Monday, March 11th, 2019 (
No comments yet)
This lady found Social Security Numbers on a state website. She's threatened to publicly release detailed instructions on how to find them like she did and to expose the SSNs of several important people in the state if they don't fix the problem.
A spokesman for the office responsible said:
The bulk of the "hundreds of thousands" of documents on the Web site are business filings, and only 5 percent or so are believed to include Social Security numbers
Why can't states realize that putting records online makes them available to the world instead of just local people? There's public information and global public information.
That aside, this lady is my hero and I hope she does post the data. I've often wondered how long it would take to solve some of our privacy woes if a few dozen members of congress had all their personal data posted on a website.
Tags:
Data Brokering,
Identity Theft,
Internet,
Senators,
State Records,
Virginia
Monday, March 11th, 2019 (
No comments yet)
On May 10th, 2006, President Bush signed an executive order to create an Identity Theft Task force in order to identify concrete steps to reducing the identity theft problem.
On Dec 26th, 2006, the task force put out a public call for comments to "improve the effectiveness and efficiency of federal government efforts to reduce identity theft".
There were off to a good start when the interim results of the task force included language about Credit Freezes:
For residents of states in which state law authorizes a credit freeze, consider placing a credit freeze on their credit file. This option is most useful when the breach includes information that can be used to open a new account, such as SSNs. A credit freeze cuts off third party access to a consumer’s credit report, thereby effectively preventing the issuance of new credit in the consumer’s name.
But problems started when the press release mysteriously omitted the information. They'd already failed to include it in their consumer education initiative though they're happy to recommend Fraud alerts or Credit monitoring for FREE! Well, whee! That's just great. Thanks for paying for my worthless monitoring service which will tell me in horrific real time that I'm being ripped off rather than actually do anything to stop it.
April 17th, 2007 Update
I called the FTC office of media relations and was directed to Claudia Bourne Farrell who apparently was the one who drafted the press release. She contends that credit freeze language was ~"probably stripped for brevity" and politely, but firmly persisted that the release was fine the way it was. She did provide her e-email before we concluded the call so I took one more opportunity to educate her about the issue:
Dear Ms. Bourne-Farrell,
If you understand how credit freezes work as you say, I hope you will see that they are far more effective than fraud alerts (which are optional for retailers to follow), and credit monitoring (which only alerts you to bad activity without actually stopping it). Freezes fully prevent ANY kind of check of one's credit report without express consent.
While stopping the proliferation of private data and the loss thereof is a huge part of the problem, I and all other Americans would sleep better knowing that in many cases, it doesn't matter who has the data because they can't use it for anything that requires a credit check.
Please, understand that I don't mean to be offensive when I ask this, but how is the FTC doing their job when they won't even list credit freezes as an important tool for consumers along with fraud alerts (which are temporary and of questionable effectiveness) and credit monitoring (which doesn't stop anything plus costs a monthly fee)?
Thank you for listening,
Sincerely,
Jeremy Duffy
And here is the one I sent to Alberto Gonzales, Chair of the ID Theft Task Force:
Dear Mr. Gonzales,
I have begun following some of the developments of the Identity Theft Task force and am extremely concerned. Credit Freezes are the best way to ensure consumer peace of mind, and I see that the task force has mentioned it in your interim recommendations (which is good). However, your press release didn't include it.
I have contacted the FTC's media relations department and am unsure if my message will be acted on. I am hoping that they will not repeat this mistake in the release of your final recommendations, but I am doubtful. Please make sure, for all our sakes, that the Task Force's message of credit security freezes is heard loud and clear, not just in the full documents, but the press releases as well.
Thank you for your time,
Jeremy Duffy
Failing to include credit freeze information was nothing short of incompetence.
Sadly, on release of the final recommendations some time later, freezes were only barely mentioned and even then, discouraged. This is hardly the first time I've seen government incompetence up close, but considering the importance of the issue, it was still discouraging. Bottom line, the FTC and in particular Ms. Bourne Farrell and Alberto Gonzales failed the President and the citizens they are supposed to serve.
Tags:
Accountability,
Federal Trade Commission,
FTC,
Identity Theft,
Incompetence,
Regulation
Saturday, March 9th, 2019 (
No comments yet)
Here's a fairly good checklist for what to do if you're a victim of identity theft.
The only problem is that he didn't mention the most effective tool for preventing ID theft that there is: Credit Security Freezes.
If you live in a state that has a freeze law, don't wait until you're a victim, do it now!
Tags:
Credit Freezes,
Identity Theft
Friday, March 8th, 2019 (
No comments yet)
According to the Washington Post if you live in DC you are eligible for a Credit Security Freeze as of July 1st. There's a $30 fee for doing it ($10 per credit reporting company). The article fails to mention if the freeze is permanent or requires yearly fees, but it does say that if you have been a victim, you can't be charged.
Tags:
Credit Freeze,
DC,
Identity Theft
Monday, March 4th, 2019 (
No comments yet)
Consumer Affairs follows the story of TJ Maxx vs Consumers as they get sued for losing data due to "failing to maintain adequate computer data security of customer credit and debit card data". Well good.
Tags:
Data Breaches,
Identity Theft,
TJ Maxx
Sunday, March 3rd, 2019 (
No comments yet)
From the FTC website:
Notice for public comment: The Federal Identity Theft Task Force, chaired by Attorney General Alberto R. Gonzales and co-chaired by Federal Trade Commission Chairman Deborah Platt Majoras, is seeking public comment on ways to improve the effectiveness and efficiency of federal government efforts to reduce identity theft.
What could I tell them about? Hmm… Let's see… Oh! How about how easy it would be to reduce ID Theft with a good Credit Security Freeze law? How about how we desperately need strong, swift protection against data mining and sharing companies?
It's fairly simple really. First we need better control of our data and second, we need to limit what can be done with the data once it's been breached.
The e-mail address to write to is hidden in a document, so here it is "Taskforcecomments AT idtheft.gov" (@ replaced to prevent bot Spam). Be sure the subject is "Identity Theft Task Force" and that you include contact information. They prefer that the substance of your comments be in WordPerfect, MS Word or PDF format as an attachment.
Tags:
FTC,
FTC Task Force,
Identity Theft
Sunday, March 3rd, 2019 (
No comments yet)
EPIC reports in their newsletter that for the 6th year in a row, Identity Theft is the #1 consumer complaint for the year. It's interesting to know that despite the massive and growing problem, the Credit Freeze remedies that would greatly curb the problem aren't being made available to most people.
Tags:
FTC,
Identity Theft,
Incompetence
Sunday, March 3rd, 2019 (
No comments yet)
Schneier reports that the government will begin encrypting all laptops. This is in response to case after case of stolen laptops leading to loss of personal data such as in the case with the Veterans Administration.
Considering that the typical response is to offer worthless credit monitoring services to make it look like they're doing something when they're actually not, this is a welcome change. Now if only they'll hold employees accountable for keeping the key/token/passwords in the same bag with the laptop…
Tags:
Identity Theft,
Lost Laptops,
Security Theater
Sunday, March 3rd, 2019 (
No comments yet)
According to Consumer Affairs, Hawaii, Kansas, New Hampshire, Oklahoma, Pennsylvania, Rhode Island and Wisconsin now have Credit Freeze laws. However, it sounds as if you must be a victim before you can use the law (which is really, really stupid). A friend said once that this is like having to wear a seatbelt, but only after you've been in a car wreck. Sounds like a good analogy to me.
Tags:
Identity Theft
Sunday, March 3rd, 2019 (
No comments yet)
Schneier links to an article about RFID passports being cloned in under 5 minutes. The authorities have stopped denying it's possible and have shifted to denying that it can be used for any nefarious purposes.
The UK Home Office however dismissed the ability to get hold of the information on the chip. A spokesman said: "It is hard to see why anyone would want to access the information on the chip. " Other than the photograph, which could be obtained easily by other means, they would gain no information that they did not already have - so the whole exercise would be pointless: the only information stored on the ePassport chip is the basic information you can see on the personal details page."
Well, it sure is hard to see why anyone would want to see someone's credit report, criminal history, medical information, social security card, birth certificate… Are these people for real?
Tags:
Identity Theft,
Passports,
RFID,
Security Theater
