NY AG Wants Do Not Identity Theft Law
from the here-come-the-legislators dept
New York's Attorney General (and gubernatorial candidate) Eliot Spitzer seems to show up wherever there's an issue that's getting a lot of press. He took on Wall Street companies, spammers and insurance scammers among many others. So, is it really any surprise that he's now decided to take on identity theft? Of course, there already are laws against identity theft and fraud. While they could be made better, it's not clear that's what's happening here. In fact, one of the proposed laws speaks directly to all of those recent data leaks from ChoicePoint, LexisNexis and others. It would create a "Do Not Share" list that people could sign up for, forbidding any of these companies to share your data. While this might sound good on its face, it seems to be based on the idea that there really isn't a good reason for companies to ever share your data -- which isn't quite true. Many of the conveniences we have these days is because of the data that's available. Granted, in plenty of cases it may have gone too far, and these companies have done a dreadful job -- but a full stop "do not share" list (which many people would quickly sign up for without realizing the impact) could greatly inconvenience many people. A much more reasonable solution isn't to ban all sharing of information, but to give people more control and visibility into (1) what information companies have about them and (2) how it's being used. That way, individuals can work to prevent the misuses, while still getting the benefits.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
No Subject Given
I'd like to see some examples of the difficulties you're picturing. I can see telephone books being hard to make, but what else do you worry about?
[ link to this | view in thread ]
In fact, federal legislation is needed
We need some basic federal guidelines about what constitutes reasonable data sharing, without and even with permission. And we definitely need legislation limiting what a EULA can do.
Originally, EULAs were a vehicle for limiting company liability. Now they are a vehicle for getting you to sign a contract without reading it.
- The Precision Blogger
http://precision-blogging.blogspot.com
[ link to this | view in thread ]
Kind of like Credit Reporting laws
Although getting the credit reporting agencies to actually follow through on your complaints is about as much fun as a root canal, you can push the issue hard enough and get something resolved.
With these information brokers, we have no way of knowing what information is stored about us, how much of it is wrong, etc.
One time, a long time ago when I was young and foolish, I got a dept. store credit card and had them add a second card in my girlfriend's name. Then I started getting phone calls at home asking for her - then others asking for my spouse. When I explained that I'm not married, they said "Oh, our records show you have a wife named Catherine".
I still get calls like that and it's been almost 20 years!
[ link to this | view in thread ]
Re: No Subject Given
Yes, there are many problems associated with it as well, but don't completely knock what this has brought about.
[ link to this | view in thread ]
I'll risk it.
[ link to this | view in thread ]
*I* want a
You start out talking about a list that I can put my name on if I choose to, to stop the flow of junk mail if I choose to, to reduce my exposure to ID theft if I choose to, to prevent someone from profiting on my credentials if I choose to. Sense a theme here? Your argument falls completely flat when you make the logical leap *from* calling a list on which I can voluntarily place my name *to* stating that we shouldn't really "ban all sharing of information". An Opt-In policy is not a ban. It is simply an assurance that my identity is mine to do with as *I* please and not a property that can be marketed by someone without my express permission. Nobody should have the right to subvert that basic a right.
You condescend when you assert that people are too stupid to know best what to do with their own personal information. Heavens -- how destitute my life would be if I didn't have daily offers in the mail for pre-approved credit cards and an inbox full of emails offering me cheap prescription drugs, fountain-of-youth pills, and a larger p_nis. How would I survive without such "conveniences"?
The ONLY good reason for companies to ever share my data would be if I make the determination about who gets it, and for what purpose. I'll do without any services whose providers require that I give over ownership of my identity without my prior knowledge.
[ link to this | view in thread ]
Re: *I* want a
So, absolutely YES, the system needs to be changed to give users more control over it. But completely opting-out doesn't just do damage to individuals but the ease of capital flow throughout our economy. It would cripple our economy to have a complete opt-out list like this.
You would find it almost impossible to get a credit card, mortgage or loan. However, if that's what you want...
[ link to this | view in thread ]
No Subject Given
What should have been mandated as 'opt-in' from the beginning was transmogrified into 'opt-out'
in a sad bevy of state legislatures across the nation.
All it took was large corporate political donations and some collegiate/consultant shills to declare an open season on private and personal data.
Ask the people who have had their data stolen in some of the recent database cracks
whether they would feel inconvenienced by mandating privacy for their personal data.
One wonders why some of those data aggregators are not held legally liable for failure to provide adequate security.
Once again fiduciary accountability is a mirage.
[ link to this | view in thread ]
Re: No Subject Given
[ link to this | view in thread ]
No Subject Given
The simple approach, then, would be to have the list law specifically prohibit any and all exchange of personal information that is not absolutely necessary to the completion of a transaction specifically authorized by the consumer, or any use of such information for any purposes other than the specific transaction for which it was exchanged.
[ link to this | view in thread ]