The chief of the credit card processing company whose computer system was penetrated by data thieves, exposing 40 million cardholders to a risk of fraud, acknowledged yesterday that the company should not have been retaining those records.
The official, John M. Perry, chief executive of CardSystems Solutions, indicated that the records known to have been stolen covered roughly 200,000 of the 40 million compromised credit card accounts, from Visa, MasterCard and other card issuers. He said the data was in a file being stored for “research purposes” to determine why certain transactions had registered as unauthorized or uncompleted.
“We should not have been doing that,” Mr. Perry said. “That, however, has been remediated.” As for the sensitive data, he added, “We no longer store it on files.”
Under rules established by Visa and MasterCard, processors are not allowed to retain cardholder information including names, account numbers, expiration dates and security codes after a transaction is handled.
“CardSystems provides services and is supposed to pass that information on to the banks and not keep it,” said Joshua Peirez, a MasterCard senior vice president who has been involved with the investigation. “They were keeping it.”
For Pam Alexson, the decision whether to have a potentially defective heart device removed and replaced was easy. Ms. Alexson, a former nurse in Rehoboth, Mass., who expects to undergo surgery tomorrow, has the same Guidant Corporation defibrillator that failed in a college student who died in March, as well as the same type of genetic heart disease that killed him.
But another heart patient with that Guidant unit, Douglas Parsons, said he was holding back, not because he did not want the device out, but because his history of infection pointed to a bigger risk from surgery .
“I feel like I’m stuck between a rock and a hard spot,” said Mr. Parsons, a 62-year-old retired high school teacher in Oneonta, N.Y. “I would like to have it removed but I can’t take that risk.”
In coming weeks, thousands of patients and their doctors will be weighing competing risks as a result of Guidant’s decision last week, after urging by the Food and Drug Administration, to recall about 29,000 defibrillators that can potentially short-circuit when they are needed. Defibrillators emit an electrical jolt to restore rhythm to a chaotically beating heart.
Each assessment on surgery, doctors say, will be a personal one, based on a patient’s age and health, how dependent the patient is on the device and the patient’s attitudes toward risk.
Already, however, some patients like Ms. Alexson and Mr. Parsons are sharing a similar emotion: a sense of betrayal that Guidant did not disclose the problem earlier so that some people might have been spared the tough choice they now face.
Guidant did not tell doctors for over three years about the electrical flaw in one model, the Ventak Prizm 2 DR Model 1861, that it has recalled. It also kept selling older versions of it after developing a version not prone to short-circuiting.
WASHINGTON, June 19 – Law enforcement officials have made at least 200 formal and informal inquiries to libraries for information on reading material and other internal matters since October 2001, according to a new study that adds grist to the growing debate in Congress over the government’s counterterrorism powers.
In some cases, agents used subpoenas or other formal demands to obtain information like lists of users checking out a book on Osama bin Laden. Other requests were informal – and were sometimes turned down by librarians who chafed at the notion of turning over such material, said the American Library Association, which commissioned the study.
The association, which is pushing to scale back the government’s powers to gain information from libraries, said its $300,000 study was the first to examine a question that was central to a House vote last week on the USA Patriot Act: how frequently federal, state and local agents are demanding records from libraries.
The Bush administration says that while it is important for law enforcement officials to get information from libraries if needed in terrorism investigations, officials have yet to actually use their power under the Patriot Act to demand records from libraries or bookstores.
* * *
Perhaps the fiercest counterattack from the Bush administration on the issue came in 2003 from John Ashcroft, then the attorney general, who said in a speech in Washington that groups like the American Library Association had bought into “breathless reports and baseless hysteria” about the government’s interest in libraries.
“Do we at the Justice Department really care what you are reading?” Mr. Ashcroft asked. “No.”
What’s the common thread here? Someone lied. We won’t misuse your data. There’s no problem with our defibrillators. We won’t invade your privacy.
If there’s one thing I learned from my father, and one thing I would hope to someday teach my child, it is that authoritative voices experts, politicians, whoever should not be trusted blindly.
This isn’t to suggest that ignorance should be embraced. On almost any subject you can think of, there are people in the world who know far more about it than you do and that’s a good thing. We’d all be in trouble if, say, cartoonists were suddenly called upon to perform open heart surgery. Hell, we’d be in trouble if cartoonists were suddenly in charge of trash collection.
Nonetheless…how many times do we as a society, as a species have to learn and re-learn the same simple lesson: that when power and/or money are at stake, lies often result?