Identity Theft, Privacy, and the Architecture of Vulnerability

IF 0.7 4区社会学 Q2 LAW

Hastings Law Journal Pub Date : 2003-07-30 DOI:10.2139/SSRN.416740

Daniel J. Solove

{"title":"Identity Theft, Privacy, and the Architecture of Vulnerability","authors":"Daniel J. Solove","doi":"10.2139/SSRN.416740","DOIUrl":null,"url":null,"abstract":"This Article contrasts two models for understanding and protecting against privacy violations. Traditionally, privacy violations have been understood as invasive actions by particular wrongdoers who cause direct injury to victims. Victims experience embarrassment, mental distress, or harm to their reputations. Privacy is not infringed until these mental injuries materialize. Thus, the law responds when a person's deepest secrets are exposed, reputation is tarnished, or home is invaded. Under the traditional view, privacy is an individual right, remedied at the initiative of the individual. In this Article, Professor Solove contends the traditional model does not adequately account for many of the privacy problems arising today. These privacy problems do not consist merely of a series of isolated and discrete invasions or harms, but are systemic in nature. They cannot adequately be remedied by individual rights and remedies alone. In contrast, Professor Solove proposes a different model for understanding and protecting against these privacy problems. Developing the notion of \"architecture\" as used by Joel Reidenberg and Lawrence Lessig, Solove contends that many privacy problems must be understood as the product of a broader structural system which shapes the collection, dissemination, and use of personal information. Lessig and Reidenberg focus on \"architectures of control,\" structures that function to exercise greater dominion over individuals. Solove argues that in addition to architectures of control, we are seeing the development of \"architectures of vulnerability,\" which create a world where people are vulnerable to significant harm and are helpless to do anything about it. Solove argues that protecting privacy must focus not merely on remedies and penalties but on shaping architectures. Professor Solove illustrates these points with the example of identity theft, one of the most rapidly growing types of criminal activity. Identity theft is often conceptualized under the traditional model as the product of disparate thieves and crafty criminals. The problem, however, has not been adequately conceptualized, and, as a result, enforcement efforts have been misdirected. The problem, as Solove contends, is one created by an architecture, one that creates a series of vulnerabilities. This architecture is not created by identity thieves; rather, it is exploited by them. It is an architecture of vulnerability, one where personal information is not protected with adequate security. The identity thief's ability to so easily access and use our personal data stems from an architecture that does not provide adequate security to our personal information and that does not afford us with a sufficient degree of participation in the collection, dissemination, and use of that information. Understanding identity theft in terms of architecture reveals that it is part of a larger problem that the law has thus far ignored. Solove then discusses solutions to the identity theft problem. He engages in an extensive critique of Lynn LoPucki's solution, which involves the creation of a public identification system. After pointing out the difficulties in LoPucki's proposal, Solove develops an architecture that can more appropriately curtail identity theft, an architecture based on the Fair Information Practices.","PeriodicalId":46736,"journal":{"name":"Hastings Law Journal","volume":"231 1","pages":"1227"},"PeriodicalIF":0.7000,"publicationDate":"2003-07-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.2139/SSRN.416740","citationCount":"75","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Hastings Law Journal","FirstCategoryId":"90","ListUrlMain":"https://doi.org/10.2139/SSRN.416740","RegionNum":4,"RegionCategory":"社会学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"LAW","Score":null,"Total":0}

引用次数: 75

Abstract

This Article contrasts two models for understanding and protecting against privacy violations. Traditionally, privacy violations have been understood as invasive actions by particular wrongdoers who cause direct injury to victims. Victims experience embarrassment, mental distress, or harm to their reputations. Privacy is not infringed until these mental injuries materialize. Thus, the law responds when a person's deepest secrets are exposed, reputation is tarnished, or home is invaded. Under the traditional view, privacy is an individual right, remedied at the initiative of the individual. In this Article, Professor Solove contends the traditional model does not adequately account for many of the privacy problems arising today. These privacy problems do not consist merely of a series of isolated and discrete invasions or harms, but are systemic in nature. They cannot adequately be remedied by individual rights and remedies alone. In contrast, Professor Solove proposes a different model for understanding and protecting against these privacy problems. Developing the notion of "architecture" as used by Joel Reidenberg and Lawrence Lessig, Solove contends that many privacy problems must be understood as the product of a broader structural system which shapes the collection, dissemination, and use of personal information. Lessig and Reidenberg focus on "architectures of control," structures that function to exercise greater dominion over individuals. Solove argues that in addition to architectures of control, we are seeing the development of "architectures of vulnerability," which create a world where people are vulnerable to significant harm and are helpless to do anything about it. Solove argues that protecting privacy must focus not merely on remedies and penalties but on shaping architectures. Professor Solove illustrates these points with the example of identity theft, one of the most rapidly growing types of criminal activity. Identity theft is often conceptualized under the traditional model as the product of disparate thieves and crafty criminals. The problem, however, has not been adequately conceptualized, and, as a result, enforcement efforts have been misdirected. The problem, as Solove contends, is one created by an architecture, one that creates a series of vulnerabilities. This architecture is not created by identity thieves; rather, it is exploited by them. It is an architecture of vulnerability, one where personal information is not protected with adequate security. The identity thief's ability to so easily access and use our personal data stems from an architecture that does not provide adequate security to our personal information and that does not afford us with a sufficient degree of participation in the collection, dissemination, and use of that information. Understanding identity theft in terms of architecture reveals that it is part of a larger problem that the law has thus far ignored. Solove then discusses solutions to the identity theft problem. He engages in an extensive critique of Lynn LoPucki's solution, which involves the creation of a public identification system. After pointing out the difficulties in LoPucki's proposal, Solove develops an architecture that can more appropriately curtail identity theft, an architecture based on the Fair Information Practices.

查看原文本刊更多论文

身份盗窃、隐私和脆弱性体系结构

本文对比了两种理解和保护隐私免受侵犯的模式。传统上，侵犯隐私被理解为特定不法行为者对受害者造成直接伤害的侵入性行为。受害者会感到尴尬、精神痛苦或名誉受损。在这些精神伤害成为现实之前，隐私不会受到侵犯。因此，当一个人最深的秘密被揭露、名誉受损或家庭被入侵时，法律就会作出反应。传统观点认为，隐私权是一项个人权利，应由个人主动予以补救。在这篇文章中，索洛夫教授认为，传统模式并不能充分解释当今出现的许多隐私问题。这些隐私问题不仅仅是一系列孤立的、离散的侵犯或损害，而是系统性的。仅凭个人权利和补救办法无法充分补救这些问题。相比之下，索洛夫教授提出了一种不同的模型来理解和保护这些隐私问题。Solove发展了Joel Reidenberg和Lawrence Lessig所使用的“建筑”概念，他认为许多隐私问题必须被理解为一个更广泛的结构系统的产物，这个结构系统塑造了个人信息的收集、传播和使用。莱西格和雷登伯格关注的是“控制架构”，即对个人行使更大统治的结构。Solove认为，除了控制体系结构之外，我们还看到了“脆弱性体系结构”的发展，它创造了一个世界，在这个世界里，人们很容易受到重大伤害，而且对此无能为力。Solove认为，保护隐私不仅要关注补救和惩罚，还要关注架构的形成。索洛夫教授以身份盗窃为例说明了这些观点，身份盗窃是增长最快的犯罪活动之一。在传统模式下，身份盗窃通常被定义为不同的窃贼和狡猾的罪犯的产物。然而，这个问题没有得到充分的概念化，因此，执法工作被误导了。正如索洛夫所认为的那样，这个问题是由架构造成的，它造成了一系列的漏洞。这种架构不是由身份窃贼创建的;相反，它被他们利用了。这是一个易受攻击的体系结构，个人信息没有得到足够的安全保护。身份窃贼能够如此轻松地访问和使用我们的个人数据，源于一种架构，这种架构没有为我们的个人信息提供足够的安全性，也没有为我们提供足够程度的参与收集、传播和使用这些信息的能力。从架构的角度来理解身份盗窃，可以发现它是法律迄今为止所忽视的更大问题的一部分。然后讨论了身份盗窃问题的解决方案。他对林恩·洛普基(Lynn LoPucki)的解决方案进行了广泛的批评，该解决方案涉及创建一个公共身份识别系统。在指出LoPucki提案中的困难之后，Solove开发了一个架构，可以更适当地减少身份盗窃，这是一个基于公平信息实践的架构。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Hastings Law Journal LAW-

自引率

0.00%

发文量

期刊介绍： Hastings College of the Law was founded in 1878 as the first law department of the University of California, and today is one of the top-rated law schools in the United States. Its alumni span the globe and are among the most respected lawyers, judges and business leaders today. Hastings was founded in 1878 as the first law department of the University of California and is one of the most exciting and vibrant legal education centers in the nation. Our faculty are nationally renowned as both teachers and scholars.