Just how public are your private records?

I’ve talked before about how concerned I am regarding internet security and identity fraud. I think any country that relies on social security numbers as the main source of identification in both social and financial arenas is doing things ass-backwards and just plain stupid. Yes, fellow Americans, I mean our government allowing our social security numbers to become part of a public record both inside county courthouses and on the internet. What? You think your social security number isn’t available to anyone with internet access around the world? Are you sure?

Betty Ostergren, a 56 year old resident of Richmond Virginia, is committed to making important people angry. She puts their Social Security numbers on her Web site, or links to where they can be found. She does this because she is trying to embarass government into making privacy a priority. And she’s making an impression. She isn’t trying to make government officials like CIA Director Porter J. Goss, former secretary of state Colin L. Powell, or Florida Gov. Jeb Bush be victims of identity theft, as were millions of plain, hardworking Americans in the past year. She is on a crusade to scare and shame public officials into doing something about how easy it is to get sensitive personal data.

Ostergren discovered that a wealth of documents — including marriage and divorce records, property deeds, and military discharge papers — containing Social Security numbers, dates of birth and other sensitive information is accessible from any computer anywhere. Many of the online records are images of original documents, which also display people’s signatures. She began organizing citizens and complaining to officials on the issue in 2002, when a title examiner called to warn her that her county was about to put a slew of documents online, including pages with her signature. She swung into action, bringing enough pressure on the Hanover County Virginia officials that they halted their plans. Then she broadened her attack, targeting other counties in Virginia and elsewhere.Today, she is eager to guide reporters to her favorite example: the Social Security number of House Majority Leader Tom DeLay (R-Tex.), which is viewable via the Internet on a tax lien filed against him in 1980. She says that if she could easily find Tom DeLay’s social security number online, couldn’t internet identity thieves do just as well with your records. I think she’s got a good point.

Ostergren found that for decades, Social Security numbers, mothers’ maiden names and other crucial forms of personal identity were routinely included in dozens of documents with little thought to the consequences. That, in turn, enabled companies such as ChoicePoint to send their workers to courthouses across the country to grab such personal data for their databanks. The information is collated, or analyzed, and sold to other companies and back to government agencies. Just what I wanted to hear. All those things I assumed would remain private, like my mother’s maiden name, are out there for anyone willing to dig them up in a county courthouse. Once that information is found, it becomes a valuable commodity and can be sold over and over again to financial database organizations. Now I get why I’m on every junque mail list for credit cards ever created, regardless of the “Do Not Contact” letter I’ve sent.

Florida is one of the few states that has legally required the blacking out of sensitive data from public records. Why Florida, which has never been known for it’s forward thinking? Thank Ms. Ostergren. When she finds a well-known figure, she decides whether exposing his or her number on her Virginia Watchdog Web site might further her cause. Which is how she came to link to Jeb Bush’s Social Security number.She notified Bush through someone she knew in the administration of his brother, President Bush. Soon after, she noticed that the governor’s number was blacked out on the county Web site in Florida where it was listed. So she posted it on her site. Ostrander says:”I decided since he protected his own hind end and nobody else’s, I’d put his on there,” she said.Ostergren gets my vote for Woman of the Week. She’s my new hero!

Parenting teens in the days of MySpace

I’ve written before about MySpace and that I allow my teens to have pages on this site, despite my reservations. I do so because I am ever vigilent about watching their pages, questioning anything I think is inappropriate, and deleting friends I don’t want them talking to. I’m extremely careful and I talk about adding new friends and giving out personal information all the time. My kids roll their eyes they’ve heard it so much. But evidentally not quite enough.

Today I was checking my daughter’s page while she was in school. First I went through her inbox to see any new messages. She has several, from some guy I’ve never heard of, and a couple of them are really inappropriate. So I looked at his site and there are 6 pages of women and no men at all in his friends list. Plus, quite a few of the women are scantily clad and a bit too sexy for my taste. They guy identifies himself as 23 years old. I’m really not happy.

I contacted MySpace and reported him as a predator. I contacted the police and reported him as a predator. The police are taking it seriously enough to come over and get the printouts of his mail to the Girl. They’re going to be watching his space carefully. I also sent him a message telling him I was reporting him to both the police and to MySpace and not to contact my daughter any more. She is no longer on his friend’s page, either.

But what upsets me the most is that when the Girl came home and I questioned her about this guy, she told me a friend of hers is in love with him, and that he’s been to our house to pick up said friend. Her friend is 13, too. OMG, I’m so upset it’s beyond pissed and angry. This is bothering me to the core of my being.

I deleted this guy and blocked him from my daughter’s site. But the bad thing is, unknowingly she gave him WAY too much information as to where her friend lives now, and now to get in touch with her. I don’t think she meant to, and she says that he’s a ‘nice guy’, like all predators are. She just doesn’t get the whole predator thing at all, despite watching Dateline shows on this very topic over and over. She thinks that because her friend knows him in real life, he’s OK. Even when I showed her the latest mail from him asking about her sexual preferences. She’s 13. I don’t think she needs to be asked this by anyone, never mind some 23 year old creepy guy on MySpace.

I so want to delete her page, but she is using it appropriately 99.9% of the time. She made a bad error in judgement, one that involved the police and her friend’s parents. Hopefully she’ll learn from her mistakes. If not, the page goes.

Update: About 2 hours later, after I had talked to her about this, this jackass emailed her thru MySpace again. AGAIN. First he responded to my email telling him to leave my kid alone with this ditty:

” I might also add that a bitter old lady should really mind her own business and allow her daughter to become a person, not just a posession that you monitor. “

Then the Girl writes back, idiot that she is:

” THANK YOU. want to tell her that. but i really am sorry and i like totally cried ova this “

He responds to her mail:

” HAHA, Im sorry, I know your mom is just looking out for you, but i dont think your profile says ur 13 anyway does it? i thought it said a bit older, but dont worry, im a nice guy, I assume mxxxxx told you some stuff about me so….ya, thatd be good lol. so how was ur day otherwise??? “

Then she writes back:

“if i were u, i would nt message me, but if u want to talk to me, tell some to message me and tell them to tell me to message u back. i can message u and we can talk that way but u shouldnt message me first. did that make any sence?”

And he responds:

“it would make more sense if you just had an email address lol???”

At which point I catch her in the act and go ballistic. I emailed him this:

“How fricking stupid are you? I told you to leave my child alone. I’ve reported you to the police. YOU STOP HARASSING MY CHILD NOW. NOT ONE MORE WORD. NOTHING. You are a predator and a real sicko. She’s 13. Mxxxxx is also 13. I’ve contacted her Mom, and she isn’t happy. Either you stay far away or I’ll be forced to have the police take immediate action.

DO NOT RESPOND.”

So, I again blocked him from her site (yahoo to MySpace for ignoring me the first time), copied all the emails for the police to pick up tomorrow morning, and banned her from the computer unless I am sitting with her. She told me she felt badly that she just left this jackass hanging. She STILL thinks he is a nice guy.

I called her friend’s parents to let them know, and found that her mother had already reported this guy and called the FBI. And still he goes on.
I haven’t yet pulled down her page, but the computer is now password protected and she cannot get on it without my knowing. Heh.

I fricking HATE THIS.

Authenticity

One of the things I’m looking at for work is the issue of authentication. Ok, don’t all yawn at once, because this little word affects all of us every day.

How are you represented online? How does any company you deal with online know who you are? What proof do you offer them, or what proof does a company demand in order for you to trade with them. And the question that I’ve most been thinking about, how are your children, or mine for that matter, representing themselves online.

Which brings us to Friendster, MySpace, and some of the other online ‘communities’ where children congregate. MySpace does no authentification whatsoever when someone creates an account on their servers. They ask for no proof of who you are, nor do they care who a prospective user is. They ask the small question about age, but kids are experts at lying.

While perusing my kid’s MySpace accounts last night, as I do nightly just to make sure everything is up to my approval, I saw that the Girl had accepted a Friend I didn’t recognize. On going to that person’s site, I noted that this was a kid in my daughter’s 8th grade class that was representing himself as a 19 year old boy from California. Because of how he represented himself, he had a lot of soft core porn on his site. I deleted him immediately as my daughter’s friend, and reported him to MySpace for fraud. His page is still up today.

My children and their friends are experts on Ebay. They know how to buy buy buy, but they’re not all that astute about how sellers work. They don’t always notice things adults would, yet they are liable for shopping, even when the seller is less than honest. Had ebay used an authentication methodology, they would know that someone under the age of 18 was entering into a binding contract without parental consent, which isn’t legal. But ebay doesn’t authenticate once a userID and password has been attached to an account.

Some of the ways to authenticate who is using an account are by using passwords, but we’ve all learned that controlling passwords is fairly pathetic to ensure secure transactions online. What about those ecommerce companies that promise secure transactions by placing that little SSL padlock on the bottom of a page? Is that any safer? Nope, it’s not. That padlock guarantees pretty much nothing except that you have been told to trust it. But it’s not trustworthy.

What about pin numbers? Same as passwords, they’re too easy to break and again don’t promise security. Biometrics is exciting and new, but there are way too many things that don’t work about it. Fingerprints aren’t like on CSI, where you run them through a computer and get a perfect match in 5 seconds. It’s much more complicated than that, and hardly foolproof. Iris scannings? Are you planning to stick your eyeball into an ATM machine? Not me. DNA… yeah, right. Maybe in 200 years but certainly not now.

So what does that leave? One thing is to change the way we authenticate who we are in this country. Some think that a national identity card is the way to go, with an embedded PK1 chip that would contain all the information as to who you are. It would not be linked to a driving license…or maybe it would be a national driving license. It would not be linked to a passport. But still, how do you prove who you are in the first place?

One idea that has been kicking around is to have a digital birth certificate of sorts. This would be similar to an identity card, but could be international in nature, and governed by an agency outside the control of any government or nationality. I like this idea. a lot. As you may have grasped, I don’t trust business to authenticate, but I also don’t trust. governments, especially our government here in the USA to be responsible for identity authentification. Can you imagine the disaster that would be, since HomeLand Security can’t even pass their own security tests. Nope, they’re not to be trusted at all.

I don’t mind having some kind of international identity card that authenticates who I am, but I do want it to be based on some legal premise. Right now in the US, we don’t have any legal way of proving who we are. Birth Certs are easy to obtain, social security numbers are as well. And yet those are the two methods we use to say who we are. That’s kind of sad.

I’m going to continue this in a series of posts. But I’d like to know what you think about this topic. So please comment.