| |
| ▲ | briffle a day ago | parent | next [-] | | Equifax: In September of 2017, Equifax announced a data breach that exposed the personal information of 147 million people. The company has agreed to a global settlement with the Federal Trade Commission, the Consumer Financial Protection Bureau, and 50 U.S. states and territories. The settlement includes up to $425 million to help people affected by the data breach. Apparently, your personal information is worth about $2.90. | | |
| ▲ | gruez a day ago | parent | next [-] | | >Equifax: In September of 2017, Equifax announced a data breach that exposed the personal information of 147 million people. The company has agreed to a global settlement with the Federal Trade Commission, the Consumer Financial Protection Bureau, and 50 U.S. states and territories. The settlement includes up to $425 million to help people affected by the data breach. How much money did they make from the breach though? The argument made by the gp was that the fines were "pocket change compared to the piles of cash they made while ignoring those regulations.". According to FTC's press release, they were fined at least $575M for "failure to take reasonable steps to secure its network". How much do you think did you think equifax saved by skimping on security? Probably not $575M. They got pwned by an outdated third party library. There's no way keeping your libraries up to date is going to cost anywhere near that amount. | | |
| ▲ | tecleandor a day ago | parent | next [-] | | Fines should be higher than the cost avoided, or companies would just avoid the cost until get caught. Also, it's not only about the cost avoided, but about the damage to the people while you were doing that. If you're making money moving logging trucks, you skimp 50 dollars per trip in some straps to fix the load, and then a couple logs fall, run over a car, and almost kill a bunch of people, I'm not expecting you to pay just for the 50 dollars and the car repair. | | |
| ▲ | gruez a day ago | parent [-] | | >Fines should be higher than the cost avoided, or companies would just avoid the cost until get caught. Again, how much do you think Equifax saved from skimping on security? Sure, spending $575M would have prevented the hack, but how much did they have to spend to be considered not negligent? | | |
| ▲ | harimau777 20 hours ago | parent | next [-] | | Enough to keep it from happening or enough to make whole everyone who was injured. | |
| ▲ | tecleandor 12 hours ago | parent | prev [-] | | Again, it's not about what is saved, it's about what it caused. If they can't expend a bit extra to avoid damage to millions of persons, maybe they shouldn't be in that business. |
|
| |
| ▲ | nzeid a day ago | parent | prev [-] | | > How much do you think did you think equifax saved by skimping on security? Probably not $575M. They got pwned by an outdated third party library. There's no way keeping your libraries up to date is going to cost anywhere near that amount. I took their post to mean that the $2.90 figure included damages. In your words, how much will the ensuing fraud, identity theft, and spam cost me? | | |
| ▲ | gruez a day ago | parent [-] | | Yes, but you're moving the goalposts. The original argument was essentially that crime pays, because you'll only get fined a fraction of what you saved/made. |
|
| |
| ▲ | justinclift a day ago | parent | prev [-] | | And they're still in business too. :( |
| |
| ▲ | solardev a day ago | parent | prev | next [-] | | Uber and Lyft with regard to taxi and contractor/employee laws, Google in regards to privacy, Meta in regards to basically everything... | | |
| ▲ | gruez a day ago | parent [-] | | You haven't identified a specific case in any of the examples so I asked an LLM to do it for you, and came up with two: 1. O'Connor v. Uber Technologies, Inc (2013): So far as I can tell, they settled for $20M, but the settlement allowed uber to continue classifying drivers as contractors. You might be able to spin this as how uber is above the law or whatever, but the alternate take is that the drivers had a weak case, and were settling for whatever they could get. Not the best case to argue that companies are fined too little. 2. New York AG vs Uber: it seems like the settlement was two parts: a cash payout for past drivers and additional benefits to drivers going forward. Digging deeper into the settlement, it looks like for the former like uber's crime was improperly deducting sales taxes and black car fees[1], rather than failing to pay benefits. It doesn't look like uber got fined at all for not providing benefits. Again, you can frame this as uber being so above the law that they got fined $0 (!), but the argument from above applies. Maybe the NY AG had a weak case. Clearly they're willing to fine uber for something as vague as improper sales tax deductions, so why didn't they go for damages for uber not paying benefits? [1] https://ubernyagsettlement.com/Portals/0/Document%20Files/NY... | | |
| ▲ | solardev a day ago | parent [-] | | I think this is only proving the parent's point, that the legal system is completely unable to deal with the megacorps. Shrug. I don't read those results the same way you do. | | |
| ▲ | gruez a day ago | parent [-] | | ...or megacorps have functional legal departments to stop them from doing obviously illegal stuff. Of the cases they actually get sued for, there's enough complexity and genuine question of law that they can't straightforwardly prosecuted. There's a reason why basically all states had to pass bills to reclassify gig work companies, rather than winning slam dunk cases with years of back pay. In cases companies megacorps are clearly breaking laws, they're appropriately fined. eg. https://news.ycombinator.com/item?id=44767461 Maybe all of this basically cashes out to "the worst the legal system can do at that point is penalize them with the equivalent of pocket change" to you, but to me this looks like a functioning legal system where defendants actually have a fair chance of winning. | | |
| ▲ | mextrezza a day ago | parent | next [-] | | > In cases companies megacorps are clearly breaking laws, they're appropriately fined. Not always! lawyers representing classes in class actions don't always negotiate as hard as they could or should during settlements. You're probably familiar with federal judge Lucy Koh's prominent cases. Not really understanding your argument that everything is fine, and there's nothing to see here. | |
| ▲ | LunaSea 14 hours ago | parent | prev | next [-] | | > or megacorps have functional legal departments to stop them from doing obviously illegal stuff. Is that why Apple, Google and Meta ship a billion dollars every few years to the EU Cour of Justice? | |
| ▲ | justinclift a day ago | parent | prev [-] | | > to stop them from doing obviously illegal stuff That's not what the legal departments seem to be used for though. | | |
| ▲ | gruez a day ago | parent [-] | | Again, you don't see the illegal behavior that they didn't try. For instance, Uber probably could have nabbed more market share by allowing drivers to pick people up off the streets as well, but that would obviously break taxi medallion laws. Uber worked within the pre-booked ride service loophole. Same goes for contractor classification. They probably could have gotten better customer satisfaction ratings if they prohibited drivers from using multiple apps, but that would obviously look bad for them if they wanted to argue drivers were contractors. | | |
| ▲ | justinclift 21 hours ago | parent [-] | | > Again, you don't see the illegal behavior that they didn't try. We don't know if that was due to legal departments or other factors, so claiming it was due to legal departments seems more like hope/wishing/assuming rather than actual knowledge. :( | | |
|
|
|
|
|
| |
| ▲ | malfist a day ago | parent | prev | next [-] | | Airbnb, lyft, uber, almost any of the last generation of unicorns | |
| ▲ | mystraline 17 hours ago | parent | prev | next [-] | | > Examples Ubercab. Later sued and changed to Uber. Now, too big to fail. Basically is illegal unlicensed uninsured scam cab company. | |
| ▲ | sjsdaiuasgdia a day ago | parent | prev [-] | | > or how much money they could have plausibly gained from the offenses in question What relevance does their plausible earnings via the offense have to the fine for the offense? The harm suffered by the people whose privacy was violated is still there regardless of how much money was made through the violation. |
|
