[GTALUG] [OT] Phishing is no mirage...

[D. Hugh Redelmeier]

| From: Russell Reiter via talk <talk at gtalug.org>

"fiduciary duty"

"injunctive relief"

"trust"

I don't think that these legal words mean what you think they mean.

They are fairly technical.  Using them lends an air of expertise.
Unless you use them carelessly.  That has the opposite effect.

| You could always leave demanded information out of a screening form and see what happens.
| While it is not unlawful to ask for information and it is not unlawful to provide information
| there is usually a third option If such negotiation is not possible,

What are the options you are thinking of?

- fill it out correctly

- leave it blank

- fill it out with misinformation (phone number 555 555 5555)

The third option might expose one to legal liability.

|       |  However having the SIN it makes it easier for
|       | them to get access to your funds through the court system if you owe them a
|       | significant debt.
| 
|       Really?  How would that work?
| 
| Using metada. Just knowing there is a SIN number on a biling record or contract
| form, should be enough for most court iniated inqueries. 

That's hand waving.  Having a SIN number proves nothing about the
existence of a contract or its terms or any outstanding debt.  That's
why I asked.

(I think you mean "metadata", "billing", and "initiated".  But when it
comes to spelling, I live in a glass house.)

|       | No, they have a fiduciary duty to you to protect that sensitive
|       | information. It was collected as a kind of trust article.
| 
|       Really?  "Fiduciary duty" is a very strong standard.  Can you point to
|       anything that says they have such a duty?
| 
| 
| Ok I snagged this from Wikipedia and havent checked the authority but this
| is the essence of a trust.
| 
| A fiduciary is someone who has undertaken to act for and on behalf of another 
| in a particular matter in circumstances which give rise to a relationship of trust 
| and confidence.
| — Lord Millett, Bristol and West Building Society v Mothew[4]  
| 
| Generally under private law a signed contract between people or an Individual and a 
| Corporation is a trust document. Questions asked on a screening form have to have
| a rational purpose connected to the establishement of a trust arangement.

A fiduciary must act in your interest, not in their own or their
organization's interest.  Few business relationships are like
that.

"Trust" is a very technical term in Canadian law (similar to UK and
US law).

|       | > Could they use it as my client ID and paste it on the front the bills they
|       | > send out to me?
|       |
|       | I think if they did that you could sue for injunctive relief, assuming that
|       | they didn't reveal that was their contractual policy at the outset. It
|       | would be on your copy of the contract if they did.
| 
|       I don't know the limits of "injunctive relief", but my guess is that it
|       just means a court order to "stop doing that".  No penalty.  No undoing of
|       damage.  If so, that's not very satisfactory.
| 
| 
| That would be a preliminary relief, you might be entitled to more if you plead
| for it. 

You said "injunctive relief".  My impression (IANAL) is that monetary
awards are not part of injunctive relief.

If you just said "sue them", that would have been covered.

|       Or: transfer your data to a datacenter in the US where the laws are
|       different and nasty.  That's completely normal in Canada.
| 
|       Strangers have access to poorly stored corporate data.  Just look at
|       the LifeLabs case revealed yesterday.
| 
| 
| This is a function of all the Corporate deregulation since the 60's and the dilution of 
| CSR in operations.

What's "CSR"?

I don't see how this relates to deregulation.  We've actually gotten
more privacy regulation since the 1960's.

| Privatization of our health testing and the data that comes with it, was a very slippery 
| slope. Lifelabs indicates the scope of that slope as we begin the slide down it.

Actually, health care in Ontario was largely private until OHIP
(introduced in the 1960s).

| In Alvins Telecommunications case, It's kind of funny in a way. Since a computer is an RF 
| device, by using it you are a broadcaster under license. You are responsible for any 
| RF interference it creates.That is the broadcasters responsibility, carriers are a different 
| part of the story and their duties are limited under contract and the specific requirements 
| of their carrier agency permit. 

I neither understand that nor see how it relates to privacy.

| I thought I was highlighting some of the alternative choices that people 
| would usually have when shopping for Telecommunications services and the 
| inherent assumption of risk involved when providing personal information under 
| contract law.

It's good for people to know their options.  But some options are more
theoretical than practical.

John Gilmore is not allowed on planes or trains or buses (he wore a
button that read "suspected terrorist" and refused to remove it (I
have one of those buttons too)).  He has no driver's license because
the California authorities require some information of him that they
are not allowed to require (SSN?  I don't remember).  This is a steep
price to pay for standing up for your rights.

Random google hit:
<https://boingboing.net/2003/08/03/why-john-gilmore-is.html>

|       A friend of mine probably died due to standing on such principles.
|       (In the US, he could not afford health care.  He had wealth that he
|       could not access due to these principles.)
| 
| 
| Not sure I understand this bit about your friend standing on principles. But I do
| admire principled people.

Sorry, for privacy reasons I don't wish to lay it all out.  In this
case, death was an indirect consequence.