[Update: I changed the title from Privacy Rule Book to Identity Fraud Rule Book to more properly reflect my interests - I am looking for clear answers on when it is okay to use someone else's information based on intentions, impact, and any other attributes worth exploring.]
I’ve been reading quite a bit of Little League Baseball rules recently and they can become quite complex in certain scenarios like this one:
The bases are loaded with two outs. The batter hits a ground ball to third base. The third baseman fields the ball and elects to tag the runner coming from second rather than getting the force out at third (by tagging the base). Before the third baseman tags the runner from second, the runner who was on third base crosses home plate. Does the run count? (this happened to one of my teams and I still don’t know the answer.)
Anyway, I happened to read Code Name: Miranda over on Emergent Chaos and it occurred to me that the privacy crowd really needs a rule book. What I found interesting was simply that Chris is fine with, even excited about, impersonating "Mr. Miranda" who he clearly believes is another person. Clearly, he has made a qualitative judgement call that pretending to be someone else to overcome the tyranny of the supermarket affinity card is an "OK" action.
This, of course, confuses me. So, I need help from all the privacy experts of the world to tell me what is "OK" and what is "NOT OK" to do in the world of privacy and identity theft. Here are some scenarios to start with:
-
Abel impersonates Baker at the supermarket in order to get the discount. a) Abel has his own card and would warrant the discount; b) Abel doesn’t have his own card.
-
Abel impersonates Baker. Baker finds out and is really mad.
-
Abel impersonates Baker. Abel’s shopping habits are so different than Baker’s that the affinity program fails to recognize how much Baker likes gummi bears by giving him a 10% off coupon, instead forcing him to pay full price. Instead, Baker gets 95% off hummus and granola, which he hates. (variation: if we switched the products, would it make a difference – remember "everyone knows" that hummus is "OK" and gummi bears are "NOT OK.")
-
Abel uses Baker’s phone number to get another affinity card at another supermarket.
-
Abel finds out Baker’s SSN and opens up a bank account with it. a) Abel has good credit and only uses the account to protect his privacy; b) Abel has bad credit and only uses the account to protect his privacy; c) Abel has good credit and is using the account to keep his wife from finding out he has $2 million during his divorce proceeding.
-
Abel gets a credit card in Baker’s name. He pays all his bills all the time. In fact, it actually boosts Baker’s credit rating.
This stuff is (apparently) pretty tricky. And here I always thought people just wouldn’t feel right impersonating someone else for any reason (unless they are twins, in which case it appears to be "OK"). Please help.
I think there is a set of rules, though not a widely understood ruleset just yet. For example J.C. Cannon’s excellent book “Privacy – What Developers and IT Professionals Should Know” has specific, actionable guidelines for performing a data analysis from a privacy perspective. The data analysis defines whether each data item
* Provides a notice regarding the collection and use
* Whether it is sent to the Internet
* Whether it is sent to a thrid party
* Whether the it is controlled by the user or by a central party
* Whether it is in use
* Whether access is provided to the user
* Whether it is secured
The book examines how the system uses the data and how that use is controlled and so on.
I think there’s an extra scenario, which lacks such emotive words as “impersonates:”
That is, Charlie the computer gets Alice and Bob confused. Alice chuckles, instead of trying to argue with the computer, or consume, uncompensated, her Alice’s time to “fix” the “problem.”
1a is fine. The rest, except maybe 2, are wrong.
Note that I am interpreting your use of the term “impersonate” as “allow a mistaken conclusion based on factual system inputs to continue uncorrected”.
Here’s some more:
1) Abel very strongly resembles the millionaire playboy son of a filthy-rich financier. The *real* millionaire playboy son, since he is a high-roller, is always “comped” when he stays at a fancy hotel in Abel’s city.
Abel, by chance, enters that hotel, and is immediately waited on hand and foot. The hotel manager tells Abel, “Your money is no good here, Mr. Playboy”, addressing him by the wrong name.
Is Abel doing something wrong by allowing the hotel to persist in their misidentification?
2) Rather than performing a visual ID, the hotel has a list of high rollers, identified solely by name. One of them is “Chris Abel”. A non-high-roller Chris Abel goes to check in, and is immediately treated like a king. Must he correct the hotel’s error?
3) What if the hotel identifies the high-rollers by comparing a phone number asked at registration to the phone number high-rollers used when they first started coming to the hotel? Abel truthfully supplies his phone number, but is mistaken for a high-roller because a high-roller used to have his current phone number.
4) What if Abel strongly resembles a celebrity with whom everyone is familiar, and whom everyone respects highly for having performed an act of great heroism, saving dozens of innocent children from a certain, painful death. Would he be wrong to allow others to buy him drinks, not correcting their mistaken idea that he is the admired celebrity?
5) Abel is himself a high-roller. Baker is a high-roller as well, but by sheer coincidence has as his current phone number the one Abel registered as a high-roller with at an earlier point. The hotel, through a programming error, gives Abel exactly what he expects as a high-roller, but records the visit in their high-roller log book as a visit by Baker. This log is used for no purpose other than to measure the total number of “high-roller visits”. Is Abel under an obligation to point out the hotel’s record-keeping error?
BTW — I say the run counts. Am I right?