Crispin Cowan wrote: > But we don't have to get the State off SSC's; we just have to get them > to stop using SSC's as authenticators. SSC's are guaranteed globally > unique, which makes them fine identifiers. Agreed. FYI SSCs are supposed to be globally unique, but they aren't. The Social Security Administration has mistakenly issued thousands of duplicate numbers. And lots of false and duplicate numbers are out there in government and corporate databases because people steal them from dead children, make them up, write the wrong number or type it wrong, etc. The new numbers issued are probably good GUIDs but a lot of the GUIDs in use are crap. >> As I mentioned before the Federal Privacy Act appears to establish >> some Federal jurisdiction over identity number systems and privacy of >> personal records. State laws would have to fit into that framework, >> and with other Federal laws that address privacy and the use of >> identification systems. > > > Do these laws actually speak to the issue of authenticators? Not that I can tell. As you pointed out before that distinction is not evident to the government now. It certainly was not evident 70 years ago. > Really? I thought [state anti-spamming laws] were pretty much a joke. > The major impact of > state spam laws is that about 2% of the spam I get has a list of states > with anti-spam laws that says "this message not intended for residents > of ..." as if that made any difference. Some energetic litigants have sued and won cases based on state laws. The penalties can be steep, too, though I haven't heard of any huge awards. In real life spammers will hide in states that don't have anti-spam laws, or offshore, and if someone does obtain a judgement against them they will disappear or file bankruptcy. But the anti-spam laws do have some tiny little teeth. In my experience the main effect is to make legitimate companies take spamming and privacy more seriously; the place I work now actually goes to some lengths to avoid spamming and to honor their opt-out policies, where they may not have taken that obligation seriously before. When I worked at a direct marketing agency a few years ago we had corporate clients asking us to help make their email-based campaigns comply with new laws passed in Washington, Colorado, and Virginia. Maybe they didn't want to comply out of goodness and light--they fear bad publicity and lawsuits--but in the end the result is the same, and HP and Oracle send out less spam than they used to, and handle opt-outs a little better, in small part because of me. ;-) > The neat thing about my Swiftian proposal is that it doesn't actually > require any laws. It just says "We are going to devistate this > despicable practice on this date ..." and watch people scramble. There's > no way to stop it, short of legal prohibition against the publication. > > Come to think of it, we don't even need the State to do it at all. All > it takes is some civil disobedience to publish a web site on an > off-shore host that gives out as many SSC's as possible, and make sure > it gets a lot of press. I don't know you. If we go back to Orange Alert Status tomorrow I will blame you. ;-) -- Greg Jorgensen PDXperts LLC, Portland, Oregon, USA
This archive was generated by hypermail 2b30 : Fri Sep 27 2002 - 02:52:16 PDT