[GTALUG] [OT] Phishing is no mirage...

Russell Reiter rreiter91 at gmail.com
Wed Dec 18 11:34:49 EST 2019 

On Wed, Dec 18, 2019 at 9:36 AM D. Hugh Redelmeier via talk <talk at gtalug.org>
wrote:

> | From: Russell Reiter via talk <talk at gtalug.org>
>
> | Yes you did volunteer the information when they asked for it.
>
> "ask" isn't quite accurate.  "demand" is closer.
>
> I'm sure that no negotiation was possible.
>

You could always leave demanded information out of a screening form and see
what happens.
While it is not unlawful to ask for information and it is not unlawful to
provide information
there is usually a third option If such negotiation is not possible,

>
> | The law
> | presumed you have a choice in the matter. There are enough providers who
> | don't collect SIN numbers that you could have used one of them.
>
> Do you know this?  Or are you guessing?
>

Well I presume in this case, since he was in a store, he could have walked
into
another store. This is assumed to be part of the free market economy we use.

>
> I do think that you are probably right: I don't remember being asked for
> my SIN for phone contracts.


> |  However having the SIN it makes it easier for
> | them to get access to your funds through the court system if you owe
> them a
> | significant debt.
>
> Really?  How would that work?
>
> Using metada. Just knowing there is a SIN number on a biling record or
contract
form, should be enough for most court iniated inqueries.

| > So now the Telecom provider has my SIN.
> | > Are they free to use as they wish?
> | >
> |
> | No, they have a fiduciary duty to you to protect that sensitive
> | information. It was collected as a kind of trust article.
>
> Really?  "Fiduciary duty" is a very strong standard.  Can you point to
> anything that says they have such a duty?
>

Ok I snagged this from Wikipedia and havent checked the authority but this
is the essence of a trust.

A fiduciary is someone who has undertaken to act for and on behalf of
another
in a particular matter in circumstances which give rise to a relationship
of trust
and confidence.
— Lord Millett <https://en.wikipedia.org/wiki/Peter_Millett,_Baron_Millett>
, *Bristol and West Building Society v Mothew
<https://en.wikipedia.org/wiki/Bristol_and_West_Building_Society_v_Mothew>*
[4] <https://en.wikipedia.org/wiki/Fiduciary#cite_note-4>

Generally under private law a signed contract between people or an
Individual and a
Corporation is a trust document. Questions asked on a screening form have
to have
a rational purpose connected to the establishement of a trust arangement.


> | > Could they use it as my client ID and paste it on the front the bills
> they
> | > send out to me?
> |
> | I think if they did that you could sue for injunctive relief, assuming
> that
> | they didn't reveal that was their contractual policy at the outset. It
> | would be on your copy of the contract if they did.
>
> I don't know the limits of "injunctive relief", but my guess is that it
> just means a court order to "stop doing that".  No penalty.  No undoing of
> damage.  If so, that's not very satisfactory.
>

That would be a preliminary relief, you might be entitled to more if you
plead
for it.

>
> | > Part of my concern was that enough personal information for someone to
> | > completely steal my identity was provided to a call center in a third
> world
> | > country with little or no oversight.


> Or: transfer your data to a datacenter in the US where the laws are
> different and nasty.  That's completely normal in Canada.
>
> | How did that happen? You purchased the service from a brick and mortar
> | location, in Canada I presume. Accounting and financial data are
> different
> | than technical and service information. It would be highly unlikely that
> a
> | service technician or even a first tier collection representative would
> | have access to your complete data file.
>
> Strangers have access to poorly stored corporate data.  Just look at
> the LifeLabs case revealed yesterday.
>

This is a function of all the Corporate deregulation since the 60's and the
dilution of
CSR in operations. Apparently now that everyones got a self employed under
contract
gig, either micromanaging or being micromanaged by computer, nobody
understands
Corporate Charters and the trust we are supposed to invest in our
Institutions in
Canada; including private business which deals directly with our personal
data.

Privatization of our health testing and the data that comes with it, was a
very slippery
slope. Lifelabs indicates the scope of that slope as we begin the slide
down it.

In Alvins Telecommunications case, It's kind of funny in a way. Since a
computer is an RF
device, by using it you are a broadcaster under license. You are
responsible for any
RF interference it creates.That is the broadcasters responsibility,
carriers are a different
part of the story and their duties are limited under contract and the
specific requirements
of their carrier agency permit.


> | > The carrier should have an obligation of care with my information.
> | > But the only obligation that the carrier has is to maximize the
> shareholder
> | > value.
>
> Not a "fiduciary responsibility" to the customer that you claimed
> earlier?
>

Umm that was a bit from Alvin's post. I should have responded to his post
first, then
this one.

Sorry about that.

>
> | Cybercare of personal information starts with the individual,
> unfortunately
> | it's all downhill from there.
>
> There are many components to this.
>
> We need to push back on unreasonable requests.

We need to have better privacy legislation.
> We need better consumer education.
> We need consumers to demand better privacy.
> We need real competition, so bad actors suffer in the market.
> And so on.
>

Yes we need all those things as we move deeper into the Electronic
Frontier.


> Right now, the power imbalance between a customer and a corporation
> limits the effectiveness of your statement.


> Some aspects of privacy are like vaccination.  Privacy is easier to
> defend if we all have it.  If we each stand alone, we will lose.
>
> You are essentially "blaming the victim".  That's not completely wrong
> but it seems like this is mostly a systemic failure.


I thought I was highlighting some of the alternative choices that people
would usually have when shopping for Telecommunications services and the
inherent assumption of risk involved when providing personal information
under
contract law.


>
> A friend of mine probably died due to standing on such principles.
> (In the US, he could not afford health care.  He had wealth that he
> could not access due to these principles.)
>

Not sure I understand this bit about your friend standing on principles.
But I do
admire principled people.

---
> Post to this mailing list talk at gtalug.org
> Unsubscribe from this mailing list
> https://gtalug.org/mailman/listinfo/talk
>


-- 
Russell
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/talk/attachments/20191218/140f8b95/attachment.html>

More information about the talk mailing list