Slashdot Mirror
Who Wants To Be An Oregonian?
Anonymous Coward writes "TheOregonian.com is reporting that an identity theft ring was caught with ownership of a set of CD's which contained records on every registered driver (~2.5 million people) in the State of Oregon. With all the calls for identity smart cards, federal databases, and better connections among existing state databases, this story should provide a real warning for the abuse such systems invite...by both criminals and the government itself...the records are actually for sale to 'approved' companies like news organizations and banks. The full story can be read here on yahoo as well."
The irony is thick here: Larry Ellison has a summer home in Oregon due to the leanient drivers laws, he has a Oregon driver's license.
...at least I can speculate.
Bringing irony to the Slash-masses
Can't wait to get mine, maybe if i'm lucky it will even be tied to MS passport. :)
I wanna be Matt Groening!
Ha! I kill me!
Well I bet that at least half of those names are Californians that have P.O. boxes in Oregon just to get their cars registered cheap!
My Doctor prescribed daily nasal saline irrigation, hehe
I want a salt value (say a false phone number in an "optional" field) to be added each time I give identity information to an organization, and I want $100 from that organization each time the information is leaked (the salt value is found somewhere it shouldn't)
And a righteously pissed off one, too, for that matter.
I hate to be stereotypically geek, but does everyone remember the "simplified" ID card from "Mostly Harmless"?
Hopefully I didn't put any [] around my words.
Harry Lime Show
you have got to see this guy on tv if you
ever go to portland
The problem with such a system of course is that the implicit assumption is that the computer is always right. Should someone figure out how to exploit such a system in this way, people will obey the computer without question. And we all know how good the various software companies are at keeping their software free of exploits.
Even with our current social security number system, identity fraud is destroying some peoples' credit ratings, making their lives extremely difficult through no fault of their own. Even if they prove that someone has stolen their identity, sorting out all the dings in the credit record can take years.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
The US should take a peak out to other countries in the world. There are solutions out there that works. People are so hung up on the negative sides, that they don't see anything positive. I rather see better suggestions and improvements, than just "don't do it, you are taking my freedom!".
The US isn't that terribly free either, the goverment is doing all sorts of things in the dark, which they have no good reason to do in the dark. The unions are weak and individual can easily be taken advantage of by the large corporations.
All in all, see the opportinities to improve. Think of it is a huge mainframe with old bad software that needs to be improved to handle the load...
But most of this is probably irrelevant. It's overwhelmingly likely that the records which were stolen were not obtained via sophisticating cracking techniques but were probably swiped by a semi-saavy employee who needs access to the records to do his job. The point is that these systems should be completely closed for maximum security. Even if a maliciously minded employee wanted to do so, he shouldn't be able to walk out with the data on a Zip disk.
Talk all you want about the need for better computer security but to ignore the human side of the equation is to ignore the bulk of the problem.
BEN
First they make it illegal to pump gas into your own car. Now, this.
What's next? *sigh*
One other thing... wasn't Oregon the state that at some point had all of their DOL/DMV info available on the Internet, free-for-all?
According to the original Oregonian article:
In addition to the discs from Oates' apartment, investigators recovered drivers' licenses, credit cards, identification photos, death certificates, Social Security cards and applications for medical residency at OHSU Hospital.
It sounds like there was a lot more to this than just license data. My guess is that it's not the Oregon public that's at risk - it's some OHSU facility this guy was trying to get into.
I got a wake up call the other day.
If you call the USPS and ask them to
confirm someone's address (or even
your own), or to find out if someone
has done a change of address (filling
out the yellow move form and sending it
to the postmaster) - they won't give
out any of that info, citing privacy, etc.
Whew, what a relief that they are
keeping your info under lock and key.
Not!
They will sell it by the bulk apparently
for top dollars to anyone (who can pay
that top dollar) who needs to keep track
of people moving around.
Big Brother, look out.
I have a crappy retail job while I'm going to college and I have access to thousands of people's addresses, credit card numbers, phone numbers, full names, etc. Go to a mall dumpster and you'll find credit card receipts for hundreds of people. The girl ringing up your cargo shorts at Old Navy has access to your information just as easily as these "hackers" and "identity thieves."
Just because there are centralized databases with this stuff now doesn't mean anything, besides people can get 2 million of them at a time. What is someone going to do with 2 million records instead of just 20?
People steal no matter what. Computers don't make that easier or more effective.
Oates said he uses his computer for games, and that the computer discs police found were blanks used to record music.
Why would he say so unless the disks really were blank? IANAL but saying a lie wont help him. Is there something else fishy here?
Don't Panic
Computers are secure and not a threat to your privacy.
Databases are protected and access is secure.
Your private information will *not* be divulged or passed on in any manner.
Trust your Big Brother to protect you, your privacy is safe with us.
(sorry.)
Senator Maria Cantwell (Washington) is trying to amend some federal laws for Identity theft. Been on the news almost daily. Seattle Times
Some of the reforms are needed.
Require businesses to turn over to identity-theft victims copies of any records reflecting fraudulent transactions.
Require consumer-credit-reporting agencies to block information that appears on a victim's credit report as a result of identity theft.
Give businesses a new civil avenue to recover damages from identity-theft criminals in federal court.
Change the statute of limitations for identity-theft victims to file a claim from the time when the fraud occurred to the time when the consumer discovers the fraud.
A Roger Zelazny story (One of his more esoteric titles) about a guy who was one of the development team for the national identity database. He left a hole in the system so that he could assume any identity at will and made his living as a sort of glorified private eye.
Well that the story I think of, anyway.
Anyone have a link to the ISOs? Or is it slashdotted already?
These days, whenever some asshole cuts me off on the road, I'm always tempted to write down the license number and look it up on my DMV CD. It has everything -- SSN, Address, DOB, vehicle information, etc...
Why such a thing was ever published, and why it was decided that the general public should have access to it, I don't know. Don't get the impression that these people acquired this CD through some diabolical means -- in 1997, you could walk right in to the DMV and request a copy. For free, I believe...
Yes, this happened. Yes, this information is probably a hell of a lot easier to get than it should be. But unless stories like this get major news coverage, this probably won't stop the push for national IDs.
And even IF National Security IDs arent implemented, that won't stop the human factor in the equation. Somewhere along the line, humans can steal this data. And with the recent push of many places to have Social Security Numbers as UIDs, its becoming easier & easier. (For example, a bank I used to use made your SSN your logon ID to the online system, AND PASSED IT VIA QUERYSTRING to the pin page! That's just asking for disaster.)
Either way, this information is already too easy to get to. A national security ID system would be cracked within a year, IMHO. ID Theft is a big enough problem already, we don't need to give criminals a nice centralized location for every bit of information they could ever want. (Moreso than we do now, that is)
The Oregonian is actually here.
Would a centralized database for such a database (i.e., the US Id. Card) provide security advantages? Isn't there a reason that Oregon was the first state?
Here's what the ACLU thinks: "Why Does the ACLU Oppose a National I.D. Card System?"
Just make civilians having such data a capital punishment.
Hmm. So he was playing high stakes poker with some people he 'knew' online, and won the CDs from this 31337 h4x0r who couldn't gamble worth schitt. uh-uh.
Under the measure, retailers would have to provide identity theft victims with copies of all fraudulent records, and credit agencies would have to block bad credit information on their reports if they were the result of identity theft.
It all sounds very fair, but how easy would _that_ be? Given bureacratic middlemen and a lot of other things, I'm sure this would not be as easy as it sounds.
Plus what about the trouble with insurance. I'm certain that not many insurance companies would be ready to provide the victim with a proper profile, esp. after such an incident. In fact, I had a friend who had experienced something similar (not identity theft, but someone had interchanged her insurance profile) and even though it was _not_ her fault, most insurance companies are reluctant to give her anything that they feel would land them in trouble.
Sad that things like this ought to happen, only shows that we may not be ready, after all, for full automation.
You are right that "the implicit assumption that the computer is always right" can be a problem. However, it is precisely that assumption (or at least the assumption that the computer is almost always right that makes things so much easier for most people. I can enter a town I've never been in, present a little piece of plastic, sign my name, and receive goods and services. That's really useful. I'm willing to take the attendant risk that some can pretend to be me and do the same thing.
Hardware systems are rated by mean time between failures. Could this be applied to software systems? If so what would be an acceptable time between failures for a software security system to hold sensitive data of this nature?
A friend of mine bought a used PC for his mother. When he booted the thing up it turned out to have windows already installed. So he clicking around and found a nifty Icon. He clicked on it and wouldn't you know up pops this window which turns out to be a database interface to several thousand Patient profiles for the whole region where he lives. Turns out the Local Health center had sold off some mustered out PC's and forgot flatten the Hard Drives first. That is how easily this happenes.
This sort of thing will allways happen and especially if you hand this sort of information over to private companies. Information will become more easy to access and governments and corporations will abuse it. They regard it as an incontestable right. Just wait till they start putting genetic profiles into these databases and selling them to insurance companies, banks and employers for "Risk Management and Customer/Employee evaluations" Won't it be fun to have your dirty genetic secrets floating around for the public to scrutinize.
Only to idiots, are orders laws.
-- Henning von Tresckow
Y'know, it shouldn't be possible to use publicly available information as accepted proof of identity in the first place. There's no need for it.
Every computer should ship with a smart card reader. Driver's licenses and credit cards should be replaced with smart cards that can do challenge/response or public key encryption, and never let the private keys out of the card. The public key (or whatever it takes to recognize the card is authentic) can be in databases, but that isn't proof of identity. Since the private key isn't anywhere but the card, you can't get it without stealing (or at least physically examining) the card. If the card is reported stolen, you have to show up somewhere in person for fingerprints and an eye scan to get another. It would be very hard to steal one person's identity, and stealing the identity of all Oregonians just wouldn't happen.
IIRC, the same scheme would take away a lot of the motivation for Microsoft's passport infrastructure.
Oates said he uses his computer for games, and that the computer discs police found were blanks used to record music.
/dev/audio, though I suppose it could be done. Weirder things have happened ;) Really, why do people try lame-ass excuses like that? It's like having your wife walk in on you cheating, and you saying "Oh, I was just giving her a massage." "Riiiight. With your tongue?"
/.-er, he would have stashed the data in GPG-encrypted form, on a two-session disc. The first session, a few audio tracks. "See? It's just an audio disc, this is my old garage band."
I suppose it's possible. I've never heard a database piped to
If anything, it shows how technically inept this guy was. If he was a
± 29 dB
...it had been one state further north, then Bill Gates would be on that list.
I'm currently an Oregonian, though now it looks like I'm fortunate I'm an Alaskan resident. I recently signed up for Wells-Fargo Online so I could check my balance on the web, and, as I remember, all you need is a SS#, an account number, and an address. Now, you've already got the social security number if you have their driver's license. Their address may have been included in that data, too. If not, a simple search can get that. The account number might be a bit more tricky, but not impossible, I'd imagine. A simple transfer to a Paypal account and then, well, who knows? I'm just tossing this out. Could be just uneducated paranoid babble. Any thoughts on this?
What they are not telling you is that as of a few years ago ANYONE could order a copy of the entire list of licensed drivers in the state of Oregon. All it cost was sending them a 9-track tape and a small fee. ($75, if I remember correctly.)
It is not until copies of the records started to show up on CDs and on the net that things got changed. (Having someone stalked and killed did not stop them from banning the sale of the lists. Having people be able to look up politician's home addresses did. Kinda sorta.)
Now only people who have a "valid need" for the data can buy it.
The reason they did not ban the outright selling of the license lists was that the direct mail people "heavlly objected".
It became very obvious to those people in Oregon that actually paid attention that the state government cared more about financial concerns than they did about actually protecting public safety and/or privacy.
As for the oregonian... They are known to have a very skewed sense of reporting ethics. I would first determine exactly which axe they have to grind before coming to any conclusions about the "facts" of the matter.
"Trademarks are the heraldry of the new feudalism."
Seven words I just couldn't resist:
All your plates are belong to us.
Her measure to Congress is based on a Washington state law that went into effect in July. Under the measure, retailers would have to provide identity theft victims with copies of all fraudulent records, and credit agencies would have to block bad credit information on their reports if they were the result of identity theft.
Why buy someone elses identity? There are plenty of spooky sites around the net which deal with offshore banking, which offer second citizenship or identity cards. Usually in your own name, but also in a name of your choice.
The pricelist includes items like:
- international driving permit: $200
- international student card: $65
- novelty cards (body guard, pilot (!!), delta force, PI etc.): any four, $100
- press card: $2-500
I'm sure there are many more sites like these, (in fact there are). I remember seeing a site once (imsil.com - anyone knows what happened to them?) which offered a new identity for around $6000. It was a passport to some x-UK colony, which didn't (officially) issue passports any more, but the old one were still in use.
-Kraft
Live and let live
Sorry to burst your bubble AC (BTW Why are we posting stories by ACs anyway - AC==CIA :P) but this is total .gov FUD.
/. Show the DAMN STORY ABOVE THE REPLY SO WE DONT HAVE TO USE MULTIPLE WINDOWS AND THE BACK BUTTON TO QUOTE!.
/. *elite* sit back and talk just the same FUD as DC people.)
The point is that we shouldnt be Scared into accepting the national ID - especially from one of the most liberal states in the union - and that the national ID is Not Such A Great Idea(TM).
I am sorry for all you smooth-brains out there but listening to crap like this is likely to get a bar-code on your fore-head. This is just lame. Period.
We need to address the real problems - not just the "children" arguments that Hillary has been touting all this time - stand-the-fuck-up(R). Why dont we look at the fore-fathers and realize that it is time to dump the damn tea...
This is BS - and all of us know it in our hearts. The problem is not solved by little fscking laws - but by a true transformation in our thinking. Politicians are not Geeks - and Geeks are not politicians - there IS A REASON FOR THAT!!
And the reason is - Politicians do NOT HAVE OUR BEST INTEREST IN MIND. So FUCK CNN, MSNBC, NBC, BBC, ABC, ETC... read between the lines - and stand up for what is true and right.
And dammit
THINK!!!!!!!!!
(*sorry but I am so tired of just sitting here and watching all the
actually I am not sorry - this is getting fucking old fast. and I dont care if I get modded as a troll/whatever - define the state of things.
let me know where I am wrong - as I dont see anything wrong accept for the state of the system. 1984.
Basically the thing that leaves me stumped on all this is how this theif managed to get his or her hands on all this information without the Department of Motor Vehicle Information knowing anything about it.
It sounds very MI'ish, but rather than a narq list it's a list of every registered driver in the state of Oregon. I somehow doubt this individual went to the lengths of Tom Cruise, yet the information is potentially more valuble. This failure on the DMVI could have cost billions in fraudulent credit card registrations and transactions in a poor economy, and potentially could have sent consumer confidence to the toilet, plummeting the Americain economy (in an absolute worst case scenario).
What security has been used (if any) by the DMVI in the past, and how do they intend on improving their current situation? Allowing the identies of 2.8M individuals to be stolen is not acceptible by any means.
I find it interesting that Yahoo! mentions nothing of the DMVI's response.
To make a pun demonstrates the highest understanding of a language
Otoh, Oregon is the only state which has had the gonads to challenge the DoJ about their interrogations. Seems they do watch out for privacy at some level, in Oregon.
Nevada has been doing it for years. I know other states do, California doesnt but I believe some of the eastern seaboard sells the same information.
"Not my manner of thinking but the manner of thinking of others has been the source of my unhappiness." - M
In Oregon, things are different here...
But, I bet Tom McCall is stirring in his grave right now... with the potential of all those Californians becoming Oregonians via identity theft... who woulda thought they didn't even need to move here.
All this in the state that has Intel... hmmm.
Anyway, anyone remember the guy who tried to put the Oregon DMV driver record database online?
"Alcohol, Tobacco, Firearms, and Explosives" should be a convenience store, not a government agency.
Of course, once information gets out in to the open, there's no putting it back in the bottle. Sometimes that's a good thing when it makes MS patch their bugware, but clearly there can be problems too -- as this case shows. I think open government is vital to effective democracy, and anything that potentially limits the openness of government should be carefully scrutinized, but I also believe a line must be drawn somewhere when personal information is involved.
In government institutions, this becomes a question of how open "open government" can really be. It's not a theoretical concern; some local governments have been considering placing all their records online. So how much should they scrub out of these? What constitutes personal information that should be protected?
Credible participation in our democracy is rarely done behind a veil of anonymity. That's why we declare campaign contributions in the public record, why letters to the editor in newspapers aren't typically published unless signed, and even why Anonymous Coward postings on Slashdot don't receive an automatic +1 moderation. The underlying assumption is that if you aren't willing to identify yourself, then whatever you have to say must not be that important.
(Of course, in extreme cases, anonymity is important and protected; if you fear for your safety, or fear you would be unduly harassed by identifying yourself, anonymous participation in government is vital. But that's not usually the case with generic public records.)
How, then, do you balance open government with the potential for abuse of government records? How should the method of distributing information affect the content of the information being distributed? That is, should you be able to get copies of data with more personal information when you have to request it in person (and in the process having your own name added to the public record), one record at a time, versus download it off the web or from a CD?
The real perversity, however, is that companies can frequently buy this personal information for their own use. If you get junk mail, there's a good chance the company sending it to you got your address from a database compiled by your state's department of motor vehicles; in Oregon you have to opt out of having your personal information sold.
In a sense, I'm more concerned about corporations having free run of my personal information than governments. Corporations are not democratic bodies, their records are not open to public review, and I simply have to trust that they will do the right thing -- a trust that may be undermined by their profit motive. Open government, on the other hand, lets me participate in the fate of my information -- even if I have to identify myself to do so.
I used to have ( I Just pitched them) a set of cd's with every persons name Phone Number and address in the continental US.
They were old, like from the 80's, so they didn't really have much info I could use, but they had like 200million names, or something equally insane, incase I ever wanted to become a telemarketer or send out Junkmail
First you warn him it won't work. Then, you do it (with much hassle and previsible troubles) and then resign from your job and leave them in the shit. That should learn them to listen to their techs.
Nope, I don't have job ethics, I know.
(Oh, and Germans never laugh...only when drunk and then you don't want to be around.)
In Germany we have ID cards.
And in Germany you can legally go to the local authorities and ask for the adress of any person you want. And they will tell you (perhaps not the adress of "endangered" person like Rushdie).
And there is no large scale abuse of this.
Guess why ?
Because be smelly Europeans have made a nice invention. It's called photograph. It allows you to make picures of things. And a (hopefully) nice picture of yourself is on every ID card. And without huge resources (security agency style) these ID cards can't be faked (theoretically they are claimed unfakeable but I doubt this). And this system protects from ID theft.
Because when someone wants to verify your ID, he let's you show him your ID card.
The problem of ID theft is an very USian one.
Ans the main reason is an absence of thing like ID cards etc. we have in Europe.
The burocracy is sometimes much pain in the butt, but it's worth.
Owner of a Mensa membership card.
Hey...didn't anyone watch that movie? What was it, The Net?
Yeah for "secure" ID's!!!
"Time is long and life is short, so begin to live while you still can." -EV
There was a guy at the HOPE convention in 1994 who was so pissed that Oregon gave out DMV info that he bought the tape, had a bunch of CDs pressed, and was selling them at cost, just to make some noise about it. Gee, only 7 years later, and the media finally takes note.
The latest Slashdot meme.
Inverting digits
typos in name, addy
especially for my SS#
you might say...they the IRS will get mad, but they are so understaffed, they audit less that 1% of returns..besides, the error will always look like a typo / fat finger....hehe, I'm a sneaky ****
-- www.globaltics.net
Political discussion for a new world
Is it really that difficult to read a couple very short articles? It wasn't the fact that he just had 2.5 million DMV records. He also had copies of drivers licenses and plates from all 50 states. Having 85 CDs chock full of identities and other information is one thing - whether or not THAT is illegal will be up to the courts. What IS illegal, however, is lying to the police about it, stating that these 85 CDs were blank CDs used to record music. Obstruction of justice at its finest. And when it turned out these CDs were not in fact blank, well, his ass is in even more trouble now.
Having all of Oregon's DMV records stored, in addition to drivers license and plate data for all 50 states? If you ask me, it wasn't exactly for "information purposes only" - let the idiot fry. I can guarantee you it wasn't for lawful purposes. Thank goodness I don't live in Oregon.
In Oregon the citizens can pass laws and change current laws using ballot initiatives. I propose a new law along the following lines. First we issue everyone a smart card as mentioned in post #2623667 Then we restrict access to the new database to police only. The database cannot be used for any economic purposes such as check verification or mass mailings etc. Each time the police access the database, we record that access and make it available to the person whose record it is. Further we restrict access to all personal information such as name and address to those who have a search warrant and a key issued by a judge to access that single record. Without a warrant, the only thing the database will be able to do is verify that you have a valid drivers licence and it will show your photograph so that police can verify your identity.
The problem is not that this information is available. The problem is that you don't have to properly authenticate yourself to claim the information as yours.
What is needed is something like the use of a biometric to connect you with your data whenever it is used. Then your identity could not be stolen.
The mafia was paying a few government employees to get them records on every registered drivers. They sure got caught, too late however.
please.
The article fails to state how old the DMV records were, but it's very possible they could've been obtained at this timewhen the records were a little easier to access. Of course, even records 5 years old contain enough data that there's still plenty of accurate info there.
Looking for a computer support specialist for your small business? Check out
If it's a pubic (sic) record you have no right to hide the data from the pubic. So all these
'licensing' schemes should always be fully disclosed, all data, all the time. In most states this is the law except when overridden by federal law. This is a good thing as it keeps this crap off our backs as most people will not appreciate all this data to be public record.
If we had some sort of centralized "person information system" that could be used by governments, corporations, and private citizens--all on equal footing, then we would actually reduce the risk of this sort of thing happening. Granted, that would be putting all of our eggs in one basket. However, we could make one extremely well designed, extensively peer-reviewed basket. The current system is for everybody to build their own baskets. Nobody has many eggs, but lots of eggs get cracked, dropped, and stolen because the average basket is so incredibly shitty.
If we do nothing, M$ will force a poorly designed basket with lots of eggs, that they own alone. Don't worry. It will be free--for a while.
anyone can get your D/L info. Its public information...duh.
....that your dl is good for a whopping 8 years under oregon law. that cd should have pretty accurate data for awhile. alas.
t
This first happened five years ago. These guys have way too much access to high quality weed.
Only in Oregon.
Info for free, won't let military recruiters in schools, and won't ask anyone on a visa about Sept 11th.
Great place out here, come on out and join us.
The really great thing is that the Oregon DMV tried to put in a new computer system a couple years ago, spent $75 million, and it didn't work!!
The director of the project got transferred to another state agency to retire later at $60k per year. I think someone figured we could have purchase a computer for every 10 drivers for the money they thru down the sh*tter.
What types of you PROGRAMMERS out there routinely screw all public and gov't agencies on these type of projects and are never held accountable??
We should have a system to black ball the *ssholes for life. End of rant.
You will probably find this strange, but at home I have a PPro200 with 128Meg RAM and it runs W2K like a charm. However this machine ran NT4-SP6 before, the original poster was referring to NT3.51 which probably implies even older hardware.
So I know it works, I woudn't bet on it as a server with W2K... As soon as I find the cash to replace the PPro200 (it's used as a workstation) with something better the PPro200 will be merged to a OpenBSD fileserver. (It's full-scsi, so I expect it to perform really well as a fileserver).
I have a customer in lowly smalltown Ohio that bought a custom-spec $6000 server to provide access to marketers ON-LINE to every US citizen's info, and it will even do queries and sort by income, property value, education etc. The data is imported once a month from tapes purchased from the government, and after the batch job is run, (they just bought a server to do the batch job - went from 2 weeks to 1 day) which involves pulling in 50gb of data and running through the whole thing TWICE (the programmer says that's how it has to work), all the data is properly stored and sorted and ready for querying. A query takes 3 seconds (down from over a minute on their old server) and, voila, marketing materials are coming soon to a mailbox near you...
LR
Not to give anyone any ideas... but if you want access to personal information, a school with pathetic security measures is a much easier target than the DMV. As an Oregonian who works for an educational institution, I'm less bothered by the DMV problem then the potential security problems at the schools. Of course, we shouldn't have to worry about this problem because everybody has good ethics right? Don't even get me started...
Live wrong, impostor.
When I lived in Oregon, my identity was stolen. How? I was going to travel abroad for the first time, and needed a passport. So I went through all the hoop with the agency that does that. When we were done, they said the passport and original birth-certificate (which I had to leave with them) would be mailed back to me. I asked them if this was safe. I thought they would surely send it back at least by certified mail. They said no.
A few months later, the cops showed up at my door because a crime was committed by someone who used my passport as ID. I got the passport back, but my birth certificate is still out there.
Lesson: If people insist that "It's okay, it'll be safe", write down their name, date, get a signature, whatever.
"Would it kill you to put down the toilet seat?" -- Maya Angelou
http://www.google.com/search?hl=en&q=filetype%3Amd b+socialsecuritynumber
Up until about 1995 the state of Oregon sold this information at bargin basement prices. Magnetic tapes were generally provided to anyone who asked for about the cost of the tape. These were raw DMV records, and included a lot of interesting stuff.
Nobody though much about this until somebody bought the whole set for ~$35 and put them on a website for free. It was interesting because you could just search all the information from your browser. At this point the state wanted to arrest this guy, or at least pull down the site. They found that what he had done was legal. The DMV's practice of selling this information was stopped shortly after.
Copies of that dataset are still out there and being sold for "creative" purposes. I'm sure it seemed like a good idea at the time.
The state has no sales tax, so they've decided to use more innovative ways of financing the government.
(Note to the humor impaired: This is a joke. Please laugh. Thank you.)
Someone you trust is one of us.
... this information was indeed publicly available. Previous posters' statements that the DMV driver's database was published on tape agree with my recollection.
This first came to widespread public attention when someone got this information and published it (or a substantial part of it) on the web. It provoked lots of outrage, and the policy was quickly changed. (If the Oregonian has an open archive, I'm sure there's many stories on this to be found there.)
However, the new law on it stank. They could have simply asserted that it's public record, and made it open to all. And they could have asserted that it's too dangerous to have that much information (collected by mandatory means) on the citizenry publicly available, and locked it up tight. Either approach would be defensible.
Instead, they raised the price of it, and made it available to corporations willing to pay, but not to individuals. Thus we got the benefits of neither extreme solution, and the disadvantages of both. Grrr.
With reasonable men I will reason; with humane men I will plead; but to tyrants I will give no quarter. -- William Lloyd
I live in Oregon...
e _i d=4867&group=webcast
Oregon DoJ actually said it was ok for the law enforcement to ask the questions, however Portland is the only city to say that they wouldn't do it.
http://portland.indymedia.org/front.php3?articl
http://portland.indymedia.org
Robby Russell
PLANET ARGON
Robby on Rails
I've lived in Oregon for 4 1/2 years now, and I can tell you this is a very weird place to live.
1. The fact that I can't pump my own gas still amazes me. There's nothing like waiting 10 minutes to do something that should only take 5.
2. Oregon has something called a "kicker check" which means that if the government doesn't spend all of the money it collected in taxes, it refunds the difference to the taxpayers. Great concept, but it's actually a farce because the money is such a political hot potato that you don't dare spend that money or the people complain. So the government deliberately underspends so they can send out a kicker. This year the state is hundreds of millions short of what it needs, but guess what? The kicker still went out.
3. Oregon has a referendum system that has run amok, mostly because of one person named Bill Sizemore. He's always complaining about Oregon having high taxes (which is untrue, Oregon's total tax burden is about 38th highest, mostly because there is NO sales tax). But he's managed to get some taxes cut, further hurting the state. I'm sure he has plans to put a referendum out there to eliminate taxes completely.
4. Oregon's roads are torn to shreds every year because they allow studded tires starting October 1. A section of interstate between my home and work was paved only a few years ago, and already the studs have cut deep ruts into the road.
5. Portland has an "urban growth boundary" that is roughly a circle 20 miles in radius around Portland that sets a limit as to how far you can "sprawl" the city. Since the boundary is mostly full already, the local governments want to increase the population density (with all of the wonderful side-effects), but won't authorize any new freeways to alleviate what is already the 6th worst traffic in the country. There is some light rail (which is a great idea), but it still isn't nearly as extensive as it needs to be to make any difference. So Portlanders are packed in even tighter, and traffic gets worse every year.
Add to that the fact that the state only has one major newspaper (which is lousy), terrible local TV news (a recent study confirmed this), and housing costs that are way too high (partly because of the already mentioned urban growth boundary), and it makes me wonder why I stay here. For now, I'm happy to stay put, but it seems like Oregon is always doing something to urge people to leave. Of course, since I moved here from out of state, I've always known that I wasn't welcome here anyway. That's just the way Oregon is.
The local news showed an officer thumbing through one of the confiscated cd cases. If you were paying attention. You noticed infamous cd's such as an ATI driver disk, two or three sierra game disks and a few MP3 cdr's with various bands handwritten on the disk. As was pointed out earlier the drivers license files were originally available directly from the Oregon DMV for $35. Its my feeling this is problably not what its being made out to be. But if it scares off them damn Calfornians then it was all worthwhile
Few years back, the Oregon DMV spent close to $100 million to upgrade all their systems to OS/2, by hiring Canadian consultants (they had to comp their entire families to come down and provide housing for them, travel expenses, etc.)
Now, 100 million later, they're back to Windows.
There are a huge number of yeast infections in this county. Probably because we're downriver from the bread factory.
For EVERYONE:
Database Nation
Reason is the Path to God - Anon
Like in Virginia! This is outrageous! We've always been told not to give out our SSN unless it's absolutely necessary. If I move to Vrginia, it will be plastered across my drivers' license, for every $5/hr lowlife to see.
Never forget that the same Oregon State convicted Randal Schwartz while he, actually, was working to improve Intel's security. His behaviour was considered to be an intrusion, and compared to theft and private property break-in. DMV selling off public data is not violation of one's privacy rights, though, in their opinion...
VKh
When Oregon first introduced their new digital license, they said it was uncounterfeitable...blah blah blah.
So...a bunch of smart ID theft artists broke into an Oregon DMV office, stole the Polaroid ID printer, 5000 ID card blanks and Holograms. The DMV went out of their way to note that no one with a fake license could go into a DMV or drive on the license--but that's hardly the reason why they stole all the equipment.
The Oregon theft I think was the biggest, but the same thing has happened in Florida and Kentucky as well.
"Meanwhile, Sen. Maria Cantwell (news - bio - voting record) is proposing legislation to help identity theft victims.
Her measure to Congress is based on a Washington state law that went into effect in July. Under the measure, retailers would have to provide identity theft victims with copies of all fraudulent records, and credit agencies would have to block bad credit information on their reports if they were the result of identity theft."
Fraudulent records? bad credit info? Sez who? you?
Will the onus still be on the victim of identity theft to prove all this? If so, I don't see how it's going to help. Some hapless victims have been told it would be easier for them to change their names, etc. than to straighten out the mess that's been made of their lives.
Wansu, th' chinese sailor
I recently worked on a campaign staff in Arkansas that received a data dump of the 1.5 million voter registration records from the state, including everyone's Social Security Number. The data wasn't handed out to just anyone, but it wasn't that hard to get our hands on either.
Didn't realize that the state helped out in this case.
But aside from whatever original copies were distributed in 1997, people have been selling them ever since. I am half suprised I haven't gotten spam offering to sell me a copy. (Perhaps I have and just trashed it without looking.)
But just goes to prove that you can't unring a bell. Once the information is out, it is out.
______
Once: you're a philosopher. Twice: a pervert.
This rant's point is that government records should ALL be free! They are yours and you deserve to benefit from them as you please. If the information is really sensitive, the govenrment should not be interested in it. The privacy filter should be applied on the front end. Abuse of benign information is what needs to be outlawed. If the public has a need to keep the information, the public has a right to access it.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
What is important is that my good friend just went up to Portland to visit her husband, who was in the OHSU hospital with serious injuries. During her visit, her purse was stolen. The contents of her purse included license, SS card, credit cards, cell phone, etc.
The cops said for her not to worry -- her CC probably won't be charged up. They told her that ID thieves steal purses, wallets and bags all the time. They probably just want your identity, the cops said, not your money.
I'm an oregonian, and I don't trust the DMV with my info anymore. WTF can I do to prevent them from having that info? I can't believe this crap.
Yesterday (ok not really..) you were whining about the amount of taxes you're paying, and today you're complaining about the DMV selling information that OTHER COMPANIES ALREADY HAVE instead of raising taxes.
"What other companies", you ask?
Well, if you have a drivers license, you DRIVE.
Therefore you have insurance.
Probably you have a car.
Therefore, you filled out paperwork at a dealer, maybe even a credit app.
How many companies is that?
1. Insurance Company
2. Joe Bob's Toyota
3. Bank Won
4. Toyota Motor Company (if you bought new)
5. DMV
Now, which of those would you rather have someone BUY your info from? Economically speaking, this income can increase the revenue of the company. Well, since your taxes goto the DMV, and there's no competition to lower taxes/DMV costs, LET THE DAMN DMV SELL YOUR INFO.
Jesus Christ people, wake up.
"I can't give you a brain, so I'll give you a diploma" - The Great Oz (blatently stolen sig)
Apart from your defense of the Oregonian (I don't think it's much of a paper either), you have hit it on the head. It's a strange place, but good. Those who don't like it are free to leave.
My biggest pet peeve about Oregon: I miss the old license plates.
-- Jeff Paulsen
if you rang up your bank tomorrow and told them your identity had been stolen, do you have any idea how long it takes them to put a hold on your account?
well a chip can be forged, but what about fingerprints and eye scans?
QED
well, stand up for what you believe in. post your address, phone number, SSN and demographics.
not going to?
I didn't think so.
maybe Germany's crime sectors just haven't realised how profitable indentity theft can be.
and frankly, if a country hasn't experienced much of it, how good are they at solving it?
indeed it is
Wells Fargo obviously isn't secure
if the guardians are watching for the badly behaved, who is watching the guardians? and if the guardians have guardians, who is watching them?
there's always the chance of corruption, humans suck (in case you hadn't noticed)
it only needs to be dropped once
because it is
man I know lied about his line of work and obtained CDs with similar information on all drivers and vehicles registered in Massachusetts, so he could do direct mail marketing. privacy no longer exists, when governments will sell your information for re-sale.
I used to work for a small HealthPlan that was serving these poor chams at the state's expense.
:-(
;-)
This program was decimated a couple years ago when the rules were somewhat changed and their membership counts decreased 40-50%.
I can't give away inside knowledge of how much the state was paying the HP per capita, but it was significantly less than the commercial HPs were charging, so the company was barely surviving (I don't know if they are still there).
Also, Oregon's governer is a fuck: he has vetoed the highway speed increase two times!
My heart and 300zx Turbo are crying
Tigers respect lions, elephants and hippos. Maggots respect no one. (C) S. Dovlatov
I live in Oregon and have a driver's license. Please don't be me, I like to keep myself all to myself. Thanks.
they were selling pressed cd that claimed to have all of oregons dmv records on them at defcon last year.