State Cannot Force Removal of SSNs From Privacy Advocate's Site

jvatcw brings us a story about Betty Ostergren, who operates a website dedicated to pointing out the social security numbers visible in public records. The purpose of the site is to raise awareness of privacy concerns regarding the personal information shared in Virginia's governmental websites. Legislation was introduced in Virginia to combat Ostergren's website, but last Friday a judge shot down the attempt to censor her, writing, "It is difficult to imagine a more archetypal instance of the press informing the public of government operations through government records than Ostergren's posting of public records to demonstrate the lack of care being taken by government to protect the private information of individuals."

How about something better?

[dsginter]

Can the states force the credit reporting agencies to allow citizens to lock their credit reports? The whole idea of identity theft is crazy - it could be trivially fixed with one-time passwords that people give out only when they need to.

But then we couldn't make money on credit monitoring services, now, could we?

Re:How about something better?

[MarkvW]

I wonder whether "identity theft" is not just an utterly brilliant public relations tactic used by the credit card companies to deflect responsibility away from themselves.

In "identity theft" the thief is the bad guy and the credit card company's responsibility is ignored.

Re:How about something better?

[Archangel+Michael]

If you hand over the job of monitoring your credit to someone else, you get what you deserve. THEY don't care about your credit rating.

And those companies relying upon credit monitoring services to get info on your credit deserve to be scammed.

If someone buys something in my name, using my credit score, from someone who doesn't know me from the guy down the street, they get what they deserve!

Take a look at my credit report. I don't use credit. Period. Never have, never will. Don't need it.

Re:How about something better?

[jedidiah]

Being willing and able to monitor your own credit still isn't enough.

Not being willing to accept or use "credit" isn't sufficient either.

All it takes is one abusive merchant to initiate a "collection" against
you. It won't matter if it's a genuine billing dispute or not. That
"black mark" will end up in your report. The relevant parties will be
unwilling to remove it, and everyone else will use it against you.

Re:How about something better?

[nine-times]

How about we just stop using social security numbers as though they're some sort of magical security token? It was never designed for that purpose, and if you put the slightest bit of thought into it, you immediately realize that it's not secure at all. People act like it's some sort of super-secure password that authenticates who you are, but then you're basically required to give out that password to random people on a semi-regular basis.

In modern times, with ubiquitous computing, it seems like there must be a better way. Hell, issue every man, woman, and child something comparable to an SSL certificate and have the government (or credit agencies) run the analog of the root servers. It may not be a perfect idea, but it'd be better than this.

Re:How about something better?

[plasmacutter]

can the states make credit reports illegal?

that would be better than band-aiding a broken system.

credit reports exist to put you at the mercy of the debt collection industry.

The system is perverse, requiring you to go into debt in order to qualify for a mortgage, but providing no recourse when they make mistakes.. even though those mistakes can be as horrific for the victims as false accusations of pedophilia

Re:How about something better?

[Archangel+Michael]

IF I don't use credit, then a "black mark" is meaningless.

And, with all those "black marks" on my credit, then anyone accepting my SS# and credit history, gets what they deserve.

But you raise an interesting point, though it is obscured. If I don't use credit, and someone issues credit in my name to someone other than me, how would I prove it? How would I even know it?

In that case, the credit companies have broken system (yeah, we all know it too). In this case, I'd sue everyone involved ruining my reputation.

I'm wondering why nobody has gone after them for slander or libel (which ever applies), in a civil tort?

Re:How about something better?

[bestinshow]

That would destroy the entire rate-for-risk loan and mortgage market.

Which means that everyone would get the worst possible deal because there would be no way to see if someone has a good credit report. See how many places will give you a mortgage today if you don't agree to a credit check.

If you don't want a bad credit report, then pay your bills on time.

You can develop good credit by having a credit card (which I'd recommend for all online purchases because of the protection they give you, don't use debit cards) and paying off the bill monthly, in full. Or just by having a credit card! If they make mistakes, then issue a Notice of Correction.

Of course it might work differently in the US from the UK...

Re:How about something better?

[russotto]

credit reports exist to put you at the mercy of the debt collection industry.

No, credit reports exist to help lenders decide how much of a risk you are. By the time a debt ends up in the hands of the debt collection industry, your credit report is already fucked.

The system is perverse, requiring you to go into debt in order to qualify for a mortgage, but providing no recourse when they make mistakes.. even though those mistakes can be as horrific for the victims as false accusations of pedophilia

That's certainly not true; there is recourse for erroneous information on your credit report. You can argue that it isn't good enough, or it is too cumbersome, but it isn't "no recourse".

As for going into debt to qualify for a mortagage.. eh. All you have to do is put your routine expenses on a credit card and pay it off in full each month. You get free use of money and you build credit history. If you can't do that (other than in a number of exceptional situations), you probably shouldn't qualify for a mortgage.

Re:How about something better?

[davolfman]

To be honest the credit reporting agency and the bank filing the report should be liable for libel every time they record a false entry.

Re:How about something better?

[Stellian]

I wonder whether "identity theft" is not just an utterly brilliant public relations tactic used by the credit card companies to deflect responsibility away from themselves.

The artificial distinction of allowing trusted people (banks, the phone company) access to your identity, while keeping it a secret for the general public (that includes identity thieves) is childish. As it is the attempt to criminalize the act of compiling a list of people's identity using public data - all identity data is public to some extent, by definition; if it's not public, it does not identify you. Compiling lists of public information is a clear example of free speech.

The term of "identity theft" is a copious misnomer perpetrated on the public by the credit industry. The identity of a person cannot be stolen, only duplicated or impersonated. The real crime here is identity fraud. The distinction might not seem much, but it's of key importance: it shifts the victimization from the impersonated person to the banker/stock agent/realtor/whatever that accepts the fake identity.

After all, why should *I* pay for the fact that some bank lends money to someone who says it's me ? The bank has little incentive to properly authenticate the guy: they want as much customers as possible, and be competitive: they reduce fraud to acceptable levels, until fighting against it is more costly than the actual money saved. The devastating consequences that "ID theft" has over an individual's live becomes an externality for banks. Meanwhile, I can do nothing to protect myself: my identity is in hundreds of public and private databases, out of my control: it's how I register to vote, how I get medical care, and how I install an Internet connection. I cannot function in this society without making my identity public, so It's unreasonable to require me to protect my identity from "theft".

You can find an excellent written article about the distinction between identity theft and fraud here, by noted security expert Bruce Schneier:
http://www.schneier.com/blog/archives/2005/04/mitigating_iden.html

The solution against identity fraud is making the enablers pay for it, breaking the externality. For example, a maximal 15-day clearing period of any wrong information on your credit report, after which the bank can be charged with libel.
Devising more intricate ways to keep our identity data "secret" is just band-aid.

(I fully agree there are other reasons to wanting to have your data private, such as, well... privacy; ID "theft" should not be one of them)

Re:How about something better?

[ChaosAddict]

Even better, it puts some of the responsibility on the victim. If someone takes your laptop, then there's always the idea that you didn't guard it well enough. How are you supposed to protect from theft something that everyone has access to, and that you're required to give out constantly?

Re:How about something better?

[r_jensen11]

All it takes is one abusive merchant to initiate a "collection" against
you. It won't matter if it's a genuine billing dispute or not.

And that's when you get the BBB involved and bring them to court.

Re:How about something better?

[DavidTC]

I wonder whether "identity theft" is not just an utterly brilliant public relations tactic used by the credit card companies to deflect responsibility away from themselves.

Don't just wonder about it. Refuse to use the term, like I do.

The correct term is fraud, and the victim is the business that got defrauded.

These businesses use the term 'identify theft' so their reaction to their own defrauding, which 'blame some random person who has nothing to do with it', isn't recognized as the criminal action it is. But the injury to 'victims' isn't coming from the person who committed the fraud. People whose identities are 'stolen' are not the victims of identity thieves. They're the victims of the victims of identity thieves.

People who have had their 'identity stolen' need a good lawyer to sue the ass off everyone who, when they got defrauded, didn't immediately fix the issue. It is in no way your responsibility that other individuals and businesses do not have stricter checking of identity, and you should be able to sue that business for every second of time and money their lax policies cost you in cleaning it up.

They can, of course, then sue to recover that money from the person who defrauded them, but that's not relevant to the 'identity theft' 'victim'.

If someone steals my car, I do not have the right to steal your car. Even if the person stealing my car used your name to do so. Even if I'm clever enough to invent the term 'indirect car thief' for the original thief, and 'indirect car thief victim' for you, and hope that no one catches on that he didn't steal your car, I did.

Re:How about something better?

[plasmacutter]

No, credit reports exist to help lenders decide how much of a risk you are. By the time a debt ends up in the hands of the debt collection industry, your credit report is already fucked.

I've had an instance where some stupid hospital screwed up my address, omitting a number. I never received a single bill from them and get a debt collection call 2 years later. I ask for a written bill (otherwise this "claimed" collection agency could just be a fraudster) and guess which non-existant address it gets sent to. Finally, 5 years later, the thing gets sorted out.

I'm sorry, but "guilty until proven innocent" is not an adequate system. Credit bureaus should be shut down by federal order and replaced with a system which gives truly equal arbitration, perhaps under the oversight of the judicial branch.

That's certainly not true; there is recourse for erroneous information on your credit report. You can argue that it isn't good enough, or it is too cumbersome, but it isn't "no recourse".

I forgot where I heard it, but it was a reputable news source.

Some woman had her name mistaken for someone else's. She got sacked with the crappiest credit rating on planet earth out of nowhere, and eventually had to fully litigate it for 5+ years before they finally capitulated and restored her proper score.

Re:How about something better?

[JoJo's883]

Trying to get thru life in the US without "credit" today is near impossible. Cars, mortgage, college loans, etc Regarding the abusive merchant, I went thru 14 years (yes years) of fighting Amex to get them to stop billing me for an ISP bill out of Australia, on a card that had been cancelled 3 years prior to them accepting the ISP charges. This made it all the way to a collection agency even though Amex readily admitted they were not my charges. After submitting complaints thru the Better Business Bureau, FDIC, and any other agency they finally stopped. The down side is that the black mark made it into one of the three major credit reporting agencies. Getting it off has been another round of headaches. The best part of the whole adventure was when I spoke with Amex on the phone and they told me it was too small of an amount for them to waste time on resolving it...

Re:How about something better?

[twistedsymphony]

How about we just stop using social security numbers as though they're some sort of magical security token? It was never designed for that purpose, and if you put the slightest bit of thought into it, you immediately realize that it's not secure at all. People act like it's some sort of super-secure password that authenticates who you are, but then you're basically required to give out that password to random people on a semi-regular basis.

I think it's part of a larger problem where people seem attracted to the idea of associating new things to existing identifiers, even if it's not even close to appropriate.

Re:How about something better?

[shredswithpiks]

That black mark certainly is meaningful. There are very few people who buy houses in cash, for example, and that black mark can be particularly painful. Not to mention companies are beginning to pull credit reports during the interview process for employees. My Gym accidentally called collections on me (sent in the wrong account number or some crap). Tomorrow I get to go in for a home loan application... can't wait for the fun trying to sort that out.

Re:How about something better?

[Hyppy]

It would be hard to prove intent, though.

Re:How about something better?

[Miseph]

So I take it that you already own your home for which you paid cash, and you never intend to purchase or rent another for the rest of your life. You also, apparently, have no need to ever take on any sort of student loan for yourself or (perhaps future) family. You must also have an extremely high paying job from which you simply cannot be fired and which you will never wish to leave (surprise surprise, a lot of employers use credit checks to see if you're "responsible") as well as a tremendous amount of liquid assets in reserve and a healthy investment portfolio (must be almost all foreign investments) which can adequately provide for you on the off chance that you are sick or injured or retired and lose your primary cash flow.

If the above is true, then two things follow: you actually might not need credit, and you're so far from being a normal American/European/human that your opinion on this subject honestly doesn't count. On the other hand, if the above is untrue, then you are quite mistaken about the value of your credit rating.

Re:How about something better?

[russotto]

I've had an instance where some stupid hospital screwed up my address, omitting a number. I never received a single bill from them and get a debt collection call 2 years later.

Did it ever appear on your credit report? If so, did you take any steps to remove it?

I'm sorry, but "guilty until proven innocent" is not an adequate system.

Since there's no guilt or innocence involved, this doesn't make any sense.

Credit bureaus should be shut down by federal order

Repeating "Carthago delenda est" never was much of an argument, though I grant that it did work.

and replaced with a system which gives truly equal arbitration, perhaps under the oversight of the judicial branch.

The current system is under the oversight of the judicial branch; you can sue credit reporting companies. That's pretty cumbersome, I grant you.

I forgot where I heard it, but it was a reputable news source.

Uh-huh.

Re:How about something better?

[nine-times]

I suppose, but it doesn't seem to me like the problem is that people use one identifier as an identifier for something else. For example, there are plenty of sites that will use your e-mail address as their username. It might not be your preference, but there's no inherent security risk (at least not any that are immediately apparent to me).

If everyone wants to use SSN as some sort of universal ID number, it doesn't seem to me like it's a big problem. The problem arises when they want to use it as some kind of secure password, even though it's effectively out in the open.

Re:How about something better?

[CautionaryX]

Good luck trying to get the collectors off your back. Suing the merchant is the easy part.

Re:How about something better?

That's a great idea. Once they are notified, should you get any grief after that point in time, I can't see how they are not liable. At that point in time, they are knowingly providing false information in writing which directly and financially harms you. Seems to me some needs to nail them hard with this. Hopefully class action status can be obtained. A couple 100-million in damages and I'd bet the credit agencies would suddenly given a dang that they are knowingly screwing people over.

Re:How about something better?

For example, a maximal 15-day clearing period of any wrong information on your credit report, after which the bank can be charged with libel.

Actually, there are already provisions for false information on your credit report in the FCRA and FDCPA and banks & credit companies can be fined $1,000 per violation by the FTC (As well as opening up to civil lawsuits, iirc). Granted, it's not the best way to do things and we definitely need better legislation in this area, but it is there. The burden is just on the consumer to know of its existence.

Re:How about something better?

[filterban]

How about we just stop using social security numbers as though they're some sort of magical security token?

No kidding. SSNs are everywhere, and this website is a great example.

Your analogy to the computer security world -- certificates and signatures -- is actually a good idea, although implementing it would cost billions of dollars to the government, banking, and insurance industries (among many others) that use SSNs to identify clients.

Do you really think that Mom & Pop Bank in rural North Dakota has any ability to modify their banking systems to work with such a scheme when they can't even make a web site? I don't.

ID Theft (or ID fraud) is always going to be a problem, but really, we are dealing with an antiquated system. Band aids such as credit monitoring are not good solutions and don't provide any reasonable modicum of security.

Re:How about something better?

[internerdj]

Apart from the other things employers make credit checks during the hiring process. Wouldn't it be great to miss out on a great job because you had no clue that someone falsely put a black mark on your credit report?

Re:How about something better?

[whoever57]

Take a look at my credit report. I don't use credit. Period. Never have, never will. Don't need it.

You don't plan on ever buying a house? Or are you just planning on winning the lottery so that you can buy a house with cash?

Re:How about something better?

[nine-times]

although implementing it would cost billions of dollars to the government, banking, and insurance industries (among many others) that use SSNs to identify clients

Sure, it would cost money. Then again, how much money is lost to identity theft, including the money spent on identity theft protection and money spent on investigating identity theft claims. Given a long enough timeline of dealing with these issues, building a better solution might just save money.

Do you really think that Mom & Pop Bank in rural North Dakota has any ability to modify their banking systems to work with such a scheme when they can't even make a web site? I don't.

So give small banks a tax break on hiring an IT guy trained to deal with this stuff. I don't really know the best solution there, but it doesn't seem like an insurmountable problem.

Re:How about something better?

[berashith]

what about negligence. If you ask for something to be removed that gets replaced in an automated fashion the next month, then there is a proveable disregard for accuracy. It isnt libel, but taking the cheap and easy way can provide known incorrect information.

Re:How about something better?

[Ykant]

I spoke with Amex on the phone and they told me it was too small of an amount for them to waste time on resolving it..

Sounds like a violation of the Fair Credit Reporting Act to me. They can be hit for up to $1000 per infraction, and that's $1000 of "real" money, as in the court can make them cut you a check. They know it's there, but it "isn't worth their trouble" to pursue? Sounds like willful violation to me. If you pursue it, they will probably work it out faster than you would have thought possible.

Re:How about something better?

[PPH]

The 'other' problem with SSNs is that they are a ubiquitous form if identification in society today.

Certainly, they are not useful for authentication purposes. But what they were intended for, a unique identification for the purposes of tax and Social Security data becomes a problem when it slips out into other parts of people's lives. Aside from entities (banks, employers, etc.) who have a legislated need to identify me as a unique individual, not many other people do. I have the right to receive my monthly p0rn subscription, contribute to Greenpeace, call all those 1-900 numbers for $5.99/min, and enroll my children in that hoity-toity private Christian school while maintaining deniability that the PPH engaged in one activity is the same as the others.

There are very few cases in which private businesses have the right to link my identity to the relationship I have with anyone else. I can give most a business who requests my SSN a phony number so long as I do so with no intent to commit fraud and the legal consequences are minimal.
 

Re:How about something better?

[nrgins]

i think the reason they don't have passwords is to not put any obstacles in the way of people buying things. what if someone forgot the password? might be a week or two before they got a new one, and, by that time, they probably wouldn't wanna buy whatever. but this system is absurd, I agree. reminds me once about when I went to my bank for a loan approval for a car. had the dealer call them with the info, and I talked the bank on the phone and said I was interested in the car. before I knew it, the girl was telling me when my first payment would be, what papers they'd be mailing me, etc. I said, "Whoa! I just wanted to know if this car qualified for the loan, based on the year and blue book value, etc." She said, "Yes, and you're taking out the loan now." I was like, "You mean I don't have to sign anything," and she was like, "No, you told me over the phone that you wanted the car." Man, talk about a sick society.

Re:How about something better?

That would destroy the entire rate-for-risk loan and mortgage market.

That market is already a total mess. Credit ratings have little connection to credit worthiness.

Re:How about something better?

[MindspanConsultants]

I'm an atheist, however: "And he causeth all, both small and great, rich and poor, free and bond, to receive a mark in their right hand, or in their foreheads: And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name."

Re:How about something better?

[AK+Marc]

The real crime here is identity fraud.

It is financial fraud and it is illegal actions by credit report bureaus for not removing false data. Identity theft is person C sealing from person D and blaming it on person A. It's like a crude frame-up job to cover theft, but it's one that's easily discovered and only used to hide person C's true identity. Yet person D calls it a crime against person A. Why? So that people stop asking why person D left a stack of $100 bills on the counter for person C to walk off with.

And after all that (if you followed it, I wrote it and still can't follow it), person D then reports to agency Q that person A stole money, even though they know that to be false, and agency Q will not remove the bad entry even after it is proven to be bad by person A. That's the real crime. I don't care if someone steals from Citibank using my name. Citibank doesn't care either, or they'd stop it, as it's simple enough to stop it. However, I do care if Citibank lies to Equisperifax and the agencies won't remove it when I tell them it wasn't me (their verification is to ask whether Citibank thinks someone owes them the money that's reported on my report, and they always say yes, even if it's no).

Re:How about something better?

[Archangel+Michael]

You are right. I'm not normal. Never have been.

But I live above my means, because I don't pay interest on things I don't need. I don't buy things before I can afford them.

As for my income, I made 50K last year, and my wife doesn't work. So I readily admit that I'm not normal. And just because I'm outside of normal, doesn't mean my opinion doesn't count. It just is evidence that one can do things that aren't "normal" if one has the mind to do them.

Most people are sheeple, and as such, it is their opinions that don't really count (or shouldn't count). But I actually have a brain, and drive, and commitment to an ideal.

Credit is a choice, not a necessity.

Re:How about something better?

[rgviza]

>After all, why should *I* pay for the fact that some bank lends money to someone who says it's me ?

You don't.
You will get a collection call.
At that point, you can ask them to fax you a copy of the signature they have, where you agreed to the credit contract.

They won't have it. Then you call the bureaus, and request your free copy of the report. When you get it, call back and talk to someone on the phone. They'll take it right off your report.

It took me less than an hour each of the 3x that Household Bank got ripped off by someone using my info. Never paid a single penny...

-Viz

Re:How about something better?

[nine-times]

Giving everyone SSL certs wouldn't be any different from giving everyone social security numbers, except that it would be more appropriate given how SSNs are used.

I agree that anything like a national ID raises some security/privacy questions, but I'm not so paranoid that I refuse to use my SSN or get a passport.

Re:How about something better?

[Marillion]

So you would replace a 30bit number that can be stolen with a 1024bit number that can be stolen?

It's not that the SSN is used as a password, it's used as a unique id and no password at all!.

Re:How about something better?

[Hektor_Troy]

As for going into debt to qualify for a mortagage.. eh. All you have to do is put your routine expenses on a credit card and pay it off in full each month. You get free use of money and you build credit history. If you can't do that (other than in a number of exceptional situations), you probably shouldn't qualify for a mortgage.

If I can't do that? What if I don't want to lend money for routine things? I can have an impeccable economy without a credit card, the need of a credit card or even wanting one.

Why should I be unable to loan money for a mortgage, if I have proven over the last 13 years (since I was 18) that I pay all my bills on time, rent, heat, electricity, car insurance (bought a cheap car cash), put money aside for retirement and general savings. All without the need or want of a credit card. I have 13 years of impeccable banking history - and you're saying I probably shouldn't qualify for a mortgage, simply because I don't want a credit card?

Yes you say "other than in a number of exceptional situations", but still - shutting people out from buying a house just because they won't buy into the whole "charge it" culture (including buying a stick of gum with a fucking credit card - George Carlin was right, those people should be stabbed in the eye) is rather extreme. Besides, before the advent of credit cards people could still loan money to buy a house, right? Probably because the banks did a proper piece of work evaluating their clients on a personal level

Re:How about something better?

[BHT]

Unfortunately for the victims of ID Theft ( and that includes the creditors who in turn pass on higher fees to depositors ) to say this is a publicity stunt fails to recongize that the victims are all faced with tasks that are not fun. So, it is absurd to suggest that the financial services industry would want this to happen. Nexgt time, Mark W, perhaps check your big business paranoia and scheming at the door. The public relations of a breach or loss of data do more harm for the financial institution.

Re:How about something better?

[Antibozo]

Actually it would be substantially different, because then:

1. You could authenticate without revealing a secret.
2. You could replace the authenticator if it is compromised.
3. Revocation could be used to publicly invalidate old authenticators.
4. The secret key would be entirely unpredictable (unlike with SSNs, where more than 50% is predictable from other information).

(I understand I'm preaching to the choir here. Just wanted to clarify.)

Re:How about something better?

Better yet, I put the burden back on them by pointing out to them that they have no legal right to my SSN and that if they want my business THEY need to come up with their own number to use.

Re:How about something better?

[Archangel+Michael]

You want to work for an employer that does credit checks?

I sure don't.

If they don't want my experience, drive, work ethic, skill and expertise, all because of a credit check, then I don't want to work for them.

I don't want to be nice little corporate drone, living in a Borg Cubicle. No thanks.

Re:How about something better?

[nine-times]

Do you know how SSL works? I don't have to give you my private key in order to verify my identity.

Re:How about something better?

IF I don't use credit, then a "black mark" is meaningless.

So you don't own a cell phone with a contract, or any other of the dozens of common everyday things that have absolutely nothing to do with credit cards that all require a credit check?

And educated people who think that somehow universally the idea of using "credit" is somehow always a bad thing make me lol....
 
  Time Value Of Money

Re:How about something better?

[nine-times]

Oh, and...

It's not that the SSN is used as a password, it's used as a unique id and no password at all!.

That was my point. It's an identifier, but it gets used as a password. There are many cases where simply knowing my own social security number is used a means of verifying my identity, even though it's completely inappropriate for that purpose. That's *exactly* my point.

Re:How about something better?

[nacturation]

I wonder whether "identity theft" is not just an utterly brilliant public relations tactic used by the credit card companies to deflect responsibility away from themselves.

http://www.youtube.com/watch?v=CS9ptA3Ya9E
 

Re:How about something better?

[Aldur42]

US federal minimum wage = $5.85 $5.85 * 3 times = $17.55 And this is under the assumption that you only make minimum wage.

Re:How about something better?

[torkus]

Yes and no.

Keep in mind that, in today's instant-gratification society, no one wants to wait 5-15 business days (or even one) for a credit application approval. Hell, you can get a MORTGAGE approved in less time than the paperwork takes at some places today.

It's MUCH more difficult to create a system where an individual can, from anywhere at any time with no need to have anything special with them, have their credit (and identity) verified without the possibility of fraud. This is awfully complicated to do without a significant inconvinience to the individual. I assume credit monitoring and fraud insurance/limited liability is a less expensive alternative.

Compare to DRM for music. No one likes it and companies have essentially thrown in the towel and decided it's easier to accept some piracy in return for greater sales and less overhead maintaining the DRM system and providing end-user support.

That said, I think it would be prudent to offer the OPTION of real security. Some banks use SecureID FOBs. The down side is it can limit impulse credit purchases/applications which make credit institutions more money than fraud costs then. In addition, i'm sure a reasonable % of fradulent purchases/charges are NOT caught or reported and thus just make the credit companies more money. So yeah, back to DRM logic.

Re:How about something better?

[torkus]

Have you read the small print you sign when filling out any credit app?

No, neither have I.

I'll bet you some karma that it includes a liability waiver for the company you're applying with and the reporting credit bureaus as well.

Re:How about something better?

[Marillion]

Yes, as a matter of fact, I do. Enough people will lose their private keys or have them stolen that fraud will still be a problem. I just don't have enough confidence that the average people will take the required precautions.

Okay, all this stuff (SSL, PKI, etc ...) does is provide better and better identity proxies - my numeric personae if you will. Who I am is a flesh and blood person. I am not a number or a certificate. But the problem is that companies and governments have long stopped dealing with my flesh and blood self but deal with my numeric personae instead. My personae may or may not have a great credit score; may or may not pay taxes on time; may or may not have committed felonies; may or may not be a terrorist. As long as companies and governments insist upon tracking personae instead of people, fraud will continue.

Re:How about something better?

[blueg3]

You don't need to put any expenses on a credit card and pay it off to have a good credit rating. All you need is two such lines of credit that remain active. While "remain active" varies from one credit card company to another, most cards will not be closed even if you never use them.

Re:How about something better?

[LordKronos]

Stuff like that is already covered by the FCRA

Re:How about something better?

[torkus]

Actually, you probably DO use credit even if you don't realize it. Many car insurance companies use your credit score as part of determining your rates.

Re:How about something better?

[Knara]

Yes you say "other than in a number of exceptional situations", but still - shutting people out from buying a house just because they won't buy into the whole "charge it" culture (including buying a stick of gum with a fucking credit card - George Carlin was right, those people should be stabbed in the eye) is rather extreme. Besides, before the advent of credit cards people could still loan money to buy a house, right? Probably because the banks did a proper piece of work evaluating their clients on a personal level

You do realize that by charging everything and then paying it off each month, you're essentially getting "free stuff" while simplifying your finances by paying at the end of the month instead of in many smaller transactions, right? And that you don't get charged interest if you pay it all off at the end of the statement period? How is it any different to pay with paper money in many transactions, instead of via EFT in one?

Re:How about something better?

[Matt+Perry]

But I live above my means, because I don't pay interest on things I don't need. I don't buy things before I can afford them.

You mean you live below your means. If you lived above your means, you'd be spending more than you earn.

Re:How about something better?

[nine-times]

Yes, as a matter of fact, I do. Enough people will lose their private keys or have them stolen that fraud will still be a problem. I just don't have enough confidence that the average people will take the required precautions.

At least it will require that your private keys are lost or stolen before you start having some of these problems. Right now, they're doing identity verification against information that's out in the open by default, without it ever being lost or stolen. That's why identity theft is such a problem.

Plus, at least you can set up a good system to revoke a lost/stolen private key and transparently issue a new one. Hell, they can even expire occasionally by default. There's currently not a good system set up to do that with social security numbers, specifically because it's intended to be a unique identifier that follows you through life.

As long as companies and governments insist upon tracking personae instead of people, fraud will continue.

So what's the solution you're suggesting here? That credit companies and governments actually follow you around and snoop on your behavior? Or perhaps that they get to know you as a person?

Re:How about something better?

[berashith]

my understanding of this is that you can continue to ask for this information to be removed, and they will have to remove it. There needs to be a way that if you request removal and prove the inaccuracy of the record, that it cannot just be dumped back in place. Sending three letters every month to clear the same wrong and outdated information is a clear waste of time, and that responsibility should be removed from the person being negatively impacted.

Re:How about something better?

[winwar]

"Keep in mind that, in today's instant-gratification society, no one wants to wait 5-15 business days (or even one) for a credit application approval."

"The down side is it can limit impulse credit purchases/applications which make credit institutions more money than fraud costs then."

Many people would wait for credit approval. But then they might decide they don't need it.

Instant credit benefits business more than the citizen.

Re:How about something better?

[KPexEA]

I have my own mail-order business based in Canada selling toy collectibles. When a customer from the USA buys over $200 worth of them I need to collect and forward their SSN to Fedex so the shipment will clear US customs. It is REQUIRED for orders over $2000, and for orders over $200 they can be refused for any reason and we can be forced to get them ( and have our whole shipment delayed until we get it). The Fedex Trans-Border Distribution system requires that we have at least one per shipping cycle (we ship once per week to the US). Talk about a big deterrent to cross border shopping. http://www.fedex.com/ca_english/international/regulatorynews/EIN.html

Re:How about something better?

[bberens]

Seems like them billing you for something you didn't purchase could be twisted into mail fraud.

Re:How about something better?

[Ioldanach]

BBB isn't a useful agency, you can report complaints to them and they can tell other people that a company has complaints against it, and that's about it. Oh, and if the company says the complaint was resolved, then they close it out. So the numbers for any company that pays attention to the BBB are pretty much useless.

Re:How about something better?

You're not a normal European?

Go suck a dick, this isn't a problem for Europeans.

Re:How about something better?

As someone else pointed out, if you ever want to buy a house, you're out of luck unless you have it in cash.

But I'd take it further and say if you ever want to rent anywhere decent, you're out of luck too. Many rental agencies and landlords (at least the last 3 that I've had) do credit report checks. While I have great credit, I'm assuming if someone had horrible credit or liens against them, etc., then the rental agency would reject them.

I suppose so long as you live with mom, you're ok... so long as she keeps the mortgage and taxes current and gives you the house plus enough cash to pay the inheritance tax, or the landlord grandfathers you in when she passes.

Re:How about something better?

[torkus]

Actually it's very easy. You answer and say "Do not call me ever again". Generally this works best if you're recording and have them clearly identify who they are and what exactly they're calling about.

If they call you, it's harassment and/or violation of FCC/telemarketing law. You can sue for monetary damages/penalties.

Granted, if you tell them to F off they can take you to court or issue a chargeback against your credit. The vaugely smart ones will not, however, call again.

Re:How about something better?

[smoker2]

Within, the word you are groping for is "within" your means.

Re:How about something better?

[cayenne8]

"Not to mention companies are beginning to pull credit reports during the interview process for employees."

Who in the world gives their SS# to a company for an interview?!?!?

Never heard of that one before...

They only get mine when I sign the employment forms if I'm W2. If I'm doing a C2C 1099...they just get my corporations tax ID.

Re:How about something better?

[cayenne8]

While I applaud not living beyond your means, not buying things before you can afford them (and this works I think on 99% of all things)....I'm wondering how you do own a house, and take care of say and emergency without at least some form of credit.

I was in horrible credit card debt hell post-Katrina. But, I got good settlements on my lost car and other things...and along with some other good fortune that came out of all that mess...I"m virtually debt free. All cards paid off, only a car and motorcycle note right now. I never intend to go into hard debt again. For 99% of all purchases I do, I pay cash.

But, I do have credit cards. I keep them mostly for emergencies, and for buying gas at places like Sam's that don't take cash at the pumps. What I do charge, I pay off in full each month, so that is basically like using cash.

I'm actually wanting to trade a card or so in for ones that earn cash back or airline mileage...which actually pay you to use them.

I'm curious how you go totally without credit. I have mine, and use it sparingly, and responsibly...I'm not sure I could go completely off them. I'd always want one around, just for an emergency....say like the coming hurricane. Last time for Katrina, I rode out with friends. After a period, I had to rent a car, and that is virtually impossible to do these days w/o a credit card.

I'd be interested in hearing the details of how you go completely without them....

Thanks...

Re:How about something better?

[hey!]

You've got the right kind of idea, but probably the wrong terminology.

What you are saying (if I may interpret broadly) is that credit reporting agencies have a duty of care towards the people whose information they traffic in. Naturally it would not be libel unless they were knowingly publishing defamatory information in a malicious or wildly irresponsible manner. Posting incorrect records in and of itself isn't anywhere near this standard.

And, in general, one is not liable for the criminal actions of others. So the falsehood being perpetrated by the identity thieves is not the responsibility of the agencies, who in a manner of speaking are a co-victim in that crime.

However, it is arguable that the agencies have a special duty to take reasonable care to prevent identity theft and to respond with prompt and reasonable action to any evidence or reports of identity theft. They have this duty because by trading in personal information, they exercise great power over the lives and reputations of others, a power from which they derive considerable economic benefit.

So the word you're looking for is negligence.

The problem with suing over this is putting a dollar figure on the damage done by the credit agencies' negligence. No dollar figure, nothing to sue for. What may be needed is for the legislature to create a statutory figure which could be used to sue the agencies.

Re:How about something better?

[Archangel+Michael]

The fridge went on the fritz last week, and I fixed it myself. I wouldn't be much of a geek if I couldn't fix things that break. Somethings aren't worth fixing, and I have a slush fund for such things, or I miss my next vacation. Or, I'll do a couple extra side jobs to pay for the nicer things in life.

I don't do without. I do without things I don't "need".

Re:How about something better?

so you consider your time to be worthless...

Re:How about something better?

[rohan972]

That black mark certainly is meaningful. There are very few people who buy houses in cash, for example, and that black mark can be particularly painful. Not to mention companies are beginning to pull credit reports during the interview process for employees.

Granted very few people can pay for their first house with cash unless they get an inheritance or something, but I don't consider the idea of living continually on credit to be a sound one. Once your first house is paid off, why borrow again? My wife and I have never had credit except for house, car and student loans. We own our house and cars, by not continually making payments to credit companies you can save the money for things you need.

Even as far back as Old Testament law, loaning money to people was known as a way to subjugate them.
Check the blessing Deuteronomy 28: 12,13 The LORD shall open unto thee his good treasure, the heaven to give the rain unto thy land in his season, and to bless all the work of thine hand: and thou shalt lend unto many nations, and thou shalt not borrow. And the LORD shall make thee the head, and not the tail;
and the curse
Deuteronomy 28: 44 He shall lend to thee, and thou shalt not lend to him: he shall be the head, and thou shalt be the tail.

Now regardless of religious belief or lack of, it should be fairly clear just looking around us now that living in perpetual debt is crazy and you cannot live as a free people if you do so.

And regarding employment: Start a business. Most people here are in the US, stop living your lives by permission and live as free people. You don't need permission of the bank to buy something and you don't need permission from a corporation to make money. At some point your ancestors did not have employment and lived by their own initiative. Stop buying into the lie that you are incapable of independence.

Re:How about something better?

[ScrewMaster]

No, but what he is saying is that the public is not without recourse when these things happen.

Re:How about something better?

When was the last time you worked minimum wage? I haven't applied for a job in the last few years where that information wasn't on the application form usually along with a waiver for a background check to be signed as well. I doubt there is any legal protection from discrimination for refusing to provide that information either.

Re:How about something better?

Ya that's a problem with credit reports. They don't count utility bills or rent as part of your credit history.

I guess one could reason that utility bills/rent must be paid and thus don't really count as credit unless you like living out in the streets. So there's motive to pay for it. With credit, many people require a bit more responsibility on their spending habits so they don't run themselves into debt. That, and if you do run into debt, all you have to do is wait 7 years and you don't have to pay a cent. You can't go to jail for credit card debt afaik.

This doesn't explain why you need a credit check when you get a cell phone contract. Cell phones are a necessity for many people so you're going to pay for the bill if you want to keep service. Getting cable/sattelite/internet/POTS never required a credit check.

Re:How about something better?

[DustyShadow]

If they don't remove it I believe the FCRA allows you to sue them for $1000 for each time they violate it. The law also allows you to get attorney's fees so many lawyers will do this work for free for you.

Re:How about something better?

[metamorphage]

They'll just tell you go to to hell. They've got plenty of people who are willing to give out SSNs for an internet connection (or whatever it is).

Re:How about something better?

[PPH]

They've got plenty of people who are willing to give out SSNs for an internet connection (or whatever it is).

Yes, but whose SSN are they giving out?

Re:How about something better?

[davolfman]

I was under the impression that the courts generally say any unfair contract is invalid.

Re:How about something better?

[davolfman]

I think recording you taking out a bunch of loans that you never did is defamatory. I also think the permanence of the record especially given it's tendency to heal from the other two agencies when deleted makes it a permanent public record, hence libel rather than slander. I chose the word carefully.

Re:How about something better?

[davolfman]

Also I'd like to mention the term "Pain and suffering".

Re:How about something better?

[russotto]

If I can't do that? What if I don't want to lend money for routine things? I can have an impeccable economy without a credit card, the need of a credit card or even wanting one.

Then they don't want to lend you hundreds of thousands of dollars for a house. They don't know you from Adam; why should they trust you with their money? It's actually pretty amazing that just because you borrowed and paid back tens or hundreds of dollars every month, short term, no interest, they'll consider you qualified to borrow hundreds of thousands of dollars over 30 years.

You can still get a mortgage with no credit history. But it is more difficult. The lender can produce something called a nontraditional mortgage credit report (google NTMCR) which takes into account utility bills, rent, insurance, etc. That's great if you're already in that situation. But if you're not ready to buy a house yet, it makes a lot more sense to just get a credit card or two, charge a few items on each one every month, and pay them off in full every month. There is zero downside to doing this and the very large upside of building credit. There's no need to buy into any "charge it" culture; you just buy the same things you'd buy anyway, only with a credit card instead of cash or a debit card.

Re:How about something better?

If they don't remove it I believe the FCRA allows you to sue them for $1000 for each time they violate it. The law also allows you to get attorney's fees so many lawyers will do this work for free for you.

They do remove it though. But then it gets automatically put back. Seems like quite a loophole.

Re:How about something better?

[mxs]

You never paid a single penny, other than your time invested. You got it taken care of in less than three hours. That is not guaranteed to be the case.

Furthermore, you have absolutely no idea what other databases this information has since been incorporated to. Hard to "fix" something you don't know exists.

Re:How about something better?

How about we just stop using social security numbers as though they're some sort of magical security token? It was never designed for that purpose, and if you put the slightest bit of thought into it, you immediately realize that it's not secure at all.

Nice if you can pull it off, but the corps will never allow it. Your social security card even says on it, "Not for identification purposes" or somesuch. I used to think that meant you couldn't use the "card for ID, as you would a driver's license.

According to the SSA, the SSN was originally restricted to SSA operations. Then businesses started using it for employee IDs, among other things.

When the SSA tried to clamp down, the businesses just added an alphabetic at the end, then said "111-22-3333A is not an SSN -- SSNs have no alphabetics in them." They got away with it.

I have a friend who worked for years for SSA. She gave her number to damned near no one. Once, when she went to a doctor's office, they gave her the usual form to fill out. She left the SSN field blank. They handed it back for correction, as though it were an error. She told them they didn't need it. They said everyone gave it up. She told them they had no need for it -- she was going to pay in cash for her treatment and that no insurance claim was involved, so they didn't need it. They were appalled and insisted. She stood her ground and they folded.

Collecting unnecessary personal has become entirely too routine. People are led to believe they have to give it up.

I recently saw an interesting interaction. California fishing regs specify that, if you are fishing from a pier that extends into the ocean, you do not need a license. I find it interesting that a pier into San Francisco Bay requires one, while a pier into the Pacific ocean less than ten miles away extending into the ocean does not.

Anyway, the ocean pier occasionally gets visits from the county F&G folks. there are legitimate enforcement issues like not having too many fish in your possession. As I walked along the pier recently, an F&G guy with the usual aluminum box/clipboard was talking to a couple of guys who were fishing. I heard some questions about how many and what kind of fish they had, how often they use that pier, etc. I was quite surprised when it got to name, address and such. The one who did all the talking clearly said, "I don't feel like giving out any personal information. The F&G guy asked for a zip code. Again the answer was that the fisherman didn't want to give out personal information. By the fact that F&G guy just gave up at that point, it tells me he had no authority to _require_ that information -- they just gather it because people assume that any uniform has authority to ask anything they like. I'm willing to bet he was placidly given the information by everyone else fishing off the pier that day.

Re:How about something better?

The problem you'd face trying to prove negligence is that the credit reporting agencies stand behind the fact they they are not the originators of the data. The information is fed to them by the companies you do business with. The credit agencies only collect the data, they don't create it.

The reason bad information continues to show up is because it is still bad in the source feed. The consumer needs to not only contact the credit reporting agency to get the data removed, but needs to also go back to the original source.

Re:How about something better?

[nine-times]

She told them they had no need for it -- she was going to pay in cash for her treatment and that no insurance claim was involved, so they didn't need it.

So I guess that's all you have to do to avoid these things-- pay cash for everything? Great, I'll get cancel my insurance right now.

Oh, and of course, you said your friend gave the information out to "damn near no one", which I assume isn't the same as "no one". That means there are still people who have access to that information other than herself, so it's still not secure. All her attempts to keep in a secret are admirable, I guess, but it doesn't change my opinion on the matter. Whether or not your social security number is used as an identifier, knowing a person's social security number should *not* be considered authentication of that identity by anyone.

Re:How about something better?

[plasmacutter]

this is bull. you get sacked with the interest anyway.

Re:How about something better?

[metamorphage]

Good point, but do companies who accept fraudulent SSNs really care? They're still getting somebody's money. Until they get hit with penalties for not authenticating properly this will continue.

Re:How about something better?

[PPH]

The companies that have a statutory duty to report SSNs are banks, employers and the like. Giving them a fake would be a crime. OTOH, if my cell phone provider asks me for an SSN, they have NO legal need for it and no need to validate it. There's no way they will be penalized for not validating it, so I might as well give th the SSN on that phony card that came with my wallet.

Re:How about something better?

IF I don't use credit, then a "black mark" is meaningless.

Not really. Just to get some jobs, they require a credit check. No pass, no job.

Additionally, even without black marks, the industry is set up so that non-credit-users have what's considered a "thin file" -- i.e. not enough information to make a judgment on. That could be a disadvantage.

Possibly interesting side story wrt getting a credit check for a job:

I once got a job with THE major _credit rating_ company (not _credit reporting_ company -- there are mainly the big three of those and they only supply data, not ratings) and they required a criminal background check. Oddly, they did not ask for permission for a credit check, though they, of all people, could probably have gotten one surreptitiously.

I am also an amateur radio operator and, as such, would expect to participate in emergency communications after floods, fires or earthquakes out here on the west coast. Some of the duties might include beefing up or substituting for police, fire or rescue operations if their systems failed in any manner. Some of the duties might be simply "health and welfare" traffic handling -- i.e. "to: the rest of the family out of state -- Aunt Martha's house survived the wildfire; not so Uncle Jake." -- fairly innocuous stuff.

As it turns out, the American Red Cross (ARC) now has an application which must be filled out by all volunteers. There are many otherwise willing amateurs ready to sign up, except for the terms on the application. You must agree to -- a criminal background check, a credit check and a "lifestyle check", all done by a third party. Jesus H. Christ -- a "lifestyle check"??? What the fuck is that??? Well, they won't tell you what the scope is -- just sign on the authorization line. Naturally, the suspicion is that you will be disqualified if you by some WASP POS if you list your occupation as hairdresser and have a zip code which includes San Francisco's Castro district.

Admittedly, there have been negotiations between the American Amateur Relay League (ARRL), which represents (and lobbies for) the interests of the amateur radio community and the ARC over this issue. Apparently the ARC has backed down on some of the requirements, presumably the "lifestyle check" issue, and may have set the requirement to only apply to volunteers working over 7 days, but they have not yet come up with a MOU which is satisfactory to the ARRL.

Can you really believe you may not be able to find out about Uncle Jake because of an insufficient number of message handlers? Why do you give a damn whether it was handled by your state senator, a social worker, an embezzler or a child pornographer? It's just a goddamned message.

Re:How about something better?

[rastoboy29]

A) It cost you 3 precious hours of your limited lifespan.

B) More importantly, you were a very, very lucky bastard to have it taken care of so easily.  Not everyone is so fortunate, nor might you be next time--so don't get cocky!

Re:How about something better?

It is not a loophole. You just don't seem to understand the law. You tell them to remove it. If it shows up again you sue for violation of the FCRA. There is no such loophole as you suggest. Otherwise, a company would just say "well, we removed it but then it must have shown up again 1 second later".

Re:How about something better?

[Knara]

Depends on your card agreement, but generally no, you don't.

Re:How about something better?

[Matt+Perry]

Within, the word you are groping for is "within" your means.

No, I wasn't groping for anything. I stated exactly what I aimed to.

Re:How about something better?

[torkus]

In a broad scope, I agree with you. People definitely over-use credit.

That said, it's not for you or I to force our views of fiscal responsibility on to others. If the majority of people want the ability to buy that $1999.99 handbag on insta-credit, that's their choice.

It's sad this had to go to court.

[Trojan35]

I wonder, if it was a newspaper or CNN doing this, if this would have ever gotten that far.

Re:It's sad this had to go to court.

[gnick]

A newspaper (depending on the newspaper) or CNN would likely have published the story, but censored the SSNs. Otherwise their readers/viewers would have been angry with their news source for publicizing their information rather than the government for mishandling it.

Now if Ms Ostergren had censored the SSNs like the main stream media would have, I doubt that she would have been able to garner the attention that this story deserves.

Re:It's sad this had to go to court.

[0xdeadbeef]

This has nothing to do with privacy. There is nothing "private" about a number used as a unique identifier in government databases. This is a security matter, and what she is doing is no different than posting an exploit.

Re:It's sad this had to go to court.

I agree that it's kind of shady and a bid for attention. What I would like to see is a website where one can voluntarily publicize one's SSN. It's nothing but a security risk at this point, so making it public record would (over time) force companies to stop relying on it for verification. It would take some brave souls to seed the effort, but when it hit critical mass (~1o,ooo or so by my count) you'd start to see some changes.

Re:It's sad this had to go to court.

[TubeSteak]

The ends don't justify the means. She's trying to advocate privacy by decreasing individual's privacy if I'm understanding this. She's saying "this is wrong that your social security number is printed on X public document, so I'm going to post it online to dramatically increase the amount of people who can see it and increase your chances of identity theft."

You missed one important detail.
The records she is putting up on her website are already online.
That pretty much knocks the bottom out of your argument.

Re:It's sad this had to go to court.

[Spy+der+Mann]

This has nothing to do with privacy. There is nothing "private" about a number used as a unique identifier in government databases. This is a security matter, and what she is doing is no different than posting an exploit.

Wrong. This is not just posting an exploit. This is like using an exploit, getting people's passwords and and posting them.

Re:It's sad this had to go to court.

[gnick]

Also, it doesn't sound like she's just shot-gunning out every SSN she finds. FTA:

Ostergren routinely posts the Social Security numbers of high-profile individuals that she claims to have easily obtained from county and state government Web sites. The list includes former Florida Gov. Jeb Bush, former U.S. Secretary of State Colin Powell, former U.S. House Majority Leader Tom DeLay, former Missouri Sen. Jean Carnahan and several county clerks in Virginia.

That doesn't say explicitly that she's not posting everything, but it does seem to imply that she's just calling out very public government figures. Sure it's a bid for attention, but it's an effective one. And, since it was the State that publicized them, it seems like she's re-publicizing just enough to call the appropriate level of attention to the issue. Good on her.

Re:It's sad this had to go to court.

[philspear]

This is a case where I'd like to be able to delete my own comment. Someone pointed out that she's only posting SSNs available online already for politicians. I don't think this is a bid for attention.

Re:It's sad this had to go to court.

[apoc.famine]

If by "exploit" you mean "looking at something through a window designed to allow you to do that and then posting a picture of what's inside", I'd agree. There is no "exploit" - the system was DESIGNED to be transparent. What she's pointing out is that if you design it like that, then put things you don't want people to see inside, PEOPLE CAN SEE THOSE THINGS!

It's like putting in a plate glass window, then hanging your underwear in front of it. When someone takes a picture of it and posts it, you complain and sue, rather than A) Removing the underwear, or B) covering the window. The window was your doing, and the underwear was your doing - all they did was draw attention to the fact that you might not want to do one of the two.

In case this poor analogy isn't completely clear, the state could have either A) Disallowed access to this information all together, or B) not have included the SSNs. Instead they tried to use legal means to fix their stupidity.

Re:It's sad this had to go to court.

[Sentry21]

GOOD.

The information is all available for anyone who knows where to look. Most people don't know where to look. Bad people who shouldn't get your information know where to look. There's a hole here through which people's information is leaking out.

The government has refused to fix the hole, so she tells the world (such as it is), and provides proof. Would the average person care if someone said 'Oh, people can get personal information off some website'? Not really. Would the average person care if THEIR information ended up on the front page? Definitely.

The sad part is that she can go ahead and get all this information, and does so to prove that people's personal details are at huge risk. What's the government's response? Fix the problem? No, shut her up. Great, then anyone else can go ahead and do it.

In technology, as in medicine, treat the problem, not the symptoms.

Re:It's sad this had to go to court.

[aardwolf64]

You know what else is online? Kiddie porn. Does that make it acceptable for me to copy and host it on my site, just because it's already there?

Re:It's sad this had to go to court.

[MadMidnightBomber]

No, it's like writing a google search to find passwords that *are already on the Internet*. E.g. 'intitle:"Index of" passwd passwd.bak'

( See GDHB : "Files containing passwords (135 entries) PASSWORDS, for the LOVE OF GOD!!! Google found PASSWORDS!" )

Re:It's sad this had to go to court.

[thanatos_x]

Child Porn is already illegal to create or host in the first place in most countries around the world.

On the other hand what she is doing either is:

a) Illegal, in which case the government shouldn't be doing it, and she points this out.

b) Legal, in which case neither one is doing any wrong, though the government may be guilty of violating civil law. (breach of contract/duty to protect constituents)

c) Illegal for private citizens, legal for the government (like operating a police force). I'd find it hard to justify this one, given the nature of data and being public.

Suppose I take a bunch of public statements and infer something that is either legally confidential or just of a personal nature. Assuming I built my information on entirely legal information, I'm allowed to publish my findings. If you weren't many journalistic articles would never be allowed.

Also remember you can't punish a non-existential entity, such as a government or corporation. You can pursue civil actions and get damages, but no criminal actions can be levied against the entities, since they aren't persons. At best you could force the disbandment of a given entity, but you're really punishing the shareholders in that case.

Executives, workers, managers - they can all be held liable for actions of the corporation or government.

Re:It's sad this had to go to court.

[Spy+der+Mann]

If by "exploit" you mean "looking at something through a window designed to allow you to do that and then posting a picture of what's inside", I'd agree. There is no "exploit" - the system was DESIGNED to be transparent.

Sue the system, then :) Who knows, it might just work.

Re:It's sad this had to go to court.

[cawpin]

"like operating a police force" Operating a police force is NOT illegal for private citizens. They simply have to be restricted to the area they are in control of just like the government, ie private property.

Re:It's sad this had to go to court.

Would it be cool then if she just started putting these people's info up on bulletin boards along the freeway?

Re:It's sad this had to go to court.

[avandesande]

To her benefit it should be noted that these SSNs really don't hurt anyone, since they are very public figures.
I think a 15 year old cracker would have a hard time impersonating Colin Powell.

Re:It's sad this had to go to court.

[apoc.famine]

Especially since it probably won't show up in court - I bet you could get a default judgment.

Business model

1. Find SSN in public records.
2. Post them on your own site.
3. ???
4. Profit!

Alternative to posting online...

[Tekkanano]

Maybe another way to get ppl's attention is to post on utility poles?

Serious Push Back

[curmudgeon99]

How refreshing it is to see judges finally waking up to the abuses our government is making. In the past year the judicial branch has made me want to stand up and cheer, with the pushback against the Bush administration and now--here--trying to stop legislatures from hiding their mistakes.

Re:Serious Push Back

[holmedog]

Not me. It's not the judicial branches job to make legislation, and every time they do they make more power for themselves. I'm glad when they do like this judge and simply strike something down. I'm sad when they do you like you suggest and "pushback".

Re:Serious Push Back

[plasmacutter]

"betamax" under your definition is also "judicial activism".

rulings like that are a common function of the judicial system, and if congress finds it objectionable they can specifically address it with legislation.

Re:Serious Push Back

[orgelspieler]

Absolutely couldn't agree more. When I hear people say "activist judges" I just want to scream. Would they prefer lazy judges who don't take their role in the balance of power seriously?

If people want judges to stop interpreting the law (which is their job), then they need to demand that the legislative branch do a better job of writing laws that don't need interpretation. Just think, if the Bill of Rights had been elaborated just a bit as to the meaning of each phrase and clause, we wouldn't need to have judges and lawyers arguing about 18th century word definitions and grammatical comma placement practices.

But writing better laws would only fix part of the problem. These complainers need to demand that the executive branch do a better job enforcing the laws, too. They could start by kindly asking the President to stop making signing statements for everything that crosses his desk.

If well-written constitutionally valid laws were enforced impartially and regularly, judges would have a lot less to be "activist" about.

Re:Serious Push Back

[Nimey]

You're mistaken. Judicial activism is defined as what a judge does which the speaker does not like.

I'm still waiting for those complainers to start using the phrase "executive activism". I predict it'll start once a Democrat takes office.

Re:Serious Push Back

If people want judges to stop interpreting the law (which is their job), then they need to demand that the legislative branch do a better job of writing laws that don't need interpretation.

I'd say the problem isn't just the poorly written laws, but the complete politicalization of the judge appointment process. Judges should be appointed based on their ability to objectively analyze laws in an unbiased manner, but more often than not they are appointed based on very specific biases. We do have "activist" judges on the bench, because many of them were appointed specifically for their lack of objectivity.

Re:Serious Push Back

[everdred]

Just think, if the Bill of Rights had been elaborated just a bit as to the meaning of each phrase and clause, we wouldn't need to have judges and lawyers arguing about 18th century word definitions and grammatical comma placement practices.

Right, because what we need is to have to amend the First Amendment to update the "speech" bit every time a new way to communicate is invented. ("Alright, so we've got verbal communications, paper, the telegraph, telephone...")

So not only would the text need to be revised all the time, but what if they decided that a new medium was to be excluded (or rather, not included)? ("Oh, people use computers to communicate these days? Globally? This could be dangerous... let's not add protection for this one...")

Pretty sure it was left vague for a reason, and this contributes to its longevity.

Re:Serious Push Back

[orgelspieler]

Sorry for the late reply. I appreciate your point. We have been fortunate that judges have interpreted "speech" broadly. They could have determined that "speech" does not include non-verbal acts of communication such as sign language or flag burning. The founding fathers could easily have included a few "including but not limited to:" type sections in just about everything in the Bill of Rights. But they didn't think they needed to when they wrote the 9th amendment to pretty much guarantee that everything they forgot would be permitted rather than prohibited.

The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.

Meanwhile...

[bigtallmofo]

In other news, the IRS reports that they are finally cracking down on long-time tax evader Betty Ostergren for failure to report as income the $10 her grandmother gave her in a birthday card in 2005. Ms. Ostergren faces up to 10 years in prison and a fine of $300,000.

Re:Meanwhile...

[CycleMan]

Cute, but completely impossible scenario. Quoth the IRS in IRS Tax Tip 2008-15 "If you gave any one person gifts in 2007 that are valued at more than $12,000, you must report the total gifts to the Internal Revenue Service and may have to pay tax on the gifts. The person who receives your gift does not have to report the gift to the IRS or pay gift or income tax on its value."

My relatives took advantage of this to reduce their taxable estate before death. And I sure didn't mind receiving a nice big check.

Re:Meanwhile...

[mdm-adph]

*swoosh noise as the point flies over your head*

Buddy, if they don't find a gift-giving error, trust me, they'll find something, eventually. That's how it works.

Amazing

[nickswitzer]

How do they get away with not hiding these numbers. People get their lives torn to shred, their credit smashed, debt accumulated because someone steals their SSN and information. I thought you weren't even supposed to carry your social security card around with you just in case you lose your wallet/purse, yet the state of Virgina doesn't deem it necessary to hide these? WHY DO YOU THINK THEY ONLY AS FOR THE LAST 4 OF YOUR SOCIAL AS VERIFICATION? Come on people, let's stop being retarded.

Re:Amazing

[joelwyland]

You apparently missed the whole point. This information is already out there because the government is mishandling it. The reason the judge isn't forcing them off the web is because it's the perfect way to show the government is incompetent so that it can be FIXED. It won't be fixed if it gets buried.

Re:Amazing

[nickswitzer]

I didn't miss the point, I am just frustrated that with the publicity about this subject, the ruling from the judge, that it is not resolved. The local news could have gotten a hold of this and created some controversy about it. The best thing that could be done to not bury this would be to have the news blast this all over their evening report.

Re:Amazing

[Bengie]

according to medicare, you're 'only' suppose to carry your SS card if you plan on getting hurt. eg. If you aren't going to get hurt, don't carry your card; but if you do get hurt, you'd better have it on you

ID Theft Field Day?

[Kid+Zero]

So to combat the stupidity of the State of Virginia, She goes on a tear of Stupidity of her own?

The next law the State of Virginia should pass in this vein is one that makes it a felony to post SSN's in public.

Re:ID Theft Field Day?

[mapsjanhere]

Good idea - as long as they waive their sovereign immunity, and that of their employees, in the same law. Otherwise all it does is censor the critics and allow business as usual.

Re:ID Theft Field Day?

[be951]

Uh, that's the whole point. The state is providing the numbers online already. She's just drawing attention to it.

Re:ID Theft Field Day?

[L+Boom]

So to combat the stupidity of the State of Virginia, She goes on a tear of Stupidity of her own?

The next law the State of Virginia should pass in this vein is one that makes it a felony to post SSN's in public.

That's kind of the point: Ms. Ostergren got the numbers from publicly available, online state records in the first place, so the State of Virginia would, in fact, not be complying with its own law. She's doing this to ... wait for it ... attract enough attention to get a law passed so all SSNs would automatically be redacted at the document level so there would be no SSN information to reproduce downstream in the first place.

Re:ID Theft Field Day?

[orgelspieler]

I think you mean Commonwealth of Virginia.

Re:ID Theft Field Day?

[Zymergy]

It's not so simple as that...
People file their SSN in Public Records all the time.
For example, I have seen numerous PUBLIC tax records on file in the County Clerk's Office (as well as the County and District Court Clerk's Offices in my state (Oklahoma).
The same is true for numerous Oil & Gas Leases filed publicly.

A better approach is the one Texas took a few years back, requiring anyone accessing the public documents to sign an sworn and notarized affidavit stating that any and all SSN that may be present in the course of their review of Texas public records will not be mis-used. This process was a temporary one where then entire body of records was reviewed for SSN content and numbers of living persons were "blacked out" from the public record documents. Also, if anyone file documents with SSN information they were asked to black it out before filing if the person was not deceased.
It is better to sat up a tax ID with the IRS and use that number for public records. (That way, people legitimately requiring the individual's SSN data must contact the IRS (or the individual) to gain access to said individual's SSN.

Making it a felony would would immediately shut down many county government record departments for years (not to mention the costs to purge the offending data from million sof pages of official public records in every county) and it would otherwise and make felons out of many people who freely file their SSN in the public record.

Also, Todd Davis better hope he does not live in Virginia when your law makes all of his commercials felonious...

Re:ID Theft Field Day?

[Stanistani]

Are you sure she doesn't mean the Grand Duchy of Fenwick?

Re:ID Theft Field Day?

[ApproachingLinux]

did you go to the web site? the only SSNs that were exposed were from public documents of legislators who can fix the system. what better incentive to get them to do their job of protecting the public trust ?

Re:ID Theft Field Day?

[Chris+Mattern]

As a resident of Virginia, I can ask: there's a difference?

Re:ID Theft Field Day?

a transparent, authenticated system of personal financial metadata kept in a vault maintained by a consortium of Experian, TransUnion, and Equifax, under tight regulation by the feds.

So we're the United States and Commonwealths of America. (MA, too, I believe.) So VA is not a part of the United States? Which stars on the flag are for states and which are for commonwealths?

By the way -- kiss my ass, you non-contributing pedant.

Re:ID Theft Field Day?

... and it would otherwise and make felons out of many people who freely file their SSN in the public record.

Freely??? Just how many people just add their SSN to a document for the hell of it? If your SSN in in a public record , it's there because it was required to complete the transaction.

In any case, dipshit, anyone who wants to post their own SSN on every phone pole in the city would be exempted

Re:ID Theft Field Day?

Also, if anyone file documents with SSN information they were asked to black it out before filing if the person was not deceased.

Excellent -- now only dead people filing documents will have their SSNs exposed.

Improvement is where you find it.

Re:ID Theft Field Day?

[orgelspieler]

No clue. I live in the Republic of Texas, so all you foreigners are a mystery to me. ;-)

They already do allow that for free

[bigtallmofo]

Can the states force the credit reporting agencies to allow citizens to lock their credit reports?

http://www.google.com/search?hl=en&q=how+to+freeze+credit+report

This is already available, and it's free. Just like opting out of marketing offers.

Re:They already do allow that for free

[Ambiguous+Puzuma]

The fees (if any) associated with credit freezes vary from state to state.
http://www.consumersunion.org/campaigns/learn_more/003484indiv.html

Re:They already do allow that for free

[JimMcc]

The fee is for EACH credit reporting company. So that is $30 total. If you are married it is $60. Then another $10 per agency to get it lifted, again, per person. Hopefully the company you are applying to for credit will tell you which specific credit reporting company they will use. But still it is a chunk of money out of your pocket to protect yourself from something that you shouldn't have to pay for in the first place.

Re:They already do allow that for free

[winwar]

And what if the identity thief has the needed information to remove the lock?

Someone has described that situation here before....

Re:They already do allow that for free

[cayenne8]

"The fee is for EACH credit reporting company. So that is $30 total. If you are married it is $60. Then another $10 per agency to get it lifted, again, per person. Hopefully the company you are applying to for credit will tell you which specific credit reporting company they will use. But still it is a chunk of money out of your pocket to protect yourself from something that you shouldn't have to pay for in the first place."

Agreed. It should be mandated that locking and unlocking is free of charge. No one asked for this data to be collected on us...so, it should not cost us anything to protect ourselves from the use of said information.

I'd like to say that it should all be opt-IN....and all info should be locked by default, but, the lobbiest would likely have that shot down.

So, I'd at least compromise and be happy if the lock lift/set would be free of charge and only take a phone call or website access.

Private information??

[homer_s]

demonstrate the lack of care being taken by government to protect the private information of individuals."

Why is a social security number, a number that helps the social security administration track payments, 'private information'?
Isn't that the bigger problem? Instead of spending more and more money to hide this number (or blame companies who lose such data), intelligent people should be asking why this number should be private.

Re:Private information??

[i.r.id10t]

Because some programmers and record keepers decided years ago that it would make a good primary key for their db...

Re:Private information??

[k2enemy]

Isn't that the bigger problem? Instead of spending more and more money to hide this number (or blame companies who lose such data), intelligent people should be asking why this number should be private.

Exactly. I wish the govt would just announce that on January 1, 2009 they will put up a website that publicly reveals everyone's SSN. Banks and other institutions have until then to work out some other means of authentication.

Re:Private information??

[Taibhsear]

Why is a social security number, a number that helps the social security administration track payments, 'private information'?

Isn't that the bigger problem? Instead of spending more and more money to hide this number (or blame companies who lose such data), intelligent people should be asking why this number should be private.

Are you serious? Why is your bank account info private information? Why is your home address private information? Why is your cell number private information? Because these are nobody's business but yours and the company it comes from.

Re:Private information??

[plasmacutter]

Isn't that the bigger problem? Instead of spending more and more money to hide this number (or blame companies who lose such data), intelligent people should be asking why this number should be private.

Exactly. I wish the govt would just announce that on January 1, 2009 they will put up a website that publicly reveals everyone's SSN. Banks and other institutions have until then to work out some other means of authentication.

Brilliant Idea..

It occurred to me as i was filling out some employment forms just how many people I find questionable have my SSN as open record, and how many people now have me by the gonads.

Re:Private information??

[Tony+Hoyle]

Your cell phone number and home address are definately not private information... pretty much by definition - if you don't tell anyone about them then they lose a large part of their use.

Some bank account information is private - passwords, etc. Other things like sort code and account number you give freely to anyone who asks for a cheque or direct debit, and anyone who wants to give you money.. so they're not private.

Re:Private information??

[homer_s]

Exactly. I wish the govt would just announce that on January 1, 2009 they will put up a website that publicly reveals everyone's SSN. Banks and other institutions have until then to work out some other means of authentication.

That would solve this problem of 'identity theft' better than any of the other schemes they keep proposing. But it wouldn't make as much money though.

Re:Private information??

[metamatic]

Yeah, I had exactly the same idea over 3 years ago. It doesn't even need to be the government that does it.

Re:Private information??

[DavidTC]

It is a good primary key.

The problem is that quite a few places decided to use it as authentication, which isn't a programming or indexing issue at all.

Re:Private information??

[Cro+Magnon]

Exactly!!! The SSN is ID! It's not a bleeping password! I shouldn't have to care if the whole world knows that my SSN is xxx-xx-xxxx. But I do because of idiots using it as a password.

Re:Private information??

[Sentry21]

I often wonder why the SSN in the US is so dreadfully pervasive as 'proof of identity' (which it's not), and why people insist on using it. Sure, it's globally unique, but that doesn't mean anything.

In Canada, our equivalent, the Social Insurance Number (SIN), has somewhat evolved into a de facto ID, the same way the SSN has, but there are restrictions. Unless a company is asking for your SIN for a reason specifically permitted by law (or no other ID would suffice), it may not refuse products or services as a result of refusal to provide your SIN.

The Office of the Privacy Commissioner of Canada has a fact sheet on the SIN and its use in Canada, which is worth reading for any Canadians with a SIN, or any Americans who wish their governments had a clue.

Re:Private information??

[deathspasm]

It would if you were a consultant...

Re:Private information??

[i.r.id10t]

Actually, it is a terrible primary key. SSNs are a limited pool of numbers - the first 3 depend on which state you were born in or applied for a SSN in (eg. Florida has a bunch in the 262 to 268 range, and then more in the 591 to 59something range, 700 is for the railroad retirement society, etc), and they are reused after death, combined in IRS records with name, DOB, etc. to make them unique there and more.

Government

[suck_burners_rice]

Yes, the judge is right about this one. Censorship of this type is the classic way that government can sweep the bad things it does under the rug. We have to always keep in mind that "the government" is not some sort of ethereal force out there. It's a bunch of guys (and women) who happen to have been placed in a position of power, whether it's someone elected to office or that clerk at the local [insert government office here] who likes to be a jerk and inconvenience people because it gives him a power trip to feel like he's the king of some tiny kingdom. We always have to remember that. Just because someone is in "the government" does not make that person special or give that person any special rights whatsoever. Thus, the judge should not do anything about that website, but should force the government to fix its problems.

Re:Government

A little radical transparency and maybe some open source governance would fix all this right up. :)

Re:Government

[Jason+Levine]

We have to always keep in mind that "the government" is not some sort of ethereal force out there. It's a bunch of guys (and women) who happen to have been placed in a position of power, whether it's someone elected to office or that clerk at the local [insert government office here] who likes to be a jerk and inconvenience people because it gives him a power trip to feel like he's the king of some tiny kingdom. We always have to remember that. Just because someone is in "the government" does not make that person special or give that person any special rights whatsoever.

(Not to drift too far OT, but....)

This was just the argument I was making to a friend of mine during a discussion of anti-terrorism laws. He was of the opinion that we shouldn't disallow warrantless surveillance just because it "might" be abused "someday" since it would definitely (in his opinion) help us catch terrorists. He thought that doing otherwise was shackling the hands of law enforcement. I countered that, while law enforcement might like to conduct surveillance without a warrant, it was too ripe for abuse. Our Founding Fathers knew what it was like to live under a government that didn't listen to the people and abused its power. That's why our government is designed with checks and balances. Any law/policy that removes the checks and balances from a governmental agency (say, no warrants required) is highly dangerous and likely unconstitutional.

Of course, my friend chose not to see the danger and just assumed that: 1) he and I wouldn't be targeted, 2) if we were we would have recourse, and 3) the government would give up the powers after the fight was won. I pointed out the flaws in these arguments, but either I didn't do a good enough job or his mind was closed to all debate (probably the latter) because he remains convinced that giving the government unlimited power to "stop the terrorists" is a good idea. In fact, he went so far as to say that he wouldn't forgive me if I supported removal of those governmental powers and we got hit with another terrorist attack.

Then again, this friend also thinks that the fact that Obama's middle name is "Hussein" and his first name rhymes with "Osama" is just too coincidental to not mean something. It's really sad that the future of this country may be decided by people who think that being Conservative means unlimited Federal government power and wanting to curtail the Federal government is a sign of dangerous liberalism.

Re:Government

[steelfood]

Actually, civil servants tend to be at the bottom of their class.

The top of the class are the guys who go into academia and the private sector. The middle of the class tend to go into the private sector. And the bottom of the class goes into public service.

I don't know if it's the same everywhere, but where I'm from, the only good thing about a government job is job security. Otherwise, the pay's a lot less, the opportunities to move upwards are almost non-existent, while the benefits tend to be on par. So while most of the brighter kids get into the higher-paying jobs, the below-average ones go into government. Unless the government agency is one of the intelligence agencies of course.

It's kind of scary if you ever stop to really think about it.

Re:Government

I thought too much transparency was the problem in question?

Nonetheless, awesome links.

Re:Government

My mother-in-law hopes that all the mosques in America have been infiltrated by the FBI. I asked her how she'd feel about having the FBI in her synagogue, and she said it doesn't matter, because it wouldn't happen. Totally awesome.

This is a good verdict

Good for this judge. A good and correct verdict.

What The HELL.

Uhm... I got caught down in Maryland years ago. I was under age, got fined and never paid the ticket.

Well I start looking through the records on one of the site she lists, and lo-and-behold, there I am. Active Case. 'Failure To Show'

Shit.

Assume

[Archangel+Michael]

The problem is that we tend to assume that SS# is "private". It isn't.

We (collectively everyone) ought to just assume that our SS# and lives are being tracked, because we are.

I live my life as if I'm being tracked. I don't own a Credit Card because of it. I don't want my purchases being tracked and traced. I pay cash, which is getting harder and harder to do.

And that stupid VISA commercial where everything stops when a person uses cash, is not helping.

And the loss of community has really pushed the anonymity movement. In days of old, you had to have a "relationship" with the people who bought and sold. Somewhere along the way, that was lost in favor of cheaper prices. We have, collectively, started to see the repercussions of this throughout society.

Now, to buy big ticket items, all you need is a fake ID, a Good SS#, and be gone, and nobody seems to care that we've lost the humanity in the process.

Re:Assume

[the_humeister]

I take it you also don't own a house, own a car, etc.

Re:Assume

But you can be sure he owns a tinfoil hat or two.

Re:Assume

[Archangel+Michael]

You assume too much.

I own my cars, paid cash for each of them. I own my house, never had a loan on it.

Just because 99.99999% of the population does it one way, doesn't mean everyone does.

I'll tell you the next hardest thing to do without credit (cards) is rent a car. It can be done, but not easily.

And no, I don't own a tin foil hat.

Re:Assume

[plasmacutter]

And the loss of community has really pushed the anonymity movement. In days of old, you had to have a "relationship" with the people who bought and sold. Somewhere along the way, that was lost in favor of cheaper prices. We have, collectively, started to see the repercussions of this throughout society.

Now, to buy big ticket items, all you need is a fake ID, a Good SS#, and be gone, and nobody seems to care that we've lost the humanity in the process.

The reprocussions are broader than that.

The lack of interpersonal connection has resulted in a cold and much more rigid society.

In the old days (i mean pre-1970), most people didn't need small loans or welfare because people knew each other. When someone was on hard times they "cut them a break", same when they were late or having a bad day.

Now as an employee you have to suppress every hint of emotion and act like an automaton. So much as a a small imperfection can get you terminated.
If you dare to add flexibility to the policies you will be terminated as well, which makes it hard for everyday people to conduct their day to day transactions.

In my family it's quite common to send out a relative with a charge card (my grandmother does it to my mother, my mother does to me, etc), and despite affidavits and id provided you cannot use a family member's card.

Great!, now my poor bed ridden grandmother has to be rolled out to some store across town because they refuse to allow for familial proxy?

Re:Assume

[orgelspieler]

This is a bit off-topic, but you should be aware that going cash-only is not a good thing to do if you are ever going to be interested in buying something on credit like a car or house. One of the worst things you can do to your credit score is fall off the radar altogether. You may argue that you don't care about your score since you don't need credit, but there are other ramifications. Some apartments won't accept your application if you have a bad score, and some employers do credit screenings before hiring.

Re:Assume

[ColdWetDog]

I live my life as if I'm being tracked. I don't own a Credit Card because of it. I don't want my purchases being tracked and traced. I pay cash, which is getting harder and harder to do.

Protip: Use somebody elses credit card. Problem solved!

Re:Assume

[kabocox]

And the loss of community has really pushed the anonymity movement. In days of old, you had to have a "relationship" with the people who bought and sold. Somewhere along the way, that was lost in favor of cheaper prices. We have, collectively, started to see the repercussions of this throughout society.

Now, to buy big ticket items, all you need is a fake ID, a Good SS#, and be gone, and nobody seems to care that we've lost the humanity in the process.

Define "big ticket items." I'd define it as cars, houses or more expensive than that. For that, the normal person takes out a loan with a bank. There is a lot of paper work involved and communications with sales people and folks at the bank. If your idea of "big ticket items" is between $500-3000, then it doesn't take anyone at a bank to stop or question the payment if you are in the habit of spending that kinda of money or the store that sells the item does normal business with the bank. If you bought a stove at sears or an ID theft did with your ID, then the bank or CC wouldn't question it much. If you bought 2+ stoves at sears or mom and pop we've never heard of store, the bank/CC may flag it and question if the store was trying to over charge/double charge their customer.

In the name of preventing ID theft, CC and banks are looking at your buying habits to see if you purchase anything odd. This should ring alarm bells, but doesn't for some reason. Oh well, its not like the CC or banks do well at verifying you are who you claim to be. The banks/CC should just run their own biometric ID network that requires everyone that wants to use said network to submit finger prints, retina scans, DNA, foot prints, and thermal face scans to the issuing agency. The banks/CC could use all that crap to ID you and in the name of ID theft prevention to not give your resources to anyone else.

In the days of yore, the stores ID'd and monitored all their customers and knew exactly where they all worked/how much they made and if they were good for the credit that the store extended them. How is that much different today rather than the min. wage sales person not knowing all that crap about you? The CC and the store in general most likely does know it, it just takes more effort on the stores part to find out the info as long as they get paid by a CC/bank they don't care if it was you or an ID theif though.

Re:Assume

[Kingrames]

And no, I don't own a tin foil hat.

That's what they WANT you to think.

Re:Assume

[geekoid]

Yes, but you can't really expect a large group of people to consider the edge case.
The fact that you are in a rare position to ahve enough money to pay cash for houses and cars it really irrelevant to the conversation as a whole.

Re:Assume

[Archangel+Michael]

why?

Why is it irrelevant?

You've bought the lie that you need credit to buy things. You can have WAY more things without CREDIT than with it.

Credit = interest. Interest = drain on resources.

If you bought a house, a crummy run down dump, but something you could save up for, and referbished it, and built it up, and lived in it 4 - 5 years, you could resell it for more, and buy a better home that needs work and do the same thing.

There is something about sweat equity that most americans are unwilling to consider. They want the nice house now, don't care about payments and will find a lender that will sell them the bill of goods that they want to buy.

Then they get caught up in the whole "housing boom" and now they are upside down in houses they can't afford to keep.

If that is NORMAL, I don't want it, thank you very much for the offer though.

People buying things that they otherwise can't afford = disaster ... every time!

Re:Assume

[the_humeister]

You're also assuming too much. Credit doesn't always equal interest. eg, pay your credit card balance within the grace period and there's no interest. Also I bought my new car with a 0% interest loan.

Re:Assume

[Kidro]

The problem with this is that not everyone makes enough money to pay for everything in cash. In fact, the vast, vast majority of us don't. I've been saving for two years to have enough money for a down payment on a house. Just the down payment. I wouldn't be living in an apartment right now if I didn't have credit. And living in my parents' basement until I saved up enough wasn't ever an option for me. SSN's and credit ratings, regardless of how unfair or unintelligently they're maintained, are vital to far more people than can ignore these things. People who say, "LIVE WITHOUT CREDIT!" are just flaunting their ignorance and arrogance.

Re:Assume

[Archangel+Michael]

I usually don't buy new cars. They are a poor investment.

Last couple of cars I've bought were lease returns, and cost me less than 1/2 the price of a new car. Both were in great condition.

My ego isn't tied up in "new" things, or other material goods.

Re:Assume

[Phroggy]

You can now buy Visa gift cards, which work like an anonymous debit card that you can buy with cash, then use anywhere Visa credit cards are accepted. At least I'm assuming that's how they work.

Re:Assume

[justinlee37]

Credit = interest. Interest = drain on resources.

Your equation is too simplistic. Oftentimes (although not always, especially in the current housing market), the equity gained from simply owning a home (not considering "sweat equity") is greater than the cost of the interest payments. In this context, getting a loan or a mortgage can be profitable.

You may not need credit, but if it can help you build equity profit earlier in life than you could with out it, then it is certainly better to have it than not to.

This even applies to your "sweat equity" argument -- you can get a mortgage to pay for that run-down house much earlier in life than you would without a mortgage, thereby increasing your gains.

My guess is that someone modded you -1 flamebait for displaying such a dismal grasp of investment analysis.

Re:Assume

I'll tell you the next hardest thing to do without credit (cards) is rent a car. It can be done, but not easily.

Perhaps you'd like to share how you managed that, for the benefit of others who also want to avoid credit?

Re:Assume

[justinlee37]

Maybe he just meant that the car was "new" to him, 'cause he didn't have it before.

Your ego isn't tied up in new things, it's tied up in a totally blue-collar, short-sighted system of ideas regarding investment and the time value of money.

If only they spent as much effort...

[txoof]

Instead of playing whack-a-mole-legislation with reporters and privacy advocates that point out problems, wouldn't our lawmakers efforts be better directed to fixing the privacy holes?

Someone has blown the whistle and turned on the flashing yellow klaxons to alert Virginia citizens and lawmakers to shoddy privacy practices. She's not trying to profit, she's probably not even trying to benefit from this work (except, perhaps in a very professional way). This woman is doing her civic and professional duty to solve what she sees as a problem.

Because she has no direct method for solving this problem, her only recourse is to alert her lawmakers and hope they fix the gigantic hole. Instead of whacking her with legislation, they should be carefully crafting legislation that provides guidelines and most importantly REAL FUNDING to help secure personal informaiton.

Re:If only they spent as much effort...

[mdfst13]

Someone has blown the whistle and turned on the flashing yellow klaxons to alert Virginia citizens and lawmakers to shoddy privacy practices. She's not trying to profit, she's probably not even trying to benefit from this work (except, perhaps in a very professional way).

Even better. There is a simple way for any municipality to get the information taken down from her site. All they have to do is stop displaying it publicly, let her know, and she removes the data. Ten of the municipalities listed have already done that. Of course, there are still eleven more that have not (including those with data for Jeb Bush in Florida and Colin Powell).

Her claim seems to be simple. If it's publicly posted on the internet, then it's not private and she can post it on her web site.

I'm not sure that I entirely agree with her thesis though. She seems to be saying that it's all right for this data to be public, just so long as it's not online. Personally, I don't think that any of this is data that needs to be public. The online part just makes it easier to access. In some ways, it would actually be easier to hide this data online (and limit access to the original physical records with the complete data). Then all the public data could be online and that part that is private (e.g. SSNs) would only be available to those few people that have real need to see the actual physical documents.

The problem is...

[afabbro]

• It is very difficult to change your SSN. No, being a victim of identity theft and having money stolen from your accounts is not sufficient reason.
• SSNs are often available even from people who've been careful.

To take a simple example: until 5-10 years ago, it was common to list SSNs in divorce filings. Get divorced and your SSN was listed in the filings, which are public records and can be looked at by anyone. Even today, in some states, you have to file a motion to have the SSN suppressed from the public version (routinely granted, but still it illustrates how common SSN publication is).

Publishing SSNs found in public certainly advertises the problem, but it also creates problems for innocent, even cautious people who have no way of fixing them.

Of course, the real problem is why we have tied so much personal information to a single government-issued number...perhaps because it's the only nationally unique identification number issued by the Federal government...

Re:The problem is...

[zippthorne]

Another problem is that they're not even unique. They get reused all the time.

AND, there aren't even the full billion possible numbers because some of the digits encode location information. And our estimated population is 1/3 of that billion. Identity thieves could just pick numbers at random to research and ruin.

Re:The problem is...

[DavidHumus]

Lazy programmers? Why go to all the trouble to maintain your own database of unique IDs when you can just use the handy one provided by the Feds? After all, we're all Americans here anyway, right? Never mind that's it's technically not legal to require this information - people have been getting away with it for years.

Re:The problem is...

[afabbro]

Another problem is that they're not even unique.

Actually, SSNs are never reused by the Social Security Administration. Ever. Yes, that does mean there is a problem approaching, especially since the space available (9 digits) is further segmented, as the first three digits are broken up by state.

Re:The problem is...

[DavidTC]

Of course, the real problem is why we have tied so much personal information to a single government-issued number...perhaps because it's the only nationally unique identification number issued by the Federal government...

That's not the real problem. The real problem arrives with the assumption that knowing the number is proof of identity.

Re:The problem is...

[profplump]

An ID is, by definition, public. There's no reason that it couldn't be used as a way to uniquely identify people -- it's a great way to avoid issues with non-unique names, name changes, typos, etc.

The problem is that credit is issued without authentication. Simply knowing my name and social security number should not be sufficient for you to have credit issued; requiring authentication as part of granting credit, and holding credit issuers liable when then fail to require that authentication, would eliminate this problem entirely whether or not we did anything to hide social security numbers.

Re:The problem is...

[geekoid]

AFAIK - there has only been one replacement SSN.
This was wghen they where new and someone used a copy of their SSN to show how there wallet could carry someone SSN card.
When people bought the wallet, they used the copy in the card as if it was their SSN.

Re:The problem is...

[winwar]

"Actually, SSNs are never reused by the Social Security Administration. Ever."

That is incorrect. Some SSN's were issued to more than one person. Maybe not recently or correctly but they have existed.

There is no free credit freeze. Parent wrong.

[BitterOldGUy]

No, I do not know of any state where you can get a free credit freeze. Here's a guide. For the exception of GA where it's now $3, you will be charged $10 for each credit bureau to freeze your credit and charged to unfreeze it.

And you have to do it for each credit bureau.

There is a credit freeze. Parent right.

Uh, here's a tip people. To get a free credit freeze, all you have to do is say that you suspect identity theft.

Just like you used to say to get a free credit report before the annual one came out.

Get with the program... Paying $10 to freeze your credit report is for suckers!

Because asshat lenders are so quick to loan...

[BitterOldGUy]

money. And in this day and age where we can't do business with our local bank - they're all big monster impersonal mega banks that answer only to their shareholders - they lend money with the scantest "proof" of identity. It's no longer knowing personally your banker and your banker personally knowing you. It's all impersonal data in some monster database - we're now just a number: not a person.

I have seen folks who had credit opened in their name WITHOUT the crook using the SSN!

And, I attended a seminar with someone from Equifax. It is VERY common for another person's debt to be on your credit history - even though the SSNs are completely different. How? It happens the most to folks with very common names: example, Smith, Johnson, Andrews, etc....

Our credit system is a huge inaccurate mess. That's why it is extremely important to monitor your credit or, even better, freeze it.

Re:Because asshat lenders are so quick to loan...

[berashith]

scant proof , no kidding. I have someone that constantly gets new lines of credit that seems to never pay the previous lines on time, who always uses my phone number for some reason. Collections people are constantly calling, and we are constantly fighting them off. Now, if anyone issuing this idiot credit did a small bit of research, based on the phone number alone, they would realize that they were not going to get paid back.

btw, Jessica Grier can kiss my ass... go pay your bills.

Re:Because asshat lenders are so quick to loan...

[winwar]

"It is VERY common for another person's debt to be on your credit history - even though the SSNs are completely different. How? It happens the most to folks with very common names: example, Smith, Johnson, Andrews, etc...."

You don't need to have a common name. Just the same last name and same first letter of the first name. That's how one of my student loans showed up on my parents credit report....

*swish*

Cute, but completely impossible scenario.

I bet you're a sack of laughs at the movies.

"Exhilarating, but the laws of physics make such a maneuver impossible."
"Attractive, but you can clearly see airbrushing on the frames."
"Funny, but technically soda doesn't follow that trajectory when coming out one's nose."

Coverup

The government doesn't want t have to fix their problems, that means more work. So let's just cover it up!

Why bother protecting SSNs?

That horse is well out of the barn. They're widely available anyway. The real problem is that people accept "knowledge of SSN" as authentication, not that SSNs get disclosed. Fundamentally, your SSN is your (disambiguated) name, and we don't expect names to be kept off public records.

What should be done is legislation to require better authentication.

There is a free credit freeze. Parent wrong.

It is stated quite clearly for the vast majority of states that a credit freeze is free for victims of identity theft. e.g.

Iowa
Iowa is one of the few states that has not passed a law requiring the availability of the security freeze. Consumers may use the voluntary program.
Eligibility: All Consumers
Fees: No fee for identity theft victims. All others pay $10 to place, temporarily lift, or remove the freeze altogether.

Re:There is a free credit freeze. Parent wrong.

[Low+Ranked+Craig]

"credit freeze is free for victims of identity theft"

I think maybe it's better to close the barn doors _before_ all the horses are stolen.

Government should redefine "privacy"

[ilovesymbian]

The government should redefine the word "privacy". Either reduce the power of the SSN or restrict the use of SSN in instances where it could lead to problems with public use.

And oh, make it illegal for programmers to include SSNs in SQL statements like "select * from records where ssn='xxx-xxx-xxxx'" and pass it through the URL.

We already have a LifeLock guy who goes around trumpeting his SSN and in spite of all his yak and promises, it gets abused. We don't need more people abusing SSNs this way, especially when its not theirs.

Plan for a post-SSN America

[StreetStealth]

I don't think that's quite the way to go about it, but I think it would be good to start by outlawing (with penalties this time) its use for anything other than, you know, Social Security.

But we're just getting started here. Once the SSN has returned to the single use for which it was created, we need a vastly more secure system to replace it. Not a national ID number, but a transparent, authenticated system of personal financial metadata kept in a vault maintained by a consortium of Experian, TransUnion, and Equifax, under tight regulation by the feds.

Users would always be able to securely check the entirety of their personal data to ensure its correctness, would have a federally-mandated path of action to contest errors, and would have a simple method of offering disposable keys to financial institutions to verify their credit history.

Re:Plan for a post-SSN America

[Ken+D]

a vault maintained by a consortium of Experian, TransUnion, and Equifax

What?

I wouldn't trust them with that information. They caused the current problem. Not only do they "verify" your identity and creditworthiness, but they'll sell that information to basically anyone who wants to buy it. Any system where you provide your "identity" to a man-in-the-middle (i.e. a retailer, an employer), that "identity" is compromised.

Re:Plan for a post-SSN America

... a transparent, authenticated system of personal financial metadata kept in a vault maintained by a consortium of Experian, TransUnion, and Equifax, under tight regulation by the feds.

What are you on anyway? If you had the vaguest idea of how the credit bureaus (as well as banks and many other financial institutions) work, you'd be curled up in a ball, sobbing helplessly.

Do you have the slightest idea how tightly they control your information -- and how sloppily?

Instruction time here. First of all, if you try to call a credit bureau, you'll be prevented from speaking to a human, because you're not a "customer' yet. You must order a report online, via mail or by automated menu on the phone. Only then will they issue you a customer ID.

If there's incorrect, derogatory information on your report, you have exactly twenty five words to refute it. If incorrect information was put in by a merchant, even if you can prove it is incorrect, the bureau will not remove the information unless the merchant OKs the removal. Merchant disappeared? -- tough shit on you.

My stupid ass bank recently decided to "tighten up" on security. I had to prove who I was by answering a few questions. They were all of the form, "Which of the following ... NOT ...?"

Every damned one of the questions mixed up information from me and my ex. e.g. "Which of the following cities have you NOT lived in? or None of the Above" All the cities listed were places my ex has lived in since she left, with a single exception of one off-the wall city where neither of us had lived. Same with street names. Never did include a city or street where I myself had ever been. (I've lived at the same address for forty years, long before becoming involved with any of my current banks, CCs, insurance companies, etc. I had to go through the bullshit a couple of times before giving up. In one case (city) they even listed TWO cities where neither of us had lived. Since the last choice was none of the above, that one was impossible to answer correctly under any circumstances.

I finally had to call the idiots to get back into my accounts again.

Afterward, I called the "support" (ha, ha, ha) desk to see if I could get the information for my ex purged. The dumb cock fumbled around, put me on hold a few times (about long enough for him to beat off) and kept saying he couldn't find the erroneous information anywhere in my database entry. I finally told the son of a bitch he was wasting my time and had no fucking chance of being helpful. Just as I pulled the phone away from my ear, I heard him say one of the involved cities. The lying, obstructionist bastard.

Fuck banks.

The judge is smart... and dumb

[superdave80]

OK, so he properly ruled that she can list records that are already publicly available. Good for him. Then I read this amazing piece of idiocy:

He noted that the ruling may have been "very different" if Ostergren only listed Social Security numbers copied from records rather than the records themselves.

What?!?!? It's OK to show the whole record, but not part of the record? What the hell is the difference? The record already has the SSN in it.

Re:The judge is smart... and dumb

The judge makes sense to me...if you are showing part of a record, and not the whole record, it would be difficult to match to the record and prove that it (SSN) was already in the public domain.

I certainly dont want anyone claiming information as a matter of public record when it isnt traceable as a point of public record. That's called accountability.

Re:The judge is smart... and dumb

[superdave80]

But the judge stated his ruling might be "very different"... even if the SSN was copied from a public record. So even if I later showed the whole record to someone who asked where the SSN came from, he is saying that it would somehow be different... when it is the exact same thing. Legal 'logic' at work.

Re:The judge is smart... and dumb

[againjj]

First note the words "may have been". Second, many rulings turn on intent and consequences of the actions at hand. So, consider that if names and numbers were listed in text, then the "look how public records have SSNs" becomes less plausible. It also makes it easier for the SSNs to be taken and used fraudulently. It is one thing for me to say, "go to site X, type the following SQL injection into thus-and-such a field, click button Y, and notice you get a bunch of CC names, numbers, and expr. dates," and another thing for me to say, "here is a text file of a bunch of CC names, numbers, and expr. dates, gotten from site X." Whether the second opens me up to liability is in question (I again refer to "may have been"), but it is clearly less safe. It gets closer to identity information brokers, which can be charged with conspiracy to commit fraud.

Re:The judge is smart... and dumb

[superdave80]

First note the words "may have been".

The fact that he even hinted that it might possibly be different in any way is idiotic.

It also makes it easier for the SSNs to be taken and used fraudulently.

How would it make it easier? Either way, the SSN and name is in plain view for all to see. I don't see how it makes any difference whether I show the entire record that contains a SSN/name, or just list the SSN/name, as long as I say where it came from and/or have a copy of the record in my possesion. It's the same either way, which was the reason that I felt the judge's statement was so bizarre.

Re:The judge is smart... and dumb

[againjj]

How would it make it easier?

It's easier to copy/paste a text file of 10000 entries than to laboriously copy by hand a few entries shown in a collection of images. It is an exact analog to copyright and devices that have a significant non-infringing use -- what is the primary use (not necessarily the primary intended use)?

Re:There is a credit freeze. Parent right.

[roaddemon]

I didn't pay any credit cards for a year, now I have an old fashioned credit freeze.

Don't forget! Cards are quicker!

[Sonny_Jimbod]

Another lie I've seen pushed by the credit card companies is that it's quicker to pay by card than cash. This is an out and out lie, the companies prefer card as it stops the cashiers having to handle cash. Fair enough, if you buy a tin of beans with a high demonination note, it may take a while, but it's still quicker than some of the card terminals I've had to use. Also I prefer the whole "Most of my money is kept secret by this number I don't use too often" over "All my money is protected by a number I use everyday".

MOD PARENT +5 HILARIOUS!!

[bigtallmofo]

I actually laughed out loud.

Not so

Yeah, I know. Data isn't plural for anecdote, but here comes one anyway.

The Philadelphia Inquirrer claimed I owed them $38 (I didn't). They had a collection agency send me a letter. I simply shot a letter back to the collection agency that I in fact, do not owe the newspaper anything and to never contact me again.

I checked my credit, and nothing showed up. If something does, you have the right to challenge it. The creditor has, by law, either 10 days to either prove their case or to expunge the record.

Mod my comment down!

[philspear]

Er, I'd really like to retract this post. It's not insightful, it's me not being awake and not RTFA. So this will probably be a /. first, but I would request someone to mod my own post (the one above) "overrated." She's not doing this to private citizens, the SSNs are already online, this doesn't seem like a bid for attention now that I have the facts straight.

I'm not sure why you can't delete your own post, but there should at least be a "mod my own comment down to '-1: redacted'" option.

Re:Mod my comment down!

[SydShamino]

I'm not sure why you can't delete your own post

DO WHATS RIGHT AND GET RID OF ME!!!
http://idle.slashdot.org/idle/08/08/28/0517235.shtml

Re:Mod my comment down!

Hind-sight is 20:20, and life isn't fair.

Else, I could go back and delete my marriage, or at mod it "-1: Doomed" before I started that 3-year-long flamewar.

Re:Mod my comment down!

[LordKronos]

Email the editors and tell them remove my post or you'll get a call from my dads lawyer buy Friday and then hell will rain down on you.

Re:Mod my comment down!

[philspear]

Yeah, but this issue is fixable is the difference. Would just require a little bit of computer fiddling. Fixing your marriage would have required, I dunno, maturity? A bit harder for some than putting in a self-mod function.

Re:Mod my comment down!

[philspear]

That might work, as my dad is Satan.

Uh, I misread that

[omuls+are+tasty]

as Betty Estrogen. Time for some inPrivateBrowsing I guess...

Just publish them all already

[Antibozo]

It's high time the government simply published all SSNs. We are constantly forced to hand our SSNs over to banks, employers, phone companies, doctors, insurers, etc, and we have no way of knowing how many people have access to them. SSN is just an account number, but it's being used both as a unique identifier for individuals and as an authenticator, mostly because financial institutions are too lazy to develop their own authentication system. What's more, substantial parts of SSN are predictable with decent confidence given knowledge of a person's approximate place and time of birth. Meanwhile, SSN is next to impossible to change, so once it's compromised you're permanently screwed. It should be obvious that using SSN as an authenticator of any kind is pathologically stupid. It lacks every property good authenticators should have.

SSNs are not secret. Let's stop pretending that they are.

Re:Just publish them all already

Here's a tip: stop giving your SSN to every man and dog.

Give it only to government (ie. IRS/SS/DMV) and tell everyone else to get fucked - find your own #.

If enough people started to do that then that would really put pressure back on institutions to find an alternative.

Re:Just publish them all already

In some contries (such as Sweden) the equivalent of the SSN is already public. It is a unique and stable identifier that is guaranteed to make a good index key. Everybody uses it for that.

Nobody uses it for identification. That would be stupid, plain and simple. Identification is done with ID-cards or passports, both carrying photos of the holder.

Bravo!!!

[rgviza]

>"It is difficult to imagine a more archetypal instance of the press informing the public of government operations through government records than Ostergren's posting of public records to demonstrate the lack of care being taken by government to protect the private information of individuals."

A ****ing men. This is a judge that knows what's up.

I love what Betty Ostergren is doing. I've been a fan of hers since a few years ago when she was on 20/20 (I think) and they went over what she is doing. Arizona and Florida immediately started programs to black out people's SSN's on their public records when they saw her site. I guess Virginia would rather expose it's citizens to ID theft and try to squelch Betty than fix the problem.

This is probably the biggest source of SSN's used for ID theft, and Betty is doing something about it.

BRAVO!!!! I'm glad nobody has shut her down yet.

-Viz

Already planned... 2 thousand years ago...

Such a new financial unique identifier number is coming soon, just as you described.

The Bible (Revelation 13:17) says that there everyone will need a mark or a number, without which you will not be able to buy or sell anything.

Re:Already planned... 2 thousand years ago...

KJV:

[13:15]
And he had power to give life unto the image of the beast, that the image of the beast should both speak, and cause that as many as would not worship the image of the beast should be killed.

[13:16]
And he causeth all, both small and great, rich and poor, free and bond, to receive a mark in their right hand, or in their foreheads:

[13:17]
And that no man might buy or sell, save he that had the mark, or the name of the beast, or the number of his name.

[13:18]
Here is wisdom. Let him that hath understanding count the number of the beast: for it is the number of a man; and his number is Six hundred threescore and six.

Re:Already planned... 2 thousand years ago...

[Phroggy]

Yes, but if you read the chapter in context, it talks about a beast who will perform "great and miraculous signs, even causing fire to come down from heaven to earth in full view of men. Because of the signs he was given power to do on behalf of the first beast [mentioned previously], he deceived the inhabitants of the earth. He ordered them to set up an image in honor of the [first] beast who was wounded by the sword and yet lived. He was given power to give breath to the image of the first beast, so that it could speak and cause all who refused to worship the image to be killed."

So until the rest of that happens, whatever number you might be assigned is probably not the Mark of the Beast. I would suggest, however, that the two "beasts" mentioned here could be just about anything - for example, the first beast could be a corporation while the second beast could be a marketing campaign (I'm not suggesting this is a good interpretation, it's just one crazy idea).

This is becasue SSNs

[geekoid]

are public information. It's that way by design.
It's the people that sue them for other things that area at fault. THEY need to change.

Changing them to be private can not work by their nature. You should not be calling for people to 'protest' them, you should be calling for a stop to their improper use.

Let me get this straight.

[k1e0x]

* A concerned citizen found SSN Numbers in public that the goons government didn't care to protect.

* Government goons ignored her when she brought this to their attention (over several years).

* She then created a website to expose this act of government incompetence to the public. She posted SSN number of people like Colin Powell and Jeb Bush.

* The Government goons intended to crack down on her and make the act of exposing their incompetence illegal. Essentially saying that it was illegal for her to do exactly the same thing they were already doing, and were undoubtedly going to continue to do.

That is insane

No longer is government concerned with addressing problems it has, now it wants to shut people up who air their dirty laundry. This is *exactly* like the MIT Subway hacker case. This lady is a hero, Government MUST be accountable for its actions when they are operating in error.

Re:Let me get this straight.

[freedom_india]

Government MUST be accountable for its actions when they are operating in error.

Ha ha ha! You must stop drinking cool-aid.
I will give you an example: If we owe any money to the government, it has the power to seize us, our property, our lives and even our children, auction them and get its dues paid. BUT, if the government has any dues to us, the law does not apply since we are *part* of the government: which is bullshit since i can make the same argument and refuse to pay government any dues.
How comes laws never address this gross injustice?

Re:Let me get this straight.

[k1e0x]

Oh yeah, I agree with you. I'm not part of the government, I have no illusion of such a falsity. lol

Even if you were to attempt to get government to pay you (with taxpayer money they stole from other people) you would still loose out because you would have to take time off work and go to deal with them / go to their court. etc..

Re:Let me get this straight.

What do you mean? People can sue the government to collect money owed. Many people go to court for social security and disability benefits.

Re:Let me get this straight.

[freedom_india]

No, that's not what i meant. For instance if i owe IRS back taxes and they find out, they get a notice of arrest issued, arrest me, seize my property and sell it.
Similarly, if the government owes me money, i should be able to walk up to the Town Hall, do a citizens' arrest of the nearest official i can lay my hands on, and sell off the town hall to recover my dues: without going to the court. The law permits IRS to do this: you goto court to defend yourself. Similarly the law needs to give me power to do the same thing: the government needs to goto the court to defend itself.
The courts are when the either party disobeys law or contracts: the courts then step in to enforce the same if legal.
The day iam able to arrest the nearest congressman (Pelosi), auction the State's assets to repay the government's debt to me, will be the day US actually has democracy and is a republic: until then its all a sham.

Re:Let me get this straight.

[freedom_india]

No. You should NOT sue to get your money. The IRS doesn't sue you if you fail to pay taxes: they arrest you and auction off your property, all without going to court: because the law gives them the power.
Suing the is the last option: If the law allows IRS to seize my assets and freeze my bank accounts on authority of its letters, the same law should allow me to freeze the accounts of government officials concerned (say tax refunds), arrest them and auction the government premises immediately all without going to court and crying my eyes out to the judge.
Why should the low discriminate against a tax payer in favor of the government always? Socrates didn't say this when be proposed people's government, and Plato definitely didn't say this.

And then...

[QZTR]

You'll dispute it and have it removed despite their presumed (and not stipulated) "unwillingness", as it is the reporting agencies who make the final decision and they are legally exposed if they don't.

They get nothing from the person who makes the false claim, and have no exposure if they choose to side with you and not list it. If they side against you and they're wrong, they can be sued.

So, the idea you're trying to sell us is that a company that has no incentive at all to side with a merchant who reports inaccurate data, will do so anyway, while refusing to correct that inaccurate data despite the fact that they will expose themselves to a lawsuit by doing so.

Logic, and experience, say that doesn't add up.

"Identity theft" a Myth Conception

With apologies to Robert Asprin, who wrote the novel of the same name...

While theft of financial records and the passwords to those records and accounts is a reality that allows people to pose as others, the theft issue, as noted by others, often completely ignores the responsibilities of the financial institutions and credit-issuing firms to PROTECT that data in a pro-active, positive and effective manner.

If penalties were assessed to these institutions that were equivalent to the losses suffered by the victims of these crimes where the lack of protection of data is demonstrable, and, further, damages in addition to the losses suffered by the individual victims also assessed in each case, I believe we would see the security leaks get plugged VERY quickly!

Military use

[jimcooncat]

Back in Gulf War I (the big one) we had our family, gf's and penpals write our service number in the address. This came down from the big kahuna postmaster in the theater. Of course, for US citizens, our SSN was our service number. No one made a fuss about it then. It was when businesses started using it as authentication that identity theft became rampant. The solution has been around for years -- notaries.

Re:Military use

Back in Gulf War I (the big one) we had our family, gf's and penpals write our service number in the address.

When the hell didi this SSN shit start? I was in the Coast Guard in the 60s and we had CG-issued service numbers.

how can you say there aren't????

[tacokill]

By activist judges, we don't mean "judges who are doing their job and objectively ruling on law". You are right, that is the judicial branch's job.

Rather, the title of activist judges is reserved for judges (some appointed by political leaders) who start inserting their own bias and ideological beliefs into their interpretations. There is a big difference between intellectual disagreements about law and outright manipulation of the law. Everyone is for a good discussion about interpretation with real dissenting viewpoints. The problem is that there is always someone who wants to abuse that banner and start promoting their own (usually extreme) interpretations. No one would argue that judges have the power to do this. We grant them exceptional power but in return, we ask they be impartial and objective.

Well -big shocker- not all of them are. To claim otherwise is totally ludicrous. They are human, after all.

Yes, yes, there are activist judges out there. Not the majority, I am sure. But enough of them to matter.

What house can you afford

on one years' salary if you're on the average US or whatever wage?

Either you get a loan or you don't buy your house and rent.

Awesome!

[DraKKon]

"It is difficult to imagine a more archetypal instance of the press informing the public of government operations through government records than Ostergren's posting of public records to demonstrate the lack of care being taken by government to protect the private information of individuals."

Skrew 3 times.. try saying that really fast ONCE!

But at least someone in the government has a brain.

Re:How about something better? ART!

All my transactions are performance art - and I don't release the copywrite for derivative works!

This beast sounds just like...

...Microsoft to me.

Wow: politicians' SSNs! Colin Powell, Porter Goss

[bratgitarre]

For those who didn't check out the site Virginia Watchdog linked in the article -- I think by posting the SSNs of people ranging from some county executives, Florida SOS Browning, former CIA director Porter Goss, Jeb Bush, and Colin Powell to Tom Delay (and so on), the site's author makes it plain: the situation is pretty crazy, with many counties all over the US publishing these misguided identifiers.

Illegal in some jurisdictions

The privacy laws in Finland make it illegal for businesses to use the SSN as a database key because it would make it technically too simple to join tables. That's why the businesses must have proprietary customer numbers of their own.

STOP using SSN's for anything other than SSN !

When oh when oh when are all these people who use SSN's going to wake up? I mean, damn, how many times do these morons who use SSN's as their clients' account numbers at the same time running totally insecure jokes of a network end up leaking this information & screwing over their clients. This cost is then borne by all of us, by the government (read: all of us), for a number that was designed to distribute social security payments & NOTHING else.

The State of Virginia ought to be ashamed of itself.