Slashdot Mirror
eBay Provides No Privacy For Sellers
Phanatic1a writes "Quoted in an article in The Nation, eBay's chief of security Joseph Sullivan brags up eBay's "flexible" privacy policy to LEOs, telling them "If you are a law-enforcement officer, all you have to do is send us a fax with a request for information, and ask about the person behind the seller's identity number, and we will provide you with his name, address, sales history and other details--all without having to produce a court order." The tens of millions of Paypal customers eBay has access to the financial records of might be curious to see what else Sullivan promises..."
I understand this from eBay's perspective to a point:
There is also the genuine anxiety surrounding the potential consequences of not following up on a perceived terrorist threat.
..but this part:
It also expands the category of information that law-enforcement figures can seek with a simple subpoena (no court review required) to include, among other things, IP addresses and credit card and bank account numbers.
Besides buying copies of "Mein Kampf" and "The Anarchist's Cookbook," what sort of flags could be construed as putting one's transactions over the limit?
Mom says my
This story is very simmilar to a very old story here. Anyway, I'm not sure what the big deal is this time. The author says "brag" as if this is a crazy notion. He's bragging because this policy keeps buyers safe. I'm a privacy advocate, but in this case, why the hell should seller information be kept private from the police? I've been ripped off several times on eBay. I'm very glad to hear that sellers aren't anonymous!!!! So, you should be allowed to stay annonymous when accepting money on the promise of delivering goods?? WTF?! Could you imagine some of the anonymous trolls on this stie selling you shit? How does this escalate directly to giving out buyers bank info? I don't think he'd be bragging to customers about that deal. It's COMPLETELY different.
"Question with boldness even the existence of a god." - Thomas Jefferson
Any takers on how long before this is misused and someone sues ebay?
I work with a relatively large community site, and we work the same way. I'm a bit of a libertarian, so it galls me a bit, but it really does make sense for the most part.
Now, if law enforcement wanted the personal data froms someone who wrote an anti-Bush post, I'd argue for making them produce a court order.
But when law enforcement wants data about someone who we can see has sent hundreds of threatening emails to another user, who has posted in our message boards about how they're going to kill their ex- , or who we've had to ban from chat or message boards for repeated abuse... sure, we'll hand it over, no court order needed. And our privacy policy says so.
And you know what? Of the maybe 100 times law enforcement has asked us for someone's personal data, every single time that I can recall involved a user where we just *knew* the request was coming. In many cases, we had advised someone to *call* law enforcement after they contacted our support group with believable threatening emails originating from our system.
I believe in the hotly debated "right to privacy," but I don't think that that's incompatible with helping law enforcement in some cases.
In the eBay case, clearly it's in their interest to reduce fraud on their system, so anyone with half a brain would expect them to cooperate with law enforcement. What, do folks have a "right" to defraud folks on eBay? Or is eBay somehow obligated to make investigation of that fraud as difficult as possible?
Cheers
-b
This is why I normally only use cash. True my bank knows I took out money, but they don't know where it went.
.they don't need to know anything about me. Its bad enough I'm on camera, they can even track what car you get into, then trace your plate number.
And I refuse to give any personal info when purchasing.. its cash.
What ever happened to the concept of privacy? And if you tell me its 'for my safety', you deserve to be kicked in the teeth.
---- Booth was a patriot ----
Ipersonating a peace officer is a misdemeanor in most states. In California, see Penal Code section 538d. The crime is punishable by imprisonment in county jail up to a year and/or a fine up up to $2,000.
This might deter many people from attempting such a thing.
It's funny that people are still shocked by this. Ebay makes no secret that they will provide any information to ANYONE who asks for it. Really, try faxing them a request for user information, including credit card info, name, address, etc. See what happens. I think it's amazing that we don't have laws preventing this kind of decemination of information. All the more reason to use alternative auction houses. Although, I don't know how well any of them fair.
This signature has Super Cow Powers
Oh, and how much you trust the LEOs.
Here's what some have done with their access to the License Plate Database:
Personally, I trust the gov and the cops...but only as far as citizen oversight allows.
because I have been enjoined by this Holy Office to abandon the false opinion which maintains that the Sun is the centre
I only have one problem with this policy: that it isn't extended to anyone one. Why should law enforcement have this right, but I - an eBay buyer - not have this right?
/. world believe that absolute privacy is a right. Well, it isn't. When you enter into certain situations, you set aside your rights, in order to embrace other rights. One of these situations is the area of commerce. If you have business and I am about to enter into a trans action with you, I have the right to perform a background check on you. To determine if you are a con person or rip-off artist.
I don't see that someone who is selling things should have a right to hide their identity, background on transactions, etc., from others. Transparency, and the accountability that it fosters, is key to commerece and trust.
Too many people out in the
What reasons might the police have to request ebay info? Think about it - probably 98% is fraud related. Being hornswaggled is the most worrisome thing about using ebay. It makes me feel safer to know that the sellers info is easily available to law enforcement. I want dishonest sellers to know they may be being monitored by the police. If you are an honest seller, you are more likely to make a sale if the buyers know that the police can get your info. It makes them feel safer. This is a good thing from the honest seller's perspective.
The other 2% may be odds and ends like possible terrorist sales and child porn and the like. I don't want that crap on any site I go on either. I just wanna buy my used VCR so I can illegally copy rented DVDS ;-).
I would feel differently if ebay was so willing to disclose buyer information. Buying is something everyone must do, and there should be some privacy protections. What you buy is a window into your personal life. Too much can be deduced, and wrongly assumed from that data for it to be a good idea for law enforcement to have it. What you sell is another matter. The only info it reveals is how you made your money. There is not much chance that law enforcement will start persecuting hot dog vendors just because they are hot dog vendors.
Eat at Joe's.
It's been pointed out that identity theives could simply use a forged letterhead to get private information, but I'm concerned about other possible misuses:
- Abusive spouses - Someone running from a batterer would likely change bank accounts, etc. but I doubt they'd wipe an eBay account. Likely just change the old one to match those new accounts. Viloa - the S.O.B has an address.
- Scammers might use personal info and a little human engineering ("No, I just forgot my password. Here's my some info as proof of ID...") to hijack an account, then run their scams through it.
- A seller who feels he's being undercut by another might somehow trash their rival (although, I admit, you'd have to be disturbingly obsessed about eBay to even think to pull this one off).
- Stalkers, stalkers, stalkers!
The list goes on and on. I think I'll stick with garage sales, thanks."Prepare for the worst - hope for the best."
How many people and companies out there have had their domain hijacked via Network Solutions with just a fax? Now eBay is going to have available NAME, ADDRESS, CREDIT CARDS and BANK ACCOUNTS to anyone who can forge a fax from a law-enforcment agency. Just need to find someone selling some used 72" plasma TV or some other expensive trinket - there's a good mark.
Anyone know if this is this international, or just US?
Because auctions are part of the stolen property loop of old.
In the days before UV pens etc. it was nigh on impossible for anyone to know if an item they were being offered was stolen or not. This was a problem if your business was buying and selling used goods. And if you were a police force with a lot of recovered property for whom you have no identified owner. And if you wanted to buy something, it's a bit risky if your goods could turn out to be stolen because the goods are returned to the owner and you become out of pocket.
What was devised was the public auction with public viewing. It was your responsibility to visit auctions and see if any your stolen property was there and then discuss it with the auction house and from there a resolution could be reached.
Once purchased from an auction stolen property is deemed clean. It was the previous owners fault for not turning up at the publicly announced public auction.
Under this situation the privacy of the seller is not an issue, indeed, disclosure of the identity of the seller is of prime importance, only the privacy of the buyer is assured.
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
What is more worrisome is what this implies for *buyers*! If eBay can and will, at the drop of a fax, give a seller's sales transaction history for any reason, what prevents them supplying a buyer's purchase history?
All merchants give up a lot of privacy in order to business in any arena. None of this is surprising or scary.
However, what scares the hell out of me is the thought law enforcement officials could see I was the winning bidder on some blacklisted book, movie, object and request my bidding history from eBay.
The potential loss of privacy for buyers is what *everyone* should be screaming about.
This is the absolute least of the problems with eBay!
Unless eBay can sort out the massive amount of fraud [msnbc.com] that's going on right now then I'm never using it again.
There seems to be an absolutely massive problem at the moment with people hijacking eBay accounts and their associated e-mail addresses and eBay don't seem to want to anything about it.
Anyone who uses eBay and has a weak password on their e-mail account (or an obvious answer to their secret question) is vulnerable to having their eBay account taken over (complete with e-mail account and credit card details) and used by a Western Union scammer.
What's a Western Union scammer? Someone who asks to be paid though Western Union (who offer zero buyer protection or tracking of funds) and then simply never ships the item. Western Union seem happy to dish out funds to anyone so the fact that the account is in the wrong name doesn't seem to cause any problems.
eBay should make it so it's impossible to take over an account by changing the password/and/or e-mail address unless you know lots of personal information (D.O.B., mothers maiden name, etc etc).
I'm finding it very difficult to get eBay to reply or for any news agencies to give this any publicity.
Over the weekend I saw about 30 Sony plasma screens advertised (usually "pre-approved bidders only") - almost none of which were legitiate. When you contact the seller - you get a similar message every time - "The item will be shipped from and I would like you to pay though Western Union". They remove them eventually if you complain, but the point is, the fact that more are appearing means that they're still finding it very easy to hijack your account.
Nick...
However this also covers buyers... While I can purchase a book at Borders with a credit card, would I be pleased if that then gets sent over to Law Enforcement without a warrant or writ? This is what happened with a D.C. bookstore being asked for Monica Lewinsky's purchase history.
Per the above, it appears that eBay is also offering to help law enforcement agencies avoid giving Miranda warnings. However, this could backfire.
Only Women Bleed (Sex, Sharia remix)
Currently, credit card companies and phone companies happily send info with calling and billing records to law enforcement without a warrant. This eBay policy is a naturally parallel to that and to my mind, no big deal.
Like most privacy questions, you trade convenience and/or discount for privacy. If you don't want there to be a record of your transaction, use cash in a place that charges more but which employs particularly forgetful help and doesn't have videocams. If you want the cheapest price or things delivered to you in your pajamas, expect there to be some record of your purchase.
It's psychosomatic. You need a lobotomy. I'll get a saw.
Is this legal? On the $20 note in my billfold it states, "This note is legal tender for all debts, public and private." Given this, how can a store refuse cash? Perhaps some exceptions can be made if you can't give change or are ordering through the mail/online so cash can't be processed, but other than that I can't see a reason for a store being able to refuse cash for a purchase. I mean, if I wanted to buy a $1400 laptop at CompUSA and gave them 70 $20 bills, 14 Benjamins, or 1.4 x 10^5 pennies, that's legal according to the US Treasury, right? (They being the ones issuing the legal tender I'm using.)
Anyone have an answer?
You frame the issue in a really interesting manner and raise some good points, but I feel you've only shot down the previous poster (AC who claimed that regulations == nanny state baby-sitting you) without offering a solution.
I agree that the gap between physical man-persons and corporate "artificial persons" as you call them is significant. I also understand where the previous poster is coming from, in that I don't want all my interactions fully managed by the state.
A good compromise here, I feel, is comparable to the mandatory food labels in the US which list serving size, calories, fat grams, carbs, and ingredients list in quantity-order. This doesn't force consumers to eat healthy, but at least it makes it easy to know what they're getting without having to go out of their way to call the manufacturer to request information (or read dense, confusing, hard-to-find, and ever-changing privacy policies). The analogue here would be a simplified privacy-summary table of a pre-specified format (both human-readable and machine parseable formats), with minimal legislation regarding who needs to show the table, and punishments for violating terms.
I think this food packaging regulation is one of the best things that's come from our government in a long time in terms of finding the balance between over-regulation and idealistic laissez-faire libertarianism. I wish it could be a model for many other things.
BTW, if anybody has information on when/how/by whom this was legislated (the food labels), I'd love to read more about it.