Legal Data Security
CS
463/480 Lecture, Dr.
Lawlor
Authentication gets very difficult when the person being
authenticated doesn't *want* to be authenticated. For example:
- In delivering legal papers (a process
server), often folks do not want to admit they've received
them, because not being aware of the proceedings is actually a
legitimate defense. (Technically, court info is public information,
but in practice it would be ridiculous to assume everybody is
hitting "refresh" on the search features in every possible
jurisdiction.) For example:
- They don't want to admit they're even the person in
question.
- They don't want the divorce.
- They don't want to admit they're being sued.
- A judge recently allowed process
to be served via Facebook. (It's easier to leave
no forwarding postal address than to switch all your friends
on Facebook!)
- In debt
collection, a debt collection agency will often be faced
with supposed debtors who make some combination of these claims:
- They aren't the debtor in question. (For example, due
to a change of address, or duplicate names.)
- There is no such debt. (For example, due to identity
theft at the origin of the debt.)
- They paid the debt already. (For example, because
another agency has already collected it, but sold the note
anyway.)
- In real estate
title insurance, a property seller might not actually own
their supposed property, because:
- They already sold it to someone else. (Double or
triple sales, for example due to a previous transaction
"falling through" but then completing.)
- They don't have the legal right to sell it. (For
example, due to "winning" the property on a bet, or because
they actually own the property next door.)
- The solution is to make "closing" legally binding, and to
officially record property ownership in a government
property database. This works because it's easier
to globally index property than to globally index people.