Slashdot Mirror
Who Wants To Be An Oregonian?
Anonymous Coward writes "TheOregonian.com is reporting that an identity theft ring was caught with ownership of a set of CD's which contained records on every registered driver (~2.5 million people) in the State of Oregon. With all the calls for identity smart cards, federal databases, and better connections among existing state databases, this story should provide a real warning for the abuse such systems invite...by both criminals and the government itself...the records are actually for sale to 'approved' companies like news organizations and banks. The full story can be read here on yahoo as well."
The irony is thick here: Larry Ellison has a summer home in Oregon due to the leanient drivers laws, he has a Oregon driver's license.
...at least I can speculate.
Bringing irony to the Slash-masses
Can't wait to get mine, maybe if i'm lucky it will even be tied to MS passport. :)
And a righteously pissed off one, too, for that matter.
I hate to be stereotypically geek, but does everyone remember the "simplified" ID card from "Mostly Harmless"?
Hopefully I didn't put any [] around my words.
The problem with such a system of course is that the implicit assumption is that the computer is always right. Should someone figure out how to exploit such a system in this way, people will obey the computer without question. And we all know how good the various software companies are at keeping their software free of exploits.
Even with our current social security number system, identity fraud is destroying some peoples' credit ratings, making their lives extremely difficult through no fault of their own. Even if they prove that someone has stolen their identity, sorting out all the dings in the credit record can take years.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
The US should take a peak out to other countries in the world. There are solutions out there that works. People are so hung up on the negative sides, that they don't see anything positive. I rather see better suggestions and improvements, than just "don't do it, you are taking my freedom!".
The US isn't that terribly free either, the goverment is doing all sorts of things in the dark, which they have no good reason to do in the dark. The unions are weak and individual can easily be taken advantage of by the large corporations.
All in all, see the opportinities to improve. Think of it is a huge mainframe with old bad software that needs to be improved to handle the load...
But most of this is probably irrelevant. It's overwhelmingly likely that the records which were stolen were not obtained via sophisticating cracking techniques but were probably swiped by a semi-saavy employee who needs access to the records to do his job. The point is that these systems should be completely closed for maximum security. Even if a maliciously minded employee wanted to do so, he shouldn't be able to walk out with the data on a Zip disk.
Talk all you want about the need for better computer security but to ignore the human side of the equation is to ignore the bulk of the problem.
BEN
According to the original Oregonian article:
In addition to the discs from Oates' apartment, investigators recovered drivers' licenses, credit cards, identification photos, death certificates, Social Security cards and applications for medical residency at OHSU Hospital.
It sounds like there was a lot more to this than just license data. My guess is that it's not the Oregon public that's at risk - it's some OHSU facility this guy was trying to get into.
I got a wake up call the other day.
If you call the USPS and ask them to
confirm someone's address (or even
your own), or to find out if someone
has done a change of address (filling
out the yellow move form and sending it
to the postmaster) - they won't give
out any of that info, citing privacy, etc.
Whew, what a relief that they are
keeping your info under lock and key.
Not!
They will sell it by the bulk apparently
for top dollars to anyone (who can pay
that top dollar) who needs to keep track
of people moving around.
Big Brother, look out.
I have a crappy retail job while I'm going to college and I have access to thousands of people's addresses, credit card numbers, phone numbers, full names, etc. Go to a mall dumpster and you'll find credit card receipts for hundreds of people. The girl ringing up your cargo shorts at Old Navy has access to your information just as easily as these "hackers" and "identity thieves."
Just because there are centralized databases with this stuff now doesn't mean anything, besides people can get 2 million of them at a time. What is someone going to do with 2 million records instead of just 20?
People steal no matter what. Computers don't make that easier or more effective.
One other thing... wasn't Oregon the state that at some point had all of their DOL/DMV info available on the Internet, free-for-all?
:)
Yes indeed. In fact we used it to find out who owned some vehicles that were abandoned on our property once. They took it down fairly quickly, it was only up for a few weeks, I think.
Personally, I hope more things like this happen, it might keep the number of people moving in down a little bit, which would be nice.
Computers are secure and not a threat to your privacy.
Databases are protected and access is secure.
Your private information will *not* be divulged or passed on in any manner.
Trust your Big Brother to protect you, your privacy is safe with us.
Senator Maria Cantwell (Washington) is trying to amend some federal laws for Identity theft. Been on the news almost daily. Seattle Times
Some of the reforms are needed.
Require businesses to turn over to identity-theft victims copies of any records reflecting fraudulent transactions.
Require consumer-credit-reporting agencies to block information that appears on a victim's credit report as a result of identity theft.
Give businesses a new civil avenue to recover damages from identity-theft criminals in federal court.
Change the statute of limitations for identity-theft victims to file a claim from the time when the fraud occurred to the time when the consumer discovers the fraud.
A Roger Zelazny story (One of his more esoteric titles) about a guy who was one of the development team for the national identity database. He left a hole in the system so that he could assume any identity at will and made his living as a sort of glorified private eye.
Well that the story I think of, anyway.
These days, whenever some asshole cuts me off on the road, I'm always tempted to write down the license number and look it up on my DMV CD. It has everything -- SSN, Address, DOB, vehicle information, etc...
Why such a thing was ever published, and why it was decided that the general public should have access to it, I don't know. Don't get the impression that these people acquired this CD through some diabolical means -- in 1997, you could walk right in to the DMV and request a copy. For free, I believe...
Would a centralized database for such a database (i.e., the US Id. Card) provide security advantages? Isn't there a reason that Oregon was the first state?
Here's what the ACLU thinks: "Why Does the ACLU Oppose a National I.D. Card System?"
Under the measure, retailers would have to provide identity theft victims with copies of all fraudulent records, and credit agencies would have to block bad credit information on their reports if they were the result of identity theft.
It all sounds very fair, but how easy would _that_ be? Given bureacratic middlemen and a lot of other things, I'm sure this would not be as easy as it sounds.
Plus what about the trouble with insurance. I'm certain that not many insurance companies would be ready to provide the victim with a proper profile, esp. after such an incident. In fact, I had a friend who had experienced something similar (not identity theft, but someone had interchanged her insurance profile) and even though it was _not_ her fault, most insurance companies are reluctant to give her anything that they feel would land them in trouble.
Sad that things like this ought to happen, only shows that we may not be ready, after all, for full automation.
This story is actually a few days old. here in Portland it has been on the news for at least three days.
One of the bits i saw showed Oates telling the channel 6 news crew that all the CD's were either blanks or just music. They then showed a Hillsboro police rep stating that the beginning and end blocks on a lot of the CD's were indeed music, but that all of the middle blocks contained identity related data.
Just and FYI.
You are right that "the implicit assumption that the computer is always right" can be a problem. However, it is precisely that assumption (or at least the assumption that the computer is almost always right that makes things so much easier for most people. I can enter a town I've never been in, present a little piece of plastic, sign my name, and receive goods and services. That's really useful. I'm willing to take the attendant risk that some can pretend to be me and do the same thing.
A friend of mine bought a used PC for his mother. When he booted the thing up it turned out to have windows already installed. So he clicking around and found a nifty Icon. He clicked on it and wouldn't you know up pops this window which turns out to be a database interface to several thousand Patient profiles for the whole region where he lives. Turns out the Local Health center had sold off some mustered out PC's and forgot flatten the Hard Drives first. That is how easily this happenes.
This sort of thing will allways happen and especially if you hand this sort of information over to private companies. Information will become more easy to access and governments and corporations will abuse it. They regard it as an incontestable right. Just wait till they start putting genetic profiles into these databases and selling them to insurance companies, banks and employers for "Risk Management and Customer/Employee evaluations" Won't it be fun to have your dirty genetic secrets floating around for the public to scrutinize.
Only to idiots, are orders laws.
-- Henning von Tresckow
Y'know, it shouldn't be possible to use publicly available information as accepted proof of identity in the first place. There's no need for it.
Every computer should ship with a smart card reader. Driver's licenses and credit cards should be replaced with smart cards that can do challenge/response or public key encryption, and never let the private keys out of the card. The public key (or whatever it takes to recognize the card is authentic) can be in databases, but that isn't proof of identity. Since the private key isn't anywhere but the card, you can't get it without stealing (or at least physically examining) the card. If the card is reported stolen, you have to show up somewhere in person for fingerprints and an eye scan to get another. It would be very hard to steal one person's identity, and stealing the identity of all Oregonians just wouldn't happen.
IIRC, the same scheme would take away a lot of the motivation for Microsoft's passport infrastructure.
What they are not telling you is that as of a few years ago ANYONE could order a copy of the entire list of licensed drivers in the state of Oregon. All it cost was sending them a 9-track tape and a small fee. ($75, if I remember correctly.)
It is not until copies of the records started to show up on CDs and on the net that things got changed. (Having someone stalked and killed did not stop them from banning the sale of the lists. Having people be able to look up politician's home addresses did. Kinda sorta.)
Now only people who have a "valid need" for the data can buy it.
The reason they did not ban the outright selling of the license lists was that the direct mail people "heavlly objected".
It became very obvious to those people in Oregon that actually paid attention that the state government cared more about financial concerns than they did about actually protecting public safety and/or privacy.
As for the oregonian... They are known to have a very skewed sense of reporting ethics. I would first determine exactly which axe they have to grind before coming to any conclusions about the "facts" of the matter.
"Trademarks are the heraldry of the new feudalism."
Her measure to Congress is based on a Washington state law that went into effect in July. Under the measure, retailers would have to provide identity theft victims with copies of all fraudulent records, and credit agencies would have to block bad credit information on their reports if they were the result of identity theft.
Why buy someone elses identity? There are plenty of spooky sites around the net which deal with offshore banking, which offer second citizenship or identity cards. Usually in your own name, but also in a name of your choice.
The pricelist includes items like:
- international driving permit: $200
- international student card: $65
- novelty cards (body guard, pilot (!!), delta force, PI etc.): any four, $100
- press card: $2-500
I'm sure there are many more sites like these, (in fact there are). I remember seeing a site once (imsil.com - anyone knows what happened to them?) which offered a new identity for around $6000. It was a passport to some x-UK colony, which didn't (officially) issue passports any more, but the old one were still in use.
-Kraft
Live and let live
Otoh, Oregon is the only state which has had the gonads to challenge the DoJ about their interrogations. Seems they do watch out for privacy at some level, in Oregon.
Nevada has been doing it for years. I know other states do, California doesnt but I believe some of the eastern seaboard sells the same information.
"Not my manner of thinking but the manner of thinking of others has been the source of my unhappiness." - M
Of course, once information gets out in to the open, there's no putting it back in the bottle. Sometimes that's a good thing when it makes MS patch their bugware, but clearly there can be problems too -- as this case shows. I think open government is vital to effective democracy, and anything that potentially limits the openness of government should be carefully scrutinized, but I also believe a line must be drawn somewhere when personal information is involved.
In government institutions, this becomes a question of how open "open government" can really be. It's not a theoretical concern; some local governments have been considering placing all their records online. So how much should they scrub out of these? What constitutes personal information that should be protected?
Credible participation in our democracy is rarely done behind a veil of anonymity. That's why we declare campaign contributions in the public record, why letters to the editor in newspapers aren't typically published unless signed, and even why Anonymous Coward postings on Slashdot don't receive an automatic +1 moderation. The underlying assumption is that if you aren't willing to identify yourself, then whatever you have to say must not be that important.
(Of course, in extreme cases, anonymity is important and protected; if you fear for your safety, or fear you would be unduly harassed by identifying yourself, anonymous participation in government is vital. But that's not usually the case with generic public records.)
How, then, do you balance open government with the potential for abuse of government records? How should the method of distributing information affect the content of the information being distributed? That is, should you be able to get copies of data with more personal information when you have to request it in person (and in the process having your own name added to the public record), one record at a time, versus download it off the web or from a CD?
The real perversity, however, is that companies can frequently buy this personal information for their own use. If you get junk mail, there's a good chance the company sending it to you got your address from a database compiled by your state's department of motor vehicles; in Oregon you have to opt out of having your personal information sold.
In a sense, I'm more concerned about corporations having free run of my personal information than governments. Corporations are not democratic bodies, their records are not open to public review, and I simply have to trust that they will do the right thing -- a trust that may be undermined by their profit motive. Open government, on the other hand, lets me participate in the fate of my information -- even if I have to identify myself to do so.
-Legion
The article fails to state how old the DMV records were, but it's very possible they could've been obtained at this timewhen the records were a little easier to access. Of course, even records 5 years old contain enough data that there's still plenty of accurate info there.
Looking for a computer support specialist for your small business? Check out
The state has no sales tax, so they've decided to use more innovative ways of financing the government.
(Note to the humor impaired: This is a joke. Please laugh. Thank you.)
Someone you trust is one of us.
We smelly Americans have picture ID's too, but that's only useful when you're standing there at the counter. When you mail-order something, do you enclose your face with order form?
This next song is very sad. Please clap along. -- Robin Zander
I've lived in Oregon for 4 1/2 years now, and I can tell you this is a very weird place to live.
1. The fact that I can't pump my own gas still amazes me. There's nothing like waiting 10 minutes to do something that should only take 5.
2. Oregon has something called a "kicker check" which means that if the government doesn't spend all of the money it collected in taxes, it refunds the difference to the taxpayers. Great concept, but it's actually a farce because the money is such a political hot potato that you don't dare spend that money or the people complain. So the government deliberately underspends so they can send out a kicker. This year the state is hundreds of millions short of what it needs, but guess what? The kicker still went out.
3. Oregon has a referendum system that has run amok, mostly because of one person named Bill Sizemore. He's always complaining about Oregon having high taxes (which is untrue, Oregon's total tax burden is about 38th highest, mostly because there is NO sales tax). But he's managed to get some taxes cut, further hurting the state. I'm sure he has plans to put a referendum out there to eliminate taxes completely.
4. Oregon's roads are torn to shreds every year because they allow studded tires starting October 1. A section of interstate between my home and work was paved only a few years ago, and already the studs have cut deep ruts into the road.
5. Portland has an "urban growth boundary" that is roughly a circle 20 miles in radius around Portland that sets a limit as to how far you can "sprawl" the city. Since the boundary is mostly full already, the local governments want to increase the population density (with all of the wonderful side-effects), but won't authorize any new freeways to alleviate what is already the 6th worst traffic in the country. There is some light rail (which is a great idea), but it still isn't nearly as extensive as it needs to be to make any difference. So Portlanders are packed in even tighter, and traffic gets worse every year.
Add to that the fact that the state only has one major newspaper (which is lousy), terrible local TV news (a recent study confirmed this), and housing costs that are way too high (partly because of the already mentioned urban growth boundary), and it makes me wonder why I stay here. For now, I'm happy to stay put, but it seems like Oregon is always doing something to urge people to leave. Of course, since I moved here from out of state, I've always known that I wasn't welcome here anyway. That's just the way Oregon is.
For EVERYONE:
Database Nation
Reason is the Path to God - Anon
"Meanwhile, Sen. Maria Cantwell (news - bio - voting record) is proposing legislation to help identity theft victims.
Her measure to Congress is based on a Washington state law that went into effect in July. Under the measure, retailers would have to provide identity theft victims with copies of all fraudulent records, and credit agencies would have to block bad credit information on their reports if they were the result of identity theft."
Fraudulent records? bad credit info? Sez who? you?
Will the onus still be on the victim of identity theft to prove all this? If so, I don't see how it's going to help. Some hapless victims have been told it would be easier for them to change their names, etc. than to straighten out the mess that's been made of their lives.
Wansu, th' chinese sailor
Didn't realize that the state helped out in this case.
But aside from whatever original copies were distributed in 1997, people have been selling them ever since. I am half suprised I haven't gotten spam offering to sell me a copy. (Perhaps I have and just trashed it without looking.)
But just goes to prove that you can't unring a bell. Once the information is out, it is out.
______
Once: you're a philosopher. Twice: a pervert.
I've only been to NJ once, and wondered this:
Are you suppossed to tip the gas station attendant?
For kicks, install Server and then set it up as a DC (also install active directory). It will take about 45 minutes to boot - if you think I'm bullshitting you, try it out, you can uninstall later.
Hmmm. PPro 200, 128mb ram, scsi - you don't have a hp vectra xu 6/200 box by any chance? I want to find an old p 200 so I can plug it in to have dual processors, any ideas on archaic stuff like this?
1q2w3e4r5t6y7u8i9o0pqawsedrftgthyjukilo;p'azsxdcf
Apart from your defense of the Oregonian (I don't think it's much of a paper either), you have hit it on the head. It's a strange place, but good. Those who don't like it are free to leave.
My biggest pet peeve about Oregon: I miss the old license plates.
-- Jeff Paulsen
I used to work for a small HealthPlan that was serving these poor chams at the state's expense.
:-(
;-)
This program was decimated a couple years ago when the rules were somewhat changed and their membership counts decreased 40-50%.
I can't give away inside knowledge of how much the state was paying the HP per capita, but it was significantly less than the commercial HPs were charging, so the company was barely surviving (I don't know if they are still there).
Also, Oregon's governer is a fuck: he has vetoed the highway speed increase two times!
My heart and 300zx Turbo are crying
Tigers respect lions, elephants and hippos. Maggots respect no one. (C) S. Dovlatov