Cringely on Identity Theft

Boiled Frog writes "Prompted by the theft of his mail, Cringely investigates how easy it is to steal identities from government publications. In this article he explains how he got the identities of 300,000 people which he calculates to be valued at $65 billion dollars. If Cringely can do it, anyone can."

Murder is easy too

[stratjakt]

You cant prevent crimes from happening, you can only improve the ability to catch the criminals, and reduce the damages.

Worried about ID theft? Keep a close eye on your credit card bills, credit scores, etc.. Buy a paper shredder. Shred all bank statements and whatnot before you throw them out. Internet-shminternet, dumpster diving is the fastest way to someone's finances. Get the carbons at the gas station, or stores where they still use the old carbon-thinger credit card machine.

Cringely is a blowhard trying to scare people, but frankly this isn't news. Using the 'net really doesn't make this easier - it's always been easy.

I knew someone who got screwed big time by a gas station who would keep the carbons, and double bill her every time she filled up, the cash going straight into the owners pocket. She was a dope for letting it go on so long, as she never bothered scrutinizing her Visa bills. Turned out the station was owned by a Russian mobster. This was long before the world wide weeb.

Re:You want some wine with that cheese?

[TheGreenLantern]

Never work for an employer that demands your Social Security number; if asked for it, make one up and use it instead.

Yeah, cause this will never come back to bite you in the ass. I'm quite sure that when your employer finds out that you gave them a fraudulent SSN, you'll all just have a great big laugh over it, and they won't be calling the Department of Homeland Security or anything.

Re:Article is spot on. Happened to me..

[jafac]

The main issue to be concerned about, *unfortunately* involves politics.

It's the basic question of:
When someone is running a business, and profiting handsomely from it - should they, or should they not, be responsible for the safety of their customers?

It's already been established that Automakers should be responsible for defects in their products which compromise car-owner safety.

The airlines, of course, have dodged responsibility for the lax security they provided which enabled 9/11. Instead of a slap on the wrist, they were rewarded with hundreds of millions of taxpayer dollars in bailouts - and union-busting government arbitration - and, eventually, bankruptcy protection. Wow. I wish I had a business that the government was that generous to.
But I guess Alaska Air has been getting slapped around for negligent maintenance.

Now, if you spend $10,000 on a Microsoft server to protect your data, and it falls prey to a security glitch, we all know that Microsoft can't be held responsible.

Who's held responsible?

In the Old West - banks were often robbed. And stagecoach deliveries of funds. People were afraid to put their money into banks because if the bank was robbed, their savings would be lost with no recourse. Banks didn't take the responsibility of hiring enough security to prevent robberies. It would have made their business much less profitable.
Then the US Government created the FDIC insurace act, which insured bank deposits, and made bank robbery a federal crime, so robbers couldn't simply cross state lines to escape justice.

It was *not* a constutional duty of the government to do so - unless you check the preamble, and read the phrase ". . .to (sic) promote the general welfare. . . " because the result of this act was to reduce the bank robbery, increase the public's faith in the banking system, making more funds available for the economic development of the American West. Which had incredibly huge benefits for all Americans.

The question here is - would government be overstepping it's constitutional boundries by going in and protecting our personal data in the hands of corporations?
That's a matter of opinion.

Would the government be overstepping it's constitutional boundries by mandating that companies, in posession of citizens' personal data, be responsible for taking appropriate measures to secure that data?
Possibly - but in today's political climate, it would definately NOT be a Republican to suggest such.

What problem would be solved?
Citizens would be protected - that's a nice thing. And falls right in line with "...provide for the common defense..."
Public faith in ecommerce would arise, which might stimulate the economy - which wouldn't be a bad thing.

A solution is out there. But there are right ways to do this, and wrong ways. I'm certain that the wrong thing to do would be the neoconservative lassez-faire approach. And that's probably the approach our current set of (s)elected officials will choose.

Stolen credit card number

[baywulf]

Once I came home in the evening and got a message on the answering machine to call my card company asap because of possible fraudulent charges. I soon enough called the number they gave me and identified my card number and password. Then I told them about my message and they started looking it up on the computer. After 30 seconds the guy says that the compter is slow and other excuses. After another 30 seconds he apologizes and suggests I call back later since the computer seems down. So I put down the phone and then it suddenly hits me that I have no idea way to verify that the other side was the credit card company. It didn't feel right that a major financial company would have computer problems like this. So now I immediately called back the number on the back of my card and got through okay. They did verify that I had fraudulent charges and canceled my number. I asked them about the other number but they were not too concerned and guessed it might be an internal fraud line number.

In conclusion I still don't know if the original number was real or not.It could have been the card thieves trying to trick me. After getting the new card, I checked my credit report an month later to verify nothing new had been opened. The lesson I learned is to never use a number you cannot authenticate when doing sensitive stuff like this.

We do not have identities.

[Prometheus_NG]

I think something very vital is being missed here. Your name, address, phone numberm and SSN is not your identity. This is all public information. The problem is that we treat this information as if it was our identity.

Are people really suggesting that this information be "secret"? The SSN is not meant to be secreat, can not really be secret, and every SSN card says explicitly that it is not meant to be secret.

Surely we are not suggesting that one's name, address, and telephone number be secret.

The problem is that this non-secret, non-unique information is used to identify people for many significant transactions. I.E. Driver's license, Mortgages, Credit Cards, etc...

The other problem is many people are opposed to instituting any kind of authoritative nation wide identification system.

Put aside your libertarian angst for a second and imagine if we did have a national DNA registry that positively and uniquely identified everyone. Sure we have all seen Gattaca and imagine ways of forging DNA derived identification, but it would be much harder.

Much harder than the current system where all the tokens we use to identify ourselves are from non-secret, non-uniquely identifying information sources.