[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bullshit (was: Re: Fair Credit Reporting Act and Privacy Act)



-----BEGIN PGP SIGNED MESSAGE-----

At 10:18 PM 2/8/96, Bill Stewart wrote:

>The parts of the Privacy Act that I remember are all restrictions
>on _government_ actions, not private actions.  It's an important 
>distinction; even though TRW may know way too much about you, it's all information that >you voluntarily released to somebody, unlike data that 
>the government requires you to give them.  And, yes, it's out-of-date 
>and toothless.

        It's important to distinguish between information that you've voluntarily released as such (e.g., giving someone your SSN) and information derived from analysis of your actions (e.g., repayment patterns, value-added with a proprietary scoring system) and/or consolidated from small releases of info here and there--and most of the material in a typical TRW or Equifax dossier is of the latter kind.
        ObCrypto? Vaguely. I've been thinking about the possibilities of "bullshit generators"--simple programs that would generate names and various kinds of facts about people who don't exist and "make this info available": email addresses to SSNs, addresses, credit histories, medical records, you name it. If "bullshit bots" became generally available and easy to implement, "information markets"--a phrase that's far too general to capture the complexity of the dynamics it refers to--would stratify pretty fast: groundfeeders like the fine folks who're now grepping newsfeeds for email addresses + interests could be laid waste to pretty fast by a handful of dormant newsgroups systematically flooded with posts from [email protected] or [email protected]. Who'd pay for a DB that's half bogus? Alternatively: who'd pay to prevent their DB from being corrupted? Companies like Equifax would be harder to penetrate, but by no means beyond reach: there are so many people out there who they don't have files on yet--in ghettoes, in Eastern Europe--that they could be duped. We tend to think of information markets as markets for _true_ information; but as those markets mature, they'll breed parallel "counterweight" markets--markets, in essence, for _false_ information. Equifax and TRW got the goods on you? How much would you pay to vanish into a crowd of newly created people with excellent credit ratings who are all just a few diddled digits away from you, your SSN, your address, your phone number, your mother's maiden name...? The latest issue of RISKS (2/8/96, 17:70) has a kvetch about <http://www.graviton.com/red/>, "The Red Herring Home Page":

>        A little experimentation revealed that almost ANY obscure search
>would match "The information source", often as the only matching 
>document found. As near as I could figure out, his site recognized
>probes by web robots and then threw a dictionary at them!

        Congress would be hard pressed to illegalize fiction.

        ;)


Ted
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMRsCX3Shd2boiy7BAQGS1gf+KK/VG9EGHkHBE/zaH2saf2Kb1Qgq4Ez1
wUABgo5JFAwbYFMY4aPZJIOcU2gPlVSDEHZtRMRI/JW2FTqGD8BwMneBjEFI9uHs
K9jUhT3sSyzWgwW/9H8rb/mO8gHJig9jcWseyK/z3Cyk8MFbP5h0nLcougTIhRFr
f2X/i4y3JNajtUYfkWQVUbDr0yS/5NesiMX79KB560clhPgXqTVgfU15DJOytWGZ
aRSfUU7Fu05BypfylcqW2nltgnvkAVrI+4Scf/nolZEqBT3PJ3MmWXNetbULxd4A
Jr3IRG/E3CVwBcOAhFLyw48c5Qseu7pSs6OA5VqgmGD/0SEdI1raWA==
=8XnL
-----END PGP SIGNATURE-----