Selling Other People's Identities 146
joeflies writes "The San Francisco Chronicle has an extensive article on the controversial site Jigsaw, which makes it easy to sell other people's identity information. Jigsaw encourages people to collect business cards and email signature blocks, which is compiled together into a searchable database. Participants earn points towards their own searches or earn money.
Is this exactly what Scott McNealy meant when he said electronic privacy is dead?"
Private Business Cards (Score:4, Insightful)
Re: (Score:3, Insightful)
Re:Private Business Cards (Score:4, Interesting)
Now answer again, pretending that Jigsaw is an ISP or a filesharing software developer.
Re: (Score:1)
Re: (Score:1)
Also, I was visiting a website the other day and was informed that my computer was broadcasting an IP address to the internet! Surely that'
Re: (Score:2)
Re: (Score:2)
For the average home user, an ISP is the ONLY way that they can distribute their personal information, as a "home page" is generally provided without additional cost. It is up to the user to determine what information is posted, but the service is made available by the ISP.
I do agree that Jigsaw is EXPLICITLY offering this specific service, while an ISP offers a verita
Re: (Score:2)
Re: (Score:2)
>Now answer again, pretending that Jigsaw is an ISP or a filesharing software developer.
Wrong question.
Legal filesharing is a fact of life no matter what the RIAA/MPAA do to taint the P2P market.
P2P makes it easier to publish works (good), and so harder to shut down sources faster than they appear (bad, if you are a reactionary, or if your copyright is being violated).
You can draw an analogy to the block printing press, which in its
Re:Private Business Cards (Score:4, Informative)
Re: (Score:3, Interesting)
You mean from phonebooks, mailboxes, and tombstones? I assume they go by a stringent code of honor.
I fully support a person's right to limit the distribution of his contact info, however, my email sig and business cards are no longer mine when I publish them or give them away. It sucks that someone I don't know can send me an email or call me, but that's what I get for living in the world today.
Perhaps people could copy
Re:Private Business Cards (Score:4, Interesting)
Slashdot Login Problems (Score:2)
I kid, I kid.
Nothing but public information (Score:5, Interesting)
Jigsaw [jigsaw.com] isn't putting up your grandmother's Social Security number, nor is it hosting pictures of you and your dog. All they host (and all they want) is business contact information. This isn't a violation of privacy... it's a boon for businesses to contact other businesses. It has no desire to be a Zabasearch [zabasearch.com] clone.
If the submitter had bothered to read the article, they would've seen this very important message:
So there you go. Someone decides to conglomerate the information any moron can find in a "Contact" page on a corporate Web site, and the privacy nuts freak out — despite the fact that it has nothing to do with privacy. I love how some people commented about creating fake identites and submitting them. Well, unless Mr. John Doe has his own domain and business license, I don't think that fake info will do any good!
Perhaps CowboyNeal [cowboyneal.org] needs to see a psychiatrist about his manic-depressive and schizophrenic paranoia disorders. At the very least, he should apologize to Jigsaw (if not to all of Slashdot).
Re: (Score:2)
That's 3 metres, for you SI fetishists
Jigsaw has high ethics (maybe) (Score:1)
It's easy... (Score:1, Interesting)
Re: (Score:2)
Upload the entire
After all, I'm a troll: aren't you?
Is it really? (Score:1, Interesting)
Re: (Score:3, Insightful)
Re: (Score:3, Insightful)
Business cards have the same implicit confidentiality/privacy as letters?
Business cards are handed out by people to put their contact information out there for potential future business partners. It's not uncommon for people to go to a business convention and just put out a stack of business cards for strangers to take. It's also not uncommon for one person to pass on another's business card to someone else whom they feel might be interested in contacting the person listed on the card.
Letters don't exchan
Re:Is it really? (Score:4, Insightful)
Talk for yourself, don#t talk for others.
Currently I run my own business, and I indeed give out business cards for the reason you mention. A couple of years ago however, I was a systems engineer for a huge IT company, and whenever I gave a business card to someone it was because of that specific individual having a need to contact me and me approving of him contacting me.
The morale of the story is that what you happen to do is first of all not representative, and second, might change over time.
A business card as such is copyrighted both in its design and its content. Taking that content and copying it is a violation of my copyright on my card, and you cannot do that without my permission.
Re: (Score:2)
Re: (Score:2)
This would concern jigsaw as a whole, but I somehow doubt that this covers the individual information as presented on a business card. At the very least, the company name and function title on it.
Re: (Score:3, Informative)
Re: (Score:2, Informative)
Re: (Score:2)
A published book is publicly available yet if it was written in somewhat recent times (what this means depends on copyright terms in your specific location) it is protected by copyright.
Even giving away a copy of copyrighted information does not remove the copyright on that information.
You can grant a license to everyone that receives the information allowing them to pass it on, you could specifically put it into the public domain, and in
Re: (Score:2)
At any rate, it seems you are right that name and street address and phone number are not a creative expression usually (and you can indeed argue about name). However, company name and function title can very well be a creative expression and be protected by copyright, This still means that copyrighted information is distributed. Oh, and it really does not matter who owns the copyright
Re: (Score:2)
I'm not talking for others. I'm stating a common cultural practice. Perhaps when you have business cards made for yourself and your organization you should consider how others treat/use business cards. They certainly aren't treated as personal communiques or sensitive/confidential personal information like letters. If you don't want a particular contact to get out, don't put it on your business cards. It's customary to put your public business contacts on a card, and if you want to give a particular person
Re: (Score:2)
This is a common practise among people involved in sales activities, it is definitely not a common practise among those involved in say technical support.
Perhaps when you have business cards made for yourself and your organization you should consider how others treat/use business cards. They certainly aren't treated as personal communiques or sensitive/confidential personal information like letters.
If I somehow get the business card of the l
Re: (Score:2)
You are an expert on having a good discussion I see.
You can not copyright your name, address and phone number. Ever hear of a phonebook?
I wonder, did you read any of the other replies to my post?
You are both redundant and rude, please learn to have a proper argument.
The layers are going to love this one. (Score:2, Interesting)
Very dangerous territory.
Re: (Score:2)
Sues on the grounds of what?
If I hand out cards to all sorts of people, stating that my name is John Smith, I'm vice president of silly walks at Acme Industries, my phone number is (123)456-7890, and my email is jsmith@acme.com, can I really then make a case that I had a "reasonable expectation of privacy" for that data?
That's not to say that I like data-mining, mind you, but if everyone from grocery stores to the NSA can get away with it on the grounds that the information was already publically availa
Re: (Score:2)
yes... one of my phone numbers is ex-directory (the direct line to my desk). I only hand out business cards with that number on to those I want to know it... the other business cards have my public numbers... when my
Re: (Score:2)
My secret identity is for sale??? (Score:5, Funny)
--Superman
How many points do I get for this guy? (Score:2)
He seems important [wikipedia.org]. I've got no fewer than nine business cards from him, all different.
Re: (Score:1)
--Superman
don't worry too much. just keep the glasses on.
Too late (Score:2)
http://en.wikipedia.org/wiki/DC_Comics [wikipedia.org]
Re: (Score:2)
BWAAAAHAHAHAHAHAHAHAHAHAHAHA ROTFLMAO!!!
Collaborative privacy destruction? (Score:1, Offtopic)
Well, it's a double-edged sword (Score:5, Insightful)
What he fails to realize is just how far this user-supportedness can go. Just like with Wikipedia, I imagine that Jigsaw will be hounded by vandals and the like, dumping loads and loads of false information into Jigsaw's database.
Moreover, since Jigsaw is going against basic principles of privacy, I can imagine that we're going to see a lot more problems than with Wikipedia from "vigilante vandals".
Re: (Score:3, Interesting)
Re: (Score:2)
Re: (Score:2)
Unlike Wikipedia, you have to pay $25/month to use this. Also, you're not anonymous, so if you are identified as a vandal, your entered data can be removed. They also limit input to 25/entreis month.
Moreover, since Jigsaw is going against basic principles of privacy
There are lots of business directories like this, starting with the Yellow Pages. The main difference is tha
Re: (Score:2)
Great. So the barriers for participation in a nefarious identity-mining site are higher than for Wikipedia. Which means that scenarios like this one are playing out in the back of school buses across the land:
Punk_01: "D00d! I got a great idea! Let's scam that new teacher, I glommed his biz card, we can put his phone number and shit online!"
Punk_02:
Re: (Score:2)
Even if someone could insert names in this site, the "identity theft" hysterically hyped in the summary is unlikely, perhaps a few more marketing calls than usual. Your "punks" would have more fun signing their teacher up for a gay dating service.
Re: (Score:2)
...so I'm never going to correct incorrect information about me or my company that they have online.
And this is a good thing how, exactly?
Re: (Score:2)
Who said it was good?
I can see my entry already: (Score:2)
123 A Street
Townsville, Nunavut, Canada
H0H 0H0
World's 2nd Greatest Lover
Finest Swordsman
Outrageous Liar
Soldier of Fortune
Stepladders Repaired
Very extensive article. (Score:4, Informative)
Given how stupid your average human is, though, there isn't much hope for the former.
Re:Very extensive article. (Score:4, Informative)
Contact information != identities (Score:3, Informative)
OTOH, Lotus Marketplace shocked in 1991 (Score:2, Informative)
Make money fast! (Score:1, Offtopic)
Jigsaw? oh no! (Score:1)
The chickens have come back home to roost (Score:2)
For ages, these same poor put upon privacy-deprived businesses have been pirating our personal information and trading it around.
Now it has come back home to bite them on the butt.
Maybe now we'll see them use their lobbyists to buy some privacy laws. Then everyone will want to participate in those protections. Hmmmmmm. Good idea, Jigsaw!
Re: (Score:2)
Not all of the people in a 'rollodex' are going to be businesses, many would be clients perhaps. I am pretty sure that in the UK if they aren't businesses then any unauthorised selling or distribution of that personal data is illegal (the Data Protection Act), not sure if that t DPA covers business data also.
In TA he cites the example of people who buy houses and enter themselves
Re: (Score:2)
Distributing and processing personal data without consent is an offence under the UK Data Protection Act, and much of the rest of Europe has similar laws. IAALBINMY (I am a lawyer but it's not my area), but I'm fairly sure it covers personal data in a business context.
It is companies that should improve id checking! (Score:5, Interesting)
The scandal is not that people are selling and buying that kind of information. The scandal is that companies accept that kind of information as identification information.
The scandal is that anyone can pretend to be me by knowing my name, address, phone number, and social security number, and little more sometimes, but not always. NONE of those pieces of information was EVER meant to be secret. We have to write our social security number in zillion of places, our employers know it - nobody in his right mind could trust that as a piece of identification information!
Yet this is exactly what companies do, because they bear little of the cost, and there is no legislation that forces them to be more selective with what they accept as identification information (read with what little info one could access the phone record of Thomas Perkins).
And all the while, better tools for identifications are widely available. I could identify myself to my bank simply by sending them a PGP-signed email: all that this requires of me is to click on the "sign it" button in Thunderbird - and I get incredibly better security than monkeying around with SSNs.
Yes, people with PGP tend to have small webs of trust - but this is because of lack of legislation that requires better identification for transaction, and also, for lack of public services. In my city, want to tell the tree pruners that the city tree next to my house needs some pruning? There is a phone number and a very kind and helpful employee on the other end of the line. Want to get your PGP key signed by a city/county officer that checks your papers thoroughly? No hope. You have to somehow know someone who is connected enough to others that need PGP (package maintainers, for instance). Tree haestetics surely ranks higher than basic identity security, even though our nation is more and more based on remote transactions.
Our legislation, and public services, are late some 20 years regarding identity management. The scandal is that they are not brought up to date faster, not that some people are selling email footers that we send around for free.
Re:It is companies that should improve id checking (Score:2)
Yes, and no. You get better security, as long as your system isn't trojaned, wormed, or compromised. (And no, running Linux or OSX doesn't make you immune to these problems, though it helps) And so long as a m
Re: (Score:2)
Look, they could issue (for $100? or how much it costs) to people devices which are able to sign with a private key a short string of digits (16? 20?) that they dictate to you over the phone. You dictate back the 20 digits of the signature. The company verifies with the public key on record. No complication, no computer needed.
Ultimately secure? Not. The keys would be most likely too short, yadayada. But anything like this would be VASTLY better than relying on the same 9-digit fixed number (the SSN
Re: (Score:3, Insightful)
Ok. 300 Million people in the USA. Times $100. That's $30 BILLION dollars. So much for cheap.
to people devices which are able to sign with a private key a short string of digits (16? 20?) that they dictate to you over the phone. You dictate back the 20 digits of the signature.
Ever enter a WEP key? It's 26 letters long. I have to retype one at LEAST 2 or 3 times TWICE in order to get it to work, when I have the key printed right in front of me. Do you
Re: (Score:2)
$100. Cheap. How much do you think it costs you to get a passport? Or a driver licence? Same order of magnitude. And most likely, if you mass produce it, it could be $20 (it shouldn't cost more than a pocket calculator).
Lose it? Call and ask for the key to be revoked. Somebody else voids your key? It is a nuisance, to be sure: bring it in and have it reprogrammed. I mean, also credit cards get lost, it's not the end of the world.
Somebody get my $100 thingie? They can do exactly what they can do
Re:It is companies that should improve id checking (Score:2)
Any COTS smart card reader could verify that you are legit.
This would cost a little bit of money initially, but it would pay for itself thousands of times over due to the reduction it fraud.
It isn't perfect--it is as cl
Re:It is companies that should improve id checking (Score:2)
Typical /. misinformation (Score:2)
Actually, it doesn't. The law only covers government agencies. From the SSN FAQ [faqs.org]:
Re: (Score:2)
Jim Fowler sightings (Score:2, Funny)
Sign up now! Win valuable prices! (Score:3, Funny)
(Winners must collect their price at our central office in North-Siberia. Offer void in your area.)
To apply fill in this form:
Full name:
Adress:
Phone number:
Email adress:
Job title:
Name of Company:
Adress:
Phone number:
Religion:
gender:
Ethnicy:
Shoe size:
Blood type:
Sexual prefences:
Fetish preferences:
favorite color underpants:
Disorders (list not more than 4):
Genetic defects:
Credit cards owned (name, number, end date and security number):
Social security number:
Ilegal weapons owned:
List of people you don't want to see recieving this information:
Amount willing to spend monthly to assure this wouldn't happen:
How often do you cheat your wife/husband:
List the last 5 people you cheated with (include adress and phone number):
Likelyness your wife/husband would use violence against formentioned people:
Do these people know of your wife/husbands violent nature yet?
Other information that could lead to blackmail:
Thank you for cooperating.
Note: We will not share your information with thirth parties. In fact we don't share at all. Information could be sold to highest bidder (and probably will). Highest bidder might be a maffia member, however we of RipYouOffOnline(TM) can't be held responsible for violence as a result of not following your end of the blackmail.
Re: (Score:2)
Do I have to have a subject? (Score:3, Insightful)
Although annoying, truthfully this guy isn't doing anything wrong and it seems he's compiling a database of business contact information accessible via a paid subscription or by adding business contact info. Only if he allowed personal or home information would this be wrong.
I always get this odd sens eo fpride at how much goes on in my own back yard, and it reminds me of part of the reason I love living in Silicon Valley and the Bay Area.
For my needs... (Score:2)
Probably would be illegal in the UK (Score:5, Insightful)
Quite a few times I've thought, wouldn't it be nice if America had the same data privacy laws... this is a good example of why they're needed.
In the UK a database of personally-identifiable information automatically needs permission from every single individual concerned, unless it's exempt for some reason. Even if it is exempt the data can only be kept for the purpose it was collected for, and not shared. Once it's no longer needed it has to be destroyed.
It's a good example of putting individual rights before business interests. Not something the USA excels at...
Re: (Score:2)
Don't count on it :-( (Score:4, Informative)
Our data protection laws in the UK aren't nearly as powerful as you (and most people) think, unfortunately, and while I think our current Information Commissioner is a pretty good guy, he can only protect our privacy with the powers he's given in law.
For example, take a look at the kind of data Transport for London have (or at least used to have) in their data protection entry, and tell me it's really all needed to meet the business requirements of that organisation.
Moreover, the number of exemptions is pretty staggering. Why are credit reference agencies permitted to keep vast amounts of personal data about me without my consent? (Don't tell me it's those signs at the shop counters; I read the small print, and I've read my credit report, and the two are not related in any meaningful way.) The last time I dealt with a credit reference agency (to clean up someone else's mistake that was black-marking my record incorrectly) I discovered that there were, quite literally, more inaccurate entries in my record than accurate ones. After waiting on hold for more than half an hour to speak to someone about them, I was asked after about five minutes "whether it really mattered", since "it's after 6pm and I'm supposed to be going home now". Seriously, that's what they told me, after a half-hour on hold, when the records they had on me that could directly affect my ability to get a mortgage or something were written in someone's dreamland.
Other legal powers aren't as great as you might expect, either. For one thing, while you can normally get bad information corrected, if you just don't want someone to store your personal information any more, you can't make them stop, as long as they're registered for that purpose. Take Amazon, for example. I bought from them using a credit card for the first time not so long ago. After going through the usual signing-up process and completing my order, I discovered that they are now keeping my credit card number on-file, and will use it any time someone makes an order from them using my login and password (which they control), without any further attempt to confirm my identity or intent to make that transaction. Can I make them drop that number from their database and opt to re-enter it every time I make a purchase instead? Take a guess. And this in a world where thousands of people's credit card numbers or other personal details have been "misplaced" by large businesses in the past year alone, and in a country where the law does not currently require a company making such mistakes to disclose them publicly or to pay any particularly heavy fines for doing so.
So while I agree we have better data protection laws than many, I think we have a long way to go before our data is protected as well as it should be.
Re: (Score:2)
Re: (Score:2)
Yes... it's very sad. Still worth buying second-hand, but unfortunately the risk of hardware failure becomes an issue and they're even more expensive...
Re: (Score:2)
In Canada too (Score:2)
http://en.wikipedia.org/wiki/Personal_Information_ Protection_and_Electronic_Documents_Act [wikipedia.org]
http://www.privacyinfo.ca/ [privacyinfo.ca]
For the record, this privacy law definitely makes writing inhouse programs for the enterprise interesting since you can't automatically assume that just because you have information available for use in the company, that you reuse it for another use within the company, even if the typical employee would expect such reuse to happen. You have to be explicit
How Prescient! (Score:4, Informative)
Yes. This is exactly what he meant.
After leaving his job as CEO of Sun, McNealy went on to found Jigsaw.
Re: (Score:2)
Privacy is dead. Long live privacy! (Score:2)
I love that "privacy is dead" quote of his.
Of course, I'll actually believe it when he posts his credit card numbers, nude pictures of his wife, and the itinerary and security arrangements for his family for the next month on a public web site.
Until he puts his money where his mouth is, he's just defending unethical behaviour with a sound-bite.
Speaking of privacy.. (Score:2, Informative)
Dunno.. (Score:2)
There is no excuse for this not being opt in (Score:2)
How I discovered Jigsaw. (Score:3, Interesting)
I had no luck contacting Jigsaw or deleting my information from their site via their form, but I did complain about this to HP. HP contacted me the next day and appologized for letting this happen. Shortly thereafter my information from Jigsaw was removed.
I've also caught several other companies that promise to not share my contact information using the same method. It's pretty effective and I just redirect those stolen addresses to
Jigsaw may claim that their information is only from sources like business cards that are handed out, but I can say for certain in my case that they just got a stolen customer list. They have no way of assuring that the data comes from legal sources like business cards. I see lawsuits in their future as they get more publicity like this. "We didn't know it was stolen" is not an acceptable excuse.
Trading people's identities is legal ... (Score:5, Interesting)
There is no sense in complaining about it since the whole US legal system happens to be designed to protect people's freedoms (such as the one to trade other people's identity information) from the snap judgement of their fellow man, especially when those freedoms are unpopular. And as we all know it's common business practice to disregard most "moral" considerations in the pursuit of revenues. Of course there is always the possibility of those revenues being affected by the backlash of being unpopular, but the decision criterion is always revenue, never morals or ethics. So impopularity only works if the backlash is large enough and inescapable enough. And that only for as long as the costs outweigh the benefits.
Which it probably won't be of course ... there are far too many issues clamouring for everyone's attention to guarantee that anyone who doesn't devote his whole spare time (or even his whole life) to being angry and upset about this or that abuse or scandal just won't have the time to much of an effective force. A handful of grumblers won't matter, but one powerful grumbler does. From the article it's interesting to see that when an individual complains to this company to have his own information removed, he is ignored. When HP complains, the information is taken down pronto. A clear case of cost-benefit tradeoff: an individual's ire (he hasn't got rights, but he might make a nuisance of himself) doesn't count for much. A large company's ire (they don't have any rights either, but they can afford a battery of lawyers to make life difficult for you) is something to be taken very seriously. Elementary economics.
Therefore, as I see it, new legislation is the only way to stop this sort of thing. Personally I would be in favour of legislation stating that you and you alone "own" your identity data, and that no-one (especially no companies) may hold or store any piece of it without your permission, and that they are obliged by law to fully disclose all information they hold on you upon first request, and that they are obligated to allow you to correct any information they hold on you, say within 20 business days. All of this enforceable on pain of say a 1000$ fine per case.
That would be too bad for companies that make a living from trading information, but I happen to rank my privacy over their survival and I wouldn't mind seeing them go.
The point is of course that the majority doesn't seem to support any such law. So unless there is enough political will to enact some legislation to protect our identity information from being sold it's no use grumbling. Unless you manage to grumble loudly enough to make an impact of course.
Time to stock false IDs (Score:3)
Re: (Score:2)
Obligatory post linking TFA Seinfeld (Score:2, Funny)
Very misleading title (Score:2)
After I read the article, I realized that it is mostly not about identity theft, but privacy. Not about "identity" information, but "contact" information. The original title of the article says nothing about identity theft. It does mention it in general terms in the text.
Very misleading title. What is wrong, BTW, of copying the original title, if you are not sure you understood the article? Right. The problem is
street tombolas in germany (Score:4, Informative)
thats why there are always guys on the street asking people if they want to win this and that - they only have to answer the quiz question (like 2+2=4 or 60000000000000?) where the damn answer is somewhere on the pamphlet and if you don't know, then they tell you the answer BECAUSE they only want you to fill out the form (name, adress, phone number) and SIGN that you agree to the conditions of the tombola
the conditions are on the back side of the form, written in light gray in font size 0.1 and CLEARLY contain the condition that they are allowed to sell your personal data....
A simple solution to this (Score:2)
If they can break the "social contract" of keeping business card information semi-private, then we are perfectly within our ri
Personal Info Copyrights (Score:2)
Personal info, including contact info, must be covered by the same kind of protection from copying. To legally protect the kind of discretion and
Is Jigsaw Data following privacy standards? (Score:3, Informative)
Read More: http://techaddress.wordpress.com/2006/09/08/is-ji
i 3 it... (Score:2)
Nothing new on this earth (Score:2)
It's called networking people. This same practice has been going on since the dawn of sales. A group of people with a similar customer base get together and share information to reduce their workload.
All over America, in Chambers of Commerce, Social Clubs and Grange Halls, people are gathering in the wee hours of the morning and trading your information. That's right folks, in PUBLIC! You thought your telcom guy was wonderful didn't you? Set up your whole office; you can even call your Shanghai office for
Re:Banned in the EU (Score:2, Informative)
The European way to handle personal information is via ownership establishment.
In EU the personal information is owned by the respective person and anyone how is copying personal information without the consent of the owners to that information is pirating the information. The only execption to this is the official records regulated by individual laws i.e. criminal records.
This fact is also the corner stone of the ruling which forbids the handing of personal information of travelers to US officials, be
Re: (Score:2)
I believe you misunderstand. The basic idea is that within Europe, the data protection laws require certain guarantees about how personal information will be stored and processed. One such requirement is that the information may not be transferred outside Europe unless the place they're being transferred to has sufficientl