[GTALUG] [OT] Phishing is no mirage...

[Dhaval Giani]

On Wed, Dec 18, 2019 at 4:48 AM Russell Reiter via talk <talk at gtalug.org>
wrote:

> On Tue, Dec 17, 2019, 2:57 PM Alvin Starr via talk <talk at gtalug.org>
> wrote:
>
>> On 12/17/19 2:27 PM, Russell Reiter via talk wrote:
>> [snip]
>>
>>
>>
>>> | I wonder why, especially in this data stealing age, the practice is
>>> not firmly
>>> | against the law?
>>>
>>> Yes.  And the boundaries clearly marked.
>>>
>>
>> The problem is that its a matter of private law. The government would
>> essentially fetter itself if it actually made it illegal for you to give
>> out your SIN voluntarily. This might be the case in settlement if someone
>> has sued you, won and now has the right to a full accounting of your income
>> and assets.
>>
>> Enforcing laws is expensive and there is a threshold which is bounded by
>> economy of scale. As a general matter of private law, caveat emptor (let
>> the buyer beware) is the rule.
>>
>> Its kind of like the government is a national park with a grand canyon
>> running through it. The can put up signs which say don't get too close to
>> the edge or you may fall in but they can't really stop you from jumping off
>> the edge.
>>
>>
>> Its not that I was giving out my SIN voluntarily. It was a requirement of
>> getting service from a telecom provider.
>> Yes I could have refused to fill out the the application and walked out
>> of the store.
>> But then I would not have had the telecom service that I needed at the
>> time.
>>
>
> Yes you did volunteer the information when they asked for it. The law
> presumed you have a choice in the matter. There are enough providers who
> don't collect SIN numbers that you could have used one of them. You jumped
> into the canyon by wanting services immediately. There is an old saw that
> says decide in haste, repent at leisure.
>
>
Russell, I disagree with you here. When someone new to Canada  comes over,
they do not know what is true or not. I recall refusing to provide my SIN
when I moved to Canada (because I was aware) to rogers, and I had to put in
additional deposit (note, it was a deposit, but not an additional fee). If
you were to have suggested teksavvy at that time, i would have laughed you
away, because in the beginning I want something that is "bigger and
therefore safer". The law is meant to protect the vulnerable, and folks who
are new to Canada are probably the most vulnerable to predatory practices
(simply because they don't know when they can or can not push back. They
may also not have the financial resources to put in that bigger deposit
that a service provider wants). You, Alvin, Hugh and I are in a group of
people who understand their rights and are willing to psuh back. The
newcomers are still learning, and this is a first bad impression they get
of our country.

And, let's be honest. We do not do a good job of talking about why the SIN
is important. You cannot have SIN used as identity as well as verification.
How do I know when it is and it is not OK to give your SIN? Why do you need
SIN as a proof of identity for a credit check? It can be an identifier, but
give me some other "verification" means, which I control. Doesn't that take
away a lot of issues that a SIN leak causes?

I would rather not blame the victim here, especially when the victim is a
more vulnerable class that represented on this list.

Dhaval
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/talk/attachments/20191218/306dd509/attachment.html>