removed?

Most likely by dying, but even that doesn't always work. Your offspring, or even your acquaintances will inherit your position.

Who does this apply to? (4, Insightful)

BoberFett (127537) | more than 6 years ago | (#23197368)

The FTC page that the original article links to

http://www.ftc.gov/opa/2007/10/redflag.shtm [ftc.gov]

Only talks about financial institutions and creditors. It doesn't seem to indicate that Mary's Online Potpourri Barn has to do a background check on everybody that orders a lemon scented candle.

Re:Who does this apply to? (2, Insightful)

zappepcs (820751) | more than 6 years ago | (#23197456)

holy flying c-notes batman.... The financial institutions and creditors ARE the criminals. How the hell is that supposed to work?

Re:Who does this apply to? (2, Informative)

iamdrscience (541136) | more than 6 years ago | (#23197758)

You're exactly right. This article is obviously little more than a regurgitated press release for MicroBilt. The reality is that this law is intended for big companies and companies doing big money deals and they're the only ones that are going to have to worry about it. Microbilt is just trying to get some more customers by making it sound like a broader law than it is and given that it's been written up as an article and been posted to Slashdot, I'd say they've done a pretty good job.

Why aren't these "known criminals" in jail? (5, Insightful)

Vellmont (569020) | more than 6 years ago | (#23197396)

This seems like some kind of backdoor conviction without a trial. If the government "knows" these people are criminals, why haven't they been arrested, convicted, and sentenced? If the government is forbidding people to do business with these people, shouldn't they have a trial or some kind of public hearing where the facts are presented?

This kind of thing seems like it could lead to rampant abuse, or at least error if someone winds up on one of these lists that shouldn't be on it.

Re:Why aren't these "known criminals" in jail? (1)

Kartoffel (30238) | more than 6 years ago | (#23197492)

Yeah, really. Are they going to fine everybody who buys Martha Stewart stuff online?

Re:Why aren't these "known criminals" in jail? (1)

alen (225700) | more than 6 years ago | (#23197562)

probably because they served a sentence and now they are out, or does slashdot now advocate life sentences for any crime?

Re:Why aren't these "known criminals" in jail? (4, Insightful)

mini me (132455) | more than 6 years ago | (#23197672)

If they have served their time, why are we preventing them from integrating back into society?

Re:Why aren't these "known criminals" in jail? (0)

Anonymous Coward | more than 6 years ago | (#23197682)

...or does slashdot now advocate life sentences for any crime?
Certainly not. But how about if you have done your time then your debt to society is paid and you should be able to start over with a normal life? Not put on a List that limits your ability to live a normal life.

Re:Why aren't these "known criminals" in jail? (1)

Vellmont (569020) | more than 6 years ago | (#23197718)


probably because they served a sentence and now they are out, or does slashdot now advocate life sentences for any crime?

Was not doing any sort of commerce with any business in their sentence, or part of their release agreement? If not, I'm not sure how this is legal punishment.

Re:Why aren't these "known criminals" in jail? (1)

Kartoffel (30238) | more than 6 years ago | (#23198340)

Maybe this only applies to "known criminals" that exist outside of the FTC's jurisdiction, like foreigners. For example, the FTC wants you to think twice before you sell your laptop to a Nigerian scammer, even though the FTC can't touch the scammer.

If it's like OFAC's list... (2, Insightful)

brennanw (5761) | more than 6 years ago | (#23198854)

... then it's a list of names of people and the known aliases of people who commit crimes but who haven't been apprehended yet. Usually crimes like extortion, terrorism, racketeering, international stuff that makes it difficult to just walk up to someone, put cuffs on them, and haul them off to jail.

Which isn't to say this can't lead to rampant abuse -- it certainly can -- but the idea of the list is more along the lines of "this is a guy who is suspected of being involved in illegal activity right this very moment -- do not do business with him" rather than "this is a guy who just got out of jail last week -- do not do buseinss with him."

Which way does the data flow? (1)

benwiggy (1262536) | more than 6 years ago | (#23197416)

Do I give the Govt a list of everyone I do business with for them to check; or do I get the complete list of criminals and check for overlap myself? Sounds like a massive datamining operation to me.

The naughty list ?? (1)

TrujilloTx (924607) | more than 6 years ago | (#23197422)

Does getting put on Santa's naughty list red flag you?

This will be the year of the Linux desktop (2, Interesting)

houghi (78078) | more than 6 years ago | (#23197592)

... because nobody will be able to do business with Microsoft. They are convicted in Europe.

I don't get it. (3, Insightful)

jellomizer (103300) | more than 6 years ago | (#23197602)

1. Inocent until proven guilty. So why should there be a black list of people who havn't been threw justice system.

2. Rights after you serve your time. So if the person was an online criminal and served his/her time. Is is really reasonable to block them for using the inernet ever again, espectially in a world with increasing demmand to use the internet for daily communication and comerse.

3. People on probation is such a small portion of a list that the forced blacklist is an undue burden.

4. These people are criminals... They have been proven to be untrustworthy, what makes it so they don't lie on an online form or use someone elses idenity.

5. Small ISP and companies don't have resources to do this. a 10-15k project for a big company is a drop in the bucket for for a small ISP it is a huge undertaking, which could kill it.

6. Why punish honest/trusting people. America's growth was based on contract by handshake. There are a lot of companies that still want to keep that type additude. But laws like this make it so you need a lawer for everthing... (on a side note why the hell do we keep electing lawers into government)

7. In a slumbing echonomy is it prudent to make it difficult for people to do business.

8. If it forces criminals to be smarter and hide their tracks more, doesn't it make it more difficult for authorities to track such people.

9. If the criminals cannot work online they will still be criminals and be on the street with guns and drugs.

10. What happends if your name matches a criminal.

Ex-cons 2 generatins ago (1)

davidwr (791652) | more than 6 years ago | (#23198214)

A generation or two ago, felons had their civil rights greatly curtailed and had to petition the courts individually to get their rights restored.

In some states:

They couldn't vote.
They couldn't hold elected office.
They couldn't own or be an officer of an incorporated business.
They couldn't hold a license for most licensed professions.
They couldn't hold an alcohol license.
They couldn't be a notary.
They couldn't hold certain banking jobs.

The list goes on.

In almost all states felons who have served their jail time and parole can vote, but many of the remaining restrictions still apply today.

The theory is that certain things like voting or being a loan officer were reserved for "moral" people.

Re:Ex-cons 2 generatins ago (2, Insightful)

jellomizer (103300) | more than 6 years ago | (#23198622)

Unfortunatly that is where there is a problem with our justice system. Do do a crime you get punished for it. Then you are continiously punished because you are statiticly shown to do it again. Thus being in a situation where you have reduced rights and limited ways to improve youself thus you are stuck to commit crimes again to survive.

There are some crimes where people can stop and others that cannot.
Sex Crimes are often due to mental problems which need to be addressed and monitored for a long time. (yet we lock them up vs. giving them the proper help)
However Internet Crimes such as Idenity Theft can be corrected by proper rehibelation.

Plus there's a car analogy.... (1)

penguin_dance (536599) | more than 6 years ago | (#23197614)

From the article: OK, pop quiz. A local car dealership sells a car to a new customer. A week later, that same automobile is used in a terrorist car bombing. The business can't be held liable for what the customer did, right?

Now the idea that terrorist would buy a car to blow up rather than stealing one so it can't be tracked back to them seems rather ridiculous. But we here at slashdot love a car analogy so let's stick with that.

Businesses, unlike airport screeners apparently, KNOW where most modern terrorists come from. Is the government then going to protect that dealership from a lawsuit when a middle-easterner with ties to the motherland is turned down when he shows up cashier's check in hand?

Most businesses DON'T want to do business with crooks or terrorists. Makes sense because they don't want to get screwed in the deal. But it's ridiculous to expect business to do the federal government's job for them under threat of criminal charges and fines. And there's certainly been times where business didn't have that choice [nytimes.com] .

All felonies? (1, Insightful)

Anonymous Coward | more than 6 years ago | (#23197654)

What kind of criminals? Anyone with a felony conviction? Theft? dui? murder?

Since almost everything other than traffic tickts is being charged as "felony" something this could easily mean a loss a business to normal people, not internet criminals.

Again, it sounds great, but it's a knee jerk reaction that will create big undesired problems.

Does not fly - will increase ID theft. (5, Insightful)

LauraLolly (229637) | more than 6 years ago | (#23197740)

The "Do Not Fly" list already has shown how well false positives work - it's caused trouble for people who are wrongly put onto the list. Those with particularly common names will have particular trouble.

Unless there's a swift and clear grievance system, this will cause so many false positives that positives will be worked around. And who says that any bad people wouldn't steal or set up identities under which to do business?

The end result in three years? There will be lots of news about false positives, and the bad guys will just use more ID theft. Which will put those with stolen IDs into still more of a mess.

I don't think that this passed the "run it by a six-year-old first" test.

At last, a list I want to be on (3, Interesting)

clovis (4684) | more than 6 years ago | (#23197782)

It appears to me that if I get on that list it will greatly reduce my exposure to Identity Theft.

The basic premise is fine... but... (1)

ElboRuum (946542) | more than 6 years ago | (#23197984)

To me, there are two sides to identity theft.

1) The thief him/herself.
2) The company who enables the identity theft by enabling "sight-unseen" optimistic transactions. In other words, companies who have, up to this point, assumed that you are who you say you are when you fill out an online form or whatever other such transaction is being exercised.

If our world is to become more and more disconnected from face-to-face commercial transactions, which offer a sight better chance of verifying that person A using the credit card is not in fact person B or what have you, then I am absolutely for legislation which recognizes that identity theft is not possible without companies de facto complicity in the matter.

However, there is a legal principle that the worst laws are the ones that cannot be enforced without great cost to the society and yet get passed anyway. This is one of those laws.

It's not a bad idea to hold companies at least partially accountable for their participation, perhaps unwilling, in enabling identity thieves, but it needs some retooling and may require infrastructure that does not yet exist. Moreover, there need to be limitations such that the burden on companies is not so severe that it must radically increase the prices of its products simply to be compliant. A law this open-ended invites so much litigation that a company would be justified in expending exorbitant amounts simply to keep from running afoul of it.

Roadmap (1)

DeanFox (729620) | more than 6 years ago | (#23198034)


If any value came out of Germany in the '40s is its meticulous use of lists and record keeping about its citizens. That way when history repeats itself there's a clear and concise roadmap of what needs to be done. No need to reinvent the wheel.

-[d]- br.

We're developing our program now (3, Interesting)

Pagey123 (1278182) | more than 6 years ago | (#23198044)

I work for a small community bank, and we are in the process of developing our program now. The regulations implement sections 114 and and 315 of the FACT Act. Section 114 requires all covered institutions to create and implement a written Identity Theft Prevention Program consisting of four elements: 1. Identification of Red Flags 2. Detection of Red Flags 3. Responding to Red Flags 4. Updating the Program To be covered, an institution must offer what is called a "covered account." A covered account is (1) an account primarily for personal, family, or household purposes, that involves or is designed to permit multiple payments or transactions, or (2) any other account for which there is a reasonably foreseeable risk to customers or the safety and soundness of the financial institution or creditor from identity theft. The regulatory bodies go on to offer guidance on 5 categories of potential Red Flags, including: 1. Alerts, notifications, or other warnings received from consumer reporting agencies or service providers, such as fraud detection services; 2. The presentation of suspicious documents; 3. The presentation of suspicious personal identifying information, such as a suspicious address change; 4. The unusual use of, or other suspicious activity related to, a covered account 5. Notice from customers, victims of identity theft, law enforcement authorities, or other persons regarding possible identity theft in connection with covered accounts held by the financial institution or creditor. Section 114 also requires the issuer of a debit or credit card to verify the vailidity of an address change followed by the request for a new, additional, or replacement card if requested within 30 days of the address change. In other words, if you receive a request for a new card within 30 days of an address change, you are required to validate the address change with the customer to be sure it is indeed a valid request before mailing the new card. Section 315 requires the users of consumer reports (i.e., credit reports) to verify the identity of the consumer if the report notes a substantial difference in the address provided by the institution versus the address last on file with the Credit Reporting Agency. This applies only if a continuing relationship is established with the consumer. One of the ways to comply with Element 2, detecting Red Flags, is to use various software programs (such as those for BSA/AML) or databases to run checks against, but the regulations clearly state that the program must be appropriate for the size of the institution and the scope of its operations. I highly doubt they'll expect mom & pop types institutions to deploy extraordinary measures to verify that Jim Bob is not a terrorist. Now, if you're Bank of American or Fifth Third, for example, you'll be expected to do a little more. Also note that bank's service providers are required to have a Red Flags program in place. Meaning if I am generating mortgage or auto loans for a financial institution, I'm required to detect and respond to Red Flags, and the bank is required to assess my program. Hope this helps!

Scope isn't as broad as it looks (2, Informative)

44BSD (701309) | more than 6 years ago | (#23198080)

From the federal register item linked to in TFA:

The final rules require each financial institution and creditor that holds any consumer account, or other account for which there is a reasonably foreseeable risk of identity theft
to do these things. If you sell something to someone for cash, you are not a creditor. If you were a financial institution, and thus covered by GLBA, you'd know it already. Unless you extend credit, you're not a creditor. Not much to see here, and the fact that this article had its origin in somebody selling a service to help you comply with this may be meaningful.

Re:Scope isn't as broad as it looks (1)

dbcad7 (771464) | more than 6 years ago | (#23198430)

Where's the mod points when you need em ?.. That's exactly what my search on the subject came up with. I think the article the parent links with, is FUD.. that article names no sources, and spouts off BS about terrorists and car dealers.. when this is meant to be something like a credit card company checking the list before issuing a card.

Political use of "Red Flag" infrastructure (1)

tvlinux (867035) | more than 6 years ago | (#23198650)

Once the infrastructure to "Red Flag" anyone is in place, the government can deem any person "BAD" and destroy their life. The government then is the sole entity that defines who is on the list. No over sight, no judicial review, no rights.

Wrong (1)

Hythlodaeus (411441) | more than 6 years ago | (#23198686)

The article/summary completely misinterpreted what this is. It's not a no-fly kind of list. This is just requiring financial institutions to "red flag" unusual activity. It's quite common for credit card companies to call you and verify purchases if you make a sudden string of online purchases if you don't typically do that or make multi-$1000 purchases somewhere geographically remote from where you live. That's all this is.

Universal Criminals (1)

nurb432 (527695) | more than 6 years ago | (#23198918)

With these lists, you can make sure no one can work, buy food or have a place to live.

Throw the govt. in jail (0)

Anonymous Coward | more than 6 years ago | (#23199038)

Cool, so these alleged criminals must live in some state, etc.? Does this mean if they pay bills online with a state or local govt. website, we could throw the govt. in jail? :-p

That would be kind of ironic. LOL

Look out! The Internet is here! (1)

chris411 (610359) | more than 6 years ago | (#23199168)

Oh, those kooky 'online criminals,' clearly they are a threat right up there with terrorists. Look out! They'll bomb your modem!
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...