« January 22, 2006 - January 28, 2006 | Main | February 05, 2006 - February 11, 2006 »

Is Apple Exploiting Consumer Irrationality?

John Nocera's Sunday column ($$) attacks Apple for its business practices. Two in particular raise Nocera's ire: (1) hiding Apple's customer support number; and (2) building iPods that have relatively short usable lifespans. Nocera notes that Apple will repair iPods that die within the good's one-year warranty, but suggests (through a source) that the device's natural life is "just a hair longer than the warranty."

Nocera claims that customers expect their devices to last a "good long time," and we are "just not conditioned to believe that a $300 or $400 device is disposable." But he admits having bought six iPods in the last five years, three of which were replacements, suggesting that at least one customer has been conditioned as to the device's disposability. My own experience (3 iPods purchase; 2 replacements; 1 repair under warranty) are similar. I imagine that there are millions of Americans who are gradually learning that when you stuff increasing numbers of gizmos into increasingly smaller gadgets, friction makes for trouble in the motherboard.

But Nocera might be right in his implied argument that consumers are behaving irrationally by ignoring evidence like this, which would explain Apple's growing market strength. The optimism bias is among the most robust of the cognitive tics exposed by experimental behavioral law and economics literature. We consistently underestimate the likelihood of bad things happening to us. So, although Apple's one-year warranty suggests a steep product failure curve at month 13, we discount that risk in our purchase decision. This optimism is no doubt enhanced by Apple's careful packaging, which makes it look like they've taken a swiss-like level of care in their manufacturing process, and iPod's high-price, which suggests quality. That is, iPod's effective life is a classic example of an experience good. Consumers are unable to determine the life of an iPod by looking at Apple advertisements (cf. price, design) and therefore they turn to Apple's brand value to determine how long the iPod will last.

This analysis suggests that so long as Apple retains its brand - expensive, low-defect, attention to detail - it will continue to convince consumers to buy products with lower-than-expected lives. Competitors would be well advised to directly attack this brand. Why haven't they succeeded?

Nocera thinks that one explanation is that folks are locked into iTunes, having spent time and money building a proprietary library through the software. This sounds like the beginning of a tying claim to me (although they better file quick, while patent-tying is still a strong antitrust theory.) But is a strange argument, because as I see it, iTunes has triumphed by virtue of its superior product characteristics, over an alternative format (WMP) that was supported by a titular monopolist! (I imagine that folks have thought about bringing an an implied UCC warranty claim for failure to serve a particular purpose - i.e., long term use - but that claim would be a stretch, at least on first glance.)

I obviously have mixed feelings about Nocera's column. On the one hand, I concede that consumers are vulnerable to being misled about the life of the iPod. On the other hand, I love my iPod, even though I know it is not long for the world, and will buy another when it dies.

[UPDATE: Josh Wright responds here. Shorter version: the market will clear.]

Posted by hoffman at 11:10 PM | Comments (6) | TrackBack

Privacy of Internet Search Records

Here are some recent interesting links about the privacy of Internet search records:

Check out Patriot Search for a laugh. It's a new search engine where your results are reported directly to the government: "Our mission is to provide the best possible search engine to you while at the same time, making sure the government is informed should you search for something obscure, illegal, or unpatriotic." [Thanks to Scott Forbes for the link.]

CNET has interviews with Internet search companies about the kind of data they retain about their users. Of the many questions asked, the answers to these two questions are particularly interesting:

1. "Given a list of search terms, can you produce a list of people who searched for that term, identified by IP address and/or cookie value?"

AOL: "No. Our systems are not configured to track individuals or groups of users who may have searched for a specific term or terms, and we would not comply with such a request."

Google: "Yes. We can associate search terms with IP addresses and cookies, but not with users' names unless they are registered with Google."

MSN: "We can provide a list of the IP addresses and cookie values for a given query, but this does not equate to a list of "people," only to a list of IP addresses and anonymous temporary ID numbers. . . ."

Yahoo: "Yes, we can."

2. "Given an IP address or cookie value, can you produce a list of the terms searched by the user of that IP address or cookie value?"

AOL: "Yes. But--as discussed above--those terms are also visible to the user with their search results, and the user has the ability to delete any/all of those terms, or to turn off that functionality altogether."

Google: "Yes."

MSN: "Yes. As a matter of standard business practice, we do not compile such lists. Mapping as described would be done only for the purpose of responding to the legal request."

Yahoo: "Yes, we can."

[Link via Michael Zimmer.]

A New York Times article discusses how frequently Internet Service Provider records are being subpoeaned for civil and criminal cases. According to the article:

Requests for information have become so common that most big Internet companies, as well as telephone companies, have a formal process for what is often called subpoena management. Most of the information sought about users is basic, but very personal: their names, where they live, when they were last online — and, if a court issues a search warrant, what they are writing and reading in their e-mail. (Not surprisingly, the interpretation of voluminous computer records can be error-prone, and instances of mistaken identity have also come to light.)

AOL, for example, has more than a dozen people, including several former prosecutors, handling the nearly 1,000 requests it receives each month for information in criminal and civil cases. The most common requests in criminal cases relate to children — threats, abductions and pornography. Next come cases of identity theft, then computer hacking. But with more than 20 million customers, AOL has been called on to help in nearly every sort of legal action. . . .

AOL says that only 30 of the 1,000 monthly requests it receives are for civil cases, and that it initially rejects about 90 percent of those, arguing that they are overly broad or that the litigants lack proper jurisdiction. About half of those rejected are resubmitted, on narrower grounds. Generally, AOL gives its members notice when their information is sought in civil cases. If the member objects, the issue is referred back to the court. (In criminal cases, there is often no notice, or notice is given after the information has been given to investigators.). . . .

The big story is the privacy law that protects your e-mail does not protect your Google search terms," said Orin S. Kerr, a professor at the George Washington University Law School and a former lawyer in the computer crime section of the Justice Department.

Posted by Daniel Solove at 03:21 PM | Comments (0) | TrackBack

Update on the Kansas Teen Sex Medical Records Case

A few days ago, I blogged about a case in Kansas where the Attorney General interpreted a law prohibiting sex with minors under the age of 16 as requiring doctors to report any sexual activity by people under 16 to the state authorities. Recently, the Kansas Supreme Court issued an opinion, Alpha Medical Clinic v. Anderson, strongly limiting the Attorney General's reporting requirement. Relying in significant part on Whalen v. Roe, 429 U.S. 589 (1977) (discussed in depth in my earlier post), the Kansas Supreme Court reasoned:

It is beyond dispute that the State has a compelling interest in pursuing criminal investigations. . . . And an individual's right to informational privacy is not necessarily "absolute; rather, it is a conditional right which may be infringed upon a showing of proper governmental interest." . . . . Also, the fundamental right to obtain a lawful abortion may be regulated as long as the regulation does not constitute an undue burden. . . .

Our evaluation necessarily involves weighing of these competing interests, including the type of information requested, the potential harm in disclosure, the adequacy of safeguards to prevent unauthorized disclosure, the need for access, and statutory mandates or public policy considerations. See Lawall, 307 F.3d at 790 (citing United States v. Westinghouse Elec. Corp., 638 F.2d 570, 578 [3rd Cir. 1980]). . . .

Petitioners contend the attorney general has not shown a compelling need for unredacted patient files. Kline now takes the position that the patients' identifying information may be redacted. Petitioners further assert that it is "inconceivable" the disclosure of entire patient files would be the least intrusive way to meet a compelling state interest in uncovering noncompliance with the criminal abortion and mandatory child abuse reporting statutes. Petitioners have pointed to the example of the many details of each patient's sexual and contraceptive history that the files are likely to contain but that are equally likely to be irrelevant to the factors required to be considered and documented under the criminal abortion statute. With regard to the child abuse reporting statute, we expect that nearly all information except the identity and age of the male who impregnated the minor patient, his relationship to the minor patient, the circumstances surrounding the sexual intercourse that produced the pregnancy, and compliance or noncompliance with reporting requirements is likely to be irrelevant to Kline's inquiry.

The type of information sought by the State here could hardly be more sensitive, or the potential harm to patient privacy posed by disclosure more substantial. Judge Anderson's order does not do all it can to narrow the information gathered or to safeguard that information from unauthorized disclosure once it is in the district court's hands. Although the criminal inquisition statutes do not speak to the need for such narrowing and safeguards, the constitutional dimensions of this case compel them. . . .

In sum, Judge Anderson must withdraw his order and first evaluate the inquisition and subpoenas in light of what the attorney general has told him regarding his interpretation of the criminal statutes at issue. If the judge requires additional information in order to perform this evaluation, he should seek it from the attorney general in the inquisition proceeding. As targets of the investigation, petitioners need not be included in any hearing or other communication to enable this evaluation.

Only if Judge Anderson is satisfied that the attorney general is on firm legal ground should he permit the inquisition to continue and some version of the subpoenas to remain in effect. Then he also must enter a protective order that sets forth at least the following safeguards: (1) Petitioners' counsel must redact patient-identifying information from the files before they are delivered to the judge under seal; (2) the documents should be reviewed initially in camera by a lawyer and a physician or physicians appointed by the court, who can then advise the court if further redactions should be made to eliminate information unrelated to the legitimate purposes of the inquisition. This review should also determine whether any of the files demonstrate nothing more than the existence of a reasonable medical debate about some aspect of the application of the criminal abortion and/or mandatory child abuse reporting statutes, which the attorney general's office has already acknowledged would not constitute a crime. If so, those files should be returned to petitioners; and (3) any remaining redacted files should be turned over to the attorney general.

Related Posts:
1. Solove, Can Doctors Be Required to Tell the Government About Teen Sex?

Posted by Daniel Solove at 02:53 PM | Comments (2) | TrackBack

Wikipedia, Politics, and Anonymity Don't Mix

The Washington Post has an article today about the recent instances of employees of various politicians editing Wikipedia entries:

This is what passes for an extreme makeover in Washington: A summer intern for seven-term Rep. Martin T. Meehan (D-Mass.) altered the congressman's profile on the Wikipedia Web site to remove an old promise that he would limit his service to four terms.

Someone doctored Sen. Robert C. Byrd's (D-W.Va.) profile on the site to list his age as 180. (He is 88.) An erroneous entry for Sen. Tom Coburn (R-Okla.) claimed that he "was voted the most annoying senator by his peers in Congress."

Last week, Wikipedia temporarily blocked certain Capitol Hill Web addresses from altering any entries in the otherwise wide-open forum. Wikipedia is a vast, growing information database written and maintained solely by volunteers. In December, the database received 4.7 million edits from viewers, of which a relatively small number -- "a couple of thousand," according to founder Jimmy Wales -- constituted vandalism. . . .

When the Wikipedia entry for Senate Minority Leader Harry M. Reid (D-Nev.) noted that he had criticized the president, for example, someone modified it to say that Reid had "rightfully" criticized the president. . . .

A popular change in recent weeks has been deleting mentions of former House majority leader Tom DeLay (R-Tex.) from politicians' profiles. Politically motivated edits aren't just coming from Capitol Hill; some comments are being traced back to other parts of political Washington, including the Justice Department, the Central Intelligence Agency, the Navy and Marines.

I continue to wonder why Wikipedia still accepts anonymous edits. I am generally a fan of anonymous speech, but perhaps anonymity is contributing more costs than benefits to Wikipedia. For one, the anonymity on Wikipedia is often a mirage, as people can frequently be tracked down via their IP addresses. Second, the value of anonymity depends upon context. Anonymity is valuable in encouraging people to express unpopular messages. But Wikipedia isn't designed as a forum for the free expression of opinions -- it is an encyclopedia. There are plenty of other places in cyberspace where people can express their views -- and where anonymity is very important. But I do not readily see the importance of anonymity to the Wikipedia project. Perhaps there are significant benefits I am missing, and if so, I hope readers will point them out.

UPDATE: Geoffrey Manne over at Truth on the Market has a post on this issue that's definitely worth reading.

Related Posts:
1. Wenger, Congress Takes Action on Wikipedia Abuse
2. Solove, Wikipedia Irony: Jimmy Wales Edits His Own Entry
3. Solove, Curtailing Anonymity on Wikipedia
4. More posts about Wikipedia are at our wiki archive page.

Posted by Daniel Solove at 11:56 AM | Comments (4) | TrackBack

Justice for Joni

Orin Kerr has a great post about a habeas opinion authored by Judge Kosinski on the Ninth Circuit. I'll leave out the fine detais - which are hammered and hammered and hammered out in some of the better blog comments I've seen - but the basic idea is this. A woman named Joni Goldyn wrote five checks on an empty account that was backed by a check guarantee card issued by the bank. Under Nevada's reading of their Drawing and Passing Checks with Insufficient Funds on Deposit statute, that was a crime. Since she had previously been convicted of three felonies and one gross misdemeanor, all related to fraud, she got five life sentences. After twelve years in prison, she was paroled. The court found that she had been convicted for an act that was not illegal. The debate over at House-o-Volokh is whether Kosinski had to fudge the law to grant the writ of habeas corpus. The court's most controversial move was its decision to interpret a statute according to its plain text, ignoring a state Supreme Court decision taking a different position on the statute's meaning.

The problem in the habeas context is two-fold. First, federal courts are typically not in a position to give meaning to a statute contrary to that already provided by a state court. Second, a federal court can only grant a writ where federal law has been violated. Kosinski made the case for granting the writ, but as the discussion in Orin's post and comments shows, it was a fairly activist move. I don't think many people would have predicted that a court - even the generous Ninth Circuit - would grant the writ.

For me, though, this case set me wondering what sort of person would get such active assistance in habeas, from Judge Kosinski no less. Our petitioner here was a woman with a gambling problem, according to press accounts. She was clearly involved in misconduct - essentially, she defrauded the bank. She served 12 years, but had been paroled several years ago. The offender wasn't an innocent nor was she still in prison. The case was in a habeas posture. This matter simply did not scream out for active intervention. So why did the court do it?

Perhaps it was an easy call...except that the discussion over at Volokh suggests the opposite. Perhaps the judge is a raging liberal, always looking to overrule an overzealous state court...uhh, wrong judge. Was it because the case involved what many people would see as wildly excessive sentencing for a minor offense (though the decision did not go off on that issue)? Was it because the case involved a woman? (Was she white, and if so, did that matter?) Was it because it involved a woman with a gambling addiction rather than, say, a crack addiction?

I suspect that few federal courts would have worked this hard to recraft state law on behalf of a person who killed somebody. I doubt many courts would work so vigorously to free a person whose criminal conduct was related to a drug addiction. (Powder cocaine, maybe; crack, no.) And, yes, I think the case might have gone differently if it had involved a Tayshaun Abu-Jamal rather than Joni Goldyn. I'm not accusing Kosinski or his mates of being explicitly racist or sexist. It's just that I've spent enough time involved in criminal cases to know that outcomes are frequently shaped by non-statutory factors. And that leaves me a bit suspicious here.

In any case, the story played well in Russia, Exhibit 1 for the claim that the U.S. is as lawless as the next superpower. The Pravda headline reads: "Court says U.S. woman imprisoned for 12 years committed no crime."

Posted by Dan_Filler at 12:06 AM | Comments (4) | TrackBack

Administrative Note

Due to other obligations, Nate Oman has had to withdraw from blogging at Concurring Opinions. We wish him the best, and hope to see him again in the future.

Posted by Kaimipono at 05:08 PM

Law School Deans Without Law Degrees

Brian Leiter's announcement of the new Dean search at Texas noted that:

My own view is that we'd hire someone outstanding who had a PhD, but not a JD, as long as their scholarly work was connected to law and they met the other desiderata.

This is interesting. Does anyone know, off-hand, if there are any law school deans who don't possess JDs? It would seem (at first glance) pretty unlikely except at a certain type of school because of the need to connect with practicing attorney alumni. But perhaps it is the wave of the future?

Posted by hoffman at 12:30 PM | Comments (11) | TrackBack

Every breath you take, every call you make, I'll be watching you.

Has your cell phone been out of your sight for more than five minutes? Someone may be tracking you on it, right now. A chilling investigation from the Guardian (via Don't Let's Start) shows how easy cell-phone stalking has become:

For the past week I've been tracking my girlfriend through her mobile phone. I can see exactly where she is, at any time of day or night, within 150 yards, as long as her phone is on. It has been very interesting to find out about her day. Now I'm going to tell you how I did it. . . . First I had to get hold of her phone. . . . I only needed it for five minutes.

And as the article notes, existing methods of tracking are just the tip of the iceberg. Scary!

Posted by Kaimipono at 08:31 PM | Comments (0) | TrackBack

Law Review Article Submission Resources

For those submitting law review articles this spring, I thought that it would be helpful to share some useful resources for submitting articles.

Article Submission Length Restrictions

Emory Law School's Library has a very useful chart of article length restrictions at the top 25 law reviews.

Law Review Contact Information

1. Emory Law School's Library maintains contact information, including email addresses, for the top 25 law reviews.

2. JURIST has links to countless law review websites.

3. LexisNexis Directory of Law Reviews

Electronic Submissions

1. ExpressO provides for electronic submission to over 450 law reviews. However, a number of the top 25 law reviews still require either paper submissions or electronic submissions via their own website. For those law reviews not allowing an ExpressO electronic submission, ExpressO will print out the article and send it to these journals in hard copy. It costs extra for these submissions.

2. Here are the electronic submission pages for many of the top law reviews. Those that require ExpressO to print hard copies have an asterisk after their name:

California Law Review* (no electronic submissions)
U. Chicago Law Review* (no electronic submissions)
Columbia Law Review*
Cornell Law Review
Duke Law Journal* (no electronic submissions)
Fordham Law Review
Georgetown Law Journal
George Washington University Law Review (via email)
Harvard Law Review*
Illinois Law Review (via email)
Indiana Law Journal (via email)
Michigan Law Review* (no electronic submissions)
Minnesota Law Review (via email)
New York University Law Review* (no electronic submissions)
North Carolina Law Review* (via email)
Northwestern Law Review* (no electronic submissions)
Notre Dame Law Review (via email)
U. Pennsylvania Law Review*
Southern California Law Review* (no electronic submissions)
Stanford Law Review
Texas Law Review* (no electronic submissions)
UCLA Law Review (no electronic submissions except for ExpressO electronic submissions)
Vanderbilt Law Review* (no electronic submissions)
Virginia Law Review (via email)
William & Mary Law Review* (no electronic submissions)
Wisconsin Law Review (no electronic submissions except for ExpressO electronic submissions)
Yale Law Journal*

Law Review Rankings

Washington & Lee's Law Library has a comprehensive ranking of law reviews based on citation counts.

Discussions About Law Reviews

Concurring Opinions: Mike Dimino, Spring Law Review Submission Season (Feb. 2006)
Concurring Opinions: Daniel Solove, Three Cheers for Law Reviews (Jan. 2006)
Concurring Opinions: Daniel Solove, Swiftly Shrinking? Toward the Lilliputian Law Review Article (Nov. 2005)
Concurring Opinions: Daniel Solove, Does Scholarly Writing Have to Be Tedious? (Jan. 2006)
Concurring Opinions: Nate Oman, A Modest Defense of Law Reviews (Nov. 2005)
Conglomerate: Christine Hurt, Another Submission Season Down (Sept. 2005)
Crooked Timber: Micah Schwartzman, Don't Blame the Law Students: A Reply to Posner (Oct. 2004)
Law & Society Weblog: Manfred Gabriel, Hello to Law Reviews -- Good-bye to Student Editors? (Jan. 2006)
Legal Affairs: Richard Posner, Against the Law Reviews (Nov. 2004)
Madisonian Theory: Mike Madison, The Law and Economics of Law Review Submissions (Sept. 2005)
PrawfsBlawg: Kaimi Wenger, Publishing While Practicing I (Aug. 2005)
Volokh Conspiracy: Eugene Volokh, Are Law Review Articles Getting Shorter? (Nov. 2005)
Volokh Conspiracy: Eugene Volokh, Law Review Lara Poses a Question to You (on seeking faculty guidance) (Feb. 2005)
Volokh Conspiracy: Eugene Volokh, Law Review Lara -- Little People in the Big Journals (Jan. 2005)
Volokh Conspiracy: Eugene Volokh, Law Review Lara Hears from Yale (on little people in big journals) (Feb. 2005)
Volokh Conspiracy: Orin Kerr, The Length of Law Review Articles (Oct. 2004)
Volokh Conspiracy: Orin Kerr, Progress on the Length of Law Review Articles (Feb. 2005)
Volokh Conspiracy: Orin Kerr, Why Blogs Will Not Replace Law Review Articles (July 2005)

Posted by Daniel Solove at 02:56 PM | Comments (2) | TrackBack

A Distraction

I don't have time for a substantive entry today, as this post, and this one, have beaten me back to my still-imcomplete article on puffery. In the meantime, I thought our readers would enjoy my favorite Onion headline of all time: "Walking Sports Database Scorns Walking Sci-Fi Database."

Posted by hoffman at 01:54 PM | Comments (0) | TrackBack

Spring Law Review Submission Season

A friend and colleague asked me to post a question about the timing of the upcoming spring submission season. Should he wait until March to send out the first wave of submissions for an essay he will soon complete, send it in the middle of February, or at some other time? This post last year by Orin Kerr says that "late February and early March" are the prime times, but I wonder if our readers can provide more specific advice or anecdotal information about turn-over in editorial boards. I've also heard of some journals moving to a rolling submissions process, but I don't know how many use that system, or even whether such a transition would be viable if most of the market continues to accept pieces primarily in February/March and August.

Posted by Mike_Dimino at 12:34 PM | Comments (4) | TrackBack

Can Doctors Be Required to Tell the Government About Teen Sex?

A rather remarkable case is beginning in Wichita, Kansas. From the Wichita Eagle:

A 15-year-old girl tells her doctor she needs birth control because she and her boyfriend are having sex.

Kansas Attorney General Phill Kline says the law requires the doctor to report the girl to child protective services.

A group of doctors, nurses, counselors and other health-care providers across Kansas say it's none of the state's business.

U.S. District Judge J. Thomas Marten will have to decide who's right during a trial beginning Monday in Wichita that's being watched across the country by legal, women's and health-care groups. . . .

Kline touched off what has become a lengthy court battle with a controversial legal opinion in 2003. Kansas law makes sexual contact with anyone under 16 a crime. Kline said that means doctors, psychologists, nurses and other health-care providers should report all suspected sexual activity involving anyone younger than 16.

The plaintiffs' complaint is here. And here is their memorandum in support of their motion for a preliminary injunction. I believe that the plaintiffs may have a good case.

The plaintiffs first raise a constitutional right to information privacy claim. In a case called Whalen v. Roe, 429 U.S. 589 (1977), the Supreme Court stated that the constitutional right to privacy protected two "different kinds of interests" -- (1) "the individual interest in avoiding disclosure of personal matters" and (2) "the interest in independence in making certain kinds of important decisions." The first interest has become known as the constitutional right to information privacy. The Court only addressed this right in one other case, Nixon v. Administrator of General Services, 433 U.S. 425 (1977). Since then, however, the Court has done little to clarify the right. A few courts have concluded that the right is just dicta, but most federal courts of appeal have recognized the right, including the 2nd, 3rd, 4th, 5th, 6th, 7th, 9th, and 10th Circuits.

It is unclear how the constitutional right to information privacy claim will be resolved. Courts assess constitutional right to information privacy claims by balancing the privacy interests against the governmental interests. The 3rd Circuit has set forth seven factors to consider in the balancing: (1) “the type of record requested”; (2) “the information it does or might contain”; (3) “the potential for harm in any subsequent nonconsensual disclosure”; (4) “the injury from disclosure to the relationship in which the record was generated”; (5) “the adequacy of safeguards to prevent unauthorized disclosure”; (6) “the degree of need for access”; and (7) “whether there is an express statutory mandate, articulated public policy, or other recognizable public interest militating toward access.” United States v. Westinghouse Electric Corp., 638 F.2d 570 (3d Cir.1980). These factors are used by many courts outside of the 3rd Circuit.

Looking at the facts of Whalen suggests that the plaintiffs might have an uphill battle in establishing a violation of the constitutional right to information privacy. Whalen involved a reporting requirement that doctors inform the state whenever they prescribed certain dangerous drugs (opium derivatives, cocaine, methadone, amphetamines, and others). The Court then balanced the privacy interest against the state interest in requiring reporting and concluded that the reporting scheme passed constitutional muster because the information would be kept secure and would not be disclosed to the public. If one applied Whalen rather formalistically, one might conclude that so long as Kansas officials provided adequate security for the information and did not publicly disclose it, the reporting requirement would not violate the right to information privacy. But the Kansas reporting requirement differs in its more significant breadth -- it goes beyond the original purpose of the law, which is really a sexual abuse and statutory rape law, not a general anti-teen sex law. The court may thus find that this broad reporting requirement is not justified -- the state interest in reporting might not be compelling enough. On the other side of the balance, the privacy interests are quite strong. Such a reporting requirement might deter teenagers from seeking medical care for STDs or from obtaining contraception.

The plaintiffs do not devote much attention to the Fourth Amendment in their papers, but I believe that the plaintiffs may have a strong Fourth Amendment argument. Kansas might immediately point to the third party doctrine, in which the Supreme Court has held that whenever information is exposed to a third party, a person lacks an expectation of privacy in that information, and hence there is no Fourth Amendment protection. I blogged about the third party doctrine in more detail in another post. The Supreme Court has yet to confront the most difficult question regarding the third party doctrine – whether it applies to the patient-physician relationship. The logic of the third party doctrine appears to apply to information held by health care providers -- after all, they are third parties. On the other hand, there is a longstanding tradition of doctors maintaining patient confidentiality, dating back to the Hippocratic Oath (circa 400 BC). It would be hard to imagine courts concluding that people have no reasonable expectation of privacy in the information they tell their doctor. If there is a reasonable expectation of privacy in one's medical data maintained by one's doctor, then the Fourth Amendment might require a warrant supported by probable cause in order for the state to obtain it. This would mean that the automatic reporting requirement (which does not involve a warrant or probable cause) would violate the Fourth Amendment and be struck down.

Kansas may argue that the disclosure of the information falls under the "special needs" doctrine, a limited set of contexts where the Supreme Court has stated that search warrants and probable cause are not required by the Fourth Amendment. In these cases, courts look to the "reasonableness" of the search, and this involves a balancing of the privacy interests against the state interest in disclosure. I think that there is a strong argument that the Kansas disclosure requirement is unreasonable. For example, in Ferguson v. City of Charleston, 432 U.S. 67 (2001), a hospital tested the urine of pregnant patients suspected of drug use. The Supreme Court concluded that the testing was unreasonable:

The reasonable expectation of privacy enjoyed by the typical patient undergoing diagnostic tests in a hospital is that the results of those tests will not be shared with nonmedical personnel without her consent. . . . [In other drug testing cases] the “special need” that was advanced as a justification for the absence of a warrant or individualized suspicion was one divorced from the State’s general interest in law enforcement. . . . In this case, however, the central and indispensable feature of the policy from its inception was the use of law enforcement to coerce the patients into substance abuse treatment. This fact distinguishes this case from circumstances in which physicians or psychologists, in the course of ordinary medical procedures aimed at helping the patient herself, come across information that under rules of law or ethics is subject to reporting requirements, which no one has challenged here.

The problem with the hospital's program was that it was done for law enforcement purposes. The same is true for the Kansas teen sex reporting requirement. In Ferguson, the Court concluded:

While the ultimate goal of the program may well have been to get the women in question into substance abuse treatment and off of drugs, the immediate objective of the searches was to generate evidence for law enforcement purposes in order to reach that goal. . . . Given the primary purpose of the Charleston program, which was to use the threat of arrest and prosecution in order to force women into treatment, and given the extensive involvement of law enforcement officials at every stage of the policy, this case simply does not fit within the closely guarded category of “special needs.”. . . .

As respondents have repeatedly insisted, their motive was benign rather than punitive. Such a motive, however, cannot justify a departure from Fourth Amendment protections, given the pervasive involvement of law enforcement with the development and application of the MUSC policy. . . . The Fourth Amendment’s general prohibition against nonconsensual, warrantless, and suspicionless searches necessarily applies to such a policy.

I believe that the plaintiffs have a strong case under the Fourth Amendment.

Posted by Daniel Solove at 03:52 AM | Comments (6) | TrackBack

Why Enron Still Matters

Matt Bodie has a provocative post up on Prawfs titled "The Enron Trial: Reasons Not to Watch". Explaining that he doesn’t find the trial all that interesting, Matt argues that Enron is an overexposed story, Skilling and Lay aren't the real "bad guys", and the jury is likely to decide the case on factors other than the underlying factual guilt. The first objection is fair (my colleague Jonathan Lipson has pointed out that "“[t]he Enron case has already spawned a cottage industry among legal academics.” ). However, Matt and I part ways on his second and third objections.

Matt argues that :

Like many criminal conspiracies, the worst offenders have pled, leaving trials for those who have the best case for innocence. Lay and Skilling may or may not have really known what was going on. Sure, even not knowing is bad, given their positions of authority. And creating a culture of noncompliance is also wrong.

I'd guess that the reason Skilling and Lay have not pled and Fastow has is demographics. Fastow is a young(ish) man, who can serve significant time and still emerge with earning power. Lay and Skilling don’t have the years left to do the time that the government (apparently) would find appropriate. But more importantly, take a look at the indictment. I think it is right to be hesitant about conflating all crime with evil, but I don't know why Lay and Skilling should be described as merely knowingly lazy at the helm. The government is charging, rather, that they personally profited from a conspiracy that they designed. The purpose of that conspiracy was to defraud thousands of investors. (Yes, I recognize that this is all contested and contestable, and you can make this a story about criminalizing agency costs. Moreover, as Larry Ribstein has observed, "the moral force of the criminal law should be reserved for the cases that deserve it." But I think that the case is going to turn on the perceived truthfulness of the defendants on the stand, which by all accounts is a core jury competency.) Fastow, by contrast, self-dealt to the company's detriment: a crime whose impact on the securities markets was more indirect, although ultimately catastrophic. In any event, if Skilling and Lay are guilty of the knowledge and purpose charged by the indictment, they are evil. Maybe less evil than, say, murderers, but that is a distinction I leave for other folks to make.

As for the jury point, I agree that this trial may not be resolved based on an application of cold logic to clear facts - but I don't think that the morality play we're seeing in Houston is noticeably different in that dimension from any other criminal trial. Criminal adjudications create norms for relevant potential offender communities - - here corporate CEOs - - and it is that process of norm creation that drives my interest in the story.

Plus, just check out the stories the attorneys told today. On one side, we've got the prosecution, spinning the jury a familiar tale about greedy, lying executives. In my view, they’ve got the worse of the case on the facts, which is why I’m with Gordon and Christine in betting on a partial or full acquittal. On the other side, the defense has to rehabilitate not just their clients but a corporate law system that may diverge from ordinary intuitions about responsibility:

'Ken Lay has, does and will continue to accept responsibility for the bankruptcy of Enron. He was the man in control ... But failure is not a crime. Bankruptcy is not a crime. If it were we'd have to turn Oklahoma back into a penal colony because there would be so many people we'd have to lock up,'' Lay's lawyer Mike Ramsey told the jury this afternoon.

I understand Matt's Enron-overload. But I guess I'm not there yet. I can’t wait for tomorrow!

Posted by hoffman at 11:00 PM | Comments (3) | TrackBack

Congress takes action on Wikipedia abuse . . .

. . . but not the kind of action you might be thinking. A law against Wikipedia abuse? An investigation? A blue-ribbon panel? Nope -- our fearless political leaders have decided to take up the rallying cry "if you can't beat 'em, join 'em." Declan McCullagh has the story (via my sharp-eyed, non-Wikipedia-abusing colleague Deven Desai):

The trusty editors at Wikipedia got together and compiled a list of over 1,000 edits made by Internet addresses allocated to the U.S. Senate and House of Representatives. The IP address subsequently was blocked and unblocked.

An extensive analysis reveals how juvenile official Washington secretly is, behind the mind-numbingly serious talk of public policy.

One edit listed White House press secretary Scott McClellan under the entry for "douche." Another said of Sen. Tom Coburn, R-Oklahoma) that: "Coburn was voted the most annoying Senator by his peers in Congress. This was due to Senator Coburn being a huge douche-bag."

It boggles the mind to think that Congress is abusing Wikipedia. I mean, if we can't trust Congress, and we can't trust Wikipedia . . . my goodness -- who can we trust?

Posted by Kaimipono at 05:59 PM | Comments (3) | TrackBack

Identity Theft: Increasingly an Affliction of the Young

New statistics from the FTC on identity theft illustrate some interesting trends. From the AP:

Identity thieves are increasingly targeting children. Identity theft complaints involving youngsters under 18 have nearly doubled since 2003, up from 6,512 to more than 11,600 last year, the Federal Trade Commission said Wednesday.

While they make up a small percentage — about 5 percent — of the total ID theft complaints, the FTC's Jay Miller says young people are attractive to cons because they may not be as savvy about safeguarding personal information and could easily fall prey while surfing the Internet. . . .

Houk's friend was stunned to learn that someone had fraudulently opened a bank account in her 12-year-old daughter's name. The con artist then opened about a half dozen credit card accounts, declared bankruptcy, had it written off and left the youngster with a mess of legal hassles.

"It's an easy thing to do. Once they get a valid Social Security number, they just go to town," said Houk, acting chief executive of the center, which is a private organization that distributes information about identity theft.

The most victimized age group for identity theft was the 18-to-29 category. The FTC said that category registered 29 percent of the complaints, or more than 70,200.

Last summer, I blogged about a 22-month old toddler who was victimized by identity theft. My guess as to why kids are increasingly targeted is because in many cases, it would take a lot longer for the identity theft to be discovered. Many people learn that they are an identity theft victim when they seek to obtain a loan or credit card -- something kids don't often do. And parents often don't think that they need to be checking their children's credit reports, but perhaps they should be.

Of course, kids are not an entirely perfect target for identity theives because kids don't have much of a credit history to exploit. But with credit card companies and others nearly tripping over themselves to grant credit, it's no surprise that the identity thieves are able to obtain credit in children's names.

Related Posts
1. Solove, Free Credit Reports: My Exciting Adventure (Concurring Opinions) (October 2005)
2. Solove, Youngest ID Theft Victim? (PrawfsBlawg) (July 2005)
3. Solove, Why Identity Theft Isn’t Pretty (PrawfsBlawg) (July 2005)
4. Solove, Identity Theft Fears and Online Shopping (PrawfsBlawg) (June 2005)
5. Solove, Identity Thief Professors (PrawfsBlawg) (June 2005)

Posted by Daniel Solove at 01:32 AM | Comments (1) | TrackBack

Liveblogging the Enron Trial

Via Christine Hurt, I found the Houston Chronicle's weblog of the Lay/Skilling trial. The first day, for a certain type of person (read: corporate law nerd) was a must-read. My favorite part was the human touch from Judge Lake at the end:

The judge extensively warned the jurors not to talk to friends and family about the case and warned that media reports are not evidence.

He said they will be supplied muffins for breakfast; he noted that the banana nut go fast and the medicinal-tasting cranberry never get eaten.

First thought: so supply and demand are out of whack? Sounds like the opportunity for a little creative trading to me! Second thought: tomorrow, the prosection and defense jointly fund a trip to starbucks for sixteen blueberry muffins. Not the non-fat version, the ones that make the next five trips to the gym dead weight loss.

Posted by hoffman at 11:31 PM | Comments (2) | TrackBack

"Religious Arguments in the Law" or "Reasoning in God's Presence"

Vic Fleischer had a really interesting post on religion and tax policy over at a Conglomerate that shouldn't be lost in all of the Disney noise. He writes:

There is no question that one needs a theory of distributive justice to form a complete picture of tax policy. Some people may derive that theory from religious faith, others from philosophy. I have no problem with those who derive their preferences from religious faith. As a matter of scholarly discourse, I find it more useful to concentrate on the philosophy side. And even within philosophy, convincing others that one approach is better than another feels to me like trying to convert someone to another faith. As a tax policy scholar, I have no comparative advantage here.

Implicitly I'm arguing that traditional tools of tax policy, including public finance economics, can sometimes lead us to demonstrably right and wrong answers about the design of a tax system. I am a skeptic about the ability of law professors to convince anyone that the top marginal rate should be 35% by appealing to Rawls OR the Bible. But I do I have a lot of faith, so to speak, in tax law scholarship and economics to speak to the proper design of the system.

There is a lot of stuff going on in these sentences. First, Vic's argument seems a bit confused about the nature of normative reasoning. In good economic fashion, he seems to be suggesting that theories of distributive justice are a kind of preference. (E.g. "I have no problem with those who derive their preferences from religious faith.") This, it seems to me, is fundamentally mistaken. Kaplow and Shavell aggressively pursued this line of thinking in Fairness versus Welfare, and I think that when they stray from positive economic analysis into the realm of normative argument their results are a rather dismal failure. (In my opinion, Jules Coleman offers the most trenchant criticisms in his review The Grounds of Welfare, 112 Yale. L. J. 1511 (2003)). Their failure, however, does not come because normative argument is useless, but rather because they made bad normative arguments. In a nutshell, the problem with their approach is that distributive justice is not simply an input into a personal utility function. It is also a claim about the nature of moral reality, and as such it has a truth value independent of whether or not any particular person prefers it or not.

The second interesting issue in this passage is Vic's implicit argument that the usefulness of a particular form of discourse hinges on its ability to persuade those who disagree. Hence, he prefers philosophy to religion -- presumably because philosophy is marginally more persuasive than religion -- and "tax law scholarship and economics" to both. Interestingly, it seems to be precisely because he doesn't regard philosophy as all that much more persuasive than religion -- "I am a skeptic about the ability . . . to convince anyone . . . by appealing to Rawls OR the Bible." -- that he doesn't see religious discussions of tax law as presenting a particular challenge to reason. (More on this in a minute.) Obviously, there is something to be said for the idea that one ought to gauge the value of an argument on the basis of how persuasive people find it. But this should hardly be our only -- or even our dominant criteria -- for assessing the value of a particular sort of argument. First, one can learn a great deal by reading arguments that one ultimately does not find persuasive. I don't find Kaplow & Shavell persuasive. I do find them very enlightening, and I would be much the poorer if they had not written their book. Furthermore, arguments that one disagrees with are useful in informing one about how others think. You are likely to get a more nuanced feeling for world-view of the other guy by reading sophisticated versions of his arguments rather than what one might find summarized in the pages of the New York Times. Finally, I suspect that for many arguments -- particularly arguments about social or political matters -- the extent to which a set of arguments is persuasive has as much to do with the temperament of interlocutors as it does with anything else. I tend to find that good economic arguments will change my mind. I have a good friend -- an intelligent and thoughtful person -- for whom such arguments do nothing, and although I am inclined to write most of his objections off as economic illiteracy, this is hardly fair on my part. Likewise, I find that I will change my mind in the face of good theological arguments. Vic's reaction is apparently otherwise. I suspect, however, that this ultimately tells us much more about my disposition or Vic's disposition than it does about the abstract merits of economics or theology.

The final interesting point -- at least for purposes of this already too-long post -- is one that Vic raised earlier in his post, namely whether or not religious arguments represent a basic challenge to rationality. As I understand it, this objection to religious arguments, when cashed out in a concise form, goes something like this:

1. Faith is belief in the absence of reasons for belief.
2. Believers grant authority to particular religious texts on the basis of faith.
3. Religious arguments about tax law (or other legal issues) consist of deductions from religious texts.
4. Granting authority to religious texts is irrational. (1&2)
5. Therefore, religious arguments about tax law (or other legal issues) is irrational.

If this argument is sound there are at least two potential problems with religious arguments. (For the record, I don't think that it is sound in large part because I reject 1, but that is an issue for another day.) First, such arguments simply won't be persuasive to non-believers because they reject the authority of the religious texts. Second, such arguments constitute an abdication of independent moral judgment that is ethically and politically troubling. I think that both of these concerns are mistaken, because I actually doubt that most religious arguments are really attempts to deduce conclusions from religiously established premises. Consider, for example, those who make arguments about the ethics of this or that legal rule on the basis of the Bible. What one will rapidly find is that the Bible is a very complicated book that consists mainly of stories. The meaning of these stories is contestable, and there are lots of them to choose from. Furthermore, it is by no means obvious that the Bible adopts a single, coherent approach to issues of ethics or morality. (I certainly do not believe that it does.) In other words, far from providing clear, authoritative answers to complex moral issues, in many ways the Bible simply recapitulates the old debates between duty and consequences, justice and mercy, in a different language. I don't want to suggest that religious arguments are simply carbon copies of secular arguments translated into another language. The language can shift and change. Thinking about a policy question in religious terms -- in religious language if you will -- is going to change how one thinks about it. For this reason, religious arguments -- if they are well done -- are valuable even for non-believers, because they give one a new way of working through old issues. Aside from the difference that such religious thinking can make in terms of substantive outcomes, it also has value for the believer. By invoking religious texts and stories, the believer invites God into the conversation. The point is not necessarily for him to step in as the final arbiter of the dispute. Rather, it is a way of having the discussion in his presence. Cf. Isaiah 1:18 ("Come now, and let us reason together, saith the Lord"). It is important to realize, however, that one is having a discussion. Religious thought is not an abdication of reason or discussion; it is simply reasoning and discussion by other means.

(If you are interested in more of my meanderings on this subject, check out my post "Is God an Ethicist?", written in a more explicitly theological line.)

Posted by oman at 11:04 AM | Comments (3) | TrackBack

Gun Buffs And Fourth Amendment Lovers Unite!

Why haven't two groups who adore individual rights come together? I would expect gun rights advocates (we'll call them the NRA as shorthand) and privacy advocates (let's name them the ACLU) to agree that government intrusions into personal and family space are bad. For some reason, the NRA has not bought into the Fourth Amendment part of this agenda. At the same time, I'd think the ACLU would benefit - politically, at least - by bringing the NRA into its civil liberties tent. And nothing about the gun rights agenda seems antithetical to the goals of the ACLU.

I can think of a few reasons why the NRA hasn't joined the privacy bandwagon. First, NRA members/gun lovers may see themselves as "anti-crime" and they may see a weak Fourth Amendment as good anti-crime policy. This makes sense as long as they don't imagine gun ownership as a crime. Second, the NRA may not like the public relations consequences of supporting privacy rights. Most of today's Fourth Amendment cases involve the privacy rights of drug dealers and other unpopular characters. The NRA may not want to align itself with these miscreants, even on legal issues. Too many people already connect guns with crime.

I think the best explanation of all is that NRA members believe they'll never need these protections - an assumption that is based on what I'd term a Second Amendment strategy. I suspect that the NRA believes legislatures won't ban guns and, in any case, courts will strike such laws under the Second Amendment. There are two problems with this analysis. First, it is far from certain that courts will enforce a personal right to possess any and all firearms. There is little judicial support for this broad Second Amendment view, though some commentators have certainly made the case. Second, it is quite plausible that some jurisdictions - particularly states with substantially urban populations - will eventually prohibit entire classes of guns. And as Americans become more and more comfortable with governmental intrusions, generally, regulation of guns may become much more imaginable. At that point, gun owners could find great utility in the Fourth Amendment.

Why hasn't the ACLU done more to connect with gun supporters? Perhaps because its urban progressive membership has long supported aggressive gun control as a crime control method. Like the NRA, the ACLU has to cater to its big donors even if its legal strategy would benefit from new coalitions. Also, I imagine the ACLU leadership itself suffers from big city bias. Big city folk just don't see why the rest of America cares so much about guns. City dwellers don't hunt. They haven't grown up with guns and they wouldn't give up anything if guns were banned. For many city people, only two groups of people have guns: criminals and cops. Here's the problem with this view: gun control, even if it might have been effective ex ante, would now probably be of minimal utility in reducing crime. Does anyone seriously think that a ban on, say, handguns would significantly decrease the number of weapons in the hands of criminals? Maybe by 2050, but I doubt much sooner. (I concede that gun control could potentially decrease homicides in domestic disputes.) Gun regulation is one of those crime control strategies that doesn't work well in a retrofit.

It would make a lot of political sense for these two groups to start dating. Gun rights advocates would strengthen their hand if they snared only a small element of the civil liberties community. It would also give them a two-Amendment approach to defending gun rights. And Fourth Amendment supporters desperately need the access and credibility offered by the gun rights lobby. Currently, gun lovers don't feel much need to expand their base. Over time, though, I fear we'll see an ever more aggressive government leaching into manifold aspects of our individual lives. Our current "strong executive" is using a blend of technological advances and fear mongering in its drive for broader social supervision. Future executives may well continue this effort, but there are no guarantees that individual gun rights will always be part of this agenda. (A well armed public is, potentially, much harder to control.) This may be my own dark imagination, but I think an NRA - ACLU coalition is almost inevitable in the long haul. It might be far easier to begin bridge building today.

Posted by Dan_Filler at 01:22 AM | Comments (5) | TrackBack

The ChoicePoint Settlement

Recently, the FTC announced a settlement in its complaint against the data broker ChoicePoint for a data security breach that resulted in over 160,000 people's personal information being sold to identity thieves. According to the Washington Post:

Data broker ChoicePoint Inc. yesterday agreed to pay a $10 million federal fine over security breaches that exposed more than 160,000 people to possible identity theft. Privacy experts praised the settlement as a warning to companies to get more serious about protecting sensitive information.

The Alpharetta, Ga.-based company, one of the nation's largest buyers and sellers of personal information such as Social Security numbers, birth dates and addresses, also agreed to pay $5 million into a fund to compensate people who suffered as a result of the breaches.

The Federal Trade Commission, which said the fine was the largest civil penalty it had ever imposed, said ChoicePoint violated consumers' privacy and breaking federal laws by mishandling the information and misleading people about its privacy policy.

The FTC complaint is here. There are some important issues worth discussing in connection with the news of the settlement.

1. The settlement might not have been possible were it not for the California security breach disclosure law (SB 1386, codified at Cal. Civ. Code § 1798.82(a)) that required ChoicePoint to disclose its security breach. Currently, data brokers are trying to get Congress to pass a very weak and narrow security breach notice provision that preempts stronger state laws. The Data Accountability and Trust Act, HR 4127, now in the House of Representatives, requires disclosure only if there is "a significant risk of identity theft." Under the bill, who determines whether there's a significant risk of identity theft? Ironically, it appears that it will be the very companies that leaked the data. With most of the security breaches that were announced in 2005, the companies insisted that the risk of identity theft was minimal to non-existent. So it would seem that with this provision, hardly any companies would make the disclosure. If a company decides that it must disclose, then it is also conceding that there is a "significant risk" of identity theft from its breach. Few companies will want to make such a concession, as it will create a public relations nightmare. Given the strong disincentive for companies to admit publicly that a security breach could cause significant risks to consumers, the "significant risk" threshold will lead to very few if any disclosures.

The reason why data brokers are pushing for a federal disclosure bill is because they want to preempt stronger protection in the states. When the ChoicePoint data security breach was disclosed, only California had a data security breach disclosure law. But afterwards, many states responded by passing similar laws. According to a compilation by the Public Interest Research Group (PIRG): "This year, security breach notification legislation was introduced in at least 35 states. As of 4 January 2006 at least 23 states have passed security breach notification laws." A weak preemptive federal disclosure bill will wipe away much stronger protection in many states. The very kind of disclosure law that made the FTC settlement possible might be nullified if Congress passes the data "protection" laws that the data brokers want.

2. The FTC complaint and settlement illustrates why it is important to have data brokers regulated under the Fair Credit Reporting Act (FCRA), 15 U.S.C. § 1681. FCRA, the law upon which the FTC's complaint was premised, regulates consumer reporting agencies. According to the FTC complaint:

The persons who obtained this consumer information submitted applications to ChoicePoint and were approved by the company to be subscribers authorized to purchase ChoicePoint products and services. The applications contained false credentials and other misrepresentations, which ChoicePoint failed to detect because it had not implemented reasonable procedures to verify or authenticate the identities and qualifications of prospective subscribers. Among other things, ChoicePoint failed to: utilize readily available business verification products, such as those that identify commercial mail drops; examine applications and supporting documentation supplied by prospective new users; compare information supplied by prospective new users to information supplied by other applicants in order to identify suspect representations; conduct site visits; or utilize other reasonable methods to detect discrepancies, illogical information, suspicious patterns, factual anomalies, and other indicia of unreliability.

The complaint sets forth a series of specific examples. Here are a few:

ChoicePoint accepted and approved, without further inquiry, the applications of subscribers notwithstanding the fact that ChoicePoint’s own internal reports on the applicant linked him or her to possible fraud associated with the Social Security number of another individual. . . .

ChoicePoint also failed to monitor or otherwise identify unauthorized activity by subscribers, even after receiving subpoenas from law enforcement authorities between 2001 and 2005 alerting it to fraudulent accounts, and even when its own experiences with the subscriber should have raised doubts about the legitimacy of the subscriber’s business.

To the extent that FCRA applies to data brokers, it restricts and penalizes activities such as these. However, data brokers such as ChoicePoint still operate many databases that they claim fall outside of FCRA. Back in December 2004, before the ChoicePoint announced its data security breach, Chris Hoofnagle of the Electronic Privacy Information Center and I jointly submitted a letter to the FTC that stated that:

ChoicePoint sells a number of FCRA products in the employment screening, tenant screening, and criminal background check fields. But the company also sells two products, "AutoTrackXP" and "Customer Identification Programs" outside of the FCRA's protections. AutoTrackXP is a database of 17 billion records that includes Social Security Number, addresses, property and vehicle information, and other information. The company's anti-fraud "Customer Identification Programs" are a suite of data products that have been created in order to verify the identity and perform background checks on individuals who open new financial services accounts. From its description, Customer Identification Programs appears to be an AutoTrackXP report with additional identity verification services.

These two products are sold to financial institutions, members of the public (private investigators, law firms, etc.) and to law enforcement agencies. These are the same institutions which rely on credit reports and investigative consumer reports, but these new products are sold outside the protections of the FCRA, yet are often used for related (and sometimes identical) purposes.

These databases have yet to be regulated. The ChoicePoint settlement does not address the letter Hoofnagle and I sent to the FTC. Thus, although the settlement is a step forward, it does not address all of the problems caused by data brokers. Much more must be done to effectively regulate data brokers.

Related Posts:
1. Solove, ChoicePoint Wants Your Motor Vehicle Records (Concurring Opinions) (December 2005)
2. Solove, FTC: Letting Experian Keep the Spoils (Concurring Opinions) (November 2005)
3. Solove, ChoicePoint: More Than 145,000 Victims? (Concurring Opinions) (November 2005)
4. Solove, Free Credit Reports: My Exciting Adventure (Concurring Opinions) (October 2005)
5. Solove, Notice Much Delayed: The FDIC Security Breach (PrawfsBlawg) (June 2005)
6. Solove, Data Security Breach Supersized: 40 Million People Affected (PrawfsBlawg) (June 2005)
7. Solove, Data Leaks: Déjà Vu All Over Again (PrawfsBlawg) (June 2005)
8. Solove, Tallying Up Data Security Breaches (PrawfsBlawg) (May 2005)

Posted by Daniel Solove at 12:42 AM | Comments (2) | TrackBack