Opinion: Commentary on cybersecurity and Equifax breach

Former U.S. Sen. Saxby Chambliss, R-Ga., talks with ex-Equifax CEO Richard Smith before he testifies to a House Energy and Commerce Committee panel on October 3, 2017. (Photo by Chip Somodevilla/Getty Images)

Combined ShapeCaption
Former U.S. Sen. Saxby Chambliss, R-Ga., talks with ex-Equifax CEO Richard Smith before he testifies to a House Energy and Commerce Committee panel on October 3, 2017. (Photo by Chip Somodevilla/Getty Images)

Excerpts from former Equifax CEO Rick Smith’s prepared testimony for the U.S. House Subcommittee on Digital Commerce and Consumer Protection:

“We at Equifax clearly understood that the collection of American consumer information and data carries with it enormous responsibility to protect that data. We did not live up to that responsibility, and I am here today to apologize to the American people myself and on behalf of the Board, the management team, and the company’s employees.”

“Accountability starts at the top and I, therefore, decided to step down as CEO and retire early to allow the company to move forward. Before I retired, our Chief Information Officer and Chief Security Officer also left the company.”

U.S. Rep. David Scott, D-Atlanta, in the AJC Oct. 3:

Equifax is “a longstanding Georgia company.” “We want to make sure that they come out of this standing as tall as possible. The way to do that is to … find out what happened and who’s responsible so that [Equifax has] the confidence of the people.”

U.S. Rep. Maxine Waters, on Equifax CEO Rick Smith’s retirement: 

“The public deserves answers about what occurred at Equifax, and its entire board of directors and senior management team should be accountable for the enormous harm caused to consumers across the country. There will be consequences. This process is only beginning.”

Software engineer Brianna Wu, in a Bloomberg View Op-Ed:

When it comes to cybersecurity, Americans remain extremely vulnerable, and our representatives seem ill-prepared to do anything about it. Earlier this month, it was revealed that Equifax disregarded warnings of security vulnerability and was hacked by a relatively simple exploit; we can expect to suffer years of identity theft and credit fraud thanks to the worst theft of private information in history.

Answers to all of these problems exist, but federal officials seem unable to implement them. Unlike so many issues that cause gridlock in Congress, the axis of conflict on technology isn’t right versus left - it’s informed versus uninformed. A prime example is Congress’ effort to criminalize strong encryption in the aftermath of the deadly San Bernardino, California, mass shooting. After a terrorist attack on a government training event, the FBI sought access to the perpetrator’s smartphone. Apple refused, and the FBI brought the tech giant to court to force it to engineer a backdoor to smartphone email, text messages and contact information.

Proving that no political party has a monopoly on bad technology ideas, President Barack Obama warned tech leaders in a speech at SXSW last year that if they didn’t give government a secret backdoor to encrypted data, Congress would force them to. The tech industry was nearly unanimous in its horror at the idea. Is this because technologists are unconcerned about terrorism? No, it’s because people with a deep understanding of cryptography know there is no such thing as a backdoor that only the government can use.