Shostack + Friends Blog Archive


Random Thoughts on Specter-Leahy

Senators Specter and Leahy have proposed a new law on identity theft and privacy. Some thoughts as I read it. But first, what the hell are they doing preventing me from copying sections? Frigging DRM. Quotes shall be shorter than they otherwise would.

  • Title III, 301.b.1 (pg21): “A data broker shall, upon the request of an individual, clearly and accurately disclose…”

    But how is an individual to know that a new data broker exists, or is gathering records about them?

  • Section 424 provides that notification doesn’t need to happen if the state attorney general and federal law enforcement agree. This is a compromise between the ABA position of letting banks decide for themselves, and the “always notify” position, which I support.
  • Title V, section 501, (pg 66) “protection of social security numbers” should be broadened to “government issued identifiers.”
  • Section 1150A.a.1 (pg 69), prevents a business from requiring you use your SSN as an account number, but does not prevent a business from demanding it. 1150.b.1 does, but then allows that demand if the purpose is “obtaining a consumer report for any purpose permitted under the Fair Credit Reporting Act.” Thats too bad, it would be nice to allow customers to offer reasonable deposits in lieu of a credit check, especially in those cases where the service is one that can be easily terminated, like a phone.
  • The law doesn’t seem to prohibit the use of the social security number as a password, even while it allows for the display of the last four digits.

One comment on "Random Thoughts on Specter-Leahy"

Comments are closed.