1996-02-10 - bullshit (was: Re: Fair Credit Reporting Act and Privacy Act)

Header Data

From: tbyfield@panix.com (t byfield)
To: cypherpunks@toad.com
Message Hash: b4a851ffb9b555646b499104b84c346e0f470a4f432149b88cda6fe83f061864
Message ID: <v02120d06ad409b8f9e5e@DialupEudora>
Reply To: N/A
UTC Datetime: 1996-02-10 11:48:05 UTC
Raw Date: Sat, 10 Feb 1996 19:48:05 +0800

Raw message

From: tbyfield@panix.com (t byfield)
Date: Sat, 10 Feb 1996 19:48:05 +0800
To: cypherpunks@toad.com
Subject: bullshit (was: Re: Fair Credit Reporting Act and Privacy Act)
Message-ID: <v02120d06ad409b8f9e5e@DialupEudora>
MIME-Version: 1.0
Content-Type: text/plain


At 10:18 PM 2/8/96, Bill Stewart wrote:

>The parts of the Privacy Act that I remember are all restrictions
>on _government_ actions, not private actions.  It's an important 
>distinction; even though TRW may know way too much about you, it's all information that >you voluntarily released to somebody, unlike data that 
>the government requires you to give them.  And, yes, it's out-of-date 
>and toothless.

        It's important to distinguish between information that you've voluntarily released as such (e.g., giving someone your SSN) and information derived from analysis of your actions (e.g., repayment patterns, value-added with a proprietary scoring system) and/or consolidated from small releases of info here and there--and most of the material in a typical TRW or Equifax dossier is of the latter kind.
        ObCrypto? Vaguely. I've been thinking about the possibilities of "bullshit generators"--simple programs that would generate names and various kinds of facts about people who don't exist and "make this info available": email addresses to SSNs, addresses, credit histories, medical records, you name it. If "bullshit bots" became generally available and easy to implement, "information markets"--a phrase that's far too general to capture the complexity of the dynamics it refers to--would stratify pretty fast: groundfeeders like the fine folks who're now grepping newsfeeds for email addresses + interests could be laid waste to pretty fast by a handful of dormant newsgroups systematically flooded with posts from gjhfkj@opihk.com or poipoh@axsx.org. Who'd pay for a DB that's half bogus? Alternatively: who'd pay to prevent their DB from being corrupted? Companies like Equifax would be harder to penetrate, but by no means beyond reach: there are so many people out there who they don't have files on yet--in ghettoes, in Eastern Europe--that they could be duped. We tend to think of information markets as markets for _true_ information; but as those markets mature, they'll breed parallel "counterweight" markets--markets, in essence, for _false_ information. Equifax and TRW got the goods on you? How much would you pay to vanish into a crowd of newly created people with excellent credit ratings who are all just a few diddled digits away from you, your SSN, your address, your phone number, your mother's maiden name...? The latest issue of RISKS (2/8/96, 17:70) has a kvetch about <http://www.graviton.com/red/>, "The Red Herring Home Page":

>        A little experimentation revealed that almost ANY obscure search
>would match "The information source", often as the only matching 
>document found. As near as I could figure out, his site recognized
>probes by web robots and then threw a dictionary at them!

        Congress would be hard pressed to illegalize fiction.


Version: 2.6.2