Strange Intersections between Data Brokers and the CFAA: A Financially Supported Attack on Privacy

37 Pages Posted: 1 Jun 2013

Date Written: May 7, 2013

Abstract

Personal data cannot be owned. This small fact has astounding implications when considering privacy. Consider the intersection of two distinct, troublesome areas: data broker operations and the computer fraud and abuse act.

When considering threats to the integrity of a networked data store, advertisers are not the first thing that comes to mind. Yet the market for user data is so rich right now that it is ripe for exploitation. The brokers can buy and sell any data they wish, with no concern for the origin or means of acquiring data. They are not required to and unwilling to reveal their sources.

Some provisions in the Computer Fraud and Abuse Act open up the opportunity to acquire data surreptitiously by discouraging the public from discovering what may be happening to their data. Quiet, quasi-criminal operations could exist that syphon data that is illegitimately collected and sell to legitimate brokers.

The result of this alignment of circumstances is that there is an entirely unexplored class of attackers that may operate beneath the radar, yet out in the open. The data market is not something that has the potential for regulation, so it is incumbent on organizations to be aware of the threat and take appropriate measures to contain it.

Keywords: Data brokers, CFAA, privacy

Suggested Citation

Dudley, Christie, Strange Intersections between Data Brokers and the CFAA: A Financially Supported Attack on Privacy (May 7, 2013). Available at SSRN: https://ssrn.com/abstract=2272550 or http://dx.doi.org/10.2139/ssrn.2272550

Do you have a job opening that you would like to promote on SSRN?

Paper statistics

Downloads
90
Abstract Views
626
rank
357,048
PlumX Metrics