Last spring, I went to a wonderful symposium on Data Security and Data Privacy in the Payment System at Brooklyn Law School. It was organized by Ted Janger and the Brooklyn Journal of Corporate, Financial, and Commercial Law, and featured a wide-ranging conversation on the hard problem of keeping your credit card information safe from identity thieves. I say “conversation” because it really was one; it was organized around presentations, but the back-and-forth among the dozen or so of us was rich and unforced. Putting all of us around three sides of a single large table was an inspired move; it broke down the wall between “panel” and “everyone else.”
My role was to comment on two of the presentations: Chris Hoofnagle’s Internalizing Identity Theft and Juliet Moringiello’s Warranting Data Security. Afterwards, Ted did what a good conference organizer should: gently coaxed and cajoled me into writing up my remarks as a short piece for the symposium issue. That issue is now out, so I’m pleased to present you with Known and Unknown, Property and Contract: Comments on Hoofnagle and Moringiello. Here’s the abstract:
In addition to gerund-noun-noun titles and a concern with the misaligned incentives of businesses that handle consumers’ financial data, Chris Hoofnagle’s Internalizing Identity Theft and Juliet Moringiello’s Warranting Data Security share something else: hidden themes. Hoofnagle’s paper is officially about an empirical study of identity theft, but behind the scenes it’s also an exploration of where we draw the line between public information shared freely and secret information used to authenticate individuals. Moringiello’s paper is officially a proposal for a new warranty of secure handling of payment information, but under the surface, it invites us to think about the relationship between property and contract in the payment system. Parts I and II, respectively, of this brief essay will explore these hidden themes in Hoofnagle’s and Moringiello’s articles. I hope the exercise will tell us something interesting about these two papers, and also about the problems of privacy and security in the payment system. A brief conclusion will add a personal note to the mix.
I recommend reading to Part III. Feel free to skip ahead.