Privacy Reform

Posted by on March 14, 2005

Stumbled across this on Crypto-god Bruce Schneier’s blog.

Daniel Solove(George Washington University, Assoc. Prof Law) and Chris Jay Hoofnagle(Dir. EPIC) released their A Model Regime of Privacy Protection on March 10th. It’s a very good layout of the challenges we face with regard to protecting our private information along with ideas as to how to handle the challenges.

Good Points:
1) Meaningful Informed Consent. They reference the fact that Gramm-Leach-Bliley is ineffective with regards to opting out of data sharing(Section 2-a) . They go on to recommend a notification procedure when policies are changed at companies like ChoicePoint.

2) One-Step Exercise of Rights. Ever tried opting out of spam? Sure, they log the fact that your email is active but they also put you through 7 layers of hell before they say, “Oh alright”. With ChoicePoint Et al keeping “cradle to grave” records on virtually everyone and selling them to the highest bidder it becomes critically important that we, the creators of those records, have a way telling them to get bent. Solove and Hoofnagle recommend a central mechanism for folks to use similar to the DO NOT CALL list operated by the FTC.

3) Secure Identification. Social Security Numbers are a big NO NO. They are used everywhere from your movie rental place to the…well…the Social Security Administration. Solove and Hoofnagle recommend the use of passwords. Biometrics are wonderful but if they are stolen the resulting damage is practically unstoppable short of killing the victim. This opens up a whole other can of worms with the likes of Paris Hilton and her cell phone woes.

Not So Good Points

Won’t list them chapter and verse because I really like the ideas they talk about overall and don’t want my own political leanings to cloud that fact. The big problem I have with alot of their recommendations is that they, Solove and Hoofnagle, drop the responsibility of protecting this information primarilly in the lap of the FTC. There is passing mention of implementing fines for companies that break the laws but the oversite of those laws is left to the FTC.

Dunno…this is an EXCELLENT starting point but I think there’s still work to be done. I am going to try and make sure this finds its way to a desk at Kentucky’s Legislative Research Commission.

Last modified on March 14, 2005

Categories: InfoSec, Local Kentucky

« | Home | »

3 Responses to “Privacy Reform”

  1. Curt Sampson Says:

    The “central mechanism for folks to use similar to the DO NOT CALL list operated by the FTC” sounds problematic to me. See my post on Bruce Schneier’s blog for details.

  2. free slots Says:

    free slots

    You may find it interesting to visit some helpful info on slot machines

  3. personal loans Says:

    personal loans

    In your free time, check some helpful info about loans home loans

%d bloggers like this: