We shred the proposed settlement. We mention the penetration test (which can be obtained for as little as a $100) they pass off as a full security audit; I am pushing hard for one certified as conforming to a strong existing industry standard, namely ISO 27001, as there are some security standards (e.g. PCI, SOX) that are not designed to ensure a reasonable level of overall security has been achieved. [edit: I am also pushing hard for the requirement that they PASS the audit.] We highlight the master-magician-caliber misdirection from the main accusations of wrongdoing – secrecy, false advertising, Identity Theft, and poor security, and prove the utter failure of any of the proposed remedies to address them. We disclose the fraudulent filing of court documents with the court that purported to show my signature on the settlement, and the written threats made by my former counsel and intended to prevent me from fulfilling my duty to the class. Finally, we propose remedies to the settlement to address the flaws we highlight.
For a SUMMARY of the brief as well as further information, please see the Press Release from my counsel, Public Citizen, who, with assistance from local firm Chavez & Gertler, have provided most excellent counsel. While I had previously prepared my own CMC statement, brief and declaration tearing down the settlement components, theirs is dramatically superior to what I had come up with. I had drafted them during the time period after I realized that I and the class lacked (and during which I was searching for) adequate counsel (i.e. about half of 2008). I have now spent over a thousand hours of my time on this case!
Perhaps Ameritrade should be required to publish a security audit letter alongside the standard financial audit letter in the company’s annual report. In another case of a web breach I found, the FTC required security audits for 20 years. Companies that make a public fanfare proclaiming what good citizens they are face harsher penalties when they are shown to be nothing of the sort. Seems reasonable to me. What do you think?