Slashdot Mirror

← Back to Stories (view on slashdot.org)

Failed Dot-Coms Selling Private Info

Posted by emmett on from the why-lookee-here dept.

goingware writes: "This article at CNet describes how troubled Internet companies are selling off customer data in an effort to pay off creditors or keep themselves afloat, in violation of stated privacy policies. Among the sites that are doing this are Boo.com and Toysmart. These companies were Truste approved sites before their failure. Note that when a company is bankrupt, its assets are divided up and sold off according to what the court orders, and may not have much to do with what the company tried to promise. I also noticed when checking out the articles that CNet uses doubleclick so you may want to browse the articles with cookies off."

8 of 129 comments (clear)

  1. Re: "Slashdot should hire us a lawyer." by Deven · · Score: 4

    Slashdot should hire us a lawyer.

    You know, that's actually not a bad idea. Andover could conceivably pay an actual attorney to review legal issues as they arise, to avoid too many misunderstandings and misinformation from the vast majority of us who need "IANAL" disclaimers...

    Would it be worth the cost? I don't know, but it could certainly be a service to the community...

    --

    Deven

    "Simple things should be simple, and complex things should be possible." - Alan Kay

  2. Are those privacy policies legally binding? by derobert · · Score: 4
    I have never visted those sites --- and both seem to be down now (for obvious reasons) --- so I don't know how those sites are, but a lot of the other sites I visit make you click an `I agree' button.

    Those agreements usually reference the site's privacy policy. They expect that those agreements are binding on you, and for that to be the case, wouldn't the same agreement be binding on them to?

    Further, I've seen sites that display their privacy policy or other promiss to never give away and/or sell the data on the order page, too. Are they not by making the promiss when I order --- and send them money --- forming a contract with me not to sell the data?

    Do the consumers of these sites have any recourse? If they don't, then how should a privacy policy be constructed such that it is legally enforceable?

    It's hard for me to immagine that the silly little links at the bottom of a page saying that "by using this site you agree to..." could possibly be valid if their privacy policies aren't.

    --

  3. If you extend the situation ... by dustpuppy · · Score: 5
    does this mean that:

    if your doctor's clinic folded, he could sell your patient info?

    if a telco folded, could they sell your phone records?

    if a bank collapsed, could they sell your financial transaction history?

    if your ISP folded, could they sell your surfing habits?

    1. Re:If you extend the situation ... by Anonymous Coward · · Score: 5

      I worked for a bank for almost 4 years, and I have news for you: Banks sell your information all the time.

      Your name, address, and any spending habits that they can accumulate are sold to other companies every day. You have to go to your bank and specify in writing that you do not wish for them to sell your information to make them stop. Banks don't need to go out of business to sell your information, because to the them it's just another revenue stream.

  4. Ready the opt-out link, captain! by Oscarfish · · Score: 4



    http://www.doubleclick.net/optout/def ault.asp

    Follow the link above so that DoubleClick will issue you a cookie with the string id=OPT_OUT. This will prevent DoubleClick from doing its "DoubleClickish" tracking and serving, and rather just serve you banner ads straight out.

    And, yes, I'm aware of the irony of me making a post like this when my site is full of DoubleClick code :)

    --

    --------

    Oscarfish.com: tropical fish with attitude. Way t

  5. Lawyer: who owns what by hawk · · Score: 5

    I am a lawyer, but this is not legal advice. If you need legal advice, contact an attorney licensed in your jurisdiction.

    There are a number of factors at play here. The bottom line will be that, for the most part this data cannot be sold.

    Forming a contract is *very* easy. Put up a message that says, "give me this information, and I promise not to reveal it," and you have an offer. Anyone providing the information accepts the contract, and the recipient is contractually bound not to reveal it. Selling it would be a breach.

    Given a breach, the consumers would be entitled to "specific performance," a court order enforcing the terms of the contract.

    But then comes bankruptcy, which can do all kinds of strange things to contracts, setting aside large parts of the contract, which *might* allow a sale--but this introduces a new catch, namely that every single person who provided a name becomes a creditor with rights in the bankruptcy.

    There's a couple of ways that this could play out. It certainly isn't crystal clear that privacy wins, but my money is on privacy. Given that the expectation of continued privacy covered the gathering of the information, the potential sale of that information could not have been looked upon as an asset by the other creditors. THere's a couple of ways to reach this, the simplest being the contract.

    Sale of the *entire* company might be a different matter. If thugs.com branches out from lockpicks to handgus, would they have been allowed to use the information they gathered to promote their new product line? If so, the entire company can probably be sold, and the new parent company can likely use the information in a similar manner. If not, the new parent company would be similarly barred from the information.

    hawk, esq.

  6. how could this be considered as dividing "assets"? by jesterzog · · Score: 4

    Note that when a company is bankrupt, its assets are divided up and sold off according to what the court orders, and may not have much to do with what the company tried to promise.

    I'm not a lawyer, but if the company was not legally able to sell someone's private details before it went bankrupt as per a privacy agreement, I can't see how it could be considered an asset. If anything, it's a liability because the information would have to be destroyed or withheld from people who wanted it illegally.

    If this is true, how could any court treat it as such to be broken up and sold to pay creditors Isn't this whole thing more about what's in an original privacy agreement than what a court orders?

  7. Browsing with Cookies Disabled is Useless by Effugas · · Score: 4

    Unless you wipe out your cookie folder(yes, the one that says OH MY GOD DEAR GOD NO YOU'RE DELETING A COOKIE NO NO NO YOU REALLY DONT WANT TO DO THIS NOOOO care of Microsoft), cookies still function whether or not they've been "disabled" by the browser.

    This behavior occurs in both Netscape and Internet Explorer, and of course completely contradicts expected behavior.

    Browsers recently joined Crypto code in my eyes as things that companies have serious trouble being able to do securely once they get too big. Mozilla's hiring(they sent me a letter, not that I'm looking for new work). The thought of a functional browser that I can easily patch to not violate my privacy is more than tempting...we may really need Mozilla more for its security considerations than even for its standards compliance.

    The bottom line may just be that browser makers are just be too vulnerable to the demands of unethical marketers. The spasms that Windows goes into when you try to delete a cookie; that cookies are still served even if they're disabled in the browser...these just aren't accidental bugs, and shouldn't be treated as such.

    Thoughts?

    Yours Truly,

    Dan Kaminsky
    DoxPara Research
    http://www.doxpara.com