Slashdot Mirror
The Ethics Of Data Brokers
c0d3h4x0r writes "MSNBC's Bob Sullivan asks, Whatever happened to the ChoicePoint bill? and raises some good points: 'Few experts believe that there was a sudden lack of computer security this year. Rather, there was a sudden bout of truth, thanks to California state law. [...] But in other ways, all the legislation misses the point. The ChoicePoint data leak story was not really about identity theft. It was about this: "Who the hell is ChoicePoint, and why is it making money selling my personal information?"' This makes me wonder what the Slashdot crowd thinks: should anyone be able to sell information about you at all? The general public seems to think not, while our elected officials seem to think it's just fine. How does the information gathered and sold by data brokers differ from the information collected and sold by a private investigator, or is there even a real difference?"
someone has to collect and distribute this stuff for things like background checks. are we suggesting the govt should do it instead of the private sector?
It been clear for a long time that they don't care. And it seems the government doesn't either. I too wonder about the choicepoint bill. However if i do become a victim of identity theft i will take it into my own hands and investigate. If i find a data broker or similar was involved i will be sueing. Under what statute i don't know yet.
Every time you get credit you are giving them the info. Its much like you are participating in your own exploitation.
Enjoy.
Choicepoint existed to collect information government needed access to but was not legally able to collect for themsleves. Gov't couldn't collect it but they could buy it.
This led to many departments haveing the small bits of information they needed about you being aggrigated into a large clearing house.
In the case of collecting information, i think the government may be better equiped to do it. at least there are independent auditors who keep tabs on the collectors. what did choicepoint have?
-Peter
interesting idea. slashdot has an incredible double standard when it comes to freedom of information. we don't want to pay for any of 'the man's' information, but if you want our information, you'll have to not only pay for it, but then also pry it from our cold dead fingers.
hmm, i guess i don't have a point here. move along
I know for a fact there is incorrect information about me circulating. Some of it I put out there myself :)
Anybody buying my info may be in for a disappointment.
This is not uncommon, there is no way to enforce consistency between the large information resellers. Having been in jobs where we bought mailing lists etc. from resellers I can whole heartedly say that most data resellers have no interest in quality. Quality is expensive, they just pump out the data. Which is why when we tried to contact the potential customers, some 25% of the addresses we had were wrong.
The question of people taking some data dump from questionable sources as the gospel and then using it for reasons which can screw up a person's life. Take the government drive to 'Total Information Awareness' (or what ever more palatble cover name they are now trying to slip it past people as), where a false positive can land a person in jail for an extended period of time without knowing what you are charged with or legal counsel.
Or less extreme, you may never be able to borrow for a house.
AFAIAC, my personal information is my property. Unfortunately in the US, it is a considered a common resource, with all the problems associated with a common resource.
putting the 'B' in LGBTQ+
Check out Attention Trust. These guys are onto something. Recently Bezos from Amazon was asked (I'm paraphrasing) "So, who owns my purchase history?", the answer being "Well, you own a copy. And we own a copy.". Think about that.
Direct marketers have developed the art and science of buying and selling personal data. But when you think about it, you should really be able to control that flow. If you want, you should be able to set your price, if you are interested in selling at all.
Disclaimer: I work for a company that upholds the Attention Trust principles.
:wq ~ ~ ~ ~ ~
Actually, if you reverse your argument and apply it to corporations, then you see they have a huge double-standard as well. They want access to all our private information that by all rights belongs to us. And they want it for free. And they want to be able to buy and sell it at will. Further, they have actually gotten everything they wanted.
However, corporations go apeshit if you suggest that we should have access to all of their private information that belongs to them. They go even more apeshit if you then go out and sell that information. And even more, they bitch and moan and lobby to further restrict access to that information.
I believe all personal information should be the property of whomever is being profiled. You could =sell= your information to EquiFax et. al., but they couldn't use it if you didn't.
Your approval should be REQUIRED before any private firm/individual accesses your data. And mostly, this is already the case. Any credit apps (even movie rental agreements) allow them to check your info.
The only time this should not apply is with a court order.
Now, one step further. You should also approve who collects this information. I don't care if the bank has my bank records on file (including debit card purchases). I do care if some private company is collecting all my info so it can turn a profit selling it (even with my approval).
I know all the arguments about how centralizing the info allows improved credit ratings and such. They're all bullshit. The number of bankruptcies show that.
No sir, I'll take corporate over government anyday.
Evil people don't think they're evil. - George Lucas, Making of Ep III
In a small town information brokering is not a feasible business, but personal information is shared. Examples:
"He pays his bills on time."
"He pays his bills, but usually late."
He is a good plumber, but he will not answer a call during deer season."
"He is a good guy and a lousy electrician."
In an urban society, reputations established by gossip is not available. But reputation is still necessary for people to do business with each other.
Whether information is collected and sold by a business or collected by a government and sold for money or taxes is another issue. The information has to come from someone.
Whoever provides the information will screw it up at least part of the time.
Note: There are also disadvantages to the small town model. Consider prejudice and spite.
Very insightful comment and I'm glad it got upmodded.
As a consumer I'm really of two minds on this issue. On the one hand, I hate that all this data is sitting out there. But on the otherhand, i realize its the price one pays to get a reasonable mortgage rate, credit cards on favorable terms, low insurance premiums, and a wide range of services at acceptable prices. Without accurate credit reporting, all businesses would need to increase prices to factor in the risk of loss and the added costs of extracting late payments.
As long as people expect businesses to take risks on them (lending money, providing service without up-front payment, entering into long-term service contracts, etc.), those businesses will want to collect information on the riskiness of those consumers. And if a consumer doesn't have an established relationship with a given business, then it makes sense that that business will need to ask other business that have done business with that consumer. And rather than have each business pester every other business with questions, it makes sense that other businesses would form to collect and sell consumer payment/risk data. Thus we get to the question of who should do this?
I fear that the government would be utterly incompetent at creating such a system, even if consumers did decide that all their purchase/payment history data should go to the government. The government would have little incentive to create accurate risk models. Because there is no a priori obvious way to estimate a given consumer's risk of non-payment, it's sensible to have multiple credit risk analysis companies each with their own scoring system. The final question is how should they do this?
What we need are better laws to ensure that the data is properly secured, properly vetted, fairly computed, and that consumers have some due process rights to contest erroneous data.
Two wrongs don't make a right, but three lefts do.
Why can a business collect and sell your personal information for profit?
...when it's convenient. But always pro business.
Because America is first and formost PRO BUSINESS.
A Democracy? A "Christian Nation?" The Land of the Free(TM)?
Competition Good, Monopoly Bad.
The news, colleges, Google, spies, gurus on the mountain top, private investigators, documentary film makers, political advisors, Number 2 in The Village, the head of the "popular group" in high school, the hacker who knows all the backdoors, the creepy old guy in every horror film that knows all about the serial killer ...
... your payment history is the new collateral.
How is this information any different? More personal, sure, but it is no different than any other paid information source. Information is easier to catalog than before, so it's just a bit easier to be intrusive.
The ChoicePoint scandal illustrated to the world how information gathering, and how that information can be exploited in the name of fraud, has changed over time. That type of data is a necessary evil in the world of credit cards & on-line shopping
Most the information under discussion is not information about people per se but rather information about transactions. Since a transaction takes two at least two entities it is an open question as to who owns the information about the transaction.
If I sell you something, do I have rights to the information that I sold you something? Why should either side of the transaction have to "forget" that the transaction ever took place? If the information about the transaction is itself valuable, why shouldn't either side be able to sell it?
I think the presumption that all information that includes data about a individual is the property of the individual is highly simplistic.
If someone is going to sell information about you, they should ask your permission first. If you grant them that permission, then they should be allowed to do it. If you do not, then they should not be allowed to do it.
I don't see how this is hard to understand.
The hard part is the conditions under which you agree to let your information be sold. For example - most public utilities require SS# in order to get service. This means you really have no choice about providing that information to them - and today they can do whatever they want with it.
If laws were put in place to require permission, they will need to address the case providers of essential and nearly-essential services (airlines, banks, insurance, driver's licenses, etc) from demanding permission as a requirement of doing business with you. Because if such organizations are allowed to do that, then the concept of permission becomes meaningless.
I'd agree with you if this information could be seen as resulting in fewer bankruptcies (organizations giving credit to bad risk cases). But I don't see that as being the case.
The problem is that there is very little risk to the collecting agency but a big risk to the individuals. The agencies don't really care if bad information gets on your report and you end up paying more for a loan than you really need to.
Now, if they had to go to your bank for the info on your account status and the credit card companies for info on how often you paid your bills, that would be different. If I didn't like the info the bank gave out, I could switch banks. The bank risks losing a customer. If my account is a good account, that's important to them. If it's a bad account, it's not that important to them.
And the bank should be checking with me before releasing any information.
The problem with that approach is that asking for people's permission is much like requiring them to click "accept" on an EULA. Most will simply sign documents required for certain things like obtaining credit cards without reading them in great detail; and even those who do would still be forced to accept these terms if they want a credit card, for example.
Choice is only choice if there really *is* a choice. What I'd like to see would be a "privacy seal of quality", so to speak - awarded by an independent non-profit organisation which'd hold the trademarks to the seal and who'd make sure that those who use it actually take privacy concerns seriously. Of course, the guidelines for that would have to be written in a clear and unambiguous way so that you could actually take the thing seriously, too; a privacy equivalent of the CAN-SPAM act would obviously do no good.
But once such a seal would exist, it would at least be easier for consumers to choose between different vendors/stores/... and factor in privacy concerns into their decision by taking into account whether the seal was awarded or not.
quidquid latine dictum sit altum videtur.
You misinterpret the GP.
He's not saying they need to get your permission to use your personal info, but that they need it to sell it!
Why, pray tell, do providers of "essential and nearly-essential services" need to sell your personal info? Why would they need an exemption from "Get permission *before* you sell personal info"?
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
If my neighbor collects a database about me which outlines my entire life it's typically viewed as stalking. If a company does it then it's a legal business.
/. post)
What gives?
This depends on the specific elements of criminal stalking as set forth by statute. A quick glance at the Massachusetts statute (chosen because I live there; I have no idea whether there's a model act, or what) includes some elements that distinguish the two scenarios:
The defendant has to be malicious, their acts have to be directed at a particular person (presumably as opposed to observing everyone, or everyone that meets some particular criteria), the acts have to cause a reasonable person to suffer substantial emotional distress, and make a threat, with the intent of placing the person in imminent fear of death or bodily injury. (There are other elements, but these are the most pertinent ones)
So apparently, at least with regards to criminal stalking, just collecting every scrap of data about someone or someones is not criminal. (There might be some other crime involved, or maybe a tort or something -- I'm not going to exhaustively research this for a
If stalking is about motive it can be demonstrated that the company compiling the database is not worried in the least about my best welfare.
So? Virtually no one is worried in the least about your welfare. The duty of caring about you is very rare. People are only obligated, generally, to not hurt other people. They don't have to help. Sometimes people might assume a duty to care about you, e.g. your doctor. But this is pretty unusual, and not something you'd see between all the strangers in the world. From the MGL statute discussed above, there has to be actual malice and an intent to make you afraid of injury or death; few if any people will have that mental state.
If stalking is about the nature of the data collected
Apparently it's not. This seems sensible. I'm less worried, in a stalking context, about someone who looks up where I live, than someone who actively follows me around all day, even if they aren't collecting any data at all. The researcher is more of a concern from a fraud angle, than a threat to my person.
how is it that the consumer database agencies are not empowering employees who may be stalkers?
Maybe they are. Do they have a duty not to? Does the phone company have a duty not to give my address and number to my stalker when they're passing out the phone book?
Certainly there have been cases of stalkers that used commonly available data about people. I recall a case in NH where a man stalked a woman, primarily by gathering or buying copies of data about her, finally resulting in his murdering her and killing himself. It's sad, I guess, but I'm not sure if there's a good way to prevent it without resulting in significant burdens on everyone else. While I'm no (naive) Libertarian, I do tend to find that it's better to be free and unsafe than unfree and safe... especially since you're probably not all that safe in the latter case, anyway. See any safe police states lately?
-- This and all my posts are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
There's still a vast conflict of interest which should be cause enough for a grand scale investigation by the Better Business Bureau, or someone.
Credit agencies, insurance agencies, and banking agencies are tied together. All of these agencies have a profit motive. That profit margin can be increased if a greater number of people have a lower credit score because a lower credit score is justification for higher interest rates. Higher interest rates will result in higher default rates if their income level decreases or the cost of living for their area increases more than their income. Higher default rates will further reduce the ability to advance income level and will also result in higher insurance rates--of which car insurance is legally mandatory in most states. While one can easily say "it's the consumers fault" it's impossible to deny that the businesses involved actually have an interest in encouraging this downward spiral. As long as they properly profile their customers ahead of time (those who we can screw, those who we can milk, and those we shouldn't mess with) there's little risk of a political or even media backlash. This profiling is justifiable from a business perspective. From the standpoint of "truth, justice, the American way, and leader of the Free World", however, one would expect that our tax dollars are working to prevent this wholesale exploitation of consumers.
As a basic business model this conflict of interest is very likely especially with the fanaticism for corporate growth and quarterly earnings on the stock market. From what I've seen my tax dollars have been aiding and abetting more than they've been securing me from this conflict of interest.
When it's my own tax money contributing to systems trying to lock me down as someone else's legally indentured servant I start to question everyone's motives.
fast as fast can be. you'll never catch me.
The general public seems to think not, while our elected officials seem to think it's just fine.
I have seen this sentence in a variety of forms, but ultimately, it boils down to the perception by seemingly every member of the public that there is an US and a THEM. When and why did this mentality start?
Arguably, it could be said it has always been this way, for as long as there was a government and the governed. However, here in the United States of America, what has happened to cause us, the citizens, to view our government this way? Ignorance? Apathy?
We don't have "elected officials" - our government is supposed to be a representative democracy. All of the members of our government are elected as representatives of the people. The key word is "represent"! They are supposed to be elected to represent our interests, to represent in a analogous fashion who we are as individuals.
These people we elect are not meant to be our kings or queens. They are not the "ruling elite", and they should not be viewed, thought, or spoken of as so. To do so grants them more power and status than they deserve. We are not vassels under a lordship. We are free citizens of the United States of America in a representative democracy.
The way the submitter speaks in his writing (and it isn't just him - it is spoken this way of our representative on a wide ranging number of issues affecting the lives of you and I), seems to indicated that the ChoicePoint (or similar) issue didn't (and never can) affect the lives of our elected representatives. Why not? Why shouldn't it? Why do our elected representatives think (or know?) that it can't? If it can't affect our representatives, why should they care how it affects those who they represent?
If they don't, if they truly think this way, then we are nothing better than serfs fated to live out our lives in mediocrity. This isn't the United States I was brought up to know and love.
A famous quote by Thomas Jefferson, one of our country's founding fathers, reads:
The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants
I dare to wonder if the time is nigh that we need to exercise our second ammendment rights, march on Washington, and water that tree a little. It is "We the People" and not "Us" versus "Them". The sooner the citizens and our representatives realize this again, the better off we and our country will be.
Reason is the Path to God - Anon