Day 7 Thoughts: Difference between revisions

From Cyberlaw: Difficult Issues Winter 2010
Jump to navigation Jump to search
No edit summary
No edit summary
Line 1: Line 1:
* ReputationDefender
==ReputationDefender==
While I think some of the things ReputationDefender has done are admirable, I was troubled by the disclosure that the company has signed revenue-share agreements with information aggregators.  These companies are often quite controversial (see http://en.wikipedia.org/wiki/Intelius for example).  It seems like these revenue share deals could potentially set up the wrong incentives (even if signed with the best intentions), where ReputationDefender's profits are now aligned with profits of information aggregators.  I could envision a future where everyone needs to pay "protection money" to companies like Intelius (or intermediaries, like ReputationDefender) in order to preserve their privacy, and that seems like the wrong state to be in.  I can't help but wonder whether the solution here is more stringent regulation of information aggregators (mainly just requiring free and easy one-stop opt-out).  Consumers don't need to pay to sign up for the national do not call registry, and one could imagine a similar opt-out process for information aggregators.  It seems kind of perverse if people feel compelled to *pay* to opt out of things that they did not sign up for to begin with.
While I think some of the things ReputationDefender has done are admirable, I was troubled by the disclosure that the company has signed revenue-share agreements with information aggregators.  These companies are often quite controversial (see http://en.wikipedia.org/wiki/Intelius for example).  It seems like these revenue share deals could potentially set up the wrong incentives (even if signed with the best intentions), where ReputationDefender's profits are now aligned with profits of information aggregators.  I could envision a future where everyone needs to pay "protection money" to companies like Intelius (or intermediaries, like ReputationDefender) in order to preserve their privacy, and that seems like the wrong state to be in.  I can't help but wonder whether the solution here is more stringent regulation of information aggregators (mainly just requiring free and easy one-stop opt-out).  Consumers don't need to pay to sign up for the national do not call registry, and one could imagine a similar opt-out process for information aggregators.  It seems kind of perverse if people feel compelled to *pay* to opt out of things that they did not sign up for to begin with.
:I also wonder how sustainable this is as a business model. Reputation Defender can aggregate money from its clients and share that revenue with information aggregators, but wouldn't insurance companies be able to out spend them? It seems as if the primary purchasers of such information aggregation may be in better financial positions than any aggregator of individual concern about such things. Is it possible that ReputationDefender's market will one day compete with insurance companies and the like for annual revenue?
:I also wonder how sustainable this is as a business model. Reputation Defender can aggregate money from its clients and share that revenue with information aggregators, but wouldn't insurance companies be able to out spend them? It seems as if the primary purchasers of such information aggregation may be in better financial positions than any aggregator of individual concern about such things. Is it possible that ReputationDefender's market will one day compete with insurance companies and the like for annual revenue?
==Lifelock==
LifeLock is another consumer "reputation protection" company (more focused on identity fraud) with a pretty interesting business/marketing model.  http://en.wikipedia.org/wiki/LifeLock
: However LifeLock has had many many problems, discussed in this article from [http://www.wired.com/politics/security/commentary/securitymatters/2008/06/securitymatters_0612 Wired Magazine] including one of the [http://phoenix.bizjournals.com/phoenix/stories/2007/06/11/daily15.html co-founders] having been an identity thief himself, the CEO's identity has been stolen successfully a [http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=lifelock+suit number of times], and there is currently a [http://www.forbes.com/2008/02/21/experian-lifelock-update-markets-equity-cx_md_0221-markets32.html pending suit] against the company claiming its business model isn't legal.
==Opt-Out Programs==


Incidentally I believe that CAN-SPAM requires that opt-out has to be free to the user.  CAN-SPAM failed for a lot of reasons, whereas the do-not-call registry has comparatively succeeded--would be interesting to discuss why.
Incidentally I believe that CAN-SPAM requires that opt-out has to be free to the user.  CAN-SPAM failed for a lot of reasons, whereas the do-not-call registry has comparatively succeeded--would be interesting to discuss why.


Some other thoughts/comments:
==Transfer of Ownership==


What happens when formerly trustworthy companies get sold?  Should the data submitted by users be transferred?  This is a very real threat--Friendster and Spock were recently acquired (the latter by Intelius--see http://www.techcrunch.com/2009/04/29/spock-and-intelius-uh-oh/).  Mint.com was also acquired by Intuit, but imagine if they had been acquired by a telemarketing firm…
What happens when formerly trustworthy companies get sold?  Should the data submitted by users be transferred?  This is a very real threat--Friendster and Spock were recently acquired (the latter by Intelius--see http://www.techcrunch.com/2009/04/29/spock-and-intelius-uh-oh/).  Mint.com was also acquired by Intuit, but imagine if they had been acquired by a telemarketing firm…


LifeLock is another consumer "reputation protection" company (more focused on identity fraud) with a pretty interesting business/marketing model.  http://en.wikipedia.org/wiki/LifeLock
==Mozilla Privacy Icons==
: However LifeLock has had many many problems, discussed in this article from [http://www.wired.com/politics/security/commentary/securitymatters/2008/06/securitymatters_0612 Wired Magazine] including one of the [http://phoenix.bizjournals.com/phoenix/stories/2007/06/11/daily15.html co-founders] having been an identity thief himself, the CEO's identity has been stolen successfully a [http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=lifelock+suit number of times], and there is currently a [http://www.forbes.com/2008/02/21/experian-lifelock-update-markets-equity-cx_md_0221-markets32.html pending suit] against the company claiming its business model isn't legal.
 
''We have created an internal page on this wiki for [[Terms of Service Brainstorming|Brainstorming Ideas]] for this project''


* Privacy Icons/Mozilla
I'm still not convinced that there is an actual problem here to solve (or rather, whether the problem is so severe as to require the hammer of a browser icon convention).  In some ways I feel like people have already voted with their widespread usage of sites like MySpace, Twitter, Facebook, and Google despite the lack of a privacy icon.
I'm still not convinced that there is an actual problem here to solve (or rather, whether the problem is so severe as to require the hammer of a browser icon convention).  In some ways I feel like people have already voted with their widespread usage of sites like MySpace, Twitter, Facebook, and Google despite the lack of a privacy icon.


It is worth noting that the icon-in-the-browser-to-signal-privacy already exists in one form today--the "lock" you see when performing credit card transactions over SSL.  It'd be interesting to examine the origin of this convention.  I'd argue that in this case there *was* an actual problem to solve (and that users probably would not submit credit card information without the lock, so that users and businesses had a strong incentive to come up with a convention--adding the lock increases conversion rates).
It is worth noting that the icon-in-the-browser-to-signal-privacy already exists in one form today--the "lock" you see when performing credit card transactions over SSL.  It'd be interesting to examine the origin of this convention.  I'd argue that in this case there *was* an actual problem to solve (and that users probably would not submit credit card information without the lock, so that users and businesses had a strong incentive to come up with a convention--adding the lock increases conversion rates).

Revision as of 19:18, 13 January 2010

ReputationDefender

While I think some of the things ReputationDefender has done are admirable, I was troubled by the disclosure that the company has signed revenue-share agreements with information aggregators. These companies are often quite controversial (see http://en.wikipedia.org/wiki/Intelius for example). It seems like these revenue share deals could potentially set up the wrong incentives (even if signed with the best intentions), where ReputationDefender's profits are now aligned with profits of information aggregators. I could envision a future where everyone needs to pay "protection money" to companies like Intelius (or intermediaries, like ReputationDefender) in order to preserve their privacy, and that seems like the wrong state to be in. I can't help but wonder whether the solution here is more stringent regulation of information aggregators (mainly just requiring free and easy one-stop opt-out). Consumers don't need to pay to sign up for the national do not call registry, and one could imagine a similar opt-out process for information aggregators. It seems kind of perverse if people feel compelled to *pay* to opt out of things that they did not sign up for to begin with.

I also wonder how sustainable this is as a business model. Reputation Defender can aggregate money from its clients and share that revenue with information aggregators, but wouldn't insurance companies be able to out spend them? It seems as if the primary purchasers of such information aggregation may be in better financial positions than any aggregator of individual concern about such things. Is it possible that ReputationDefender's market will one day compete with insurance companies and the like for annual revenue?

Lifelock

LifeLock is another consumer "reputation protection" company (more focused on identity fraud) with a pretty interesting business/marketing model. http://en.wikipedia.org/wiki/LifeLock

However LifeLock has had many many problems, discussed in this article from Wired Magazine including one of the co-founders having been an identity thief himself, the CEO's identity has been stolen successfully a number of times, and there is currently a pending suit against the company claiming its business model isn't legal.

Opt-Out Programs

Incidentally I believe that CAN-SPAM requires that opt-out has to be free to the user. CAN-SPAM failed for a lot of reasons, whereas the do-not-call registry has comparatively succeeded--would be interesting to discuss why.

Transfer of Ownership

What happens when formerly trustworthy companies get sold? Should the data submitted by users be transferred? This is a very real threat--Friendster and Spock were recently acquired (the latter by Intelius--see http://www.techcrunch.com/2009/04/29/spock-and-intelius-uh-oh/). Mint.com was also acquired by Intuit, but imagine if they had been acquired by a telemarketing firm…

Mozilla Privacy Icons

We have created an internal page on this wiki for Brainstorming Ideas for this project

I'm still not convinced that there is an actual problem here to solve (or rather, whether the problem is so severe as to require the hammer of a browser icon convention). In some ways I feel like people have already voted with their widespread usage of sites like MySpace, Twitter, Facebook, and Google despite the lack of a privacy icon.

It is worth noting that the icon-in-the-browser-to-signal-privacy already exists in one form today--the "lock" you see when performing credit card transactions over SSL. It'd be interesting to examine the origin of this convention. I'd argue that in this case there *was* an actual problem to solve (and that users probably would not submit credit card information without the lock, so that users and businesses had a strong incentive to come up with a convention--adding the lock increases conversion rates).