Ahh, the good old days...

It used to be that the average person only had to maintain an irrational fear of being knocked unconscious and waking up on ice in the bathtub of a seedy motel missing a kidney. Currently identity theft is the bug-a-boo du jour helping fill space on local newscasts and outraged editorial pages.

Unfortunately, speaking as a recent victim, identity theft is definitely more than just an urban legend and properly insulating ones-self from its most common causes (buy a shredder, people) is certainly worth doing.

The need to balance transparence and privacy is a real and continuing concern not just for our industry but for society at large. The International Herald Tribune has an interesting article on that subject, which originally ran in the New York Times that discusses a systematic approach undertaken by The Johns Hopkins University to evaluate personal data security:

...Working with a budget of $50 and a strict requirement to use only legal, public sources of information, groups of three to four students set out to vacuum up not just tidbits on individuals, but whole databases - death records, property tax information, campaign donations, occupational license registries - on citizens of Baltimore. They then cleaned and linked the databases they had collected, making it possible to enter a single name and generate multiple layers of information on individuals...

...The Johns Hopkins project was conceived by Avi Rubin, a professor of computer science and the technical director of Johns Hopkins's Information Security Institute. Rubin has used his graduate courses in the past to expose weaknesses in electronic voting technology, digital car keys and other byproducts of a society that is increasingly dependent on computers, networks and software.

"My expectations were that they would be able to find a lot of information, and in fact they did," Rubin said.

In some instances, students visited local government offices and filed official requests for the data - or simply "asked nicely" - sometimes receiving whole databases burned onto a CD. In other cases, they wrote special computer scripts, which they used to slurp up whole databases from online sources like Maryland's registry of occupational licenses (barbers, architects, plumbers), or from free commercial address databases...

...David Bloys, a private investigator in Texas, has helped craft a bill now pending in the state legislature there that would prohibit the bulk transfer and display over the Internet of documents filed with local governments.

There are real dangers involved, Bloys said, when such information "migrates from practical obscurity inside the four walls of the courthouse to widespread dissemination, aggregation and export across the world via the Internet." However convenient online access made things for legitimate users, the information is equally convenient for "stalkers, terrorists and identity thieves," Bloys said...

(Read the rest of the article here.)

Lots to comment on in this piece, but it will have to wait until later today.

Duty calls.

-- MDT

Labels: identity theft