Lawmakers push for federal data breach notification law

U.S. lawmakers plan to resurrect national data breach notification legislation that has failed to pass in past sessions of Congress, but some advocates don’t agree on what should be included in a bill.

Six witnesses at a U.S. House of Representatives hearing Thursday called for a national law requiring businesses that lose data in hacker attacks to notify affected customers, but there were differences about whether the bill should preempt 48 existing state laws or should set a minimum standard that state laws can build on.

“Any federal law should not weaken strong state laws,” Representative Jan Schakowsky, an Illinois Democrat, said during a hearing of the Energy and Commerce Committee’s trade subcommittee. “Any federal response should establish a baseline so that every American can be assured some level of data protection, not just notification after the fact.”

Others disagreed, saying a new federal law that doesn’t preempt state laws would create a 49th data breach regulation for businesses to comply with. A national standard would be “particularly helpful to small business, many of whom cannot afford teams of lawyers to navigate 48 breach standards, should something bad actually happen,” said Kevin Richards, senior vice president for federal government affairs at trade group TechAmerica.

The debate over whether a national law should preempt state laws—along with debates over what types of information should be subject to breach notification rules and how long companies have before reporting the breaches—has held up a national breach notification bill in Congress for years, with early bills introduced in the middle of the last debate. But committee members said Thursday they will renew their push for a national law.
Some witnesses and lawmakers also called on Congress to pass comprehensive cybersecurity legislation focused on preventing data breaches along with breach notification. Others suggested that Congress needs a longer debate on comprehensive legislation, while a breach notification bill could be ironed out sooner.
Congress needs to act to prevent the huge number of data breaches happening every year, said Representative Joe Barton, a Texas Republican. In the 1930s, when there was a rash of kidnapping, Congress didn’t just pass a “kidnapping notification law,” but it gave the Federal Bureau of Investigation authority to track kidnappers, he said.

David Thaw, a law professor focused on cybersecurity at the University of Connecticut, agreed, saying comprehensive data security regulation, combined with data breach notification rules, would be more effective in protecting consumers and businesses.

“I analogize the effects of breach notification alone to locking the bank or vault door while leaving a back window wide open,” he said.

Richards called on the committee to move forward on data breach notification, saying there’s some consensus developing around that legislation, but more work to do on a comprehensive bill. 

Aggressive game advertising to children prohibited by German Federal Court

Aggressive advertising messages aimed at children urging them to purchase goods for the game “Runes of Magic” are not permitted, the German Federal Court ruled.

The Federation of German Consumer Organizations (VZBV) sued game maker Gameforge because it tried to sell armor and weaponry directly to children, the VZBV said in a news release on Thursday. The offer was made on the Runes of Magic website. After a link was clicked, a Web page offering various products was opened, the VZBV said.

Direct exhortation to children in this way is prohibited, ruled the German Federal Court on Wednesday, said court spokeswoman Dietlind Weinland in an email on Thursday. Therefore, Gameforge should refrain from using terms like “grab the opportunity to...” while advertising paid in-game items to children, Weinland said.
Runes of Magic is a game that can be downloaded for free. Gamers can then purchase upgrades and accessories in the game to advance, the VZBV said.

By marketing paid items in a game that make the participation more attractive, game makers exploit the inexperience of children, said the VZBV. But the ruling means that advertising messages aimed at children with a link to paid accessories for the computer game “Runes of Magic” is not permitted, the VZBV added.
The virtual goods have to be paid for with real money, the federation said. In 2009 for instance, purchasing 3,000 diamonds for Runes of Magic cost the player almost €100 ($130), while a riding animal could be bought for 199 diamonds, it said.

Buy more stuff! The decision of the court is not yet final, Weinland said. Since the defendant was not represented by counsel before the Federal Court, a “default judgment” was given, she said. The company can oppose the decision within two weeks, after which the matter would be considered further by the Federal Court, she said. If the verdict is not opposed it will enter into force.

Gameforge on Thursday did not immediately comment on the verdict.

People in the game industry have been discussing the marketing of game items to children for a while.
“Children in some cases are being monetized MUCH more aggressively with in-app purchases than adults are, because developers understand that children are more vulnerable and wish to profit on this. There is nothing illegal about this in any country that I am aware of,” said Ramin Shokrizade, an Applied Virtual Economist and Monetization Designer who consults game makers, in an email on Thursday.

Game maker Zynga for instance uses a technique that is called “fun pain” to entice gamers to purchase items. Shokrizade currently consults to companies with a combined market capitalization of over $300 billion worldwide, according to his LinkedIn profile.

Game maker Zynga for instance uses a technique that is called “fun pain” to entice gamers to purchase items, he wrote in a recent blog post titled Monetizing Children.

“The idea is to inflict some very uncomfortable situation on a player in their game, and then offer to remove that situation in return for money. While the vast majority of adults will make the assessment that it is in their best interest to not spend the money and to just exit the application that is designed to hurt them, it is biologically harder to come to this conclusion if the decision maker is a child,” Shokrizade wrote in the blog post.

Therefore, the use of real money or its equivalent should be removed as an option in games without the explicit informed consent of parents, Shokrizade said in his blog, adding that children are not in a good position to judge the value of purchases in virtual currencies.

“I don’t think in app purchases (IAPs) belong anywhere in games marketed to minors. If your response is ‘oh that is going to make it a lot harder to sell microtransactions’, then I’m going to suspect this is an admission that you know children are more vulnerable to suspect monetization methodologies,” he added in his blog.

It is inevitable that some companies will move toward even more aggressive exploitation of children in games, wrote Shokrizade. “To solve the problem governments and people need to first understand the problem,” he said in his email. The ultimate result will be national regulation, which is already happening in some parts of Asia, he added.

How The End Of DOMA Will Affect Obamacare, Federal Employees

The Supreme Court's ruling that the Defense of Marriage Act is unconstitutional will not only make a big difference in health benefits for some federal employees, it could also affect people who will be newly eligible for Obamacare beginning next year.

For lower-income people seeking coverage under Obamacare, marriage may not provide a financial advantage, tax experts say.

Once the dust settles and new policies can be drawn up, federal employees in same-sex marriages will be able to enroll their partners in the Federal Employees Health Benefits Plan. The Obama administration has extended several benefits to gay employees in recent years, but was prohibited by DOMA from providing FEHBP coverage.

"While we recognize that our married gay and lesbian employees have already waited too long for this day, we ask for their continued patience as we take the steps necessary to review the Supreme Court's decision and implement it," says Elaine Kaplan, acting director of the federal government's Office of Personnel Management.

The court's action today also means that military personnel in same-sex marriages will be able to obtain health benefits for spouses.

But people who will be eligible for coverage under Obamacare starting next year may want to consider all the financial consequences of marriage.

"Same-sex partners with similar incomes may lose out," says Brian Haile of Jackson Hewitt Tax Service, who sent this memo around today.

For example, Haile says, same-sex partners who each have an income of $40,000 may be eligible for the premium assistance tax credits under the Affordable Care Act, but only if they remain single.

If they marry (in those states that allow same-sex marriage), then they would lose eligibility because their income would be over the threshold for a household of two.

"Suffice it to say, it's complicated," Haile says.

Haile and other tax experts are still sorting it all out. Also yet to be understood fully are all the permutations that arise from conflicts between federal and state laws in states where same-sex marriage is illegal.

Some of the outstanding questions include whether, under Obamacare, insurance companies will be required to offer policies that cover same-sex domestic partners in these states – and how "affordability" of insurance will be determined when people apply for Obamacare.

Haile says to expect the Internal Revenue Service and the Department of Health and Human Services to issue clarifications as January 1 — the start date for the health insurance exchanges — draws near.

 

Federal Safety Officials To Investigate Ohio Air Show Crash

Wing walker Jane Wicker performs at the Vectren Air Show just before crashing on Saturday. She and pilot Charlie Schwenker were killed.

Federal air safety officials say they will investigate the fiery crash of a stunt plane at an Ohio air show that killed the pilot and a wing walker.

Thousands of spectators at the Vectren Air Show near Dayton, Ohio, watched on Saturday as the biplane, with wing walker Jane Law Wicker, 46, and pilot Charlie Schwenker, 64, careened into the ground and exploded during a low-altitude maneuver. No one in the audience was hurt.

The rest of the show was canceled on Saturday, but was expected to resume Sunday.

The Associated Press reports:

"It wasn't clear Saturday what went so wrong. The biplane glided through the sky, rolled over, then crashed and exploded into flames ... A video posted on WHIO-TV shows the small plane turn upside-down as the performer sits on top of the wing. The plane then tilts and crashes to the ground, erupting into flames as spectators screamed."

The National Transportation Safety Board said it would investigate the crash of the 450 HP Stearmans biplane. The Dayton Daily News
quotes Terrence Slaybaugh, the director of aviation for the city of Dayton, as saying the investigation could take months.
"Obviously, this is a tragedy for what's a very small community and our thoughts and prayers go out to those two individuals and their families," Slaybaugh told reporters. "Right now, there's no conclusive answer about why the accident happened."