Little clearing in privacy/personal information issues

Federal Trade Commissioner (FTC) Orson Swindle had some strong words recently for business leaders attending a meeting on cybercrime convened by the Business Software Alliance and the Center for Strategic and International Studies (as reported in National Journal’s Tech Daily [subscription req'd]):

“Industry has been irresponsible, and someone’s got to pay,” [he said ...]

Swindle said Congress’ current obsession with attacking the explosion in identity theft was misplaced.

“It’s not identity theft — it’s theft of information,” he said.

However, as pointed out in a NY Times article today, many of the activities from which current privacy concerns arise aren’t theft at all:

Working with a strict requirement to use only legal, public sources of information, groups of three to four [Johns Hopkins Univ. graduate] students set out to vacuum up not just tidbits on citizens of Baltimore, but whole databases: death records, property tax information, campaign donations, occupational license registries. They then cleaned and linked the databases they had collected, making it possible to enter a single name and generate multiple layers of information on individuals. Each group could spend no more than $50.

[...] The Johns Hopkins project was conceived by Aviel D. Rubin, a professor of computer science and the technical director of the Information Security Institute at the university. He has used his graduate courses before to expose weaknesses in electronic voting technology and other aspects of a society that is increasingly dependent on – and at the mercy of – digital technology. “My expectations were that they would be able to find a lot of information, and in fact they did,” he said.

Is the real worry unauthorized access to or misuse of personal information (e.g., ID theft, fraud, etc.), or is it the fact that there seems to be so much personal information out there for the taking (or aggregating) in the first place?

There are many nuances and distinctions here, and one hopes that policymakers are aware of and will consider them. In any case, Commissioner Swindle and his FTC colleagues are sure to play an integral role in implementing any related regulatory provisions that work their way through the legislative process this year.

We will, of course, keep you posted.

This entry was posted in Privacy and Security. Bookmark the permalink. Comments are closed, but you can leave a trackback: Trackback URL.