Companies To Be Held Liable For Selling To Online Criminals

from the seems-a-bit-extreme dept

Mon, Apr 28th 2008 5:34pm — Mike Masnick

One of the reasons why various safe harbor rules exist is to protect parties who really have nothing to do with any kind of law breaking from being liable for the activities of others. Thus, we don't blame an ISP for the activities of one of its users, even if that user breaks the law. That's both reasonable and fair. Those who want to blame those providers often do so just because it's easier -- or, more commonly, because they somehow think it's better for that service provider to somehow act in the role of the police to make things easier. Something similar seems to be happening with the FTC placing the onus on small businesses to make sure they don't sell to online criminals. Slashdot points us to the news that, starting November 1st, all companies are supposed to compare customer info with a "red flag" list of online identity fraudsters and money launderers. Firms that fail to check may be liable if they end up doing business with "known" criminals. You can understand the reasoning here. It certainly makes it a lot easier for the FTC to try to crack down on these crimes. But it adds significant expense and liability to small businesses for potential crimes in which they were totally uninvolved.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: ftc, identity fraud, liability, online criminals, red flag, safe harbors
Companies: ftc

14 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Steve, 28 Apr 2008 @ 5:55pm

Actually, car dealerships have to do this already. They have to check buyers against the known terrorist lists, and they can get slapped with huge fines if they sell stuff to someone on the list.
[ link to this | view in chronology ]
BEN, 28 Apr 2008 @ 6:34pm

the thought police are coming... watch out.
[ link to this | view in chronology ]
Anonymous Coward, 28 Apr 2008 @ 6:59pm

Why is it just small businesses who are probably having some form of trouble or another as is? What about some of those bigger companies as well or did they just throw some cash at the law makers to get cut off the list
[ link to this | view in chronology ]
- Anonymous Coward, 28 Apr 2008 @ 7:56pm
  
  Re:
  I understand the theory behind their reasoning.
  
  That being that a small business doesn't necessarily know or care how to even check that stuff, so more small businesses than large businesses will end up selling the stuff to criminals.
  
  Its twisted, and very obviously logic that was the first thing to come to their mind and they didn't bother thinking it all the way through.
  
  If they did the last bit (think it all the way through) they wouldn't a) look like asses b) look like DUMB asses and c) be pushing this law unless it affects everyone.
  
  Oh and it makes sense for it to affect _all_ businesses. Anyone wanting to do a transaction with a credit card (not on the consumer end of course...got to make it EASY to spend your savings) or something had better play along.
  
  If/when Microsoft starts tanking they'll have all that information and we wouldnt' want them selling it to criminals anymore than I want Joe from Joe's Footwear selling mine.
  [ link to this | view in chronology ]
Anonymous Coward, 28 Apr 2008 @ 9:27pm

Yeah, like when some douche goes in to the bank and withdraws all my money under false pretense, the bank is responsible .....
[ link to this | view in chronology ]
- Nitro, 29 Apr 2008 @ 9:39am
  
  Re:
  The bank could be responsible if they didn't follow the proper procedures. (ID check etc. etc...) I get really annoyed when I use my credit card and the person at the register just takes the card and swipes it. It could be anyone's card. I wish there was some kind of law that they are required to check a picture ID. At least you would have to go through some trouble of making a fake picture ID to get away with running someone else's card. Or maybe there is a law, but nobody enforces it. I am sure it would carry a heavier fine if you got caught too. Of course, most places get away with having any liability because you can swipe your own card at the checkout. None the less... as a retailer you still hold a certain amount of responsibility depending on the merchandise you sell, but at the same time there is a fine line of what you can really be blamed for as the retailer. Unfortunately common sense has because rather uncommon so we have to have a law for all the stupid people in the world and sometimes some of those stupid people are the ones making the law. That makes it sound rather depressing doesn't it?
  [ link to this | view in chronology ]
Rose M. Welch, 29 Apr 2008 @ 6:16am

Umm...
...I work for, and own a small business. (Two different businesses.) and I have sooooo many question. What are we supposed to do when we get a match?

All we could provide you with is the shipping/billing address and that should be on the list already because no way I would declare a match because the names are the same.

I live in a small town surrounded by smaller towns and we have four Vicki Brown's in our customer database. Four of them. We've made sure to get their middle initials so we can tell them apart when they come in to shop.

You could get the IP address that they used when making the purchase, but that would require that I store that information for that purpose and I am very much not okay with that. Also, it would probably end up being a library or otherwise public computer.

Imagine my new Privacy Policy.

Old:
http://www.grahamjewelry.net/yourprivacy.html

New:
We will detect and keep your IP address on file along with with all of the information that you give me just in case your name happens to match that of a criminal, in which case cops will soon be beating down your door because I have to tell them everything like a bitch. So please use a false name and a library computer. Thanks!
[ link to this | view in chronology ]
Rose M. Welch, 29 Apr 2008 @ 6:18am

Wouldn't it make more sense to talk to Paypal and other online...
...credit service providers? We go through PayPal, as do milliosn of other online stores. Bug them, not us. I think they chose small businesses because the larger ones wouldn't stand for it.

How can they force us to alienate our customers?
[ link to this | view in chronology ]
HADLEY STARKEY, 29 Apr 2008 @ 7:14am

Businees Owner's Compliance Issues - We have A Solution
Pre-Paid Legal Services, Inc. (NYSE: PPD) has a solution for Small Businsss Owners Issues with Compliance with these New Red Flag Rules! We can help you show "Good Faith" compliance with all the FTC's Rules and Regulations.

Please Call HADLEY STARKEY for more info toll-free @ 1.888.201.0077, or 1.800.204.4139 on how we can assist you at little or no cost to your company in meeting the demands for these regulations like FACTA, Hippa, Gramm-Leach Bliley, and SOX. WE've got a comprehensive solution that can be implemented immediately. E-Mail me Hadley@StopTheWorry.com
[ link to this | view in chronology ]
- Anonymous Coward, 29 Apr 2008 @ 8:37am
  
  Re: Businees Owner's Compliance Issues - We have A Solution
  SPAM SPAM SPAM SPAM SPAM SPAM SPAM SPAM SPAM SPAAAAAAAM!
  [ link to this | view in chronology ]
- alternatives, 29 Apr 2008 @ 8:09pm
  
  Re: Businees Owner's Compliance Issues - We have A Solution
  If you want to advertise - I'm sure Mike cn arrage for you to pay for the service.
  [ link to this | view in chronology ]
dreamflying, 29 Apr 2008 @ 9:33pm

Weren't the republicans supposed to be getting big government off our backs? I remember when you used to be able to walk into an airport, buy a ticket for cash, and walk onto a plane without being searched. We called it freedom. Need I repeat the tired Ben Franklin quote?
[ link to this | view in chronology ]
- Anonymous Coward, 30 Apr 2008 @ 7:25am
  
  Re:
  Weren't the republicans supposed to be getting big government off our backs?
  
  The republicans aren't against big government in general. They're just against big government that they don't control.
  [ link to this | view in chronology ]
Beta, 30 Apr 2008 @ 7:25am

Just imagine if this turns out to be another "no fly" list. Imagine a list of names, some complete and some partial. The mechanism for putting a name on the list is shrouded in mystery, there is no known way of getting off the list, and if you too are named "J. Grimes" then you are forbidden to buy things online.
[ link to this | view in chronology ]