Day 7 Thoughts

From Cyberlaw: Difficult Issues Winter 2010
Revision as of 19:46, 13 January 2010 by 87.118.116.61 (talk) (New page: * ReputationDefender While I think some of the things ReputationDefender has done are admirable, I was troubled by the disclosure that the company has signed revenue-share agreements with ...)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
  • ReputationDefender

While I think some of the things ReputationDefender has done are admirable, I was troubled by the disclosure that the company has signed revenue-share agreements with information aggregators. These companies are often quite controversial (see http://en.wikipedia.org/wiki/Intelius for example). It seems like these revenue share deals could potentially set up the wrong incentives (even if signed with the best intentions), where ReputationDefender's profits are now aligned with profits of information aggregators. I could envision a future where everyone needs to pay "protection money" to companies like Intelius (or intermediaries, like ReputationDefender) in order to preserve their privacy, and that seems like the wrong state to be in. I can't help but wonder whether the solution here is more stringent regulation of information aggregators (mainly just requiring free and easy one-stop opt-out). Consumers don't need to pay to sign up for the national do not call registry, and one could imagine a similar opt-out process for information aggregators. It seems kind of perverse if people feel compelled to *pay* to opt out of things that they did not sign up for to begin with.

Incidentally I believe that CAN-SPAM requires that opt-out has to be free to the user. CAN-SPAM failed for a lot of reasons, whereas the do-not-call registry has comparatively succeeded--would be interesting to discuss why.

Some other thoughts/comments:

What happens when formerly trustworthy companies get sold? Should the data submitted by users be transferred? This is a very real threat--Friendster and Spock were recently acquired (the latter by Intelius--see http://www.techcrunch.com/2009/04/29/spock-and-intelius-uh-oh/). Mint.com was also acquired by Intuit, but imagine if they had been acquired by a telemarketing firm…

LifeLock is another consumer "reputation protection" company (more focused on identity fraud) with a pretty interesting business/marketing model. http://en.wikipedia.org/wiki/LifeLock

  • Privacy Icons/Mozilla

I'm still not convinced that there is an actual problem here to solve (or rather, whether the problem is so severe as to require the hammer of a browser icon convention). In some ways I feel like people have already voted with their widespread usage of sites like MySpace, Twitter, Facebook, and Google despite the lack of a privacy icon.

It is worth noting that the icon-in-the-browser-to-signal-privacy already exists in one form today--the "lock" you see when performing credit card transactions over SSL. It'd be interesting to examine the origin of this convention. I'd argue that in this case there *was* an actual problem to solve (and that users probably would not submit credit card information without the lock, so that users and businesses had a strong incentive to come up with a convention--adding the lock increases conversion rates).

Retrieved from "http://cyber.harvard.edu/cyberlaw_winter10/?title=Day_7_Thoughts&oldid=712"