LexisNexis (which acquired ChoicePoint) is the largest data-broker in the world. They create vast profiles on people and use that information to create various reports that they sell to companies of all kinds. These reports are used to make decisions about renting, insurance and more. In the past these reports have been purchased by law enforcement and criminal organizations; all to find out more information about you.
It might be a good idea to find out what's in your report, but it turns out neither simple web searching or LexisNexis themselves do much for listing out all the types of data they know about you. Well here's the list of information they had (or could have had) from my personal LexisNexis dossier:
Auto/Property Insurance Records:
LexisNexis is tied into the "Current Carrier" insurance information system used by insurance companies and agencies when deciding to issue you a policy. Think of it like a "credit report for insurance".
This includes 7 years worth of:
- Name of insurance company
- Your policy number
- Type of policy (auto, boat, fire, quake, tenant, home, etc).
- Risk type (standard, preferred, facility, etc).
- Policy start date
- Policy termination date and reason for termination
- Names of each subject found on the policy
For auto, this also includes:
- Insured vehicle (including VIN, year, and make)
- Type of vehicle
- Coverage amounts
For property, this also includes:
- Address of property
- Eviction records
Personal information that may be included
- Date of Birth (partially omitted; ex. like 06/##/1970)
- Social Security Number (Minus the last four digits)
- Driver's license number (partially omitted)
"C.L.U.E"® insurance loss information reports (apparently reports on whether you're a high risk person or not)
This report lists circumstances relating to theft while working at a retail company (admitted or convicted).
In my case, this was of course blank so I don't know specifically what data items would have been included. Most entertaining, there's a line in the report that reads "If you believe we should have information about you in our Esteem Database, let us know"…. Wow.
If any company ever pays LexisNexis to perform a background check on you, LexisNexis will keep the information for future sales purposes. This may include your full date driving record and your personal credit file.
Screennow ® report
This report shows results of a national criminal records search.
- Professional licences held (Doctor, lawyer, pharmacist, barber, insurance agent, pilot, etc)
- Address history
- Deed transfer data
- Aircraft registration
- Loan information (where the loan was secured with collateral: i.e. a car)
- Bankruptcies, liens, and judgements
- Controlled substance license (in case you want to know who can legally get illegal drugs)
- Business affiliations – When you're an officer or principal of an incorporated company
- Significant shareholder records
They claim they'll only have history of employers who previously asked LexisNexis to do a background check on you.
Does that make you uncomfortable?
Data brokers are just a business like any other, but as the credit report companies proved, buying and reselling data carelessly leads to disaster. Considering that these reports are FAR more detailed with a much wider variety of information, I can only imagine the consequences of allowing them to proceed as they have been.
Fortunately, you may not have to.
I was able to order my report using this webpage. I believe that doing so would be a good idea, but after that, make sure to also use their opt out procedures if you can.
It turns out that they'll only let your data go if you can prove that you're an identity theft victim or in imminent danger of bodily harm (police officer, public officials, etc). But it's easy to understand why they make it hard. After all, why would you set free one of your prize milk cows for no good reason?
In the end, I hope that strong regulation is introduced before we reach a problem like we did with identity theft.
, Data Abuse
For anyone who's participated in forums, online games, or any other system where you can communicate with random strangers, you've probably encountered people who make you angry. Some are just people who you don't get along with legitimately, and some are "trolls"; people who toy with others for their amusement.
What makes people trolls is generally the anonymous nature of the Internet. Sadly, this is often a perceived anonymity only. Just yesterday, I found a post I didn't agree with and wanted to comment on it. Since the author had locked comments, I did a little web research and found her real name, school, e-mail address, and other sites she posted to. I was only looking for some means to contact her, but the information was fully filled out on these sites with no protection at all.
Imagine her shock to find out how easily she was found (and to be honest she called me quite a few names at first though we did have a good conversation after that).
Sadly, most people don't realize how difficult it is to be truly anonymous. The only things keeping you safe in many cases is that you've never given anyone enough reason to look you up. And now we get to the real story.
Online games can be tense and frustrating. For example, the first time I played an online competitive game, I was completely crushed in seconds and insulted repeatedly for my efforts. I chose to stick with offline gaming but others weather the storm and build their skills to the point they can keep up and even be good enough to win.
However, there are just going to be times that someone is better than you. That's frustrating enough, but when they're rude and insulting, it can be maddening. And for context, understand that the people who are the rudest are often younger males who believe they don't have to "pull any punches" since they don't have to face the consequences of their actions (an idea that was excellently portrayed in Disney's Pinocchio).
My point is, this kid was being an ass with abandon. What was his opponent going to do? Hunt him down and hurt him? Turns out the answer was yes.
And believe it or not, there's a lot of support for the attacker online. The sad fact is that there are still consequences for what we do, even if we're online. Similar to the adive every parent must give to their children of how posts last forever, we must also teach our kids not to draw undue agression. After all, how do you know whether the person you're "Teabagging" has the ability and desire to come after you in person?
So yesterday, we learned that OnStar tracks you even if you're not a customer and today, we learn that Facebook will track and monitor your web usage without your knowledge or permission… even if you're not logged in.
The social network is quietly retracting a cookie that continued to report your Facebook user ID even after you "logged out" of the site. But it's not sorry about five other cookies that persist after you sign off. What, you didn't think Facebook would ever let you actually for real seriously 100 percent sign out, did you?
Remember, you're not Facebook's customer, you're cattle. These kinds of issues will never stop so if you aren't using special software to counter Facebook's nastier sides, you're at a disadvantage.
As if we didn't see this coming
So all that time I spent warning people about OnStar seems to have been completely justified.
OnStar was recently admonished by several senators for its plan to spy on people (even non-customers).
OnStar is apparently hoping to create a new revenue stream by collecting data about the movements of OnStar-equipped cars. Obviously, this data set will be more comprehensive—and, therefore, more lucrative—if it includes data from former OnStar subscribers as well as current ones. In an announcement e-mailed to subscribers earlier this month, the company said that, starting December 1, it would continue collecting data from subscribers even after they cancel their service. OnStar also said it reserved the right to sell aggregated and anonymized data to third parties.
Whoever somehow assumed that a big company with the capability of knowing where you are at all times wouldn't abuse that power was pretty short-sighted. Sorry.
You can't use rights you don't know about or don't understand. The Electronic Frontier Foundation has posted a summary of your 4th amendment rights to deny the government permission to search you or your belongings (digital or otherwise).
It's good to know what you can and can't do since you should know that even when you've done nothing wrong, you may still get yourself into a lot of trouble if you are careless with your privacy.
Tags: 4th Amendment
, Police Search
If you're with Citibank, then YOU'RE WITH STUPID!
When I teach, I explain how most of the breaches and problems you hear in the world aren't about clever hackers or sophisticated attackers, but instead about weak and pathetic security. This has just become my new go-to example.
Basically after you logged into your account as a Citi customer, the URL contained a code identifying your account. All you had to do was change around the numbers and boom, you were in someone else's account.
What that means is that if you were to look at the address in your bar at the top of the browser, it contains the name of the website you're on and (as is typical) a whole lot of other junk like this:
One of the values in the "lots of other junk" area told Citibank who's account to show. If you just entered any random number, the website would think you were the user with that ID and show you their page. Even when this kind of problem was new over a decade ago, it seemed pretty dumb for major websites to be this sloppy. To think that a site run by such a large (and rich) company would make this kind of mistake would be laughable if it weren't so contemptible.
Citi, TJX wants to thank you from the bottom of their hearts for finally doing something so stupid that we can forget about their horrible mistake (at least just a little).
Tags: Account Security
, Continual Stupidity
, Utter Failure
A Yahoo article says that because women's cloths sizing is hard, they're going to nude scan them to figure out what they can wear. Seriously!?
Ms. Shaw, the entrepreneur, is chief executive of a company called MyBestFit that addresses the problem. It is setting up kiosks in malls to offer a free 20-second full-body scan — a lot like the airport, minus the pat-down alternative that T.S.A. agents offer.
Lauren VanBrackle, 20, a student in Philadelphia, tried MyBestFit when she was shopping last weekend.
“I can be anywhere from a 0 at Ann Taylor to a 6 at American Eagle,” she said. “It obviously makes it difficult to shop.” This time, the scanner suggested that at American Eagle, she should try a 4 in one style and a 6 in another. Ms. VanBrackle said she tried the jeans on and was impressed: “That machine, in a 30-second scan, it tells you what to do.”
That's cute. A strip search in the name of getting something to wear? So instead of wasting millions on this disrobing plan, why not standardize women's clothing and use inch measurements like men's clothes? How's that for an idea?
How long until someone hacks these poorly protected machines to record copies of all women scanned and the photos show up on the Internet? Will you put your teenage daughters in them?
This is so, so stupid, I can't believe it's actually true. I really hope this doesn't catch on because if it does, my faith in humanity will suffer yet again.
Tags: For Families
, For Parents
, Nudie Scanners
, Utter Failure
As anyone who reads much of my site knows, I'm not a fan of how RFID is being implemented. However, I'm not against the technology itself as it has many practical uses. For example, some hotels have begun putting washable RFID in the towels and bathrobes to keep people from stealing them.
Since the RFID towels have no privacy invading purpose at all and serve deter self-entitled punks who think it's ok to take hotel items, I will offer my tentative support for this. The main concern is feature creep meaning that depending how they implement this, they may also know which towels you used and when. I can't really see the hotels bothering to do so, but if they did, that would be crossing the line big time.
Source: http://intransit.blogs.nytimes.com/2011/04/11/gee-how-did-that-towel-end-up-in-my-suitcase/ (H/T to The Consumerist for the link)
awesome terrible. Apparently a UK immigration officer added his wife to the no-fly list when she was out of country effectively stranding her.
Based on the lack of details and the fact that she could have just taken a ferry not an airplane, this story doesn't really seem that likely, but it's making the rounds and the most important issue here is that the possibility of a single government official working alone abusing the system. While important security databases are poorly controlled, these kinds of abuses are possible.
Speaking of, I found a supposed copy of the no fly list online. Check it out!
, No-Fly List
The Federal Trade Commission proposed a new standard of privacy in American Industry recently:
“Despite some good actors, self-regulation of privacy has not worked adequately and is not working adequately for American consumers,” Jon Leibowitz, the chairman of the trade commission, said. “We’d like to see companies work a lot faster to make consumer choice easier.”
No kidding? Companies won't regulate themselves? Unbelievable!
Anyway, the article goes on to say:
The online advertising industry, Mr. Zaneis said, would suffer “significant economic harm” if the government controlled the do-not-track mechanism and there was “a high participation rate similar to that of do not call.” Mr. Zaneis said the industry would continue to build upon a self-regulatory framework and had recently put in place the use of icons on select online advertisements that allow users to opt out of customized advertising.
Oh boo hoo! Companies that have been tracking and tagging you like cattle would be upset if they had to stop. Waa.
Whether or not the FTC will get traction with this is uncertain, but it won't matter much if it's built into the browser AS IT SHOULD BE. Fortunately, Firefox at least is looking into this in an upcoming version.
(H/T to The Consumerist
for the link)
Tags: Behavioral Marketing
, Targetted Ads