Slashdot Mirror
Interesting Privacy Decision in New Hampshire
TCPALaw writes "A huge decision
in privacy law was handed down today by the NH Supreme Court in the Amy Boyer case. Amy was stalked and killed by a man who got her personal
information, including SSN, from an on-line information broker. Privacy groups such as EPIC have argued that access to sensitive personal information should carry with it liability for misuse, and can constitute a tort. The NH Supreme Court agreed.
Now perhaps you can sue the spyware companies."
Someone's been murdered and you're all smiles because you can go after some guys who send adds to your computer.
Because stalking and murdering someone counts as misuse, obviously, giving your name to a list which randomly sends e-mail also does. There's /. logic.
-- 'The' Lord and Master Bitman On High, Master Of All
let alone possible implications for combating spam, this is a good ruling for our safety. there should be some liability for someone looking to obtain information like someone's SSN. I guess if any wackjob with a grudge can buy a social security number and mom's maiden name, it's good that they hold some liability for the actions they take with that information. ...it still doesn't make me feel that much better that any wackjob with a grudge can buy someone's SSN, though.
Yes, in theory we would love to sue spywear authors into oblivion. But I fear we are opening yet another can of worms.
I agree that companies that have access to your personal information should be held liable if they disclose the information, or are negligent in protecting that information (egghead.com comes to mind).
IAMAL, but more inportantly, judges are not congressmen, and I always have reservations when judges "create" law that legislators should have in the first place.
I can't swear that this is the case here, but with two years in the legal field, I still have trouble fully deciphering these rulings. (the fact that law can't be read by persons with average intellegence is yet a whole other subject).
Tequila: It's not just for breakfast anymore!
While an information broker should be responsible for their actions to some extent, I think the killer should be held responsible, and that nothing should dimish the clarity of that matter.
That what was all this school was for... to teach us how to solve our own problems. -- janeowit
The phone company runs what you tell them to run. You can have it run without an address -- they don't force you to.
The annoying thing about the phone company is that it costs you money to not be in the phone book.
riding round the world on an old motorcycle
No, the post isn't Offtopic, nor is it Flamebait. The Amy Boyer murder was a tragic event and this case will allow the family some chance of holding the "information clearinghouses" liable for the information that they doled out for a healthy profit and Amy's life.
It has nothing to do with spyware. Making the connection of spyware to satisfy you personal conspiracy theorist mentality to this case revolving around a real and tragic event is just ridiculous. And, moderating the above comment Offtopic is just too typical.
If all the info is available to everyone, and the knowledge of who is searching on you is known, what is the danger?
Obviously, I'm forgetting about identity theft and fraud - but we need better systems in place to prevent that anyhow.
Just a crazy thought. If everyone knows what they want to about anyone, doesn't that remove some of the reason for identity theft, and 'nosy nellies'?
It warms the heart to know that this largely unregulated industry might suddenly have the fear-of-financial ruin checking their irresponsible ways.
This is quite limited item; it covers the use of a information broker to call an individual to ask for their work address under the *wrong* pretext (a lie) and then sell the information they got based on this lie. It does not seem to cover stuff like selling information found in a credit report, or anything else like that.
You can choose to NOT be listed and when you call information, they wont give it out. They will say "that person is unlisted".
Other details like SSN, and various similar items that can be used to steal your identity or wreck your life through manipulation are NOT public knowledge, deserve to not be available to anyone short of law enforcement in possession of a court order.
Privacy IS a right. If there was no right to privacy, there would be no logic to the right protecting you from illegal search and seizure and/or self incrimination. No privacy means you are searched without barriers and automatically incriminate yourself. Privacy IS important and if someone gave out my SSN or unlisted data (I am unlisted), they are culpable in any harm done by giving out that information. I would certainly take personal retribution on someone who engaged in this activity (giving out my SSN, etc).
In Bushworld, they struggle to keep church and state separate in Iraq as they increasingly merge the two in America.
the Court ruled that since somebody could easily and legally watch you commute from home to work, you have no reasonable expectation of privacy in your work address.
To take it to an extreme, they might as well have said "because someone can stalk you, you have no reasonable expectation of privacy wherever you go."
That can't be good.
Tuus crepidae innexilis sunt.
(1) You must pass a background check before you buy a gun. This is a legal device for clearing the seller of liability. There is no such equivalent amongst the major info-brokers.
(2) Apples and oranges. A core issue of privacy advocates is that information specific to me is my proprietary information. You have no right to sell it or otherwise distribute it without my permission. This information can be used to harm *me* specifically, and the fact that anyone can obtain it for a price is innately harmful to me. A gun has no specific target until you point it at someone.
I live in the city where Amy Boyer was murdered, and my wife knows Amy's mother. We've (my wife and I) have talked about this case a lot, especially every time the Remsburgs appeared in a new newspaper article about their fight against the "information" companies.
As horrible as this crime was, it's not clear to either of us that if Liam Youens hadn't been able to buy the information on where Amy worked that she would be alive today. Youens knew where Amy lived, and he had been obsessed with her for years. It was just a matter of time.
I think what Docusearch did was slimy, and possibly illegal - especially the use of "social engineering" to trick Helen Remsburg into revealing information about her daughter.
The issue at hand is whether or not Docusearch, and similar companies, have an obligation to warn people when their personal info is sold to someone, especially when the purpose is unknown. I think it's well established that this sort of information is often used for heinous purposes - remember the case of actress Rebecca Schaffer, who was murdered by someone who bought her address from the California DMV!
In my opinion, the NH Supreme Court got this one right - Docusearch knows or should know that the primary use of the information they collect is NOT for the benefit of the subjects. They should have an obligation to inform the subject that the information has been collected and sold.
However, I think it is wrong to assign the blame for Amy's death on Docusearch. They were an "accessory to a crime", but did not commit the crime itself.
There are so many "what ifs" in cases such as this, that can have people tied up in knots for years. Youens had a web page up which gave fairly solid clues that he had it in for Amy Boyer. Did anyone in a position to do anything see this beforehand? Probably not...
As for spyware ("spywear"? Is that the watch with a poison dart?), I don't see an obvious connection with this case.
IANAL, but it appears that the decision is:
1) If you have non-public information (SSN, CC#, addresses, etc.) on someone, you are partially liable if you offer that to someone for a fee for what that person does with the information.
2) You can't obtain information on someone deceitfully and sell it.
#2 seems pretty obvious. #1 has a lot of implications for all these companies that have your mortgage records, etc., which IMHO is a good thing. In other words, "Quicken Loans" becomes an accomplice to a con artist if they sold that con artist a list of their outstanding loans and contact info.
This is not in any way talking about public info, though, so if you pay me $25 to get someone's phone number from the white pages, you can harass that person all you want and it won't come back to me. At least based on that decision.
What about the people who sold him his guns?
I can't tell if you're being sarcastic, but assuming you're not...
Assuming the guns and ammunition were sold in accordance to the law (and not obtained illegally), and the seller had no reason to suspect any wrongdoing, then I don't see how you can blame the seller for the crime. Might as well blame WalMart the next time someone gets stabbed in a domestic dispute on account of the fact that WalMart sold them the steak knife. Or the liquor store for selling someone that 40 of vodka they drank before running down someone in a drunk driving mishap. Or hell, why not sue the dealership that sold him the car?
Leaving all that aside, there is still a fundamental difference. You don't have a legal right to prevent everyone that knows you from not owning guns. You do however have a right to privacy. The violation of the deceased's right to privacy led to their death, i.e., the search firm acted illegally when they should have known better than to do so, and that negligence led to the victim's death. Unless you can prove that whomever sold the murderer the guns was similarly negligent, then I don't see how they should be at fault.
Mechanik
Although most of the decision is sound, I think that Duggan et al. got Question 4 of the decision wrong and a bunch of the reasoning of Question 5 wrong. Since they were wholesale changing the law on 4, there's no reason to artificially reserve the misappropriation of a name or likeness to a person's reputation or prestige, i.e., to celebrities. Jeezus, how many celebrities are in NH anyway, 2? They go to pains to talk about how widespread and damaging identity theft is and then close of the cause of action to a scant few. While Question 5 seems to cast an overly broad net. Jeez, anytime you make a call under a false pretext you're subject to a deceptive practices act!? No more calling the video store and asking "how late are you open" when all you wanted to know is if they're open right now. Jeez, no more prank phone calls unless you truly do want them to let Prince Albert out of his can.
1) There was no contract between the IB and anyone else (except maybe the stalker client) concerning protection of this information.
2) While obtaining the information using a pretext is sleazy, I don't see how this constitutes liability for the misuse of the information by a third party.
3) This seems to me to be just another attempt to spread liability around as a means to compel behavior that the legal system wants to occur without the formality of actually passing a considered law, i.e. bypassing the Constitution (Federal or State) and making law in the court. The criminal justice system doesn't like sleazy IB's, so they make them liable for something they have no control over.
4) When is the court ready to assign liability to cops and Feds who fake court orders, manufacture evidence, and otherwise abuse their responsibilities on a daily basis and thereby cause thousands of people to spend time in jail for crimes they did not commit? Oh, wait, I forgot - the criminal justice system is immune from prosecution for "screwups"...
This seems like a typical case of "something bad happened, we can't punish the guilty, so we'll find someone else - anyone else - and punish them.."
How is an IB supposed to verify their client's intentions? "Oh, excuse me, I really need this info so I can shoot my ex-girlfriend - or stalk Jodie Foster..." "Just check this block on the request form here: Will You Use This Info For Legal Purposes? YES: NO: "...
Or: "You realize, sir, that we have to ask you to turn over your criminal and mental health history to us, so we can verify that you will use this information only on a legal manner?"
Or worse, that if you ask for some innocuous info, that they then investigate YOU before investigating the subject...
Yeah, right...
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
What about the people who sold him his guns? Seems to me that the weapon was at least as dangerous as the information, and each being fairly useless without the other.
Is Mercedes liable for the death of the husband whose wife killed him by running him over? If this murder had been done with a kitchen knife, would Ginsu have been liable?
The tool he used to kill her is of far less import than the act of doing it. Someone bent on murder will use whatever is available. Gun, car, knife, golfclub, a rock.
Where the world has changed since Google/search engines and the Internet is that much of that public information was only available physically to people who fronted up to those institutions.
Now this information that is on public record is available for people worldwide. Through the effectiveness of Google and other search engines, I can now see more public information many countries of the world. Effectively location ensured some sort of International privacy in my own home country.
I think there needs to be alternative ways of handling some information -- the online search database such as Google has a use by date for certain types of public information. We seem to be stuck on search -- what about other models of providing information so that certain levels of privacy can be maintained.
See also: Google, Privacy and Alternative Models of Information Management.