Legal

Your Right To Your Privacy Info Ends At A Government File

MayorBob.

Posted to Legal on Sun Jan 06, 2008 at 07:39:54 AM EST (promoted by port1080). RSS.

"This is frightening.  You know, a Social Security number is really the fingerprint to somebody's identification." - Maryland Attorney General Douglas Gansler
When Attorney General Gansler found his Social Security account number was posted on a web site maintained by the state he works for, he reacted with horror and shock.  Perhaps he shouldn't have been so shocked.  After all, it turns out that Gansler is hardly alone.  In fact, millions of his fellow citizens' "fingerprint accounts" are out there, openly posted on the internet -- most of them located on government web sites.

When Social Security Numbers (SSN) were first issued by the federal government in 1936, they were intended "to track individuals' accounts within the Social Security program."  Over time, they have become de facto national identification numbers.  As a matter of course, as soon as a child is born in the US, an application for an SSN is sent to the federal government.  Virtually every transaction you perform in the US requires a valid SSN.  However, as an outgrowth of the Privacy Act, government has been required to safeguard information retained on individual citizens.  SSN information has been considered restricted since 2000, meaning government is not supposed to post SSNs openly in any of their files.

But, as Attorney General Gansler found out, there's a ton of information containing SSNs in files stored prior to 2000.  And there's the occasional piece of SSN information that gets mistakenly posted even to this day.  All of this brings us to the serious issue of  identity theft, a crime perpetrated upon 8.3 million Americans (pdf doc) in 2005.  It's a crime facilitated by public posting of SSNs.  The main problem is in the millions of documents with SSNs which were filed by the government prior to 2000.  They are definitely not covered by the prohibitions and, according to those in charge of the files, redacting SSN information would be "just plain nutty."

But, even in those files created subsequent to 2000, there are all sorts of documents with SSN information attached which inadvertently get placed in public files.  Things like arrest warrants, summonses, land and property transactions, as well as business transactions with SSNs openly posted will be included in other files which may have had the SSNs redacted.  Maryland state Senator Jamie Raskin (D - Montgomery) expressed his alarm at the situation, "the government should be setting the example in really trying to protect people's private information ... there's a whole criminal underground now that thrives on stealing people's credit cards and usurping their identity for as long as they can."  The Virginia Watchdog web site keeps tabs on SSN information being openly stored in public records.  It reported that former NFL quarterback Troy Aikman's SSN information is accessible through a Texas government web site.  Aikman was hardly the only fairly public figure to find out their privacy information is more public than they thought.  Colin Powell and his wife (pdf doc) were also.  As were Jeb Bush and his wife (pdf doc).  In Maryland, Sen. Raskin plans on drawing up legislation giving Maryland residents the right to demand that their SSNs be redacted, no matter when the record on which it appears was created.  According to Raskin, the public has a right "to know who owns a particular property" but not the SSN of the owner.

< New Hampshire Debate Primary Relatively Real Time Discussion

Crazy Enough To Kill? Yes. Crazy Enough To Collect An Inheritance? Maybe. >

Tags: edited by Port1080, written by MayorBob, social security, identity theft, public records, privacy rights (all tags)
Add this story to: newsvine reddit digg delicious

This story: 7 comments (2 from subqueue)
Post a Comment
1

My solution to all identity theft

profwhat.

Sun Jan 06, 2008 at 09:04:48 AM EST

4.66 (interesting, interesting, astute)

The goal shouldn't be to keep Social Security numbers secret -- that's basically impossible, as this article shows.  The goal is to make Social Security numbers irrelevant to the process of applying for new credit.

It is incredibly stupid that a meth addict can get hold of nine digits and then effectively convince credit card companies that they are me.  It's even stupider that credit card companies will then refuse to believe it's not me until I spend two years of my life convincing them.

Before credit card companies can give out credit cards, they should require that you appear, in person, in a bank or other office; get photographed; give a handwriting sample; show two forms of photo ID; bring someone else in who can vouch for you; be quizzed on information available in your credit record ("can you tell me that last two addresses you lived at?") and so on.

This will make it harder for honest consumers to get credit cards.  That, friends, is not necessarily a bad thing.

Or, I'll make it easier:  credit card companies can give credit to whomever they want, but if they do not use these procedures to verify the identity of the applicant, they aren't allowed to do any negative report on the credit rating -- they have to just write the money off.

4

^ 1

Re: My solution to all identity theft

wetkarma.

Sun Jan 06, 2008 at 10:21:54 PM EST

5.00 (interesting)

I have some direct knowledge of this since I do anti-fraud/security work for a financial company/bank. As a result I have an 'industry' response to your proposals.

The first is that the concept of privacy is somewhat of a hash. I can (using access to various databases), starting from just your name and IP reliably obtain your name, addresses you have lived at, vehicle ownership (vin), phone numbers, key family members, their ages, your age...well pretty much anything I'd need to steal an identity. The SSN I can find out in various public sources, the private databases I have access to gives a whole lot more.

The idea of preventing someone from pretending to be you is fundamentally flawed from first principle: you can't control what other people choose to do. The additional hoops you propose to be done do not significantly reduce the ability for someone to obtain credit in your name - photograph? compared to what? the fake ID I brought with me? handwriting sample ..again to what purpose? Someone else to vouch for you? Don't be silly.

As for the quiz..see the above.

True identity theft solutions probably requires biometrics and a nationalized id system based on trust ratings..but since people hate the id of national id, id theft will continue to be the fastest growing category of crime.

Memory is a strange bell, jubilee and knell.

6

^ 4

Re: My solution to all identity theft

profwhat.

Mon Jan 07, 2008 at 10:11:34 AM EST

4.00 (interesting)

The additional hoops you propose to be done do not significantly reduce the ability for someone to obtain credit in your name - photograph? compared to what? the fake ID I brought with me? handwriting sample ..again to what purpose? Someone else to vouch for you? Don't be silly.

No, it's not perfect, but nothing is.  Locks on your door are an imperfect solution to home burglary, but I still advise you to use them.  If the only way you can get all my information is by having access to some crazy Nexis database somewhere, so be it; they don't give that access to just anyone.

But I'm curious about your answer to the problem.  Do you really think there is no solution to this short of a national database of biometric identifiers?  What if I took my idea and added fingerprinting to it?

7

^ 6

Re: My solution to all identity theft

wetkarma.

Mon Jan 07, 2008 at 12:19:38 PM EST

none

I understand the perspective that every little bit helps, but we have to be wary of deploying security theater measures (like what goes on at airports) that cause more inconvenience than security.

In regard to the idea that access to the Lexis-Nexis database and other sources is hard to get, please be dissuaded from this line of thought. In an era where car salesmen have access to these database, access is granted based on those who are willing to pay for it and those who have stolen the legitimate ids. There are forums on the internet where such credentials are traded along with 'packages' of never used credit cards. The obscurity of the database cannot be relied upon to prevent identity theft. My point in bringing up to the issue of private data aggregators is that there are many companies who know a lot more facts about you than your siblings/parents probably do. These companies primary business is to sell that data, not to secure it. As a result, the compromise of the data is pervasive - just as much as the compromise of SSN is pervasive.

I think that a national database with biometric identifier offers the most effective solution to the problem (identity theft). Like any solution however it will have consequences, and citizens need to decide whether the tradeoff of those consequences is worth it. Your idea + fingerprinting is basically a rube-goldberg version of my idea. After all -- what database do you check the fingerprint record against?

Memory is a strange bell, jubilee and knell.

2

^ 1

Re: My solution to all identity theft

pO157.

Sun Jan 06, 2008 at 11:50:09 AM EST

none

I like your solution but it would never happen because it puts the onus of responsibility onto the banks that do the lending. Plus, seeing as how creditor friendly Congress is (Think "Bankruptcy reform") I doubt it would get passed.

I agree that we need to move away from SSNs as a lifelong identifier. I have made it a general policy of telling people (including medical/hospital staff as I did this morning) who ask that "I can't seem to remember -- I should really work on memorizing that more." They usually end up mumbling something and moving on to the next question which indicates to me that it is usually only used by businesses (whom you are not applying to credit for) as a way to

In other news, I was once told by somebody (and I read this somewhere else as well) that it is relatively easy to trick credit reporting agencies into giving you a fake credit identity. I would never try this myself because I live a law abiding life, but here goes. You simply have to find an unused SSN, pick a new name and DOB and apply for credit online (small balance gas card or something that is unlikely to warrant investigation). They will request your info from the "Big Three," find no match, and create a file for you as they do routinely for Junior when he gets his first credit card or  school loan. Get a line of credit, pay your bills on time, and nobody will ever know or care. I guess it would be easier to this if you were younger to avoid suspicion, so if you ever think you'll need a false persona I'd plan ahead. Or something.

5

^ 2

Re: My solution to all identity theft

joshv.

Mon Jan 07, 2008 at 10:00:24 AM EST

4.00 (interesting)

Even simpler, create two centralized registries:

  1.  A "Do not create" registry.  If any financial institution creates a bank account, new loan, or issues a credit card to a person on the registry, they are liable for all losses, and must remove all occurrences of the errant account from the registered person's credit record within a month of notification.

  2. A new account notification registry.  Any financial institution that creates a new bank account, issues a loan, or credit card would be required to notify the email and or snail mail address associated with the registered user's SSN within a week of account creation.

Both lists would require snail mail based verification on initial registration, and for address changes/removal.  Funding for the registries would either be governmental, or funded by a some small credit card tax or other.  Regardless, the cost would be small.

The Do not create registry would be ideal for the elderly and those of us who don't fall for those damned 15% off store cards everywhere we shop.  The notification registry would give everyone else a little peace of mind without having to pay a ridiculous $10-$15 per month for one of those damned credit watch services.

3

^ 2

Second Paragraph Got Eaten

pO157.

Sun Jan 06, 2008 at 11:52:31 AM EST

none

It should have read:

I agree that we need to move away from SSNs as a lifelong identifier. I have made it a general policy of telling people (including medical/hospital staff as I did this morning) who ask that "I can't seem to remember -- I should really work on memorizing that more." They usually end up mumbling something and moving on to the next question which indicates to me that it is usually only used by businesses (whom you are not applying to credit for) as a way to make their collection processes easier and hunt you down should you skip out on them. If they need to file an insurance claim they really shouldn't even need an SSN if you are using only one type of private plan because then they wouldn't require it to coordinate benefits among multiple carriers.

Consumers simply need to demand that unwarranted data collection stop.

This story: 7 comments (2 from subqueue)
Post a Comment

search »
Login »
Make a new account
Related Links »
millions of his fellow citizens' "fingerprint accounts" are out there, openly posted on the internet
Social Security Numbers
Privacy Act
identity theft
perpetrate d upon 8.3 million Americans
Virginia Watchdog web site
Troy Aikman's
Colin Powell and his wife
Jeb Bush and his wife
More on Legal
Also by MayorBob
QuickLinks »
The Senate Majority Leader is a real class act
The best thing about the new Capitol visitors center is that he won't have to smell the tourists anymore.
- pO157
<—————+Ο————>
Not going away
Some interesting thoughts from constitutional lawyer Edwin Vieira, who has four (four!) degrees from Harvard: [A] criminal defendant under this statute…signed by President Obama. Your defense is that is not a statute because Mr. Obama is not the president. You now have a right…to subpoena in a criminal case, anyone who has relevant evidence relating to your defenses. And you can subpoena them duces tecum… Further, records could be subpoenaed directly…
- Steve Urkel
<—Ο———+—————>
Nothing is sacred
The Macy's Thanksgiving Parade gets Rick Rolled.
- Lou
<—————+—Ο———>
Yes We Can!
Obama inspires man to redistribute wealth.
- Steve Urkel
<———Ο—+—————>
Bad Candy
It's exactly what it sounds like. Or not. I dunno, I just liked the name.
- JimmyHavok
<—————Ο—————>
Farr off the flying Fiend
Cthulhuesque entity photographed by airplane passenger.
- Steve Urkel
<—————+—Ο———>
John McCain: furriner!
He's a Latin American immigrant! Why the media coverup?
- JimmyHavok
<—Ο———+—————>
Truth and love
New website stands up against hate in California.
- Steve Urkel
<Ο————+—————>
Submit a QuickLink:
If you'd like to submit your own QuickLink, you'll need to log in (or register) first.

Users own their contributions, all else is © 2006, 2007 Trees and Things, Incorporated.

Powered by Scoop.

Terms of Service

Privacy