Comments on: Hi, I’m Justice Breyer and I Want a Lexus: Jurist Part of Security Breach of Personal Data http://jonathanturley.org/2008/07/09/hi-im-justice-breyer-and-i-want-a-lexis-jurist-part-of-security-breach-of-personal-data/ Res ipsa loquitur ("The thing itself speaks") Mon, 23 Nov 2009 11:56:20 +0000 http://wordpress.com/ hourly 1 By: Gino http://jonathanturley.org/2008/07/09/hi-im-justice-breyer-and-i-want-a-lexis-jurist-part-of-security-breach-of-personal-data/#comment-16322 Gino Wed, 09 Jul 2008 21:13:20 +0000 http://jonathanturley.wordpress.com/?p=2349#comment-16322 "The US Senate will some time today facilitate this administration in the identity theft of 300 million Americans." Must ... not ... comment ... (Sound of head exploding.) “The US Senate will some time today facilitate this administration in the identity theft of 300 million Americans.”

Must … not … comment … (Sound of head exploding.)

]]> By: Jill http://jonathanturley.org/2008/07/09/hi-im-justice-breyer-and-i-want-a-lexis-jurist-part-of-security-breach-of-personal-data/#comment-16312 Jill Wed, 09 Jul 2008 19:42:15 +0000 http://jonathanturley.wordpress.com/?p=2349#comment-16312 They just sold us out. Hope the money was worth it. They just sold us out. Hope the money was worth it.

]]> By: Jill http://jonathanturley.org/2008/07/09/hi-im-justice-breyer-and-i-want-a-lexis-jurist-part-of-security-breach-of-personal-data/#comment-16305 Jill Wed, 09 Jul 2008 18:06:37 +0000 http://jonathanturley.wordpress.com/?p=2349#comment-16305 whooliebacon, That is scary. Seth, Elizabeth Warren of Harvard writes extensively on how credit reporting agencies put all the onus of fixing/finding errors (many of which they made) on our credit reports. As you said, in this they are aided by our trusty friends in the House and Senate. The credit agencies make a lot of money off "our" data. I hope there will someday be a law making our data ours! whooliebacon,

That is scary.

Seth,

Elizabeth Warren of Harvard writes extensively on how credit reporting agencies put all the onus of fixing/finding errors (many of which they made) on our credit reports. As you said, in this they are aided by our trusty friends in the House and Senate.

The credit agencies make a lot of money off “our” data. I hope there will someday be a law making our data ours!

]]> By: rafflaw http://jonathanturley.org/2008/07/09/hi-im-justice-breyer-and-i-want-a-lexis-jurist-part-of-security-breach-of-personal-data/#comment-16304 rafflaw Wed, 09 Jul 2008 18:04:09 +0000 http://jonathanturley.wordpress.com/?p=2349#comment-16304 Whooliebacon, You hit the nail on the head. Prof. Turley, did you at least get to drive one of the cars?? Whooliebacon,
You hit the nail on the head. Prof. Turley, did you at least get to drive one of the cars??

]]> By: whooliebacon http://jonathanturley.org/2008/07/09/hi-im-justice-breyer-and-i-want-a-lexis-jurist-part-of-security-breach-of-personal-data/#comment-16301 whooliebacon Wed, 09 Jul 2008 17:51:55 +0000 http://jonathanturley.wordpress.com/?p=2349#comment-16301 The US Senate will some time today facilitate this administration in the identity theft of 300 million Americans. The US Senate will some time today facilitate this administration in the identity theft of 300 million Americans.

]]> By: Seth http://jonathanturley.org/2008/07/09/hi-im-justice-breyer-and-i-want-a-lexis-jurist-part-of-security-breach-of-personal-data/#comment-16297 Seth Wed, 09 Jul 2008 17:28:53 +0000 http://jonathanturley.wordpress.com/?p=2349#comment-16297 It's a jurisdictional issue. It's a high-value crime, but the victim isn't local, the criminal isn't local unless he's dumb, and the local party is the 'innocent' dealership which didn't really suffer a loss. In reality they may have turned a blind eye to shady acts, but how do you prove it? The lender is out the difference in the value of a new car and the recovered car, but again they're in a different jurisdiction and have a vested interest in hiding just how easy it is to exploit them. Toss in the cost of pushing the local DA to act vs. the actual loss, and it's cheaper for them to drop the matter and just pass higher costs (to cover the loss) to everyone. The only real solution is to put the costs of identity theft on the businesses with poor practices, not the individual who was probably hit through no act (or failure to act) of his own. But, gosh, who is spending millions and millions of dollars on lobbyists? Who has in-house lawyers, vs. the family hit with hours and hours of paperwork and follow-up phone calls? Even obvious solutions (which should be done regardless), like letting customers set a flag on their credit reports saying that credit extenders -must- get affirmative confirmation on any amount over $X dollars or the contract will be unenforceable, runs into various practical problems. It's easy to see what this means when somebody wants to get a $2000 credit card at Best Buy to buy a new plasma tv (a lost sale for BB, which is why they resist it :-) ), but what about the guy in the car dealership who says his car was just totalled and he needs to replace it? Or the one in Home Depot who says his refrigerator just died and he needs something to keep his insulin cold? How do you distinguish them from fraudsters? If a faxed signature form is enough, how do you know it isn't an ID thief anyway? Do you make him go home and wait for postal mail? If so, how are you sure his home address isn't bogus? It's a serious problem -- hundreds of millions or billions of dollars every year -- but no obvious answers. It’s a jurisdictional issue. It’s a high-value crime, but the victim isn’t local, the criminal isn’t local unless he’s dumb, and the local party is the ‘innocent’ dealership which didn’t really suffer a loss. In reality they may have turned a blind eye to shady acts, but how do you prove it?

The lender is out the difference in the value of a new car and the recovered car, but again they’re in a different jurisdiction and have a vested interest in hiding just how easy it is to exploit them. Toss in the cost of pushing the local DA to act vs. the actual loss, and it’s cheaper for them to drop the matter and just pass higher costs (to cover the loss) to everyone.

The only real solution is to put the costs of identity theft on the businesses with poor practices, not the individual who was probably hit through no act (or failure to act) of his own. But, gosh, who is spending millions and millions of dollars on lobbyists? Who has in-house lawyers, vs. the family hit with hours and hours of paperwork and follow-up phone calls?

Even obvious solutions (which should be done regardless), like letting customers set a flag on their credit reports saying that credit extenders -must- get affirmative confirmation on any amount over $X dollars or the contract will be unenforceable, runs into various practical problems. It’s easy to see what this means when somebody wants to get a $2000 credit card at Best Buy to buy a new plasma tv (a lost sale for BB, which is why they resist it :-) ), but what about the guy in the car dealership who says his car was just totalled and he needs to replace it? Or the one in Home Depot who says his refrigerator just died and he needs something to keep his insulin cold? How do you distinguish them from fraudsters? If a faxed signature form is enough, how do you know it isn’t an ID thief anyway? Do you make him go home and wait for postal mail? If so, how are you sure his home address isn’t bogus?

It’s a serious problem — hundreds of millions or billions of dollars every year — but no obvious answers.

]]>