State Cannot Force Removal of SSNs From Privacy Advocate's Site 262
jvatcw brings us a story about Betty Ostergren, who operates a website dedicated to pointing out the social security numbers visible in public records. The purpose of the site is to raise awareness of privacy concerns regarding the personal information shared in Virginia's governmental websites. Legislation was introduced in Virginia to combat Ostergren's website, but last Friday a judge shot down the attempt to censor her, writing, "It is difficult to imagine a more archetypal instance of the press informing the public of government operations through government records than Ostergren's posting of public records to demonstrate the lack of care being taken by government to protect the private information of individuals."
How about something better? (Score:5, Insightful)
Can the states force the credit reporting agencies to allow citizens to lock their credit reports? The whole idea of identity theft is crazy - it could be trivially fixed with one-time passwords that people give out only when they need to.
But then we couldn't make money on credit monitoring services, now, could we?
Re:How about something better? (Score:5, Interesting)
I wonder whether "identity theft" is not just an utterly brilliant public relations tactic used by the credit card companies to deflect responsibility away from themselves.
In "identity theft" the thief is the bad guy and the credit card company's responsibility is ignored.
Re:How about something better? (Score:5, Insightful)
Re: (Score:3, Insightful)
Re:How about something better? (Score:4, Interesting)
what about negligence. If you ask for something to be removed that gets replaced in an automated fashion the next month, then there is a proveable disregard for accuracy. It isnt libel, but taking the cheap and easy way can provide known incorrect information.
Re: (Score:3, Insightful)
You've got the right kind of idea, but probably the wrong terminology.
What you are saying (if I may interpret broadly) is that credit reporting agencies have a duty of care towards the people whose information they traffic in. Naturally it would not be libel unless they were knowingly publishing defamatory information in a malicious or wildly irresponsible manner. Posting incorrect records in and of itself isn't anywhere near this standard.
And, in general, one is not liable for the criminal actions of ot
Re: (Score:3, Funny)
Have you read the small print you sign when filling out any credit app?
No, neither have I.
I'll bet you some karma that it includes a liability waiver for the company you're applying with and the reporting credit bureaus as well.
Re:How about something better? (Score:5, Insightful)
I wonder whether "identity theft" is not just an utterly brilliant public relations tactic used by the credit card companies to deflect responsibility away from themselves.
The artificial distinction of allowing trusted people (banks, the phone company) access to your identity, while keeping it a secret for the general public (that includes identity thieves) is childish. As it is the attempt to criminalize the act of compiling a list of people's identity using public data - all identity data is public to some extent, by definition; if it's not public, it does not identify you. Compiling lists of public information is a clear example of free speech.
The term of "identity theft" is a copious misnomer perpetrated on the public by the credit industry. The identity of a person cannot be stolen, only duplicated or impersonated. The real crime here is identity fraud. The distinction might not seem much, but it's of key importance: it shifts the victimization from the impersonated person to the banker/stock agent/realtor/whatever that accepts the fake identity.
After all, why should *I* pay for the fact that some bank lends money to someone who says it's me ? The bank has little incentive to properly authenticate the guy: they want as much customers as possible, and be competitive: they reduce fraud to acceptable levels, until fighting against it is more costly than the actual money saved. The devastating consequences that "ID theft" has over an individual's live becomes an externality for banks. Meanwhile, I can do nothing to protect myself: my identity is in hundreds of public and private databases, out of my control: it's how I register to vote, how I get medical care, and how I install an Internet connection. I cannot function in this society without making my identity public, so It's unreasonable to require me to protect my identity from "theft".
You can find an excellent written article about the distinction between identity theft and fraud here, by noted security expert Bruce Schneier:
http://www.schneier.com/blog/archives/2005/04/mitigating_iden.html [schneier.com]
The solution against identity fraud is making the enablers pay for it, breaking the externality. For example, a maximal 15-day clearing period of any wrong information on your credit report, after which the bank can be charged with libel.
Devising more intricate ways to keep our identity data "secret" is just band-aid.
(I fully agree there are other reasons to wanting to have your data private, such as, well... privacy; ID "theft" should not be one of them)
Re:How about something better? (Score:5, Insightful)
The 'other' problem with SSNs is that they are a ubiquitous form if identification in society today.
Certainly, they are not useful for authentication purposes. But what they were intended for, a unique identification for the purposes of tax and Social Security data becomes a problem when it slips out into other parts of people's lives. Aside from entities (banks, employers, etc.) who have a legislated need to identify me as a unique individual, not many other people do. I have the right to receive my monthly p0rn subscription, contribute to Greenpeace, call all those 1-900 numbers for $5.99/min, and enroll my children in that hoity-toity private Christian school while maintaining deniability that the PPH engaged in one activity is the same as the others.
There are very few cases in which private businesses have the right to link my identity to the relationship I have with anyone else. I can give most a business who requests my SSN a phony number so long as I do so with no intent to commit fraud and the legal consequences are minimal.
Re:How about something better? (Score:5, Informative)
>After all, why should *I* pay for the fact that some bank lends money to someone who says it's me ?
You don't.
You will get a collection call.
At that point, you can ask them to fax you a copy of the signature they have, where you agreed to the credit contract.
They won't have it. Then you call the bureaus, and request your free copy of the report. When you get it, call back and talk to someone on the phone. They'll take it right off your report.
It took me less than an hour each of the 3x that Household Bank got ripped off by someone using my info. Never paid a single penny...
-Viz
Re: (Score:3, Insightful)
You never paid a single penny, other than your time invested. You got it taken care of in less than three hours. That is not guaranteed to be the case.
Furthermore, you have absolutely no idea what other databases this information has since been incorporated to. Hard to "fix" something you don't know exists.
Re: (Score:2, Insightful)
Re:How about something better? (Score:5, Insightful)
I wonder whether "identity theft" is not just an utterly brilliant public relations tactic used by the credit card companies to deflect responsibility away from themselves.
Don't just wonder about it. Refuse to use the term, like I do.
The correct term is fraud, and the victim is the business that got defrauded.
These businesses use the term 'identify theft' so their reaction to their own defrauding, which 'blame some random person who has nothing to do with it', isn't recognized as the criminal action it is. But the injury to 'victims' isn't coming from the person who committed the fraud. People whose identities are 'stolen' are not the victims of identity thieves. They're the victims of the victims of identity thieves.
People who have had their 'identity stolen' need a good lawyer to sue the ass off everyone who, when they got defrauded, didn't immediately fix the issue. It is in no way your responsibility that other individuals and businesses do not have stricter checking of identity, and you should be able to sue that business for every second of time and money their lax policies cost you in cleaning it up.
They can, of course, then sue to recover that money from the person who defrauded them, but that's not relevant to the 'identity theft' 'victim'.
If someone steals my car, I do not have the right to steal your car. Even if the person stealing my car used your name to do so. Even if I'm clever enough to invent the term 'indirect car thief' for the original thief, and 'indirect car thief victim' for you, and hope that no one catches on that he didn't steal your car, I did.
They already do allow that for free (Score:5, Informative)
http://www.google.com/search?hl=en&q=how+to+freeze+credit+report [google.com]
This is already available, and it's free. Just like opting out of marketing offers.
Re:They already do allow that for free (Score:5, Informative)
The fees (if any) associated with credit freezes vary from state to state.
http://www.consumersunion.org/campaigns/learn_more/003484indiv.html [consumersunion.org]
Re: (Score:3, Funny)
I didn't pay any credit cards for a year, now I have an old fashioned credit freeze.
MOD PARENT +5 HILARIOUS!! (Score:2)
Re:How about something better? (Score:5, Insightful)
How about we just stop using social security numbers as though they're some sort of magical security token? It was never designed for that purpose, and if you put the slightest bit of thought into it, you immediately realize that it's not secure at all. People act like it's some sort of super-secure password that authenticates who you are, but then you're basically required to give out that password to random people on a semi-regular basis.
In modern times, with ubiquitous computing, it seems like there must be a better way. Hell, issue every man, woman, and child something comparable to an SSL certificate and have the government (or credit agencies) run the analog of the root servers. It may not be a perfect idea, but it'd be better than this.
Re: (Score:2)
I think it's part of a larger problem where people seem attracted
Re: (Score:2)
I suppose, but it doesn't seem to me like the problem is that people use one identifier as an identifier for something else. For example, there are plenty of sites that will use your e-mail address as their username. It might not be your preference, but there's no inherent security risk (at least not any that are immediately apparent to me).
If everyone wants to use SSN as some sort of universal ID number, it doesn't seem to me like it's a big problem. The problem arises when they want to use it as some
Re: (Score:2)
No kidding. SSNs are everywhere, and this website is a great example.
Your analogy to the computer security world -- certificates and signatures -- is actually a good idea, although implementing it would cost billions of dollars to the government, banking, and insurance industries (among many others) that use SSNs to identify clients.
Do you really think that Mom & Pop Bank in rural North D
Re: (Score:3, Insightful)
although implementing it would cost billions of dollars to the government, banking, and insurance industries (among many others) that use SSNs to identify clients
Sure, it would cost money. Then again, how much money is lost to identity theft, including the money spent on identity theft protection and money spent on investigating identity theft claims. Given a long enough timeline of dealing with these issues, building a better solution might just save money.
Do you really think that Mom & Pop Bank in rural North Dakota has any ability to modify their banking systems to work with such a scheme when they can't even make a web site? I don't.
So give small banks a tax break on hiring an IT guy trained to deal with this stuff. I don't really know the best solution there, but it doesn't seem like an insurmountable problem.
Re: (Score:3, Interesting)
Being willing and able to monitor your own credit still isn't enough.
Not being willing to accept or use "credit" isn't sufficient either.
All it takes is one abusive merchant to initiate a "collection" against
you. It won't matter if it's a genuine billing dispute or not. That
"black mark" will end up in your report. The relevant parties will be
unwilling to remove it, and everyone else will use it against you.
Re:How about something better? (Score:5, Interesting)
IF I don't use credit, then a "black mark" is meaningless.
And, with all those "black marks" on my credit, then anyone accepting my SS# and credit history, gets what they deserve.
But you raise an interesting point, though it is obscured. If I don't use credit, and someone issues credit in my name to someone other than me, how would I prove it? How would I even know it?
In that case, the credit companies have broken system (yeah, we all know it too). In this case, I'd sue everyone involved ruining my reputation.
I'm wondering why nobody has gone after them for slander or libel (which ever applies), in a civil tort?
Re:How about something better? (Score:4, Informative)
You mean you live below your means. If you lived above your means, you'd be spending more than you earn.
Re:How about something better? (Score:4, Interesting)
I was in horrible credit card debt hell post-Katrina. But, I got good settlements on my lost car and other things...and along with some other good fortune that came out of all that mess...I"m virtually debt free. All cards paid off, only a car and motorcycle note right now. I never intend to go into hard debt again. For 99% of all purchases I do, I pay cash.
But, I do have credit cards. I keep them mostly for emergencies, and for buying gas at places like Sam's that don't take cash at the pumps. What I do charge, I pay off in full each month, so that is basically like using cash.
I'm actually wanting to trade a card or so in for ones that earn cash back or airline mileage...which actually pay you to use them.
I'm curious how you go totally without credit. I have mine, and use it sparingly, and responsibly...I'm not sure I could go completely off them. I'd always want one around, just for an emergency....say like the coming hurricane. Last time for Katrina, I rode out with friends. After a period, I had to rent a car, and that is virtually impossible to do these days w/o a credit card.
I'd be interested in hearing the details of how you go completely without them....
Thanks...
Re: (Score:3, Interesting)
The fridge went on the fritz last week, and I fixed it myself. I wouldn't be much of a geek if I couldn't fix things that break. Somethings aren't worth fixing, and I have a slush fund for such things, or I miss my next vacation. Or, I'll do a couple extra side jobs to pay for the nicer things in life.
I don't do without. I do without things I don't "need".
Re: (Score:2)
All it takes is one abusive merchant to initiate a "collection" against
you. It won't matter if it's a genuine billing dispute or not.
And that's when you get the BBB involved and bring them to court.
Re: (Score:2, Interesting)
Re: (Score:2)
Sounds like a violation of the Fair Credit Reporting Act to me. They can be hit for up to $1000 per infraction, and that's $1000 of "real" money, as in the court can make them cut you a check. They know it's there, but it "isn't worth their trouble" to pursue? Sounds like willful violation to me. If you pursue it, they will probably work it out faster than you would have thought possible
Re: (Score:2)
You don't plan on ever buying a house? Or are you just planning on winning the lottery so that you can buy a house with cash?
Re: (Score:2)
That would destroy the entire rate-for-risk loan and mortgage market.
Which means that everyone would get the worst possible deal because there would be no way to see if someone has a good credit report. See how many places will give you a mortgage today if you don't agree to a credit check.
If you don't want a bad credit report, then pay your bills on time.
You can develop good credit by having a credit card (which I'd recommend for all online purchases because of the protection they give you, don't use debit
Re: (Score:3, Insightful)
No, credit reports exist to help lenders decide how much of a risk you are. By the time a debt ends up in the hands of the debt collection industry, your credit report is already fucked.
That's cer
Re: (Score:2)
Did it ever appear on your credit report? If so, did you take any steps to remove it?
Since there's no guilt or innocence involved, this doesn't make any sense.
Repeating "Carthago delenda est" never was much of a
It's sad this had to go to court. (Score:4, Insightful)
I wonder, if it was a newspaper or CNN doing this, if this would have ever gotten that far.
Re:It's sad this had to go to court. (Score:5, Insightful)
A newspaper (depending on the newspaper) or CNN would likely have published the story, but censored the SSNs. Otherwise their readers/viewers would have been angry with their news source for publicizing their information rather than the government for mishandling it.
Now if Ms Ostergren had censored the SSNs like the main stream media would have, I doubt that she would have been able to garner the attention that this story deserves.
Re: (Score:2)
This has nothing to do with privacy. There is nothing "private" about a number used as a unique identifier in government databases. This is a security matter, and what she is doing is no different than posting an exploit.
Re: (Score:3, Insightful)
This has nothing to do with privacy. There is nothing "private" about a number used as a unique identifier in government databases. This is a security matter, and what she is doing is no different than posting an exploit.
Wrong. This is not just posting an exploit. This is like using an exploit, getting people's passwords and and posting them.
Re:It's sad this had to go to court. (Score:4, Insightful)
It's like putting in a plate glass window, then hanging your underwear in front of it. When someone takes a picture of it and posts it, you complain and sue, rather than A) Removing the underwear, or B) covering the window. The window was your doing, and the underwear was your doing - all they did was draw attention to the fact that you might not want to do one of the two.
In case this poor analogy isn't completely clear, the state could have either A) Disallowed access to this information all together, or B) not have included the SSNs. Instead they tried to use legal means to fix their stupidity.
Re:It's sad this had to go to court. (Score:5, Informative)
The ends don't justify the means. She's trying to advocate privacy by decreasing individual's privacy if I'm understanding this. She's saying "this is wrong that your social security number is printed on X public document, so I'm going to post it online to dramatically increase the amount of people who can see it and increase your chances of identity theft."
You missed one important detail.
The records she is putting up on her website are already online.
That pretty much knocks the bottom out of your argument.
Re:It's sad this had to go to court. (Score:5, Insightful)
Also, it doesn't sound like she's just shot-gunning out every SSN she finds. FTA:
Ostergren routinely posts the Social Security numbers of high-profile individuals that she claims to have easily obtained from county and state government Web sites. The list includes former Florida Gov. Jeb Bush, former U.S. Secretary of State Colin Powell, former U.S. House Majority Leader Tom DeLay, former Missouri Sen. Jean Carnahan and several county clerks in Virginia.
That doesn't say explicitly that she's not posting everything, but it does seem to imply that she's just calling out very public government figures. Sure it's a bid for attention, but it's an effective one. And, since it was the State that publicized them, it seems like she's re-publicizing just enough to call the appropriate level of attention to the issue. Good on her.
Re: (Score:3, Insightful)
To her benefit it should be noted that these SSNs really don't hurt anyone, since they are very public figures.
I think a 15 year old cracker would have a hard time impersonating Colin Powell.
Mod my comment down! (Score:5, Interesting)
Er, I'd really like to retract this post. It's not insightful, it's me not being awake and not RTFA. So this will probably be a /. first, but I would request someone to mod my own post (the one above) "overrated." She's not doing this to private citizens, the SSNs are already online, this doesn't seem like a bid for attention now that I have the facts straight.
I'm not sure why you can't delete your own post, but there should at least be a "mod my own comment down to '-1: redacted'" option.
Re: (Score:2)
GOOD.
The information is all available for anyone who knows where to look. Most people don't know where to look. Bad people who shouldn't get your information know where to look. There's a hole here through which people's information is leaking out.
The government has refused to fix the hole, so she tells the world (such as it is), and provides proof. Would the average person care if someone said 'Oh, people can get personal information off some website'? Not really. Would the average person care if THEIR inf
Re: (Score:2)
This is a case where I'd like to be able to delete my own comment. Someone pointed out that she's only posting SSNs available online already for politicians. I don't think this is a bid for attention.
Serious Push Back (Score:5, Insightful)
Re: (Score:2, Insightful)
Re: (Score:2, Interesting)
"betamax" under your definition is also "judicial activism".
rulings like that are a common function of the judicial system, and if congress finds it objectionable they can specifically address it with legislation.
Re:Serious Push Back (Score:4, Insightful)
If people want judges to stop interpreting the law (which is their job), then they need to demand that the legislative branch do a better job of writing laws that don't need interpretation. Just think, if the Bill of Rights had been elaborated just a bit as to the meaning of each phrase and clause, we wouldn't need to have judges and lawyers arguing about 18th century word definitions and grammatical comma placement practices.
But writing better laws would only fix part of the problem. These complainers need to demand that the executive branch do a better job enforcing the laws, too. They could start by kindly asking the President to stop making signing statements for everything that crosses his desk.
If well-written constitutionally valid laws were enforced impartially and regularly, judges would have a lot less to be "activist" about.
Re:Serious Push Back (Score:4, Insightful)
You're mistaken. Judicial activism is defined as what a judge does which the speaker does not like.
I'm still waiting for those complainers to start using the phrase "executive activism". I predict it'll start once a Democrat takes office.
Meanwhile... (Score:5, Funny)
*swish* (Score:2, Funny)
I bet you're a sack of laughs at the movies.
"Exhilarating, but the laws of physics make such a maneuver impossible."
"Attractive, but you can clearly see airbrushing on the frames."
"Funny, but technically soda doesn't follow that trajectory when coming out one's nose."
Re: (Score:2)
*swoosh noise as the point flies over your head*
Buddy, if they don't find a gift-giving error, trust me, they'll find something, eventually. That's how it works.
Private information?? (Score:5, Insightful)
Why is a social security number, a number that helps the social security administration track payments, 'private information'?
Isn't that the bigger problem? Instead of spending more and more money to hide this number (or blame companies who lose such data), intelligent people should be asking why this number should be private.
Re:Private information?? (Score:5, Insightful)
Because some programmers and record keepers decided years ago that it would make a good primary key for their db...
Re:Private information?? (Score:4, Insightful)
It is a good primary key.
The problem is that quite a few places decided to use it as authentication, which isn't a programming or indexing issue at all.
Re: (Score:2)
Exactly!!! The SSN is ID! It's not a bleeping password! I shouldn't have to care if the whole world knows that my SSN is xxx-xx-xxxx. But I do because of idiots using it as a password.
Re:Private information?? (Score:5, Interesting)
Isn't that the bigger problem? Instead of spending more and more money to hide this number (or blame companies who lose such data), intelligent people should be asking why this number should be private.
Exactly. I wish the govt would just announce that on January 1, 2009 they will put up a website that publicly reveals everyone's SSN. Banks and other institutions have until then to work out some other means of authentication.
Re: (Score:2)
That would solve this problem of 'identity theft' better than any of the other schemes they keep proposing. But it wouldn't make as much money though.
Re: (Score:3, Insightful)
Yeah, I had exactly the same idea over 3 years ago [ath0.com]. It doesn't even need to be the government that does it.
Plan for a post-SSN America (Score:4, Interesting)
I don't think that's quite the way to go about it, but I think it would be good to start by outlawing (with penalties this time) its use for anything other than, you know, Social Security.
But we're just getting started here. Once the SSN has returned to the single use for which it was created, we need a vastly more secure system to replace it. Not a national ID number, but a transparent, authenticated system of personal financial metadata kept in a vault maintained by a consortium of Experian, TransUnion, and Equifax, under tight regulation by the feds.
Users would always be able to securely check the entirety of their personal data to ensure its correctness, would have a federally-mandated path of action to contest errors, and would have a simple method of offering disposable keys to financial institutions to verify their credit history.
Re: (Score:2)
a vault maintained by a consortium of Experian, TransUnion, and Equifax
What?
I wouldn't trust them with that information. They caused the current problem. Not only do they "verify" your identity and creditworthiness, but they'll sell that information to basically anyone who wants to buy it. Any system where you provide your "identity" to a man-in-the-middle (i.e. a retailer, an employer), that "identity" is compromised.
Because asshat lenders are so quick to loan... (Score:2, Interesting)
I have seen folks who had credit opened in their name WITHOUT the crook using the SSN!
And, I attended a seminar
Re: (Score:2)
scant proof , no kidding. I have someone that constantly gets new lines of credit that seems to never pay the previous lines on time, who always uses my phone number for some reason. Collections people are constantly calling, and we are constantly fighting them off. Now, if anyone issuing this idiot credit did a small bit of research, based on the phone number alone, they would realize that they were not going to get paid back.
btw, Jessica Grier can kiss my ass... go pay your bills.
Re: (Score:2)
Why is a social security number, a number that helps the social security administration track payments, 'private information'?
Isn't that the bigger problem? Instead of spending more and more money to hide this number (or blame companies who lose such data), intelligent people should be asking why this number should be private.
Are you serious? Why is your bank account info private information? Why is your home address private information? Why is your cell number private information? Because these are nobody's business but yours and the company it comes from.
Re: (Score:2)
Your cell phone number and home address are definately not private information... pretty much by definition - if you don't tell anyone about them then they lose a large part of their use.
Some bank account information is private - passwords, etc. Other things like sort code and account number you give freely to anyone who asks for a cheque or direct debit, and anyone who wants to give you money.. so they're not private.
Re: (Score:3, Informative)
I often wonder why the SSN in the US is so dreadfully pervasive as 'proof of identity' (which it's not), and why people insist on using it. Sure, it's globally unique, but that doesn't mean anything.
In Canada, our equivalent, the Social Insurance Number (SIN), has somewhat evolved into a de facto ID, the same way the SSN has, but there are restrictions. Unless a company is asking for your SIN for a reason specifically permitted by law (or no other ID would suffice), it may not refuse products or services as
Government (Score:5, Insightful)
Re: (Score:3, Interesting)
Assume (Score:5, Insightful)
The problem is that we tend to assume that SS# is "private". It isn't.
We (collectively everyone) ought to just assume that our SS# and lives are being tracked, because we are.
I live my life as if I'm being tracked. I don't own a Credit Card because of it. I don't want my purchases being tracked and traced. I pay cash, which is getting harder and harder to do.
And that stupid VISA commercial where everything stops when a person uses cash, is not helping.
And the loss of community has really pushed the anonymity movement. In days of old, you had to have a "relationship" with the people who bought and sold. Somewhere along the way, that was lost in favor of cheaper prices. We have, collectively, started to see the repercussions of this throughout society.
Now, to buy big ticket items, all you need is a fake ID, a Good SS#, and be gone, and nobody seems to care that we've lost the humanity in the process.
Re: (Score:2)
Re:Assume (Score:5, Interesting)
You assume too much.
I own my cars, paid cash for each of them. I own my house, never had a loan on it.
Just because 99.99999% of the population does it one way, doesn't mean everyone does.
I'll tell you the next hardest thing to do without credit (cards) is rent a car. It can be done, but not easily.
And no, I don't own a tin foil hat.
Re: (Score:2)
And no, I don't own a tin foil hat.
That's what they WANT you to think.
Re: (Score:3, Interesting)
Yes, but you can't really expect a large group of people to consider the edge case.
The fact that you are in a rare position to ahve enough money to pay cash for houses and cars it really irrelevant to the conversation as a whole.
Re: (Score:3, Informative)
Credit = interest. Interest = drain on resources.
Your equation is too simplistic. Oftentimes (although not always, especially in the current housing market), the equity gained from simply owning a home (not considering "sweat equity") is greater than the cost of the interest payments. In this context, getting a loan or a mortgage can be profitable.
You may not need credit, but if it can help you build equity profit earlier in life than you could with out it, then it is certainly better to have it than not
Re: (Score:2)
Re: (Score:2)
Protip: Use somebody elses credit card. Problem solved!
Re: (Score:3, Interesting)
And the loss of community has really pushed the anonymity movement. In days of old, you had to have a "relationship" with the people who bought and sold. Somewhere along the way, that was lost in favor of cheaper prices. We have, collectively, started to see the repercussions of this throughout society.
Now, to buy big ticket items, all you need is a fake ID, a Good SS#, and be gone, and nobody seems to care that we've lost the humanity in the process.
Define "big ticket items." I'd define it as cars, houses
If only they spent as much effort... (Score:3, Interesting)
Instead of playing whack-a-mole-legislation with reporters and privacy advocates that point out problems, wouldn't our lawmakers efforts be better directed to fixing the privacy holes?
Someone has blown the whistle and turned on the flashing yellow klaxons to alert Virginia citizens and lawmakers to shoddy privacy practices. She's not trying to profit, she's probably not even trying to benefit from this work (except, perhaps in a very professional way). This woman is doing her civic and professional duty to solve what she sees as a problem.
Because she has no direct method for solving this problem, her only recourse is to alert her lawmakers and hope they fix the gigantic hole. Instead of whacking her with legislation, they should be carefully crafting legislation that provides guidelines and most importantly REAL FUNDING to help secure personal informaiton.
Re: (Score:2)
Someone has blown the whistle and turned on the flashing yellow klaxons to alert Virginia citizens and lawmakers to shoddy privacy practices. She's not trying to profit, she's probably not even trying to benefit from this work (except, perhaps in a very professional way).
Even better. There is a simple way for any municipality to get the information taken down from her site. All they have to do is stop displaying it publicly, let her know, and she removes the data. Ten of the municipalities listed have already done that. Of course, there are still eleven more that have not (including those with data for Jeb Bush in Florida and Colin Powell).
Her claim seems to be simple. If it's publicly posted on the internet, then it's not private and she can post it on her web site.
I'
The problem is... (Score:5, Informative)
To take a simple example: until 5-10 years ago, it was common to list SSNs in divorce filings. Get divorced and your SSN was listed in the filings, which are public records and can be looked at by anyone. Even today, in some states, you have to file a motion to have the SSN suppressed from the public version (routinely granted, but still it illustrates how common SSN publication is).
Publishing SSNs found in public certainly advertises the problem, but it also creates problems for innocent, even cautious people who have no way of fixing them.
Of course, the real problem is why we have tied so much personal information to a single government-issued number...perhaps because it's the only nationally unique identification number issued by the Federal government...
Re: (Score:2, Interesting)
Another problem is that they're not even unique. They get reused all the time.
AND, there aren't even the full billion possible numbers because some of the digits encode location information. And our estimated population is 1/3 of that billion. Identity thieves could just pick numbers at random to research and ruin.
Re: (Score:2, Informative)
Another problem is that they're not even unique.
Actually, SSNs are never reused by the Social Security Administration. Ever. Yes, that does mean there is a problem approaching, especially since the space available (9 digits) is further segmented, as the first three digits are broken up by state.
Re: (Score:3, Informative)
"Actually, SSNs are never reused by the Social Security Administration. Ever."
That is incorrect. Some SSN's were issued to more than one person. Maybe not recently or correctly but they have existed.
Re: (Score:2)
An ID is, by definition, public. There's no reason that it couldn't be used as a way to uniquely identify people -- it's a great way to avoid issues with non-unique names, name changes, typos, etc.
The problem is that credit is issued without authentication. Simply knowing my name and social security number should not be sufficient for you to have credit issued; requiring authentication as part of granting credit, and holding credit issuers liable when then fail to require that authentication, would eliminat
Why bother protecting SSNs? (Score:2, Insightful)
That horse is well out of the barn. They're widely available anyway. The real problem is that people accept "knowledge of SSN" as authentication, not that SSNs get disclosed. Fundamentally, your SSN is your (disambiguated) name, and we don't expect names to be kept off public records.
What should be done is legislation to require better authentication.
Government should redefine "privacy" (Score:2, Interesting)
The government should redefine the word "privacy". Either reduce the power of the SSN or restrict the use of SSN in instances where it could lead to problems with public use.
And oh, make it illegal for programmers to include SSNs in SQL statements like "select * from records where ssn='xxx-xxx-xxxx'" and pass it through the URL.
We already have a LifeLock guy who goes around trumpeting his SSN and in spite of all his yak and promises, it gets abused. We don't need more people abusing SSNs this way, especiall
The judge is smart... and dumb (Score:4, Interesting)
OK, so he properly ruled that she can list records that are already publicly available. Good for him. Then I read this amazing piece of idiocy:
He noted that the ruling may have been "very different" if Ostergren only listed Social Security numbers copied from records rather than the records themselves.
What?!?!? It's OK to show the whole record, but not part of the record? What the hell is the difference? The record already has the SSN in it.
Just publish them all already (Score:5, Interesting)
It's high time the government simply published all SSNs. We are constantly forced to hand our SSNs over to banks, employers, phone companies, doctors, insurers, etc, and we have no way of knowing how many people have access to them. SSN is just an account number, but it's being used both as a unique identifier for individuals and as an authenticator, mostly because financial institutions are too lazy to develop their own authentication system. What's more, substantial parts of SSN are predictable with decent confidence given knowledge of a person's approximate place and time of birth. Meanwhile, SSN is next to impossible to change, so once it's compromised you're permanently screwed. It should be obvious that using SSN as an authenticator of any kind is pathologically stupid. It lacks every property good authenticators should have.
SSNs are not secret. Let's stop pretending that they are.
Bravo!!! (Score:2, Interesting)
>"It is difficult to imagine a more archetypal instance of the press informing the public of government operations through government records than Ostergren's posting of public records to demonstrate the lack of care being taken by government to protect the private information of individuals."
A ****ing men. This is a judge that knows what's up.
I love what Betty Ostergren is doing. I've been a fan of hers since a few years ago when she was on 20/20 (I think) and they went over what she is doing. Arizona a
This is becasue SSNs (Score:2)
are public information. It's that way by design.
It's the people that sue them for other things that area at fault. THEY need to change.
Changing them to be private can not work by their nature. You should not be calling for people to 'protest' them, you should be calling for a stop to their improper use.
Let me get this straight. (Score:5, Insightful)
* A concerned citizen found SSN Numbers in public that the goons government didn't care to protect.
* Government goons ignored her when she brought this to their attention (over several years).
* She then created a website to expose this act of government incompetence to the public. She posted SSN number of people like Colin Powell and Jeb Bush.
* The Government goons intended to crack down on her and make the act of exposing their incompetence illegal. Essentially saying that it was illegal for her to do exactly the same thing they were already doing, and were undoubtedly going to continue to do.
That is insane
No longer is government concerned with addressing problems it has, now it wants to shut people up who air their dirty laundry. This is *exactly* like the MIT Subway hacker case. This lady is a hero, Government MUST be accountable for its actions when they are operating in error.
Re: (Score:3, Insightful)
Re:ID Theft Field Day? (Score:5, Insightful)
Re:ID Theft Field Day? (Score:5, Insightful)
Re: (Score:2, Informative)
So to combat the stupidity of the State of Virginia, She goes on a tear of Stupidity of her own?
The next law the State of Virginia should pass in this vein is one that makes it a felony to post SSN's in public.
That's kind of the point: Ms. Ostergren got the numbers from publicly available, online state records in the first place, so the State of Virginia would, in fact, not be complying with its own law. She's doing this to ... wait for it ... attract enough attention to get a law passed so all SSNs would automatically be redacted at the document level so there would be no SSN information to reproduce downstream in the first place.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
As a resident of Virginia, I can ask: there's a difference?
Re: (Score:3, Interesting)
People file their SSN in Public Records all the time.
For example, I have seen numerous PUBLIC tax records on file in the County Clerk's Office (as well as the County and District Court Clerk's Offices in my state (Oklahoma).
The same is true for numerous Oil & Gas Leases filed publicly.
A better approach is the one Texas took a few years back, requiring anyone accessing the public documents to sign an sworn and notarized affidavit stating that any and all SSN that may