Shostack + Friends Blog Archive


Screening the Open Society Paradox

If you’ve been enjoying the Chaos-Paradox spat, Ryan Singel’s Paradox Still a Paradox is not to be missed:

But when it comes to big data brokers that compile dossiers on Americans and list marketing firms that enhance their lists with data bought from data brokers, Bailey thinks they should be immune from the return gaze, because it might cost companies money to comply.

Nevermind that the data can cost people a possible job, a place to live, or, in the case of Amy Boyer or a woman fleeing an abuser, her life.

2 comments on "Screening the Open Society Paradox"

  • Foo, The Pirate says:

    I suppose I am being naive here, but I’ve been thinking that the whole issue of liability over data theft could be “easily” solved by adjusting data ownership.
    What I mean is: if I lend you my car so you can take a trip, let’s say, to work, even if the work is on my behalf, you’re ultimately responsible for the car. If you dent it, you pay the insurance deductible at least.
    The way I see it, it should be the same with my data, which I would still “own” if I gave it to someone: if I am “lending” it to the data broker, for whatever service he is doing for me, and while it is in his care it gets “dented”…then his responsability is to make good for the damage.
    In my personally rosy view,i wish every time I was asked to give someone my SSN for example, i’d be able to append a fingerprint to it that would enable me to see (and sue) whomever “liberated” it in case I found that same piece of info somewhere else…I guess the mechanisms for that exist, but of course, nowadays, it is still impractical…

  • One of the difficulties with legislating a response to the thefts, frauds and data breaches of personal information is the unforeseen consequences. Undesirable information to one is a blessing to another. As an investigator, I apply the advantages of the aggregated information to help people settle estates and find family members; my business clients make better financial decisions and the attorneys I work for resolve litigation through access to the same information sources that someone else will use destructively. How do we fairly regulate that?
    We can’t put the rabbit back in the hat but we can, and should, and do regulate the magician. No doubt, there need to be stronger safeguards. But information has a way of leaking out in an information society. Sometimes through sabotage. In other instances through disregard. Protecting people from danger or from being unfairly excluded from a job cannot be achieved by a wholesale closure of access to the database records, which Congress is mulling over. The Fair Credit Reporting Act does address the employment hiring issue, giving potential employees the right to obtain derogatory reports and limiting the factors employers can use to evaluate employability.
    The element of violence against people based on database derived information is negligible, particularly in light of the multifarious avenues exercised, all too easily and too commonly, for harming our fellow human beings.

Comments are closed.