Any contributions welcomed and needed
Recommend
Naked CommunistGermany's Master Plan The Story of Industrial Offensive
Ghost in the Wires: My Adventures as the World's Most Wanted Hacker
Nazi Nexus: America's Corporate Connections to Hitler's Holocaust
The Difference Between God and Larry Ellison: *God Doesn't Think He's Larry Ellison
The Info Mesa: Science, Business, and New Age Alchemy on the Santa Fe Plateau
Vote President Obama, Defender of Privacy!
Remember Memorial Day - Thank you for your service
Watch out for Poison Ivy
Webroot Threat Blog has a post up today about the new Poison Ivy Trojan.
Here is some "Poison Ivy"that won't harm you or your computer
Archives - Mitt Romney, Bain, Huawei and China
http://www.newsmax.com/smith/china_3com/2007
China Angles to Buy 3Com
Thursday, October 25, 2007 2:48 PM
By: Charles R. Smith
The pending sale of a U.S. defense contractor to a company directly linked to the Chinese army would normally be canceled at once.
However, the links between a dark Chinese company and many of the most powerful politicians in America appears to have put the buyout of 3Com on the fast-track toward approval.
Bain Capital and Goldman Sachs — two leading financial firms — are currently seeking the buyout of 3Com, a computer communications firm with U.S. defense contracts. 3Com makes equipment used by the Pentagon to block computer hackers.
Bain is financing the buyout of 3Com with the Chinese telecommunications giant Huawei. Huawei is associated with the Chinese, Iraqi, and Taliban militaries.
Bain Capital is a major financial firm with a great deal of success in the past. Bain Capital was founded in 1984 by Republican presidential candidate Mitt Romney. According to Gov. Mitt Romney's campaign Web site, Bain is "one of the nation's most successful venture capital and investment companies."
However, it is Huawei that will benefit from the buyout. Huawei installed air defense networks for Saddam Hussein and the Taliban. The CIA, U.S. Defense Department, the Rand Corporation and even Indian intelligence agencies have openly documented Huawei's links to Saddam and the Taliban.
According to the CIA, Huawei was responsible for the installation of an advanced fiber-optic air defense network in Iraq during Saddam's brutal rule. The Huawei network, NATO code-named "Tiger Song," was used to shoot down allied aircraft flying patrol over the Iraqi skies.
The network was installed in violation of an U.N. embargo. Worse still, the air defense network was paid for by the corrupt oil-for-food program which send cash to Huawei that was intended to feed starving Iraqi children.
Despite its history of killing American soldiers — it is Huawei's teaming with Bain and Goldman Sachs that has enabled the Chinese company to arrange the buyout of 3Com. The Bain/Goldman/Huawei team has influence inside the highest political circles.
For example, current Republican candidate Mitt Romney has links to Bain. Gov. Romney enjoyed a successful career at Bain, helping to amass over a quarter of a billion dollars in his own personal fortune. Romney may have left the company in 2001, but he and his family still own a significant stake in the firm through his blind trust, which according to the Washington Post earned him $7 million to $15 million during the last year.
Bain associates, employees and friends have also been very generous to Gov. Romney's campaign for the White House. Bain employees have donated over $190,000 to Romney, making the firm one of his largest sources of political cash. This amount does not include the efforts of former and current Bain partners and executives of companies Romney bought who are also raising hundreds of thousands of dollars.
All these financial ties to Bain bring into question the possible conflict of interest that Romney faces. So far, Gov. Romney has refused to comment on the Bain deal. Repeated calls to the Romney campaign were not returned.
Another link in the chain for Huawei is Goldman Sachs — a financial company that is also sponsoring the 3Com buyout. Goldman is the former employer of Treasury Secretary Henry Paulson. The Treasury Department is charged with reviewing the take-over of 3Com by Huawei. Paulson had to recuse himself from the process because of the possible conflict of interest.
The Bush administration is having trouble dealing with the take-over bid. Secretary of Defense Robert Gates revealed that he was completely in the dark about the deal. The admission by the Gates echoed similar admissions by the Pentagon top brass that they also were unaware of the buyout.
The Defense Department and the U.S. intelligence agencies were surprised by the proposed deal and had to scramble in order to get it reviewed for national security reasons.
The failure at the Defense Department is attributed to the Defense Technology Security Agency or DTSA. The Pentagon has not appointed a director to run DTSA and the length of time the position has been vacant suggests little sense of urgency to do so. Leaderless, DTSA was caught unaware of the deal and was unable to provide warning to senior Defense Department officials.
During the Clinton years, DTSA was a strong advocate of checking all export deals with China. In fact, aggressive DTSA efforts were documented by the Loral Corporation for holding up the sale of advanced radars to the Chinese military. Today, DTSA is a headless giant unable to do its job.
----------------------------------------------------------------------------------------------------------------------------------------------
Mitt Romney's New 'Tiger Song'
Categories: tiger song,Mitt Romney,Elections 2008,Bain,Ren Zhengfei,China,Huawei
Mitt Romney has a new TV Video, "Asian Tiger”. NOT very smart by his high priced marketing team. The NATO code-name for the Huawei network is called “Tiger Song”.
Background:
http://www.freerepublic.com/focus/f-news/1916444/posts
China Angles to Buy 3Com
Excerpt:
According to the CIA, Huawei was responsible for the installation of an advanced fiber-optic air defense network in Iraq during Saddam’s brutal rule. The Huawei network, NATO code-named “Tiger Song,” was used to shoot down allied aircraft flying patrol over the Iraqi skies.
The network was installed in violation of an U.N. embargo. Worse still, the air defense network was paid for by the corrupt oil-for-food program which send cash to Huawei that was intended to feed starving Iraqi children.
Despite its history of killing American soldiers — it is Huawei’s teaming with Bain and Goldman Sachs that has enabled the Chinese company to arrange the buyout of 3Com. The Bain/Goldman/Huawei team has influence inside the highest political circles.
For example, current Republican candidate Mitt Romney has links to Bain. Gov. Romney enjoyed a successful career at Bain, helping to amass over a quarter of a billion dollars in his own personal fortune. Romney may have left the company in 2001, but he and his family still own a significant stake in the firm through his blind trust, which according to the Washington Post earned him $7 million to $15 million during the last year.
Bain associates, employees and friends have also been very generous to Gov. Romney’s campaign for the White House. Bain employees have donated over $190,000 to Romney, making the firm one of his largest sources of political cash. This amount does not include the efforts of former and current Bain partners and executives of companies Romney bought who are also raising hundreds of thousands of dollars.
All these financial ties to Bain bring into question the possible conflict of interest that Romney faces. So far, Gov. Romney has refused to comment on the Bain deal. Repeated calls to the Romney campaign were not returned.
------------------------------------------------------------------Most are not familiar with Huawei. The company’s founder, Ren Zhengfei is a former officer of the People’s Liberation Army.
Excerpt:
http://www.rand.org/pubs/monographs/2005/RAND_MG334.pdf
A New Direction for China’s Defense Industry
Huawei Shenzhen Technology Company. Huawei was founded in 1988 by Ren Zhengfei, a former director of the PLA General Staff Department’s Information Engineering Academy, which is responsible for telecom research for the Chinese military. Huawei maintains deep ties with the Chinese military, which serves a multi-faceted role as an important customer, as well as Huawei’s political patron and research and development partner. Both the government and the military tout Huawei as a national champion, and the company is currently China’s largest, fastest-growing, and most impressive telecommunications-equipment manufacturer...
In analyzing the dynamics of the IT sector, it is first necessary to divide the defense portion of the IT sector into two related but distinct categories. The first includes those subsectors providing the PLA with commercial-off-the-shelf IT systems, such as routers, switches, and computers, which have become increasingly central to the digitization of the U.S. military. Key companies in this category include such “red chips” (the Chinese equivalent of U.S. blue-chip companies) as Huawei, Zhongxing, Datang, Julong, and the Wuhan Research Institute, all of which are private companies spun off from state research institutes that enjoy national-champion preferences within the system. They are marked by new facilities in dynamic locales, such as southern and eastern China, a high-tech workforce, and infusions of foreign technology. These firms are not obligated to provide a social safety net for thousands of unemployable workers and their families in rural areas. Instead, they hire and fire staff using market-based incentives and stock options...
The two most important categories of Chinese IT firms, particularly in dealings with foreign multinationals, are telecommunications equipment and electronics. Publicly, the major players in telecommunications—Huawei, Datang, Zhongxing, and Great Dragon (Julong)—appear to be independent, private-sector actors. By contrast, many of the electronics firms are grouped under ostensibly commercially oriented conglomerates, such as China Electronics Corporation. However, one does not need to dig too deeply to discover that many of these electronics companies are the public face for, sprang from, or are significantly engaged in joint research with state research institutes under the Ministry of Information Industry, defense-industrial corporations, or the military. Indeed, each of the “four tigers” of the Chinese telecommunications equipment market (Huawei, Zhongxing, Datang, and Julong) originated from a different part of the existing state telecommunications research and development infrastructure, often from the internal telecommunications apparatus of different ministries or the military. These connections provide channels for personnel transfers, commercialization of state-sponsored R&D (”spin-off”), and militarization of commercial R&D (”spin-on”)...
Huawei has also become the most successful Chinese exporter of equipment, entering international markets in 1996. According to one source, “For the future, Huawei wants to be the Cisco of the PRC, but also is ambitious to become a global player.” The company is rapidly penetrating Africa, Russia, India, and many other areas ignored by Western telcos...
-----------------------------------------------------------------------As part of its backbone infrastructure work, Huawei supplied secure fiber optic communications networks widely within the PLA, its missile networks and fire control/command and control systems, and would supply a variant, Tiger Song, to Iraq prior to Operation Iraqi Freedom (during the 1990s) which greatly complicated US interdiction as previous Iraqi anti-air comm had been interceptable, targetable transmissions. The PRC was one of many UN embargo violators (which included our allies France and Germany as well as Russia)
http://www.afpc.org/crm/crm368.shtml
The Chinese-built “Tiger Song” fiber-optic air defense system used by Iraq is comprised of American-made technology obtained with a waiver from the Clinton Administration… The advanced fiber-optic system was a result of the friendship between General Ding Henggao, Commander of the Chinese Army military research bureau COSTIND [Commission on Science and Industry for National Defense] and then-US Defense Secretary William Perry...
In 1994, Professor John Lewis of Stanford University… teamed with General Ding to buy an advanced AT&T fiber-optic communication system for “civilian use” inside China. According to the Far Eastern Economic Review, [Perry] wrote a letter to US Government export control officials, favoring the fiber-optic export to China. The venture was called “Hua Mei.” The Chinese part of the venture was run by the newly formed firm, “Galaxy New Technology,” with General Ding’s wife, Madame Nie Li, as the head of the project.
With the support of Perry and the advice of Prof. Lewis, AT&T shipped the secure communications system directly to a Chinese Army unit, using Galaxy technology as a front. The so-called “civilian” Galaxy firm was packed with senior Chinese military officers… Madame Nie was not only the wife of General Ding, but actually Lt. General Nie Lie of the Chinese Army. Galaxy Director and president was Mr. Deng Changgru, also known as Lt. Colonel Deng Changru, head of the Chinese Army communcations corps. Co-General manager of Galaxy, “Mr.” Xie Zhichao, also known as Lt. Colonel Xie Zhichao, director of the Chinese Army’s Electronics Design Bureau…
“The Chinese army’s Electronics Bureau… modified the American fiber-optics communication system, changing it into a secure air-defense system. The Chinese military then exported the newly modified system to Iraq. The Iraqi air defense network, NATO code-named “Tiger Song,” is made of US and French fiber-optic parts modified by the Chinese military.”
In 2001, Iraqi anti-aircraft missiles, guided by Tiger Song, regularly target US fighter planes. And following the recent US-British attack on the system, Chinese military engineers are reportedly repairing damages to the system.
-------------------------------------------------------------------
HUNTER CALLS ON ROMNEY TO OPPOSE BAIN PARTNERSHIP WITH CHINESE COMPANY
FOR IMMEDIATE RELEASE: November 2, 2007
CONTACT: Gary Becks (619) 334-1655, dlhunter08@yahoo.com
San Diego, CA - - - Presidential candidate and current Ranking Member of the House Armed Services Committee, Congressman Duncan Hunter, today called on former Governor Mitt Romney to send a "clear statement" to the leadership of the company he founded, Bain Capital, to terminate a proposed business deal with a controversial Chinese corporation seeking to acquire U.S. defense contractor 3COM. Bain Capital is attempting to form a business arrangement with Huawei Corporation, a Chinese corporation founded by an officer of the Peoples Liberation Army of Communist China, which faces allegations of assisting Saddam Hussein in the targeting of U.S. aircraft and in helping the Taliban develop surveillance equipment.
"I am extremely concerned that Governor Romney's company would tout a highly suspect Chinese corporation as a strategic partner," stated Hunter. "Forming a business partnership with a corporation known to have direct ties with terrorists and dictators while, at the same time, openly seeking to acquire a major U.S. corporation that performs vital cyber security work for the Department of Defense, can only be characterized as irresponsible."
A resolution has been introduced in Congress, H.Res. 730, which states; "The preponderance of publicly available evidence clearly suggests that as currently structured, the proposed transaction involving Huawei threatens the national security of the United States and should not be approved by the Committee on Foreign Investment in the United States ." A copy of this resolution is provided.
Hunter stated in his letter to Governor Romney, "…while it is true that you no longer control Bain Capital, the contributions you have received from its principals as its founding member indicate that your influence within the company remains strong.
"Further, while the Committee on Foreign Investment has yet to rule on the Huawei transaction, this corporation's connection to Saddam Hussein, the Taliban and the Army of Communist China should clearly disqualify them from becoming, in the words of your former company, "a strategic partner" in acquiring a U.S. firm such as 3COM, which performs vital cyber-security work for the U.S. Department of Defense.
"This letter is a request that you immediately issue a statement of policy that this transaction should be terminated on the grounds of national security. Please let me know what you intend to do."
A copy of Congressman Hunter's letter, as well as two articles regarding Huawei acquisition efforts are provided. Media are encouraged to contact Gary Becks at (619) 334-1655 for additional information or to arrange an interview with Hunter.
# # #
Hunter for President, Inc. 9340 Fuerte Drive La Mesa, California 91941 United States
"Peace Through Strength" The need for military, economic and diplomatic strength.
Thank You
Sean Cole Midwest Regional Director IA, MO, IL, IN, KY, OH, and WV Hunter for President 08 Cell Number - 317-414-3424 Office Number 317-565-1392 Yahoo Instant Messenger: dhfundraiserDNS Malware Changer - July 9, 2012
As per US-CERT Security Operations Center
http://www.us-cert.gov/current/
Computers testing positive for infection of DNSChanger malware will need to be cleaned of the malware in order to maintain continued internet connectivity beyond July 9, 2012.
Here are some tips and source information to ensure you have a clean computer.
http://www.fbi.gov/DNS-changer-malware.pdf
New Smartphones and the Risk Picture
New Smartphones and the Risk Picture
A Product of the Network Components and Applications Division
The Mitigations Group 9800 Savage Rd. Ft. Meade, MD 20755-6704 410-854-6632 DSN: 244-6632
Does the News International Phone Hacking Extend to U.S.?
Senator Jay Rockefeller asks Britain if News Corp. phone hacking scandal extends to the U.S.
Read More at the Washington PostU.K. Parliament investigative Report into the phone hacking scandal:
http://defendourfreedoms.net/2012/05/01/uk-parliament-publishes-report-on-hacking.aspx
News International Phone Hacking Investigation by U.K. Parliament
I think Senator Rockefeller asks a very good question. I know of a few phone spoofers I would like to offer him too.
Oracle - Zero Day Exploit
I am a little surprised the hacker community is calling any exploit involving Oracle 'zero day'. Oracle itself is a wrapper with bundled remote access tools. The web development company they partnered with ensured the actual architecture is an actual backdoor. ::shrugs::
Anyway, more on the latest zero day at The Hacker News.
U.K. Parliament Publishes Report on Hacking
Federal Courts Order Seizure of 36 Website Domains Involved in Selling Stolen Credit Card Numbers
Federal Courts Order Seizure of 36 Website Domains Involved in Selling Stolen Credit Card Numbers
| U.S. Department of Justice April 26, 2012 |
WASHINGTON—Seizure orders have been executed against 36 domain names of websites engaged in the illegal sale and distribution of stolen credit card numbers, Assistant Attorney General Lanny A. Breuer of the Justice Department’s Criminal Division, U.S. Attorney Neil H. MacBride of the Eastern District of Virginia, and Acting Executive Assistant Director Kevin Perkins of the FBI’s Criminal, Cyber, Response, and Services Branch, announced today.
The seizures are the result of Operation Wreaking hAVoC, an FBI and Justice Department operation targeting the sale of stolen credit card numbers via the Internet. The operation was coordinated with international law enforcement, including the United Kingdom’s Serious Organised Crime Agency (SOCA).
The 36 seized domains are in the custody of the federal government. Visitors to the sites will now find a seizure banner that notifies them that the domain name has been seized by federal authorities.
“The websites we are targeting today were commercial outlets for stolen credit card information,” said Assistant Attorney General Breuer. “By making this information available on the Internet, these websites facilitated fraud on credit card holders around the world. The actions announced today are the result of extraordinary coordination with our international law enforcement partners and reflect our commitment to use every tool at our disposal to shut down fraudulent, criminal enterprises.”
“Countless lives are thrown into financial turmoil because of these websites,” said U.S. Attorney MacBride. “With a few simple clicks, thousands of stolen credit card numbers can be bought or sold to fraudsters anywhere in the world. Today’s seizures are part of an ongoing campaign to disrupt this online market regardless of where it operates.”
“By seizing the websites the criminal underground uses to blatantly sell stolen personal information, Operation Wreaking hAVoC shows that we are committed to protecting individuals online and preventing criminals from using the Internet to line their pockets,” said FBI Acting Executive Assistant Director Perkins. “The FBI and our partners around the world are committed to disabling these criminal networks. No single law enforcement agency can fight cyber crime on its own, and the FBI is proud to be a part of such an outstanding effort by all of the participating agencies.”
The websites of the seized domain names are commonly referred to as Automated Vending Carts (AVCs). An AVC is a website that functions as an open-ended invitation to any visitor to purchase stolen credit card numbers. AVCs allow a user to buy stolen credit card data over the Internet, even using an online shopping cart, just like a traditional online retailer. Some AVC sites allow a buyer to select which type of credit card number to purchase, the account’s country of origin, and, in some cases, the state in which the account holder lives. AVCs allow sellers to traffic stolen credit card data without communicating directly with buyers.
During this operation, law enforcement officials made undercover purchases of credit card numbers, including credit card numbers issued by Bank of America, SunTrust, and Capital One. The banks confirmed that the sites were not authorized to sell the credit card numbers. Seizure orders were obtained from a federal magistrate judge in the Eastern District of Virginia.
This U.S. operation was led by FBI’s Washington Field Office; the Computer Crime and Intellectual Property and Asset Forfeiture and Money Laundering Sections of the Justice Department’s Criminal Division; and the U.S. Attorney’s Office for the Eastern District of Virginia. The FBI’s Pittsburgh Field Office and the U.S. Attorney’s Office for the Western District of Pennsylvania also assisted in the investigation.
The international operation was led by the United Kingdom’s SOCA. The Australian Federal Police (AFP); German Bundeskriminalamt (BKA); United Kingdom’s Dedicated Cheque and Plastic Crime Unit (DCPCU); Macedonian Ministry of Interior Cyber Crime Unit (MOI); Ukraine Ministry of Internal Affairs; Romanian Ministry of Interior; and the Dutch High-Tech Crimes Unit (KLPD) provided assistance. Activities conducted by these international law enforcement agencies included arrests of AVC operators and purchasers, additional domain seizures, and data seizures.
How Many Know the GLB Act?
If data is regulated by GLB, it is regulated also under FCRA.
Gramm-Leach-Bliley Act
15 USC, Subchapter I, Sec. 6801-6809
Disclosure of Nonpublic Personal Information
Sec. 6801. Protection of nonpublic personal information.
(a) Privacy obligation policy.
(b) Financial institutions safeguards.6802. Obligations with respect to disclosures of personal information. (a) Notice requirements.
(b) Opt out.
(c) Limits on reuse of information.
(d) Limitations on the sharing of account number information for marketing purposes.
(e) General exceptions.6803. Disclosure of institution privacy policy. (a) Disclosure required.
(b) Information to be included.6804. Rulemaking. (a) Regulatory authority.
(b) Authority to grant exceptions.6805. Enforcement. (a) In general.
(b) Enforcement of section 6801.
(c) Absence of State action.
(d) Definitions.6806. Relation to other provisions. 6807. Relation to State laws. (a) In general.
(b) Greater protection under State law.6808. Study of information sharing among financial affiliates. (a) In general.
(b) Consultation.
(c) Report.6809. Definitions.
Sec. 6801. Protection of nonpublic personal information
(a) Privacy obligation policy
It is the policy of the Congress that each financial institution has an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers' nonpublic personal information.
(b) Financial institutions safeguards
In furtherance of the policy in subsection (a) of this section, each agency or authority described in section 6805(a) of this title shall establish appropriate standards for the financial institutions subject to their jurisdiction relating to administrative, technical, and physical safeguards -
(1) to insure the security and confidentiality of customer records and information;
(2) to protect against any anticipated threats or hazards to the security or integrity of such records; and
(3) to protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer.
SECTION REFERRED TO IN OTHER SECTIONS
This section is referred to in sections 6803, 6805 of this title.
NOTE: Pub. L. 106-102, title V, Sec. 510, Nov. 12, 1999, 113 Stat. 1445, provided that: ''This subtitle (subtitle A (Sec. 501-510) of title V of Pub. L. 106-102, enacting this subchapter and amending section 1681s of this title) shall take effect 6 months after the date on which rules are required to be prescribed under section 504(a)(3) (15 U.S.C. 6804(a)(3)), except -''(1) to the extent that a later date is specified in the rules prescribed under section 504; and
''(2) that sections 504 (15 U.S.C. 6804) and 506 (enacting section 6806 of this title and amending section 1681s of this title) shall be effective upon enactment (Nov. 12, 1999).''
Sec. 6802. Obligations with respect to disclosures of personal information
(a) Notice requirements
Except as otherwise provided in this subchapter, a financial institution may not, directly or through any affiliate, disclose to a nonaffiliated third party any nonpublic personal information, unless such financial institution provides or has provided to the consumer a notice that complies with section 6803 of this title.
(b) Opt out
(1) In general
A financial institution may not disclose nonpublic personal information to a nonaffiliated third party unless -
(A) such financial institution clearly and conspicuously discloses to the consumer, in writing or in electronic form or other form permitted by the regulations prescribed under section 6804 of this title, that such information may be disclosed to such third party;
(
the consumer is given the opportunity, before the time that such information is initially disclosed, to direct that such information not be disclosed to such third party; and
(C) the consumer is given an explanation of how the consumer can exercise that nondisclosure option.
(2) Exception
This subsection shall not prevent a financial institution from providing nonpublic personal information to a nonaffiliated third party to perform services for or functions on behalf of the financial institution, including marketing of the financial institution's own products or services, or financial products or services offered pursuant to joint agreements between two or more financial institutions that comply with the requirements imposed by the regulations prescribed under section 6804 of this title, if the financial institution fully discloses the providing of such information and enters into a contractual agreement with the third party that requires the third party to maintain the confidentiality of such information.
(c) Limits on reuse of information
Except as otherwise provided in this subchapter, a nonaffiliated third party that receives from a financial institution nonpublic personal information under this section shall not, directly or through an affiliate of such receiving third party, disclose such information to any other person that is a nonaffiliated third party of both the financial institution and such receiving third party, unless such disclosure would be lawful if made directly to such other person by the financial institution.
(d) Limitations on the sharing of account number information for marketing purposes
A financial institution shall not disclose, other than to a consumer reporting agency, an account number or similar form of access number or access code for a credit card account, deposit account, or transaction account of a consumer to any nonaffiliated third party for use in telemarketing, direct mail marketing, or other marketing through electronic mail to the consumer.
(e) General exceptions
Subsections (a) and (b) of this section shall not prohibit the disclosure of nonpublic personal information -
(1) as necessary to effect, administer, or enforce a transaction requested or authorized by the consumer, or in connection with -
(A) servicing or processing a financial product or service requested or authorized by the consumer;
(
(C) a proposed or actual securitization, secondary market sale (including sales of servicing rights), or similar transaction related to a transaction of the consumer;
(2) with the consent or at the direction of the consumer;
(3)(A) to protect the confidentiality or security of the financial institution's records pertaining to the consumer, the service or product, or the transaction therein; (
(4) to provide information to insurance rate advisory organizations, guaranty funds or agencies, applicable rating agencies of the financial institution, persons assessing the institution's compliance with industry standards, and the institution's attorneys, accountants, and auditors;
(5) to the extent specifically permitted or required under other provisions of law and in accordance with the Right to Financial Privacy Act of 1978 (12 U.S.C. 3401 et seq.), to law enforcement agencies (including a Federal functional regulator, the Secretary of the Treasury with respect to subchapter II of chapter 53 of title 31, and chapter 2 of title I of Public Law 91-508 (12 U.S.C. 1951-1959), a State insurance authority, or the Federal Trade Commission), self-regulatory organizations, or for an investigation on a matter related to public safety;
(6)(A) to a consumer reporting agency in accordance with the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.), or (
(7) in connection with a proposed or actual sale, merger, transfer, or exchange of all or a portion of a business or operating unit if the disclosure of nonpublic personal information concerns solely consumers of such business or unit; or
(8) to comply with Federal, State, or local laws, rules, and other applicable legal requirements; to comply with a properly authorized civil, criminal, or regulatory investigation or subpoena or summons by Federal, State, or local authorities; or to respond to judicial process or government regulatory authorities having jurisdiction over the financial institution for examination, compliance, or other purposes as authorized by law.
(Pub. L. 106-102, title V, Sec. 502, Nov. 12, 1999, 113 Stat. 1437.)
REFERENCES IN TEXT
This subchapter, referred to in subsecs. (a) and (c), was in the original ''this subtitle'', meaning subtitle A (Sec. 501 et seq.) of title V of Pub. L. 106-102, Nov. 12, 1999, 113 Stat. 1436, which enacted this subchapter and amended section 1681s of this title.
For complete classification of subtitle A to the Code, see Tables.
The Right to Financial Privacy Act of 1978, referred to in subsec. (e)(5), is title XI of Pub. L. 95-630, Nov. 10, 1978, 92 Stat. 3697, as amended, which is classified generally to chapter 35 (Sec. 3401 et seq.) of Title 12, Banks and Banking. For complete classification of this Act to the Code, see Short Title note set out under section 3401 of Title 12 and Tables.
Chapter 2 of title I of Public Law 91-508, referred to in subsec. (e)(5), is chapter 2 (Sec. 121-129) of title I of Pub. L. 91-508, Oct. 26, 1970, 84 Stat. 1116, which is classified generally to chapter 21 (Sec. 1951 et seq.) of Title 12, Banks and Banking. For complete classification of chapter 2 to the Code, see Tables.
The Fair Credit Reporting Act, referred to in subsec. (e)(6)(A), is title VI of Pub. L. 90-321, as added by Pub. L. 91-508, title VI, Sec. 601, Oct. 26, 1970, 84 Stat. 1127, as amended, which is classified generally to subchapter III (Sec. 1681 et seq.) of chapter 41 of this title. For complete classification of this Act to the Code, see Short Title note set out under section 1601 of this title and Tables.
SECTION REFERRED TO IN OTHER SECTIONS
This section is referred to in sections 6803, 6804, 6809 of this title.
Sec. 6803. Disclosure of institution privacy policy
(a) Disclosure required
At the time of establishing a customer relationship with a consumer and not less than annually during the continuation of such relationship, a financial institution shall provide a clear and conspicuous disclosure to such consumer, in writing or in electronic form or other form permitted by the regulations prescribed under section 6804 of this title, of such financial institution's policies and practices with respect to -
(1) disclosing nonpublic personal information to affiliates and nonaffiliated third parties, consistent with section 6802 of this title, including the categories of information that may be disclosed;
(2) disclosing nonpublic personal information of persons who have ceased to be customers of the financial institution; and
(3) protecting the nonpublic personal information of consumers.
Such disclosures shall be made in accordance with the regulations prescribed under section 6804 of this title.
(b) Information to be included
The disclosure required by subsection (a) of this section shall include -
(1) the policies and practices of the institution with respect to disclosing nonpublic personal information to nonaffiliated third parties, other than agents of the institution, consistent with section 6802 of this title, and including -
(A) the categories of persons to whom the information is or may be disclosed, other than the persons to whom the information may be provided pursuant to section 6802(e) of this title; and
(
(2) the categories of nonpublic personal information that are collected by the financial institution;
(3) the policies that the institution maintains to protect the confidentiality and security of nonpublic personal information in accordance with section 6801 of this title; and
(4) the disclosures required, if any, under section 1681a(d)(2)(A)(iii) of this title.
(Pub. L. 106-102, title V, Sec. 503, Nov. 12, 1999, 113 Stat. 1439.)
SECTION REFERRED TO IN OTHER SECTIONS
This section is referred to in section 6802 of this title.
Sec. 6804. Rulemaking
(a) Regulatory authority
(1) Rulemaking
The Federal banking agencies, the National Credit Union Administration, the Secretary of the Treasury, the Securities and Exchange Commission, and the Federal Trade Commission shall each prescribe, after consultation as appropriate with representatives of State insurance authorities designated by the National Association of Insurance Commissioners, such regulations as may be necessary to carry out the purposes of this subchapter with respect to the financial institutions subject to their jurisdiction under section 6805 of this title.
(2) Coordination, consistency, and comparability
Each of the agencies and authorities required under paragraph (1) to prescribe regulations shall consult and coordinate with the other such agencies and authorities for the purposes of assuring, to the extent possible, that the regulations prescribed by each such agency and authority are consistent and comparable with the regulations prescribed by the other such agencies and authorities.
(3) Procedures and deadline
Such regulations shall be prescribed in accordance with applicable requirements of title 5 and shall be issued in final form not later than 6 months after November 12, 1999.
(b) Authority to grant exceptions
The regulations prescribed under subsection (a) of this section may include such additional exceptions to subsections (a) through (d) of section 6802 of this title as are deemed consistent with the purposes of this subchapter.
(Pub. L. 106-102, title V, Sec. 504, Nov. 12, 1999, 113 Stat.1439.)
SECTION REFERRED TO IN OTHER SECTIONS
This section is referred to in sections 6802, 6803, 6809 of this title.
Sec. 6805. Enforcement
(a) In general
This subchapter and the regulations prescribed thereunder shall be enforced by the Federal functional regulators, the State insurance authorities, and the Federal Trade Commission with respect to financial institutions and other persons subject to their jurisdiction under applicable law, as follows:
(1) Under section 1818 of title 12, in the case of -
(A) national banks, Federal branches and Federal agencies of foreign banks, and any subsidiaries of such entities (except brokers, dealers, persons providing insurance, investment companies, and investment advisers), by the Office of the Comptroller of the Currency;
(
(C) banks insured by the Federal Deposit Insurance Corporation (other than members of the Federal Reserve System), insured State branches of foreign banks, and any subsidiaries of such entities (except brokers, dealers, persons providing insurance, investment companies, and investment advisers), by the Board of Directors of the Federal Deposit Insurance Corporation; and
(D) savings associations the deposits of which are insured by the Federal Deposit Insurance Corporation, and any subsidiaries of such savings associations (except brokers, dealers, persons providing insurance, investment companies, and investment advisers), by the Director of the Office of Thrift Supervision.
(2) Under the Federal Credit Union Act (12 U.S.C. 1751 et seq.), by the Board of the National Credit Union Administration with respect to any federally insured credit union, and any subsidiaries of such an entity.
(3) Under the Securities Exchange Act of 1934 (15 U.S.C. 78a et seq.), by the Securities and Exchange Commission with respect to any broker or dealer.
(4) Under the Investment Company Act of 1940 (15 U.S.C. 80a-1 et seq.), by the Securities and Exchange Commission with respect to investment companies.
(5) Under the Investment Advisers Act of 1940 (15 U.S.C. 80b-1
et seq.), by the Securities and Exchange Commission with respect to investment advisers registered with the Commission under such Act.
(6) Under State insurance law, in the case of any person engaged in providing insurance, by the applicable State insurance authority of the State in which the person is domiciled, subject to section 6701 of this title.
(7) Under the Federal Trade Commission Act (15 U.S.C. 41 et seq.), by the Federal Trade Commission for any other financial institution or other person that is not subject to the jurisdiction of any agency or authority under paragraphs (1) through (6) of this subsection.
(b) Enforcement of section 6801
(1) In general
Except as provided in paragraph (2), the agencies and authorities described in subsection (a) of this section shall implement the standards prescribed under section 6801(b) of this title in the same manner, to the extent practicable, as standards prescribed pursuant to section 1831p-1(a) of title 12 are implemented pursuant to such section.
(2) Exception
The agencies and authorities described in paragraphs (3), (4), (5), (6), and (7) of subsection (a) of this section shall implement the standards prescribed under section 6801(b) of this title by rule with respect to the financial institutions and other persons subject to their respective jurisdictions under subsection (a) of this section.
(c) Absence of State action
If a State insurance authority fails to adopt regulations to carry out this subchapter, such State shall not be eligible to override, pursuant to section 1831x(g)(2)(
(d) Definitions
The terms used in subsection (a)(1) of this section that are not defined in this subchapter or otherwise defined in section 1813(s) of title 12 shall have the same meaning as given in section 3101 of title 12.
(Pub. L. 106-102, title V, Sec. 505, Nov. 12, 1999, 113 Stat. 1440.)
REFERENCES IN TEXT
Section 25 of the Federal Reserve Act, referred to in subsec. (a)(1)(
The Federal Credit Union Act, referred to in subsec. (a)(2), is act June 26, 1934, ch. 750, 48 Stat. 1216, as amended, which is classified generally to chapter 14 (Sec. 1751 et seq.) of Title 12, Banks and Banking. For complete classification of this Act to the Code, see section 1751 of Title 12 and Tables.
The Securities Exchange Act of 1934, referred to in subsec. (a)(3), is act June 6, 1934, ch. 404, 48 Stat. 881, as amended, which is classified principally to chapter 2B (Sec. 78a et seq.) of this title. For complete classification of this Act to the Code, see section 78a of this title and Tables.
The Investment Company Act of 1940, referred to in subsec. (a)(4), is title I of act Aug. 22, 1940, ch. 686, 54 Stat. 789, as amended, which is classified generally to subchapter I (Sec. 80a-1 et seq.) of chapter 2D of this title. For complete classification of this Act to the Code, see section 80a-51 of this title and Tables.
The Investment Advisers Act of 1940, referred to in subsec. (a)(5), is title II of act Aug. 22, 1940, ch. 686, 54 Stat. 847, as amended, which is classified generally to subchapter II (Sec. 80b-1 et seq.) of chapter 2D of this title. For complete classification of this Act to the Code, see section 80b-20 of this title and Tables.
The Federal Trade Commission Act, referred to in subsec. (a)(7), is act Sept. 26, 1914, ch. 311, 38 Stat. 717, as amended, which is classified generally to subchapter I (Sec. 41 et seq.) of chapter 2 of this title. For complete classification of this Act to the Code, see section 58 of this title and Tables.
SECTION REFERRED TO IN OTHER SECTIONS
This section is referred to in sections 6801, 6804, 6807 of this title.
Sec. 6806. Relation to other provisions
Except for the amendments made by subsections (a) and (b), nothing in this chapter shall be construed to modify, limit, or supersede the operation of the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.), and no inference shall be drawn on the basis of the provisions of this chapter regarding whether information is transaction or experience information under section 603 of such Act (15 U.S.C. 1681a).
(Pub. L. 106-102, title V, Sec. 506(c), Nov. 12, 1999, 113 Stat. 1442.)
REFERENCES IN TEXT
Amendments made by subsections (a) and (b), referred to in text, means amendments made by section 506(a) and (b) of Pub. L. 106-102, which amended section 1681s of this title.
This chapter, referred to in text, was in the original ''this title'', meaning title V of Pub. L. 106-102, Nov. 12, 1999, 113 Stat. 1436, as amended, which enacted this chapter and amended section 1681s of this title. For complete classification of title V to the Code, see Tables.
The Fair Credit Reporting Act, referred to in text, is title VI of Pub. L. 90-321, as added by Pub. L. 91-508, title VI, Sec. 601, Oct. 26, 1970, 84 Stat. 1127, as amended, which is classified generally to subchapter III (Sec. 1681 et seq.) of chapter 41 of this title. For complete classification of this Act to the Code, see Short Title note set out under section 1601 of this title and Tables.
Sec. 6807. Relation to State laws
(a) In general
This subchapter and the amendments made by this subchapter shall not be construed as superseding, altering, or affecting any statute, regulation, order, or interpretation in effect in any State, except to the extent that such statute, regulation, order, or interpretation is inconsistent with the provisions of this subchapter, and then only to the extent of the inconsistency.
(b) Greater protection under State law
For purposes of this section, a State statute, regulation, order, or interpretation is not inconsistent with the provisions of this subchapter if the protection such statute, regulation, order, or interpretation affords any person is greater than the protection provided under this subchapter and the amendments made by this subchapter, as determined by the Federal Trade Commission, after consultation with the agency or authority with jurisdiction under section 6805(a) of this title of either the person that initiated the complaint or that is the subject of the complaint, on its own motion or upon the petition of any interested party.
(Pub. L. 106-102, title V, Sec. 507, Nov. 12, 1999, 113 Stat. 1442.)
REFERENCES IN TEXT
This subchapter, referred to in text, was in the original ''this subtitle'', meaning subtitle A (Sec. 501-510) of title V of Pub. L. 106-102, Nov. 12, 1999, 113 Stat. 1436, which enacted this subchapter and amended section 1681s of this title. For complete classification of subtitle A to the Code, see Tables.
Sec. 6808. Study of information sharing among financial affiliates
(a) In general
The Secretary of the Treasury, in conjunction with the Federal functional regulators and the Federal Trade Commission, shall conduct a study of information sharing practices among financial institutions and their affiliates. Such study shall include -
(1) the purposes for the sharing of confidential customer information with affiliates or with nonaffiliated third parties;
(2) the extent and adequacy of security protections for such information;
(3) the potential risks for customer privacy of such sharing of information;
(4) the potential benefits for financial institutions and affiliates of such sharing of information;
(5) the potential benefits for customers of such sharing of information;
(6) the adequacy of existing laws to protect customer privacy;
(7) the adequacy of financial institution privacy policy and privacy rights disclosure under existing law;
(8) the feasibility of different approaches, including opt-out and opt-in, to permit customers to direct that confidential information not be shared with affiliates and nonaffiliated third parties; and
(9) the feasibility of restricting sharing of information for specific uses or of permitting customers to direct the uses for which information may be shared.
(b) Consultation
The Secretary shall consult with representatives of State insurance authorities designated by the National Association of Insurance Commissioners, and also with financial services industry, consumer organizations and privacy groups, and other representatives of the general public, in formulating and conducting the study required by subsection (a) of this section.
(c) Report
On or before January 1, 2002, the Secretary shall submit a report to the Congress containing the findings and conclusions of the study required under subsection (a) of this section, together with such recommendations for legislative or administrative action as may be appropriate.
(Pub. L. 106-102, title V, Sec. 508, Nov. 12, 1999, 113 Stat.1442.)
Sec. 6809. Definitions
As used in this subchapter:
(1) Federal banking agency
The term ''Federal banking agency'' has the same meaning as given in section 1813 of title 12.
(2) Federal functional regulator
The term ''Federal functional regulator'' means -
(A) the Board of Governors of the Federal Reserve System;
(
(C) the Board of Directors of the Federal Deposit Insurance Corporation;
(D) the Director of the Office of Thrift Supervision;
(E) the National Credit Union Administration Board; and
(F) the Securities and Exchange Commission.
(3) Financial institution
(A) In general
The term ''financial institution'' means any institution the business of which is engaging in financial activities as described in section 1843(k) of title 12.
(
Notwithstanding subparagraph (A), the term ''financial institution'' does not include any person or entity with respect to any financial activity that is subject to the jurisdiction of the Commodity Futures Trading Commission under the Commodity Exchange Act (7 U.S.C. 1 et seq.).
(C) Farm credit institutions
Notwithstanding subparagraph (A), the term ''financial institution'' does not include the Federal Agricultural Mortgage Corporation or any entity chartered and operating under the Farm Credit Act of 1971 (12 U.S.C. 2001 et seq.).
(D) Other secondary market institutions
Notwithstanding subparagraph (A), the term ''financial institution'' does not include institutions chartered by Congress specifically to engage in transactions described in section 6802(e)(1)(C) of this title, as long as such institutions do not sell or transfer nonpublic personal information to a nonaffiliated third party.
(4) Nonpublic personal information
(A) The term ''nonpublic personal information'' means personally identifiable financial information -
(i) provided by a consumer to a financial institution;
(ii) resulting from any transaction with the consumer or any service performed for the consumer; or
(iii) otherwise obtained by the financial institution.
(
(C) Notwithstanding subparagraph (
(i) shall include any list, description, or other grouping of consumers (and publicly available information pertaining to them) that is derived using any nonpublic personal information other than publicly available information; but
(ii) shall not include any list, description, or other grouping of consumers (and publicly available information pertaining to them) that is derived without using any nonpublic personal information.
(5) Nonaffiliated third party
The term ''nonaffiliated third party'' means any entity that is not an affiliate of, or related by common ownership or affiliated by corporate control with, the financial institution, but does not include a joint employee of such institution.
(6) Affiliate
The term ''affiliate'' means any company that controls, is controlled by, or is under common control with another company.
(7) Necessary to effect, administer, or enforce
The term ''as necessary to effect, administer, or enforce the transaction'' means -
(A) the disclosure is required, or is a usual, appropriate, or acceptable method, to carry out the transaction or the product or service business of which the transaction is a part, and record or service or maintain the consumer's account in the ordinary course of providing the financial service or financial product, or to administer or service benefits or claims relating to the transaction or the product or service business of which it is a part, and includes -
(i) providing the consumer or the consumer's agent or broker with a confirmation, statement, or other record of the transaction, or information on the status or value of the financial service or financial product; and
(ii) the accrual or recognition of incentives or bonuses associated with the transaction that are provided by the financial institution or any other party;
(
(C) the disclosure is required, or is a usual, appropriate, or acceptable method, for insurance underwriting at the consumer's request or for reinsurance purposes, or for any of the following purposes as they relate to a consumer's insurance: Account administration, reporting, investigating, or preventing fraud or material misrepresentation, processing premium payments, processing insurance claims, administering insurance benefits (including utilization review activities), participating in research projects, or as otherwise required or specifically permitted by Federal or State law; or
(D) the disclosure is required, or is a usual, appropriate or acceptable method, in connection with -
(i) the authorization, settlement, billing, processing, clearing, transferring, reconciling, or collection of amounts charged, debited, or otherwise paid using a debit, credit or other payment card, check, or account number, or by other payment means;
(ii) the transfer of receivables, accounts or interests therein; or
(iii) the audit of debit, credit or other payment information.
(8) State insurance authority
The term ''State insurance authority'' means, in the case of any person engaged in providing insurance, the State insurance authority of the State in which the person is domiciled.
(9) Consumer
The term ''consumer'' means an individual who obtains, from a financial institution, financial products or services which are to be used primarily for personal, family, or household purposes, and also means the legal representative of such an individual.
(10) Joint agreement
The term ''joint agreement'' means a formal written contract pursuant to which two or more financial institutions jointly offer, endorse, or sponsor a financial product or service, and as may be further defined in the regulations prescribed under section 6804 of this title.
(11) Customer relationship
The term ''time of establishing a customer relationship'' shall be defined by the regulations prescribed under section 6804 of this title, and shall, in the case of a financial institution engaged in extending credit directly to consumers to finance purchases of goods or services, mean the time of establishing the credit relationship with the consumer.
(Pub. L. 106-102, title V, Sec. 509, Nov. 12, 1999, 113 Stat. 1443.)
REFERENCES IN TEXT
The Commodity Exchange Act, referred to in par. (3)(
The Farm Credit Act of 1971, referred to in par. (3)(C), is Pub. L. 92-181, Dec. 10, 1971, 85 Stat. 583, as amended, which is classified generally to chapter 23 (Sec. 2001 et seq.) of Title 12, Banks and Banking. For complete classification of this Act to the Code, see Short Title note set out under section 2001 of Title 12 and Tables.