Day 7 Thoughts

From Cyberlaw: Difficult Issues Winter 2010
Jump to navigation Jump to search


While I think some of the things ReputationDefender has done are admirable, I was troubled by the disclosure that the company has signed revenue-share agreements with information aggregators. These companies are often quite controversial (see for example). It seems like these revenue share deals could potentially set up the wrong incentives (even if signed with the best intentions), where ReputationDefender's profits are now aligned with profits of information aggregators. I could envision a future where everyone needs to pay "protection money" to companies like Intelius (or intermediaries, like ReputationDefender) in order to preserve their privacy, and that seems like the wrong state to be in. I can't help but wonder whether the solution here is more stringent regulation of information aggregators (mainly just requiring free and easy one-stop opt-out). Consumers don't need to pay to sign up for the national do not call registry, and one could imagine a similar opt-out process for information aggregators. It seems kind of perverse if people feel compelled to *pay* to opt out of things that they did not sign up for to begin with.

I also wonder how sustainable this is as a business model. Reputation Defender can aggregate money from its clients and share that revenue with information aggregators, but wouldn't insurance companies be able to out spend them? It seems as if the primary purchasers of such information aggregation may be in better financial positions than any aggregator of individual concern about such things. Is it possible that ReputationDefender's market will one day compete with insurance companies and the like for annual revenue? Or, what if a big player like Google (or a Google spin off) decides to enter this space and crush ReputationDefender before it even gets off the runway?
I agree with the distaste with having to pay protection money, but it seems better to have the option than not to. Regulation would be ideal, but would likely run up against powerful commercial interests. See the power of the insurance industry in the health care debate. Add advertisers and you're looking for trouble.
I wonder if there are legal issues (antitrust?) with the protection money payments.


LifeLock is another consumer "reputation protection" company (more focused on identity fraud) with a pretty interesting business/marketing model.

However LifeLock has had many many problems, discussed in this article from Wired Magazine including one of the co-founders having been an identity thief himself, the CEO's identity has been stolen successfully a number of times, and there is currently a pending suit against the company claiming its business model isn't legal.
Yeah, LifeLock is definitely controversial. Didn't mean to imply that it was "good", just "interesting" :)

Opt-Out Programs

Incidentally I believe that CAN-SPAM requires that opt-out has to be free to the user. CAN-SPAM failed for a lot of reasons, whereas the do-not-call registry has comparatively succeeded--would be interesting to discuss why.

Transfer of Ownership

What happens when formerly trustworthy companies get sold? Should the data submitted by users be transferred? This is a very real threat--Friendster and Spock were recently acquired (the latter by Intelius--see was also acquired by Intuit, but imagine if they had been acquired by a telemarketing firm…

Mozilla Privacy Icons

We have created an internal page on this wiki for Brainstorming Ideas for this project

I'm still not convinced that there is an actual problem here to solve (or rather, whether the problem is so severe as to require the hammer of a browser icon convention). In some ways I feel like people have already voted with their widespread usage of sites like MySpace, Twitter, Facebook, and Google despite the lack of a privacy icon.

It is worth noting that the icon-in-the-browser-to-signal-privacy already exists in one form today--the "lock" you see when performing credit card transactions over SSL. It'd be interesting to examine the origin of this convention. I'd argue that in this case there *was* an actual problem to solve (and that users probably would not submit credit card information without the lock, so that users and businesses had a strong incentive to come up with a convention--adding the lock increases conversion rates).