Slashdot Mirror
Databases and Privacy
A couple of stories made an interesting juxtaposition today. First read this story about information marketers scouring public records to compile personal information. Note the emphasis on cross-linking data from various sources to provide more information than any one source did - databases are synergistic. Now read this column about David Nelson, and its follow-up.
It was just last year that myself and the other people of Missouri were shocked to find out that the local DMV was selling our personal information to the private sector. Unbelievable, a state goverment run institution that essential everyone who wants to drive and own a car has to deal with. Thats what I call being forced to opt-in.
Once again, proof that passenger screening is counter-productive.
Seeing as Google provides as much as 75% of referrals, this is an enormous amount of very sensitive information. From the behavior of other internet companies, it's unlikely that google would fight a subpoena for this information, some companies even hand over data on simple request. The threat exists today that one may end up on a terrorist watch list simply because of their searching habits. You may not even even know you've been red flagged.
Give me Classic Slashdot or give me death!
I work in information privacy and security in health care. The situation is already beyond repair. The only thing giving anyone in the industrialized world any semblance of privacy is sheer numbers.
I can take your last name, gender, a guess about your age within five years, a guess about what region of the US in which you live, and right here, from the very terminal from which I type this message, probably determine where you have lived for the past seven years, your neighbor's names, your family members' names, your social security number, your driver's license numbers, any public records (criminal, civil, real estate) in less time than it takes to reload slashdot on a busy saturday afternoon.
The key is that the results I get back will be fuzzy, I'll have to try to make sense of them, and not all of the hits will be accurate. But anyone with a brain can sense a "theme" running through the hits and nail your ID beyond a reasonable doubt.
Think you're off the grid? Only if you have never applied for utilities or credit of any kind, never gotten a publicly issued license, and never graduated from any school. If all that's true, why would I be looking for you anyway? You can't buy anything.
We need to collectively grow up here. It's not about limiting our invasions of privacy, we need to be licensing and bonding people who can mine it, like we license doctors, attorneys and cops.
The information really is out there, and it really is indexed, and it really is being used. That's why these Internet cookie monsters are so bold and shameless. They're not doing anything new and they know it.
The best way to do is to be.
There is a way, however, to maintain your privacy where it matters. They want to collect information on you? Fine, let them. But insert some misleading data into those records. Here is just one way to do it:
Take two persons, of similar hight, eye color, skin color and hair color. They are good friends and developed a relationship of trust between them. They are not criminals and have no criminal intentions. These two persons can each have two copies of their identfications - say, two copies of a driver's license (say one is "lost"...). One copy they of course give to the other one. One of them must be the 'good person' and one must be the 'bad person'.
Now imagine one of these persons is stopped for a traffic violation. He hands over the 'bad person' ID, and the traffic violation is registered on his name. He doesn't own the car, though - because the car is registered to the 'good person'. When it's time to pay insurance, and the 'good person' record is being pulled, it's a clean slate.
The sample here is sketchy at best, won't work if the car history is checked as well (unless...), and I don't want to give any more ideas to anyone here, but it is possible to fake the records just such - have someone else buy your house, and have a contract with this person saying he has no claim in it, switch salaries with your neighbour, bank accounts... If it has a purpose.
Don't do it 'just to spite', because every such transaction has an inherent danger, but if done right and to an end, it can be beneficial to the people involved, despite the best efforts of those information correlators to the contrary.
Oh, yes, standard disclaimer apply, use this information at your own risk, don't come yelling to me, it's probably highly illegal, be warned.
http://www.anybirthday.com
It's got that great hook: birthdays (so sweet and innocuous)! And of course you can "remove" yourself from the database. The only question is what happens once you remove yourself, and confirm your birthday, identity, etc.
Now, lets talk about how it works in the real world. I wanted a copy of my credit report, so I tried using www.freecreditreport.com (it's not really free, but hey, good marketing). When I submitted my request and tried to set up my account, I was given an error that my password was incorrect. Now, never having set up an account, I thought "hey, this is odd". So I called their 800 number and promptly found out that I did indeed have an account. After about 5 minutes of social engineering, I had the e-mail address that was associated with "my" account. Low and behold, it belonged to a guy that had received a copy of my rental application (yes it is legal for him to get a credit report, but not by impersonating me).
So, I said to the helpful young man on the phone "you've given my information to someone impersonating me". His response, and that of his supervisor was to tell me I should go file a police report. When I asked if they would take any action, the answer was a very resounding "NO".
So, I called back a few minutes later, with my new-found e-mail address and talked to another helpful gentleman whom I convinced to change the password and e-mail address on the account so that the previous dirt-bag would be locked out.
That is how things work in the real world. The companies who compile/manage/sell this information do not give a flying-frig about access control as long as money changes hands along with the data. If someone wants your info, and they have your name and a few other facts... they can get all the juicy stuff w/in about half an hour. Your only protection is the sheer volume of bio-mass that makes up the target group.
Run! There's a lobster loose!
I'm still a traditional fan of cash, rather then a credit card for most daily transations. It has the benifit of being remarkably easy to budget, as in alocate daily spending, impossible to go over your self imposed set limits. But importantly, it's none too traceable.
I may be slightly paranoid, but after buying electronic goods at a shop, I got a phone call within days asking me how i'm enjoying my thingie. It's like, "how did you get my number, I didn't give it to you".
I guess I have in the past given my personal info to radio shack to get free batteries, and actually they send me a christmas gift certificate every year... and actaully I enjoyed getting their catalogs back when they actually had them.
But the point i'm making is, cash is a remarkable means to provide some privacy. Not that you can't get away from things like morgages, cars, air line tickets, and other larger purcahces, but there is some info that random people don't have the right to know, like an employer checking to see if you buy alot of porn or booze.
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.