Selling Other People's Identities

joeflies writes "The San Francisco Chronicle has an extensive article on the controversial site Jigsaw, which makes it easy to sell other people's identity information. Jigsaw encourages people to collect business cards and email signature blocks, which is compiled together into a searchable database. Participants earn points towards their own searches or earn money. Is this exactly what Scott McNealy meant when he said electronic privacy is dead?"

Very extensive article.

[Lord Aurora]

For anyone who hasn't RTFA yet, go do it now. The summary is a mess of paranoia, and, while there might be something to actually worry about with Jigsaw, TFA does a great job of showing how it works and what exactly could and could not happen. The creator likens Jigsaw to Wikipedia--and it's a pretty good comparison, in that both rely solely on users to edit and maintain information. No, Wikipedia doesn't aid in identity theft--separate issue entirely. Depending on how stupid your average Jigsaw user is, it could be a great tool or a dangerous advantage.

Given how stupid your average human is, though, there isn't much hope for the former.

Contact information != identities

[rjamestaylor]

As posters already pointed out, there are no such things as private business cards. Besides, your local library probably has access to ReferenceUSA [google.com], which is a compendium of Personal and Business information extraordinaire. Opinion: overreaction.

Re:Very extensive article.

[Karma Farmer]

For anyone who hasn't RTFA yet, go do it now. The summary is a mess...

You must be new here. You've just described every summary ever created on Slashdot.

Re:Private Business Cards

[Sam Ritchie]

Actually, now that I've read TFA (gauche, I know), the CEO is quoted as saying "Jigsaw doesn't touch non-business information with a 10-foot pole", lists examples of the type of information not accepted, and relates a circumstance in which inappropriate information was removed. So, yes.

OTOH, Lotus Marketplace shocked in 1991

[rjamestaylor]

Before many /.'ers were born (or sentient, anyway), Lotus released Lotus Marketplace [wikipedia.org], a database of 7 Million business (then individuals) for use by whoever for whatever. The uproar in 1991 caused Lotus to discontinue these offerings. Now it's really no big deal that several companies do it, but people don't want a bunch of individuals doing it. Slippery slope... but we're so far along it that there's no point in trying to stop it.

How Prescient!

[Jah-Wren Ryel]

"Is this exactly what Scott McNealy meant when he said electronic privacy is dead?"

Yes. This is exactly what he meant.
After leaving his job as CEO of Sun, McNealy went on to found Jigsaw.

Speaking of privacy..

[tontammer]

Speaking of privacy, theres a much better way to talk online with people we already know and trust.Grupus [grupus.com]

Banned in the UK

[Anonymous Coward]

This site would be illegal in the UK, thanks to the Data Protection Act - the data is obtained unfairly, it does not keep the data secure, it does not have safeguards for accuracy, the data is being used for purposes not disclosed to the data subject, etc.

If anyone wants to call this article an overreaction, reply with your real name, full address, telephone number, and employer. Or shut up.

Re:Banned in the EU

[SlOrbA]

The European way to handle personal information is via ownership establishment.

In EU the personal information is owned by the respective person and anyone how is copying personal information without the consent of the owners to that information is pirating the information. The only execption to this is the official records regulated by individual laws i.e. criminal records.

This fact is also the corner stone of the ruling which forbids the handing of personal information of travelers to US officials, because in US there is legal respect of this ownership.

Don't count on it :-(

[Anonymous Brave Guy]

Our data protection laws in the UK aren't nearly as powerful as you (and most people) think, unfortunately, and while I think our current Information Commissioner is a pretty good guy, he can only protect our privacy with the powers he's given in law.

For example, take a look at the kind of data Transport for London have (or at least used to have) in their data protection entry, and tell me it's really all needed to meet the business requirements of that organisation.

Moreover, the number of exemptions is pretty staggering. Why are credit reference agencies permitted to keep vast amounts of personal data about me without my consent? (Don't tell me it's those signs at the shop counters; I read the small print, and I've read my credit report, and the two are not related in any meaningful way.) The last time I dealt with a credit reference agency (to clean up someone else's mistake that was black-marking my record incorrectly) I discovered that there were, quite literally, more inaccurate entries in my record than accurate ones. After waiting on hold for more than half an hour to speak to someone about them, I was asked after about five minutes "whether it really mattered", since "it's after 6pm and I'm supposed to be going home now". Seriously, that's what they told me, after a half-hour on hold, when the records they had on me that could directly affect my ability to get a mortgage or something were written in someone's dreamland.

Other legal powers aren't as great as you might expect, either. For one thing, while you can normally get bad information corrected, if you just don't want someone to store your personal information any more, you can't make them stop, as long as they're registered for that purpose. Take Amazon, for example. I bought from them using a credit card for the first time not so long ago. After going through the usual signing-up process and completing my order, I discovered that they are now keeping my credit card number on-file, and will use it any time someone makes an order from them using my login and password (which they control), without any further attempt to confirm my identity or intent to make that transaction. Can I make them drop that number from their database and opt to re-enter it every time I make a purchase instead? Take a guess. And this in a world where thousands of people's credit card numbers or other personal details have been "misplaced" by large businesses in the past year alone, and in a country where the law does not currently require a company making such mistakes to disclose them publicly or to pay any particularly heavy fines for doing so.

So while I agree we have better data protection laws than many, I think we have a long way to go before our data is protected as well as it should be.

street tombolas in germany

[AlgorithMan]

in germany it is illegal to pass someones name,adress,phonenumber,etc on without his approval...

thats why there are always guys on the street asking people if they want to win this and that - they only have to answer the quiz question (like 2+2=4 or 60000000000000?) where the damn answer is somewhere on the pamphlet and if you don't know, then they tell you the answer BECAUSE they only want you to fill out the form (name, adress, phone number) and SIGN that you agree to the conditions of the tombola

the conditions are on the back side of the form, written in light gray in font size 0.1 and CLEARLY contain the condition that they are allowed to sell your personal data....

Re:Is it really?

[tehcyder]

A business card as such is copyrighted both in its design and its content. Taking that content and copying it is a violation of my copyright on my card

If you list a company phone number and address on your business card, that is publicly available information, so how can it be copyrighted? The design, yes, I can believe that.

Is Jigsaw Data following privacy standards?

[TechAddress]

Even though the company description of Jigsaw sounds nice and rewarding, other people have dramatically different opinions about what Jigsaw is doing.

Read More: http://techaddress.wordpress.com/2006/09/08/is-jig saw-data-following-privacy-standards/ [wordpress.com]

Re:Is it really?

[yppiz]

Mod parent up. The landmark case is Feist v. Rural Telephone Service Co, 499 U.S. 340 (1991) [cornell.edu], in which the US Supreme Court states: "As a constitutional matter, copyright protects only those constituent elements of a work that possess more than a de minimis quantum of creativity. Rural's white pages, limited to basic subscriber information and arranged alphabetically, fall short of the mark. As a statutory matter, 17 U.S.C. 101 does not afford protection [p*364] from copying to a collection of facts that are selected, coordinated, and arranged in a way that utterly lacks originality. Given that some works must fail, we cannot imagine a more likely candidate. Indeed, were we to hold that Rural's white pages pass muster, it is hard to believe that any collection of facts could fail."

One would be very hard pressed to succesfully argue that the facts on a business card are selected, coordinated, or arranged in a way that shows originality (this refers to the choice of facts, not the graphic layout of the card).

A business card is a collection of facts: a name, a title, a phone number, and an address. If there is creative content on the card - a photo, a short story, etc, that content is copyrightable. But the facts are not.

At least, that's my understanding of Feist. I have heard that there is more recent landmark caselaw that also touches on this issue. If anyone has the cite for it, please post it.

--Pat