If you have an account, please:
Log in

Why “Data Defense”?

It’s common to say “I have nothing to hide” when in reality, that’s a dangerous belief. It’s important to understand that information equals threat and you’ll be far safer, not just from ID Theft, but many other kinds of threats by changing your mindset about privacy and data protection.

This page is part of my Goodbye Identity Theft course and is restricted to members.
Tags: ,

What Does Lexis Nexis Know About Me?

Lexis Nexis - The bottomless pit of user data
(Image used under: Creative Commons 3.0 [SRC][Mod])

LexisNexis (which acquired ChoicePoint) is the largest data-broker in the world. They create vast profiles on people and use that information to create various reports that they sell to companies of all kinds. These reports are used to make decisions about renting, insurance and more. In the past these reports have been purchased by law enforcement and criminal organizations; all to find out more information about you.

It might be a good idea to find out what's in your report, but it turns out neither simple web searching or LexisNexis themselves do much for listing out all the types of data they know about you. Well here's the list of information they had (or could have had) from my personal LexisNexis dossier:

Auto/Property Insurance Records:

LexisNexis is tied into the "Current Carrier" insurance information system used by insurance companies and agencies when deciding to issue you a policy. Think of it like a "credit report for insurance".

This includes 7 years worth of:

  • Name of insurance company
  • Your policy number
  • Type of policy (auto, boat, fire, quake, tenant, home, etc).
  • Risk type (standard, preferred, facility, etc).
  • Policy start date
  • Policy termination date and reason for termination
  • Names of each subject found on the policy

For auto, this also includes:

  • Insured vehicle (including VIN, year, and make)
  • Type of vehicle
  • Coverage amounts

For property, this also includes:

  • Address of property
  • Eviction records

Personal information that may be included

  • Date of Birth (partially omitted; ex. like 06/##/1970)
  • Sex
  • Social Security Number (Minus the last four digits)
  • Driver's license number (partially omitted)

"C.L.U.E"® insurance loss information reports (apparently reports on whether you're a high risk person or not)

"Esteem" report

This report lists circumstances relating to theft while working at a retail company (admitted or convicted).

In my case, this was of course blank so I don't know specifically what data items would have been included. Most entertaining, there's a line in the report that reads "If you believe we should have information about you in our Esteem Database, let us know"…. Wow.

Background Investigation

If any company ever pays LexisNexis to perform a background check on you, LexisNexis will keep the information for future sales purposes. This may include your full date driving record and your personal credit file.

Screennow ® report

This report shows results of a national criminal records search.

Public Records

  • Professional licences held (Doctor, lawyer, pharmacist, barber, insurance agent, pilot, etc)
  • Address history
  • Deed transfer data
  • Aircraft registration
  • Loan information (where the loan was secured with collateral: i.e. a car)
  • Bankruptcies, liens, and judgements
  • Controlled substance license (in case you want to know who can legally get illegal drugs)
  • Business affiliations – When you're an officer or principal of an incorporated company
  • Significant shareholder records

Employment history

They claim they'll only have history of employers who previously asked LexisNexis to do a background check on you.

Does that make you uncomfortable?

Data brokers are just a business like any other, but as the credit report companies proved, buying and reselling data carelessly leads to disaster. Considering that these reports are FAR more detailed with a much wider variety of information, I can only imagine the consequences of allowing them to proceed as they have been.

Fortunately, you may not have to.

I was able to order my report using this webpage. I believe that doing so would be a good idea, but after that, make sure to also use their opt out procedures if you can.

It turns out that they'll only let your data go if you can prove that you're an identity theft victim or in imminent danger of bodily harm (police officer, public officials, etc). But it's easy to understand why they make it hard. After all, why would you set free one of your prize milk cows for no good reason?

In the end, I hope that strong regulation is introduced before we reach a problem like we did with identity theft.

Tags: , , ,

Farmville Spys on You

(Image used under: Creative Commons 2.0 [SRC])

This is not surprising.

"Apps" are pieces of software that let Facebook's 500 million users play games or share common interests with one another. The Journal found that all of the 10 most popular apps on Facebook were transmitting users' IDs to outside companies.

The apps, ranked by research company Inside Network Inc. (based on monthly users), include Zynga Game Network Inc.'s FarmVille, with 59 million users, and Texas HoldEm Poker and FrontierVille. Three of the top 10 apps, including FarmVille, also have been transmitting personal information about a user's friends to outside companies.

Once you install a 3rd party application, you no longer have control. Think twice before touching any "app" about how much you care if your information remains private or is sold on the information black market.

Tags: ,

Facebook Yanks Your Phone Contacts Out of Your iPhone with App

(Image used under: Creative Commons 2.0 [SRC])

Rule number 1: don't trust Facebook or any other marketer with your information. Anything you provide should be carefully researched to see how safe it is then provided only after deciding what risk you face.

Rule number 2: don't use automated processes to share information without even MORE careful research.

Breaking both rules is a new app from Facebook which will allow you (or one of your friends) to violate the privacy of many people at once by uploading your phonebook.

The greatest part is that you don't have to give up your phone number since one of your friends can instead! This is just like how Facebook let friends tell stalkers where to find you or add you to groups so someone who's mad at you can make you look like a pedophile.

Don't you love Facebook?

Tags: ,

WellPoint Data Breach Due to Carelessness

Surprise, surprise. A company has giant data breach due to negligent security, but not to worry! They'll protect you by offering you credit monitoring for one year free!

Credit monitoring is a waste of your time and is likely only offered to make it seem like they're doing something for you when they probably don't. I wouldn't be surprised to find out that the credit monitoring companies have a "data breach plan" where companies can get a bulk discount by offering monitoring to all their victims.

It's a classic win-win-lose. The breach company wins PR points, the monitoring companies continue to make money for not providing any real service, and we all lose.

If you're worried about id theft, just freeze your credit reports!

Tags: , , ,

Australian Government Getting Worse and Worse

(Image is used under the Pixabay license)

Australia has so much Big Brother nastiness going on, sometimes they make even the UK look tame!

The newest development comes where the government is demanding service providers to store all e-mail and possibly web browsing history for all its subjects citizens.

According to the directive, where internet access is concerned, this means the ISPs must retain the user ID of users, email addresses of senders and recipients of email, the date and time that users logged on and off from a service, and their IP address — whether dynamic or static applied to their user ID.

Like most ideas of this nature, it's sold with a plausible premise of catching criminals, but if innocent people are to accept such an invasion, it must first be shown that:

  1. The data actually DOES help catch bad guys.
  2. The data won't be abused and misused by the government.

In the US, we fail most consistently on the second. I don't know, but I'm going to guess that Australia's track record isn't a lot better.

Tags: , ,

Finding a Name For Bully Data Practices Leads to Facebook

(Image used under: Creative Commons 2.0 [SRC])

I found this pretty amusing:

The world needs a simple word or term that means "the act of creating deliberately confusing jargon and user-interfaces which trick your users into sharing more info about themselves than they really want to." Suggestions?

Although we didn't specifically mention Facebook in our question, … suggestions included "Zuckermining", "Infozuckering", "Zuckerpunch" and plenty of other variations on the name of Facebook's Founder and CEO, Mark Zuckerberg. Others suggested words like "Facebooking", "Facebaiting", and "Facebunk".

In the end, they went with a suggestion of "Evil Interfaces" which refers to any user interface that is designed to trick people out of their data or make them do something they don't want to do. Check out the source article for examples of the kind of "Evil Interfaces" they're talking about.

And one more thing before we go:

OK, perhaps the word "evil" is a little strong. There's no doubt that bad user-interfaces can come from good intentions. Design is difficult, and accidents do happen. But when an accident coincidentally bolsters a company's business model at the expense of its users' rights, it begins to look suspicious. And when similar accidents happen over and over again in the same company, around the same issues, it's more than just coincidence. It's a sign something's seriously wrong.

Beautifully worded.

Tags: , , , ,

Facebook Forces Users to Display Hometown, Work, Interests

(Image used under: Creative Commons 2.0 [SRC])

Looks like they're doing it again. This time, they've made a change where even information you've set to private will be fully visible to strangers.

Today, Facebook removed its users' ability to control who can see their own interests and personal information. Certain parts of users' profiles, "including your current city, hometown, education and work, and likes and interests" will now be transformed into "connections," meaning that they will be shared publicly. If you don't want these parts of your profile to be made public, your only option is to delete them.

Of course, this doesn't affect me since my REAL friends already know all that stuff so I saw no reason to enter it into Facebook in the first place, but if you or someone you know has it, tell them to pull it down or put in fake data instead. Why broadcast information to strangers hoping that none of them will use it against you?


It looks like Lifehacker posted an article on how to restore your privacy after the change. Check it out

Tags: ,

Airport Worker Nude Scanned Co-Worker, Commented on Her “Attributes”

No more invasive than a pat down. Really?

Privacy groups like The Electronic Privacy Information Center - EPIC have been warning us about these things for a long time and it seems like as much as the TSA would want us to believe otherwise, we were justified in raising the alarm.

In this case a male worker at Heathrow flipped the machine on as an attractive female co-worker walked near the machine. He apparently made some lewd comments and though I haven't been able to find any sources saying what those comments were, I think I can make some general guesses.

The British House of Commons said this of the machines when they were deployed:

"Having witnessed these full-body scanners working at first-hand, we are confident that the privacy concerns that have been expressed in relation to these devices are overstated and that full-body scanners are no more an invasion of privacy than manual "pat-downs" or searches of bags," the committee said.

Oh really? A pat down and a nudie scanner are the same thing? What do you think?

Tags: , ,

What’s in Your Data Profile?

Lexis Nexis - The bottomless pit of user data
(Image used under: Creative Commons 3.0 [SRC][Mod])

LexisNexis and ChoicePoint are two of the largest data-brokers in the world. They’re only product is information about you which they buy and sell with little to no regulation of any kind. I have always wondered what kind of information they keep about us, and now I know. In the profile I ordered from them, I found not only several pieces of my personal information, but descriptions of other kinds of information that they collect. Here is a summary:

Information they Had

  • Full first, middle, and last name
  • Wife first, middle, and last name
  • Address history with dates and locations
  • Social Security Number
  • Full date of birth
  • Driver’s License Number
  • Vehicle VIN
  • Insurance history including companies, policy details, dates of coverage, accidents, claims filed, etc.

Information they Collect, but Didn’t Have For Me

  • Auto and property insurance history
  • Pre-employment background report including “personal credit information” and state driving record.
  • An Esteem® report which lists admitted or convicted cases of theft while visiting or working at a retail company (used by retailers for hiring).
  • A ScreenNow® report which displays a ChoicePoint national criminal records search of your name and personal information (used for hiring and volunteer work).
  • A Resident Data® history that includes personal credit information and a criminal record search (used for rental applications).
  • A Resident Data® eviction report used for resident screening.
  • FAA Aircraft Registrations
  • Uniform Commercial Code filings (when securing a loan with collateral).
  • Bankruptcies, Liens, and Judgments
  • Professional Licenses
  • Pilot Licenses
  • Marine Radio Licenses
  • Controlled Substance Licenses (for physicians, dentists, pharmacies).
  • Firearms and Explosives Licenses
  • Business Affiliations (for officers or principals of an incorporated Company).
  • Significant Shareholders Search Results – If your name and address appear at the top of a corporation record.

And the most exciting part of all of this is that you never asked to be part of their profiles, they just take it. Neat huh?

Tags: , ,

If you want to learn more about my professional background, click here to learn more. Otherwise, let’s get started - how can I help?

Online learning
On-site learning
Read my blog