Carl is most certainly not an idiot. In fact, there might be a reasonable argument for this: You're changing the defaults of a contract by specifying what should be interpreted as reasonable authentication or not. Still, I don't agree with it, and it's something that should be left up to the courts, not Washingtonians and their lobbyists. -Declan On Fri, Sep 22, 2000 at 01:02:35PM -0400, Marcel Popescu wrote: > Another idiot who wants more laws: > > Date: 17 Sep 2000 19:16:23 -0700 > X-Loop: openpgp.net > From: "Carl Ellison" <[EMAIL PROTECTED]> > Subject: Re: Identity theft (PGN, RISKS-21.04) > > I used to try to keep my SSN private -- then I realized that that's blaming > the victim (me). It's not the SSN holder's fault that stores and other > institutions use improper means for authenticating people. It's the store's > fault. > > Any information held by a credit bureau is public. So is any information > held by any government agency, if I'm to believe the spam I get > occasionally. > > So, that information is not acceptable for authentication -- even in person, > but especially online. It's not merely unacceptable when dealing with the > credit bureau. The credit bureau poisons the information for everyone. > > Now -- how do we get consumer protection laws that make it clear that a > consumer is not liable for any debts incurred by someone claiming to be > him/her unless there is irrefutable authentication during registration > (e.g., videotape of the consumer signing up for the service). This means > killing all issuing of credit online, by mail, by phone, etc. > > Maybe I'd stop getting all those credit-card applications in the mail.... > > [This opens a technical challenge: how can we authenticate anyone, if we > rule > out information that an attacker can get?] > > - Carl > > --- > All inventions or works of authorship original to me, > herein and past, are placed irrevocably in the public > domain, and may be used or modified for any purpose, > without permission, attribution, or notification. > > > > >