Slashdot Mirror
Accessing Public Records in the Digital Age?
A concerned Anonymous Coward asks: "News.com has a story about what happened last week with RootsWeb. The state of California legally sold them the birth records of all Californians born since 1905, and they put the records online. Our Senator, Jackie Speier, immediately took action to stop the selling of these records in electronic form. Should public records (drivers licenses, criminal records, birth/death records etc...) be this accessible? Is it not hypocritical to make these records public but not easily accessible, or does the level of accessibility matter? Does it matter that they want to make this information easily accessible to big businesses (credit card companies, snail mail spammers) but not to the private citizen? Or should all these records just simply not be public?" There's a difference between "publicly available" and "publicly accessible", and there is something to be said about using this information for evil. How can we balance the two? The records should be available, yes, but only accessible to people who might need it (hint: not spammers and resellers). This issue is currently under debate in New York, as well.
See this article from last week. Everything from secureId to distribution rights is discussed.
I say give it all away for free on the internet. If the "bad people" can get it, might as well let the "good people" get it too.
On a related note, I just made $500 from Citibank. Seems they decided to call my cell phone from their automated calling machine. I gotta start signing up for more things with this number. Maybe I can make a living out of it.
Generally, public records are created for government accountability. However, there are no restrictions on use--anyone can use public records for any purpose under the sun. We need to establish appropriate uses and audit logs to catch those use who public records for identity theft, pretexting, and marketing.
The fact of the matter is that many banks and other institutions use mother's maiden name and DOB as passwords for user verification. With that information public, all Californians are at heightened risk for pretexting.
Restricting access doesn't work. When you restrict access, the infomation brokers (who have the resources to send researchers and aggregators to records offices) get the records and citizens don't.
For example, from a filing from 1995, Microsoft cofounder Paul Allen's is:
539-60-5125.
Bill Gates', whose URL I lost, is 539-60-5125.
- A.P.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
Oops, sorry, Allen's is 536-58-3118.
- A.P.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
One of many many restictions regarding storage of personal data that exist here, basically, you can't store data about someone unless they agree to it. If they do, you can't share it with someone else unless they agree. You can't make it public nor store it in an unsafe manner. All to protect the individual from having various (commercial) forces build a profile that can be used|shared|sold to benefit them.
To be honest I'm surprised that the US doesn't seem to have as strong a protection, an interesting battle between commercial forces and individual integrity for sure.
Wax-Museum Fire Results In Hundreds Of New Danny DeVito Statues
It's even more absurd to know that you can get the SSN of anyone sharing your name (or the name of someone whose SSN you know).
When my father died, my mother did a search on his name at the Social Security Administration site, and got back 17 ( seventeen )pages of men with the same first and last names, with SSNs, DOBs, and last known residences. That from a 65 yo lady who doesn't want to deal with the computer unless it's running a bluescreen session of DOS Word Perfect.
The TinWeasle: "Worming Out of Culpability since 1978" - Opinions expressed are mine alone, yadda, yadda, yadda
The thing that bugs me most about the selling of information by the government is that too many legislators are looking at government as a business, and not as a public service. Yes, government has to be paid for, but that is why they have the rights to levy taxes. Since so many legislators are pledging to lower taxes to get elected... This is what happens. The government still has functions that it is expected to perform, but no way to pay for them. When we demand lower taxes, we also have to expect reduced services.
Selling public records quickly becomes a conflict of interest, because first and foremost, the primary responsibility of a government is to the residents. When selling things becomes a priority- who wins? Probably the person who is waving the cash, not the resident. The resident forked up cash, but that was way back in April. One thing we have to remember- the government is a non-profit institution. Once it starts making a profit- that's called corruption.
What we're calling public records should be available, but for public safety purposes only, police, hospitals, health departments. I can see circumstances where ownership records should be made available (such as who owns that vacant lot with the toxic waste dump), but those records should at the very least, be prohibited from redistribution (can't we get copyright to work on our side?). Direct marketers will still be able to get names and addresses, they will just have to work a bit harder, and not go to the easiest, cheapest source.
In the UK a court case two weeks ago ( http://news.bbc.co.uk/hi/english/uk/england/newsid _1659000/1659807.stm ) decided that it was illegal for councils to sell on personal information, specifically the electoral roll, for commercial purposes. The defendants were backed by credit check companies as well as marketeers.
The gist of the claim was that since it is illegal NOT to register to vote in the UK there was no way for someone to legally opt out of this particular scam (btw uk readers: you can opt out of most direct mail (they claim 93%) in this country via the list maintained by http://www.mpsonline.co.uk/ )
The scene is now set for challenges to this ruling because of the words 'commercial purposes'. Everyone now claims they don't use the electoral roll as a source of names but purely to check the accuracy of the information they do have, which arguably they have to do by law (under the UK's Data Protection Act).
This is something of a red herring - all they can possibly need it to check is the spelling of your name and that's never stopped me being billed or the post getting through! There's a separate data source (the 'PAF' - post office address file, see below) which allows them to fix the address, and the phone no can be checked using BT's phonedisc.
The other equivalent sources of information in the uk break down as follows -
- Telephone books/CDs: managed by BT on behalf of OFTEL for historical reasons, the directory enquiries database contains all yer info and BT are required to pass it on (for RAND-style fee) to all telephone co's (seriously - BT has *2* directory services groups, the one that maintains the national number info is not allowed to make a profit!) Or you can just buy it on CD; I don't know what protection they use to stop reverse lookups or just ripping out all the addresses.
- The Post Office Address File is under Crown Copyright (AFAIK) and is managed by Royal Mail and not their semi-private arm, Consignia. In practice this means that they sell their lists for a RAND fee but it doesnt include people's names. Not much of a privacy issue there.
- The Land Register is maintained by a Govt dept and you can get access to all of it, but at a fee based on the area searched. In practice this would be an *incredibly* expensive way of getting info for marketing. However, like the electoral roll there is no way to opt out.
- The electoral roll (above) is maintained by local government organisations and so they don't have a national policy. Councils may give free access to the roll to companies doing work for them in some cases.
I expect this information was of the deceased, which is available.
Here in Wisconsin (not sure about where you live) you need to go through *so* many loopholes just to get your own birth records (if you lost them/burned them/made birth-record stew/whatever), I can't believe it would be this easy in Cali to get *everyone's* birth records. It's sick. Aren't there laws protecting citizens of california from companies (or governments) selling their personal information?
If you can do that, then why not get the SSN for the people who founded companies which ask you for details like that?
When the checkout people ask you for your SSN, you give them that number. When it gets irritating enough, maybe the companies will stop...
Government collected personal information should only accessabel without showing up in person as a query test. Give the name and ID#/date/whatever and the system replies only with a true/false or valid/invalid. That satisfies the need for verification, but also allows for privacy.
Even dead people can have their identity snatched. Give the right person the name, address, birthday and SSN of someone with a grood credit rating, and it's a short walk to a mailbox full of credit cards.
HJ-Osmet Mode On:
"....I spoof dead people...."
HJ-Osmet Mode Off
The TinWeasle: "Worming Out of Culpability since 1978" - Opinions expressed are mine alone, yadda, yadda, yadda