Sunday, February 27, 2005

When I look over my shoulder

Be sure to stick with me through this one; I promise I saved the best/worst for last.

The Jeopardy! category is Common Threads for $1200.

The answer: An email from the Social Security Administration about focus groups on privatization, a letter from ChoicePoint Inc., some computer tapes from the Bank of America, and the attorney general of Kansas.

The question: What are threats to personal privacy?

Our cultural understanding of what is "private" has changed over the centuries. Some of what seems obvious now would have seemed odd in the past and vice versa. For example, a fair amount (although not all, certainly) of our fastidiousness about bodily functions dates only from Victorian times, when, as has happened so many times before and since, the elite sought to prove their eliteness by separating themselves from some aspect of the "common sorts," the "vulgar" masses, only to have those same masses, wanting to imitate their "betters," adopt the same attitudes. (Although I expect many of you know, it's still noteworthy that "vulgar" originally meant "of the common people, everyday" and only over time acquired its current thoroughly negative meaning - and that largely through, again, elites trying to show that "vulgar" was precisely what they were not.)

But while exactly what was and was not considered private has changed over the course of time, the fact is that the concept of privacy, a concept that there were areas, either physical or psychological, where others could not go without your permission, has always been there. "A man's home is his castle" had a real legal importance at one time: In old England, it was common law that even the King could not enter your house without your consent. Applied to political affairs, it put genuine limits on the power of the state to exploit individuals and gather ever-more power to itself - avoiding that outcome being the purpose of the Fourth Amendment prohibition on "unreasonable searches and seizures." More: It actually underlies the First Amendment as well, which is based in part on the notion that the state has no legitimate right to inquire into your personal political or religious beliefs except as you - and only to the extent that you - freely choose to express them.

In more recent times, that concept has become a treasured one and has been expanded as our economy and our technology have changed in ways that have raised issues that simply didn't exist earlier. Financial privacy only becomes important when you have an economy based on credit rather than cash-and-carry; medical privacy arises as a concern when electronic databases make what was previously known only to your doctor available to anyone with the right password and medical technology improves the chances of accurate predictions of future health problems (and therefore future costs for such as insurance companies).

Unfortunately, the expansion of "privacy" has tended to follow in the wake of the expansion of "information management" and we seem always to be a step (or more) behind, reacting to new threats from new areas: We only recognize a privacy issue after it has already become a threat.

Our computers, wonderful gizmos that they are, are also the source of some of those very threats. One recent one involves a email some people have been getting, apparently from the Social Security Administration. It says it's looking for people who might like to take part in a series of focus groups on the subject of privatization. Even some lefty blogs passed on the info, thinking it could be a way to influence the debate.

Those who responded to the notice received an email. As Josh Marshall of TalkingPointsMemo describes it,
[o]n its face, the response and the form looked like about what you'd expect: some boilerplate about what the focus groups would be like and a form asking for various personal and demographic information about the potential participant.
And, of course, some information necessary to make sure the participant was who they said they were; can't be too careful these days and all, and so would you also give us your name, your birthdate, your Social Security number....
The email was 'signed' by someone claiming to be from the Social Security administration.

Based on this I called the SSA press office early this afternoon. And an hour or so later I received a call back from Mark Lassiter, the press officer. Lassiter told me in no uncertain terms that these focus group postings and emails are "not being done by SSA or anyone working on SSA's behalf."
That is, the whole deal is a scam, a fraud, very likely an attempt at identity theft. It is supposedly being investigated.

Admittedly, this is a rather run-of-the-mill attempt at a rip-off, but what's important to consider is the scope of what someone could do with that information. A verifiable name, address, birthdate, and SSN - and of course it would be verifiable, it's yours and it's accurate, yes? - is really all that's needed for someone to plunge you into a nightmare and run away with your life. AP for Friday tells one tale:
Warren Lambert thought it was just another piece of junk mail until he read the letter more closely and learned that con artists may have obtained his Social Security number, name and address - just what they need to steal his identity and ruin his credit.

Lambert is one of nearly 145,000 Americans rendered vulnerable by a breach of the computer databases of ChoicePoint Inc., a leading trafficker in a growing pool of information about who we are, what we own, what we owe and even where we go.

The Georgia-based company began mailing the warning letters after acknowledging this month that thieves opened more than 50 ChoicePoint accounts by posing as legitimate businesses.
ChoicePoint is one of a growing number of companies that deal in information. Information about us, information that we may have thought was private. These companies gather up all the info about you they can find put it in one package, and sell that information to others. The details of your life become a financial transaction.
More than 9.9 million Americans were victims of identity theft last year, crimes that cost the nation roughly $5 billion not including lost productivity, according to the U.S. Postal Inspection Service. The Federal Trade Commission ranks identity theft as the No. 1 fraud-related complaint.

Many victims are dumbfounded by the dearth of federal and state laws aimed at protecting their credit histories and other information about them that data brokers gather and sell to institutions including news organizations, banks and, increasingly, companies vetting prospective employees. Victims are also frustrated by the amount of time it takes to re-establish identities.

According to a 2003 survey by the San Diego-based nonprofit Identity Theft Resource Center, the average victim spends at least 600 hours over several years recovering from identity theft. And based on wages of people surveyed, it cost the average victim nearly $16,000 in lost or potential income - not including what they might have paid for bogus purchases creditors wouldn't reimburse.
ChoicePoint initially concealed the breach from the public and only began to notify possible victims because of a California law requiring them to do so. In a letter to ChoicePoint last week, the Electronic Privacy Information Center (EPIC) noted that
we exchanged letters in January after EPIC had urged the Federal Trade Commission to investigate your company and other commercial data brokers. We had specifically raised questions about the adequacy of your auditing procedures. You wrote to me to dispute our charges and to suggest that there was no reason for the FTC to pursue the matter.

We replied, before the news of the past week, that it was clearly appropriate for the Federal Trade Commission to determine whether your company complied with the Fair Credit Reporting Act and also that it would be necessary to update federal law to take account of new business practices.
That is, the company was claiming in January that there was nothing wrong with its auditing procedures, no need for any federal regulation. That was three months after ChoicePoint realized that the 50 "business" accounts were bogus.

Feeling safer now? By the way, ChoicePoint still refuses to inform those whose records were sold just what was in them beyond name, address and Social Security number. Bogus businesses can buy that info for $100, but you can't have it at all.

In the wake of the fiasco, Senate Judiciary Chairman Arlen Specter (R-PA) said he would schedule hearings on identity theft and information brokers. And guess what? Here's something as reported by Reuters on Saturday that may well give his colleagues a little nudge in the right direction:
Computer tapes containing credit card records of U.S. Senators and more than a million U.S. government employees are missing, Bank of America said on Friday, putting the customers at increased risk of identity theft.

The security breach, which included data on a third of the Pentagon's staff, angered lawmakers already concerned after criminals gained access to thousands of consumer profiles in a database maintained by a data profiling company, ChoicePoint Inc.
That's right, "dozens" of Senators suddenly find themselves exposed to the risk of identify theft, as records holding their Social Security numbers, addresses and account numbers are missing. The disappearance, thought to have been the result of theft by baggage handlers off a commercial plane carrying the tapes to a back-up data center, took place months ago but bank officials say they only now got permission from law enforcement to let customers know.
"The investigation to date has found no evidence to suggest the tapes or their content have been accessed or misused, and the tapes are now presumed lost," the bank said in a statement.
Right. And ChoicePoint saw nothing wrong with its auditing procedures.

Sen. Patrick Leahy (D-VT) said he hoped the incident would move Congress to pay attention to a "rapid erosion of privacy rights" due to faulty data security.

But while these threats are ones to our financial security, our peace of mind, and most importantly, our personal privacy, threats resulting from thieves but rooted in the corporate commercialization of our personal lives for profit, another threat, in some ways looming even larger, is that to our political privacy - or, more precisely, threats to our privacy engendered by government rather than corporations and other sorts of crooks. In what can only be considered a politically-motivated move of the most thoroughly scummy sort, Kansas Attorney General Phill Kline
is demanding abortion clinics turn over the complete medical records of nearly 90 women and girls, saying he needs the material for an investigation into underage sex and illegal late-term abortions,
said AP on Thursday.
Kline is seeking the records of girls who had abortions and women who received late-term abortions. Sex involving someone under 16 is illegal in Kansas, and it is illegal in the state for doctors to perform an abortion after 22 weeks unless there is reason to believe it is needed to protect the mother's health.

Kline spoke to reporters after details of the secret investigation, which began in October, surfaced in a legal brief filed by attorneys for two medical clinics. ...

The clinics said Kline demanded their complete, unedited medical records for women who sought abortions at least 22 weeks into their pregnancies in 2003, as well as those for girls 15 and younger who sought abortions. ...

The records sought include the patient's name, medical history, details of her sex life, birth control practices and psychological profile.
The clinics have offered to provide information with certain information deleted, but Kline would have not of that, he wanted it all. This unbelievably slimy exercise, this attempted psychological rape, has no relation to any investigation of any actual crime, real or suspected - it is a classic fishing expedition. But it's one with a particularly sinister motive, as I can see no other purpose for the abortion-opposing Kline to be doing this except to send a message to any woman, of any age, seeking an abortion that the most intimate details of her life can easily become a matter of public record, salaciously poured over by file clerks looking for a quick thrill, not to mention anyone else who might gain access for some of course "legitimate" purpose.

Two things make this especially chilling: One, the matter only came to light because of a brief filed by the clinics in an appeal of AttGen Slime's demand;
the clinics' attorneys said a gag order prevents the clinics from even disclosing to patients that their records are being sought,
so they wouldn't even know until it was too late. And two, back in October, state District Judge Richard Anderson said Slime could have the files. AttGen Slime is not the only scumbag in this episode. The clinics have appealed to the state Supreme Court; no hearing has been scheduled.

By the way, in 2003 AttGen Slime tried to force all health care professionals in the state to report underage sexual activity to his office. A federal judge blocked him. So far. Maybe he'd like to introduce mandatory virginity tests? I'm sure he'd be willing to undertake the "burden" of doing his share of them.

Footnote One: Not every bit of news is bad. Back on February 10 I posted about the plan of Brittan Elementary School in Sutter, California, to require all students to wear ID badges with Radio Frequency ID (RFID) chips in them amid privacy complaints from parents and questions about the school's relationship with the company supplying the badges. CNET News reported last week that the company, InCom, has pulled out of the deal and the plan has been abandoned.

Footnote Two: Besides EPIC, a good source for privacy-related news is The Identity Theft Resource Center (ITRC) is a pretty good source on that issue.

No comments:

// I Support The Occupy Movement : banner and script by @jeffcouturer / (v1.2) document.write('
I support the OCCUPY movement
');function occupySwap(whichState){if(whichState==1){document.getElementById('occupyimg').src=""}else{document.getElementById('occupyimg').src=""}} document.write('');