Tuesday, June 24, 2008
I attended the first day of the ABA sponsored 2nd Annual National Institute on Cyberlaw today. The two hour panel discussion was a general overview of cyberlaw essentials. The panel discussed some hot issues such as the difference between identity theft and identity fraud, problems with using biometrics for identification or authorization, data mining, and how the government uses data brokers to aggregate information that it would not otherwise be able to use for criminal prosecutions.
The panel discussed the reasons for the large amount of identity theft in the U.S. The main reason is the use of the same information to identify someone and to authorize that person's access to private information. Everyone agreed that identity should be determined by one piece of information while another piece of information that is a shared secret between the user and the information holder should be used to allow access.
One audience member asked why companies should not have fiduciary duties to customers whose personal information they hold. One answer was that some states are mandating that companies notify customers when there is a security breach and customers' personal information is compromised. Fiduciary duties would have to be legislated, though.
Data brokers are companies that have compiled information gathered from various public records, such as criminal, property, and drivers' license records, then aggregated the data into a single piece of comprehensive information about a person. The government can buy the information, and this information apparently does not have the same Fourth Amendment protection as information the government collects itself.
There was also a short discussion about the National Security Agency and how limited public knowledge is about this agency, and about digital forensic science.