How to opt out of Equifax's rights-stripping arbitration clause


#1

Originally published at: https://boingboing.net/2017/09/10/official-identity-theft.html


#2

I think the discussion around Equifax should be starting with dissolution of the company, shareholder value redirected to restitution for the millions of victims, and jail time for executives. We need to change the climate around this kind of corporate recklessness.


#3

I tried both my and my wife’s SSN and received this:

Based on the information provided, we believe that your personal information was not impacted by this incident.

ETA
After trying a bunch of gibberish, and getting that they are all impacted, I’m thinking that the test is that it will return in the negative (ie- not impacted) only if you have an account and they can verify that it is safe. Anything else will be potentially impacted.

Just a theory, though.


#4

More like EquiFux.


#5

I want a reverse EULA … like a Source Provider License Agreement or some such … that says if you fuck me I get use of a Bosch hammer drill (paid for by the Source) to let me, the End User, knock the Source’s brick and mortar establishments down to the fucking ground.

And I want a free juice.


#6

Explain why again we agree to use FICO score? It’s a secret, proprietary algorithm that no one k ows how they’re actually calculated but everyone’s life is centred around the number it produces.

How about we just publish the FICO algorithm and stop allowing these companies to use them to control our lives? The issue isn’t that the data was stolen, it’s that it’s int-e hands if these companies that only have it because we cowtow to secret algorithms that shouldn’t be in their hands in the first place.

The hackers should get hold of the FICO algorithm and publish that. Then the companies won’t have a product that is exclusively theirs to control us.


#7

FICO isn’t the same as Equifax. They are different companies. FICO is a score of credit worthiness that uses data from the Big Three credit reporting agencies (of which Equifax is the biggest).

Their exact formulas are a trade secret but the general indicators of what is factored into your score and it’s weight is pretty easy to find straight from the source:

As for “why use it?” Well it’s an easy to understand and digest abstract view of lending risk.

The idea of an open source credit worthiness score that is widely trusted is intriguing, but unrealistic.


#8

Longer term, using SSN as a financial security check should be illegal.

Bigger picture, binding arbitration agreement needs to be non-enforceable if it’s hidden in a EULA.

That website was a straight-up scam.


#9

an insecure site for checking whether your own data was breached that produces the same output no matter what name and SSN you input.

Yup, glad I didn’t try using that bullshit.


#10

I should have posted this in the other thread.


#11

FICO sells its credit scoring software to the “big three” reporting agencies. It’s one algorithm, with some parameters that may vary a bit, but running on three different databases, which overlap in the data that they contain. Then there is the “fourth bureau,” a term for all the smaller credit agencies that supplement the primary system, rather than competing with it.

It’s an oligopoly. If we’re going to have a longstanding, established system like this, that isn’t really subject to competition, then I don’t think you can say it’s in the public interest for the scoring algorithm to be a trade secret. Not least because, in practice, the credit reporting agencies make mistakes constantly, and the secrecy only helps them get away with it.


#12

I never said that it was.


#13

So, then, it’s just that you don’t currently see a way to a better system? If FCRA was amended to require disclosure of the methods used to compute credit scores, then certainly FICO would not be happy, but I bet they would still have a viable business providing services to the CRAs.


#14

That would be great, but it’s certainly not going to happen under Trump and his staunchly anti-consumer minions. If anything, I expect that things will get even worse.

Then again, even if their algorithms were made public you’d have to break up the credit reporting cabals as well since they are the “trusted” source for the data needed to generate the score.

As I said before, it’s an intriguing idea, but not realistic. It’s not a simple problem with a simple, “just open source everything” solution.


#15

@Sanjay’s question is a good one, regardless of the party in control in Washington. Locating a source of oppressive power, normally obscured from us, as they so often are, and bringing it into the light of day - that’s what we need! Another reason that the public ought to know more about how credit rating works is that it’s a principal means for the system of racist redlining to continue to operate in present-day US.


#16

What about breaches of records of people outside the USA? We do not have SSNs to enter.


#17

Yeah, how many people’s NI numbers are now hosed? What a fucking mess.


#18

I’m under the impression that the breach was limited to US consumers. I believe the credit reporting Equifax does only pertains to those who borrow money within the United States (though it does look like they have a Canadian branch). Unless you’ve resided here in the past and used financing in some form you’re likely not effected by this particular breach.
Though I’m not an expert on these things, if someone more knowledgeable knows otherwise please correct me.


#19

I don’t think that this gross failure would be acceptable or possible in markets with more sane customers protection regulations (i.e. EU)
On lwn.net there is a comment with what looks like valuable information. Not being affected I can’t comment on its validity.
https://lwn.net/Articles/733328/


#20

Chrome didn’t complain about the site’s security so after poking around a little I took it at face value and entered the requested info. It said that I may have been affected by the breach and gave me a date a few days in the future to come back and sign up for their service.

My wife and son were both told that they hadn’t been affected, but they were still invited to sign up for the service. It didn’t give them a date in the future to sign up though, making it seem like they could enroll immediately.

At this point none of us has signed up and I’m curious about the class action suit filed in Oregon.