Slashdot Mirror
ChoicePoint Data Stolen By Imposters
swight1701 writes "Criminals posing as legitimate businesses have accessed critical personal data stored by ChoicePoint Inc., a firm that maintains databases of background information on virtually every U.S. citizen. The incident involves a wide swath of consumer data, including names, addresses, Social Security numbers, credit reports and other information. ChoicePoint notified between 30,000 and 35,000 consumers in California that their personal data may have been accessed by "unauthorized third parties." No obvious notice appears to be on their website."
The article further quotes ChoicePoint spokesman Chuck Jones:
Why the hell are they allowed to keep a dossier on me if they don't have any mechanism in place to allow them to track how it is used and by whom? This is insane!The correct solution to this problem, IMNSHO, is for the courts to determine that personal, financial, and credit records relating to an individual are the COPYRIGHTED PROPERTY OF THAT INDIVIDUAL, and may not be provided to any other party without the owner's explicit consent. Not a blanket consent to provide the data to anyone inquiring, but specific consent to provide it to XYZ Corporation.
Run over someone with my car, i am responsable, and it's a crime. Even if i didn't mean to.
Companys should be held responsable for the data they hold.
WTF am I doing replying to an AC at 5 A.M on a Friday night?
Next big issue is going to be medical records online. While having such information in once location could be of great benefit to doctors and hospitals around the world, there are also dangers as well, like your HMO, employers, or if your a public figure, the media getting their hands on otherwise private medical records.
"The problem with socialism is eventually you run out of other people's money" - Thatcher.
Incidents such as these are actually rather rare. People abusing information collected either through neglect or in other ways is not as common as proper use.
All those foolish people who protested the collection and sale of personal data of private citizens should be ashamed since the prosperity of this country depends greatly on the efficiency of business. And if you don't like it in this country any more go some place better! There isn't any place better you say? Then shoot yourself now because there's nothing you individuals can do to change things to your liking anyway.
(The preceding was stated as an opposite to my actual feelings on the matter to illustrate how ridiculous I feel the opposing view might be. There are no acceptable losses when it comes to privacy and the right of everyone to keep what they have earned. Loss of privacy opens the door for unscrupulous people to do bad things and reduces an individual's ability to protect one's self.)
They say "Criminals posing as legitimate businesses have accessed critical personal data stored by ChoicePoint Inc."
If the data was that critical and personal, why was it available to "legitamate businesses" in the frist place?
Are a set of articles of incorporation and a pile of money all I need to 'legitimately' access "databases of background information on virtually every U.S. citizen"?
They're only telling the California residents because only California has a state law that requires notification... sound like a law that needs to be passed in 49 other states.
The government is one of ChoicePoint's largest customers, so you can be certain that there will be zero rules and regulations imposed on ChoicePoint or similar companies. Nor will you see any changes to the Fair Credit Reporting Act, which affords no penalty to companies that report wrong information on individuals other than once proven incorrect, it is removed.
If this incident doesn't create intense public outrage and a rash of calls to legislators demanding change, then I doubt there will ever be changes that protect individual identity and information.
Furthermore, I would propose that every individual that finds ChoicePoint's egregious lack of security reprehensible, to draft a letter demanding a full explanation and any details relating to whether or not their information has been stolen. I don't expect this company to come clean, but just imagine the hassle of having to reply to hundreds of thousands of letters.
Maybe having to deal with thousands of peeved off consumers will clean up their act.
I very much doubt that they're willing to do this. They're only providing any notification becuase they're required by law to do so; left to their own devices they would ignore it entirely.
...can see your social security number, your credit report, your addresses...
...anytime they want...
...um...
...whew?
Rather than taking extreme measures to ensure that social security numbers are kept private, people need to simply stop pretending that a social security number is some sort of magic password that can be used to prove that someone is who they claim to be. SSNs should be treated about the same as phone numbers; assume that everyone has one, but also assume that everyone knows it.
Anyway, this is the prison we built for ourselves, and as a result the fact that you happen to live in another state means they do have less obligation to you, as that word has any actual meaning anyway. Otherwise we'd be within our rights to march down there with torches and pitchforks and perforate 'em.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
The real problem is there's no public/private key separation. Your credit card number is a secret key, but must be shared in order to do business with it. Ditto for checking account numbers which make direct deposit possible. The reason boils down to sheer laziness on the part of credit issuers. When there's a problem they can soak the merchants and/or customers, so they haven't bothered to fix the system.
That solves your bank deposit problem. Public/private key separation would solve most of the problems.
As far as repeatedly entering addresses--come on, that's easy. Browsers have a wallet-like feature which fills it in on demand. There's no need for the provider (netflix) to store the information, and they should refrain from doing so.
So far as taxes are concerned--of course you have to give personal info for H&R Block to process them, but the grandparent means it should be treated as your property. You may leave valuables with a bank safety deposit box, but the bank does not own them. It is a steward. Its rights obviously don't extend to sharing information about what you've deposited with others.
The article points out that "Lee said law enforcement officials have so far advised the firm that only Californians need to be notified.", so I'm guessing that there are probably another 300,000, or so, nationwide who will not be notified by the company. A few other really high-profile types might get a notice, but I'm betting that no more than a couple dozen non-Californian SlashDot readers will get notices.
Does anybody else want to call and ask and see if they even get an answer? (I don't live in the US, so I probably don't count, statistically speaking.)
Free Software: Like love, it grows best when given away.
...Is to make credit bureaus and data aggregators like Choicepoint liable for inappropriate data dissemination.
These companies are in a position of responsibility, but they don't seem to take it very seriously. The credit bureaus have already bribed their way into legislation that makes it your responsibility to correct errors in their data, not them. If we don't act now, they'll bribe (excuse me, I mean "make campaign donations") and get a free pass on handing out your data to the Russian mafia, too. I say make them liable for monetary damages, instead.
Institute it, and watch how fast their security improves. The attitude of: "Oh well, its not our problem" would be a thing of the past. OR somebody would sue them bankrupt. Either way, the consumer wins.
Plus, the idea of suing these bastards into bankruptcy appeals to me because of Choicepoint's role in George W. Bush's 2000 coup.
Who did what now?