Slashdot Mirror

← Back to Stories (view on slashdot.org)

Interesting Privacy Decision in New Hampshire

Posted by michael on from the one-small-step-for-privacy dept.

TCPALaw writes "A huge decision in privacy law was handed down today by the NH Supreme Court in the Amy Boyer case. Amy was stalked and killed by a man who got her personal information, including SSN, from an on-line information broker. Privacy groups such as EPIC have argued that access to sensitive personal information should carry with it liability for misuse, and can constitute a tort. The NH Supreme Court agreed. Now perhaps you can sue the spyware companies."

12 of 250 comments (clear)

  1. Re:That's a bit cold... by Mr+Guy · · Score: 4, Insightful

    No, we saying at least we can prevent this from happening to our little sisters if we can sue the bastards that make it possible.

    --
    Never confuse volume with power.
  2. Where does the liability go? by Oculus+Habent · · Score: 4, Insightful

    While an information broker should be responsible for their actions to some extent, I think the killer should be held responsible, and that nothing should dimish the clarity of that matter.

    --
    That what was all this school was for... to teach us how to solve our own problems. -- janeowit
  3. What about the reverse? by teamhasnoi · · Score: 4, Insightful
    How about full, free disclosure on anyone (including celebrities and politicians, and people who don't want disclosure), and logs of who requests the data?

    If all the info is available to everyone, and the knowledge of who is searching on you is known, what is the danger?

    Obviously, I'm forgetting about identity theft and fraud - but we need better systems in place to prevent that anyhow.

    Just a crazy thought. If everyone knows what they want to about anyone, doesn't that remove some of the reason for identity theft, and 'nosy nellies'?

  4. Not cold at all by burgburgburg · · Score: 4, Insightful
    It's damn cold for the "information brokers" to freely trade in the most intimate personal information about you that they've gleaned/compiled/extracted. It's damn cold for this particular IB to have sold the info that led to this woman being killed.

    It warms the heart to know that this largely unregulated industry might suddenly have the fear-of-financial ruin checking their irresponsible ways.

    1. Re:Not cold at all by Incongruity · · Score: 4, Insightful
      It's damn cold for the "information brokers" to freely trade in the most intimate personal information about you that they've gleaned/compiled/extracted.

      Just a thought here... If you consider your SSN, age, address or even specific birthdate to be "intimate personal information" then you've been under a rock or are living in a fantasy world. The fact of the matter is that the SSN has been used and abused to such a point that it is unsafe to think of it as a private piece of information in any way other than an ideal sort of sense. Same thing goes with your birthdate, address, etc.

      This point is illustrated by just how quick most people are to turn over their "personal information" , such as a SSN or birthdate, when asked for it by anyone from a gas-company customer-service phone-rep all the way to doctors offices and insurance agents. If something is so intimate and personal, then why are people so willing to give it out to anyone that asks? The fact of the matter is, in the case of a SSN, the only place it's legally required is in certain financial and employment situations. In all other cases, you have the legal right to decline to give that information...but most people don't.

      As such, things like the SSN, here in America, have become simply publicly held bits of data that act as tokens to identify individuals in the sea of individuals. In many ways, a SSN is no more personal than a name, at least judging by the way its used.

      I'll grant that a lot the current state of affairs comes from the very type of activities that the ruling in question deals with. That does not change the fact that many pieces of information that were once much more "private" are no longer that way in reality. I'll also admit that there is a whole additional realm of personal information that is still personal and that information brokers seek to collect and sell...and that covers such things as shopping or travel habits. Most people still seem to guard that data fairly closely and it still seems to be "private" in nature...but that too is likely to change.

      In the end, no ammount of information control can make up for a lack of good-will or a scewed sense of morality (whatever you define that to be). Suing the information brokers for contributing to the death of that poor woman seems to be only getting at an intermediate variable (and one with big pockets) rather than focusing on the primary cause of the woman's death...that is, the person who stalked her and killed her.

  5. Re:That's a bit cold... by Mr+Guy · · Score: 4, Insightful

    The implication is that spyware is where the information brokers get their information and assemble it. You can't data mine without data.

    --
    Never confuse volume with power.
  6. Re:That's a bit cold... by Deagol · · Score: 4, Insightful
    Once info is collected and sold, it doesn't matter. You think spyware companies keep that info all to themselves? They likely sell it for good money to whoever will target a certain demographic.

    I say suing spyware companies is a good start. Just because "reputable" companies may not collect info, they almost certainly purchase info collected from disreputable ones.

    --
    Method of processing duck feet
  7. Re:That's a bit cold... by kfg · · Score: 4, Insightful

    No, it means you can sue "the bastards that make it possible."

    I'm afraid it doesn't necessarily do a thing to prevent anything from happening to your little sister.

    This is simply "Security through feeling good about what you can do after the fact and thinking through some sort of sympathetic magic that that prevents the occurance in the first place."

    It doesn't work, it never has, because it's all about profit margins. Which is why they sell the information in the first place.

    Dealing crack is a risky business. You could even get killed. People do it because of the profit potential. If you can make enough money selling information to cover the potential loses through the off chance of a law suit there are people who will be glad to do it. Hell, they can probably even arrange insurance to cover them for this, not to mention most the profits mysteriously ending up somewhere untouchable by the courts.

    Shit is still going to happen.

    KFG

  8. Two things. by Dirk+Pitt · · Score: 4, Insightful
    I think there are at least two issues at hand here:
    (1) You must pass a background check before you buy a gun. This is a legal device for clearing the seller of liability. There is no such equivalent amongst the major info-brokers.
    (2) Apples and oranges. A core issue of privacy advocates is that information specific to me is my proprietary information. You have no right to sell it or otherwise distribute it without my permission. This information can be used to harm *me* specifically, and the fact that anyone can obtain it for a price is innately harmful to me. A gun has no specific target until you point it at someone.

  9. Accessory to a crime? by stevel · · Score: 5, Insightful

    I live in the city where Amy Boyer was murdered, and my wife knows Amy's mother. We've (my wife and I) have talked about this case a lot, especially every time the Remsburgs appeared in a new newspaper article about their fight against the "information" companies.

    As horrible as this crime was, it's not clear to either of us that if Liam Youens hadn't been able to buy the information on where Amy worked that she would be alive today. Youens knew where Amy lived, and he had been obsessed with her for years. It was just a matter of time.

    I think what Docusearch did was slimy, and possibly illegal - especially the use of "social engineering" to trick Helen Remsburg into revealing information about her daughter.

    The issue at hand is whether or not Docusearch, and similar companies, have an obligation to warn people when their personal info is sold to someone, especially when the purpose is unknown. I think it's well established that this sort of information is often used for heinous purposes - remember the case of actress Rebecca Schaffer, who was murdered by someone who bought her address from the California DMV!

    In my opinion, the NH Supreme Court got this one right - Docusearch knows or should know that the primary use of the information they collect is NOT for the benefit of the subjects. They should have an obligation to inform the subject that the information has been collected and sold.

    However, I think it is wrong to assign the blame for Amy's death on Docusearch. They were an "accessory to a crime", but did not commit the crime itself.

    There are so many "what ifs" in cases such as this, that can have people tied up in knots for years. Youens had a web page up which gave fairly solid clues that he had it in for Amy Boyer. Did anyone in a position to do anything see this beforehand? Probably not...

    As for spyware ("spywear"? Is that the watch with a poison dart?), I don't see an obvious connection with this case.

    1. Re:Accessory to a crime? by guacamolefoo · · Score: 4, Insightful

      However, I think it is wrong to assign the blame for Amy's death on Docusearch. They were an "accessory to a crime", but did not commit the crime itself.

      This case had nothing to do with criminal liability whatsoever. Your whole "criminal accessory" statement is a non sequitur.

      The case at hand is strictly a money damages tort case. Since the decision discussed whether a cause of action could arise for the five circumstances outlined in the decision, I suspect it was before the court on an appeal from a motion for summary judgment. A little procedural history from the court would have helped this decision out a great deal. I will assume that this was a motion for summary judgment which was appealed (although that could be wrong).

      Every case needs three legs to stand up:

      (1) a deep pocket to sue/collect from. The gunman is presumably worth little -- let's go after the business instead, and maybe an umbrella liability policy.

      (2) clear liability. This is now settled by the court.

      (3) good damages. Nothing beats a dead plaintiff except a sympathetic dead plaintiff that wasn't uneducated or black or gay or a drug user or a criminal. It sucks, but not every life is worth the same to a jury.

      This case was missing the liability leg, but now that is in place and there is the potential for decent payday, depending on the assets of the business and/or its insurer.

      Did anyone else notice the amicus brief filed by the New Hampshire Trial Lawyers Association? Do you think that they are trolling for more dead girls killed by stalkers? In some respects, this case is about the Benjamins.

      I have nothing but sympathy for the family of the slain woman. My office does lots of family law, and I sometimes get worried not only about the clients, but the people in my office being targeted by some of these fucking wackos. One guy in my office gets letters regularly from someone who write things like "I know that one day you and your entire family will burn for eternity in a lake of fire for what you do."

      On the other hand, private investigators serve a very useful function in locating people for process serving to initiate divorces and to collect child support. I have one working on finding a serial defrauder right now. I am not anxious for other state courts to adopt positions similar to the one adopted by New Hampshire.

      FWIW, I am not sure of the New Hampshire rules regarding comparative or contributory negligence. I do not know what the joint and several liability rules are. Notably, the gunman was not sued, or at least the caption does not show this.

      Youens knew where Amy lived, and he had been obsessed with her for years. It was just a matter of time.

      This makes me wonder what the damages really were. Also, was tehre a PFA (protection from abuse, or NH's analogous procedure) in place? Did the killer simply ignore these? This case is interesting as a privacy issue, but also it serves as a warning to take bizarre, stalking-type behavior extremely seriously.

      GF.

      --
      Lots of petrified grits
  10. In the decision: by schaefms · · Score: 4, Insightful

    IANAL, but it appears that the decision is:

    1) If you have non-public information (SSN, CC#, addresses, etc.) on someone, you are partially liable if you offer that to someone for a fee for what that person does with the information.

    2) You can't obtain information on someone deceitfully and sell it.

    #2 seems pretty obvious. #1 has a lot of implications for all these companies that have your mortgage records, etc., which IMHO is a good thing. In other words, "Quicken Loans" becomes an accomplice to a con artist if they sold that con artist a list of their outstanding loans and contact info.

    This is not in any way talking about public info, though, so if you pay me $25 to get someone's phone number from the white pages, you can harass that person all you want and it won't come back to me. At least based on that decision.