The Big Equihack Makes A Case for Regulation

Equifax, the embattled credit rating agency known for its signature Windows 95 security app, has been taking it on the chin over the past few weeks. And, fair enough, the company deserves what it’s got coming. It is a business built entirely on sneaky-beaky data diddling, a giant corporation dedicated to hoovering up every jot and tittle of your personal information and peddling it to usury merchants for eye-watering fees.

Essentially, Equifax is in the business of selling online identities, yours almost certainly among them. By some estimates, worldwide it has information on 800 million individuals and 88 million businesses stuffed into its data swag bag. What those files contain is everything you need to get a credit card, open a mortgage, and secure a loan. It probably goes without saying, but if that information falls into the hands of the iniquitous, the virtual you may be up to your neck in financial hurt. The real, you, of course, will have to deal with the consequences.

So get prepared to deal. Sometime this summer hackers swiped the personal data of 143 million people from Equifax. The company waited a month before letting on that they’d allowed just about every adult American’s online soul to be surreptitiously sucked up by dark web’s bagman. Indeed, even now Equifax doesn’t seem to be exactly clear on everything that’s gone missing, when it went missing, or where it went. On the upside, as long as you promise not to sue them they are willing to, um, not act like complete shits. Ha, ha, just kidding! You can read in-depth about their incompetence, perfidy, and rapacious contempt for consumers here, and here, and here, and just about any other media outlet in reach of the Google machine.

True, a boo-boo this big demands that there be some consequences. Someone might be exiting corporate headquarters with the boot of ignominy attached to the seat of their pants, and no doubt there will be one or two on the receiving end of a stern finger-wagging. That, though, seems about the far limit of accountability Equifax is willing to voluntarily countenance. And even the shamed executive given the old slingeroo will no doubt depart with millions in compensatory severance boodle. I suppose that will help salve the sting of accidentally helping expose the whole credit rating shootin’ match for the cesspool of consumer-screwing avarice that it is. It goes without saying that there’s little hope of a golden parachute cushioning the fall for the rest of us. In so many words, we’re being told to just flap our arms real fast and hope for the best.

As usual when corporate greed grubbers drop this sort of a manure muffin on the plates of an unsuspecting populace, there is a boost in hue and an uptick in cry about the dangers of letting all these free range corporate chiselers run wild. Dern that federal gummint, shouldn’t it have done something? You know, like, maybe, regulate them? At least a little bit? Huh, now there’s an idea.

Of course, there is a broad agreement these days that regulating free markets is a bad idea. In general, Americans are not big supporters of government regulation, and they seem to have specific objections to passing and enforcing rules of fair play on businesses. Their elected representatives are not big on the idea either. And the people who run credit rating agencies definitely give the whole concept a thumbs down. Back in June, at the exact same time hardworking cyber-thieves were starting to pump data out of Equifax like water from a fire hose, the Consumer Data Industry Association was aghast that Rep. Lloyd Smucker (R-PA) hinted he might ask Congress to pass a rule or two protecting consumer privacy.

In high dudgeon they wrote him a letter pointing out that: (a) credit rating companies already were staggering under the onerous burdens of federal regulation, and (b) there was no need for any gummint regulation because of the industry’s widely recognized fervent dedication to protecting sensitive information. The CDIA noted what resolute defenders of the public trust the Equifaxes of the world were, and the “strong authentication techniques” they used to insure that “consumer disclosure is not going to the wrong person.” As they summed up, “The consumer reporting industry is adequately regulated and goes to great lengths to ensure consumer data is protected” (you can read the full letter here).

A seasoned veteran of the corporate-political interface will be able to parse those words carefully enough to extract their true meaning: “We’re lying our asses off about being over-regulated, and we don’t give a flip about who has their mitts on Joe Q. Public’s digits, but we’re richer than Croesus and want to keep it that way. So bug off. We’ll call you if we need a bailout.” Or words to that effect. In reality, the credit rating game is played with extraordinarily little public oversight, and what oversight does exist is as likely to be implemented by state governments as the feds.

Maybe the Equifax data breach will change that. Certainly there’s a lot of people charging around the public arena right now pointing out that a pretty good-sized equine just exited the barn, so maybe the federal government should do something about all those open doors. And, indeed, given that credit rating agencies deal in what amounts to our online avatars–remember, “their” product is our identities–it makes a lot of sense for government to treat them as the equivalent of a public utility. That means regulating them, really regulating them, not using the fill-in-the-blank rule book they currently operate under.

There’s some small chance this will actually happen. Free market fan boys have at least temporarily muted their assassin’s creed vows to do in the Consumer Financial Protection Bureau, the federal agency that, despite the best efforts of Congress, has actually been trying to keep the gouging, duping, hood-winking and general larceny in the financial sector to a minimum. There have even been some rumbles about untying one of the CFPB’s regulatory hands in deference the degree of inconvenience the Equifax hack is visiting upon citizens.* Maybe, just maybe, the financial industry is not quite the steadfast protector of privacy it claims to be. Some in Congress seem, however reluctantly, open to the notion that companies like Equifax are more interested in profits than probity. Maybe a federal bully boy with the power to stick up for the small guy is not such a bade idea, even if it does cut a fraction of a point off the old quarterly profit report and downgrade executive bonuses from truly obscene to merely outrageous.

I wouldn’t hold your breath, though. Any such regulation is likely to give the Gummint-Bad-Bidness-Good Congressional Caucus the fantods, and those lads have patented a legislative solution that automatically dilutes any real restraint placed on Wall Street and its brood. The Great Equihack Gaffe of 2017 might raise a doubt or two about the dangers of unchecked financial finagling, but, as is almost certainly being pondered in corporate lobbying suites right now, what’s all that money for if not to calm the qualms of wavering legislators?

 

* Congress has tightly secured both of the agency’s hands behind its back back to make sure they didn’t give too much aid and comfort to predatory consumers asking awkward questions about why they had six Wells Fargo checking accounts they didn’t ask for.