Two stories from Oregon and California highlight the growing problems with Identity Theft. In Hillsboro, Oregon a man was found with computer discs containing DMV data on thousands of drivers in Oregon. It is not clear if he might have sold this information to other identity thieves. In California the State is responsible for selling the birth records of more than 24 million Californians to a web site that has posted it on the Internet, offering easy access to critical information needed to create fake identities. Senator Cantwell from Washington is introducing legislation in Congress to give consumers more control over their credit record.
Update: Company Agrees to remove birth record data from Internet, but only if the affected Californian asks them.
The Health Privacy Project released a report funded by the Pew Internet & American Life Project that examines how the new federal health privacy regulation covers - and does not cover - consumer-oriented health Web sites and Internet-based health care.
The report found that: (1) the regulation does not apply to most health Web sites; (2) different rules may to different sites offering the same services; and (3) even at Web sites owned or operated by organizations that are covered by the privacy regulation, it is not clear which activities at those sites are subject to the regulation.
MSNBC is reporting that the FBI is developing software capable of inserting a computer virus onto a suspect's machine and
obtaining encryption keys, The software, known as "Magic
Lantern," enables agents to read data that had been
encrypted. The controversial
software called Carnivore (renamed DCS 1000), has been ineffective against suspects
who encrypt their files. Magic Lantern installs so-called "keylogging" software on a suspect's machine that is capable of capturing keystrokes typed on a computer and thereby getting the password that encrypts the message.
Magic Lantern is supposedly one of a series of enhancements currently being developed for the FBI's Carnivore project, under the umbrella project name of Cyber Knight. MSNBC.com has filed a Freedom of Information Act request with the bureau to get more information.
The FTC has settled charges with an Internet operation RhinoPoint.com owned by New Millenium Concepts, Inc. that misled consumers into paying membership fees and turning over sensitive personal and financial information by claiming that it would pay for the consumer's Internet access. The company's privacy policy had stated that it would never share information with third parties. As part of the settlement, the company agreed to
destroy all personally identifying information. The FTC used its power under section 5 to pursue unfair and deceptive trade practices to bring this case against the Operator. We hope we will see more such aggressive enforcement of consumer privacy from the FTC in the future.
EPIC is holding a public shredding of national ID cards on the East House Lawn of the Capitol Building at 1 PM on Friday, November 16. EPIC will be joined by Brad Jansen of Free Congress Foundation and Lori Cole of Eagle Forum to discuss the threats to civil liberties posted by National ID Systems. This shredding is being held in response to a House Government Reform Committee Hearing on national ID cards.
The Supreme Court ruled in 9-0 decision that
Federal law gives people whose credit ratings have been damaged by a credit reporting company's mistake only two years from the date of the mistake to file a lawsuit, even if the mistake does not come to light until later.
The Bush Administration and consumer groups advocated that the statute of limitations clock should start ticking when the victim becomes aware of the theft, rather than when the theft occurs. The Court was unable to find support for this view in their reading of the statute. It might be time now for Congress to clarify their intentions. It also serves as a reminder to all consumers to be vigilant about what goes on their credit report.
In a remarkable move, the Justice department announced that it would
listen in on the conversations of lawyers with clients in federal custody, including people who have been detained but not charged with any crime, whenever that is deemed necessary to prevent violence or terrorism. The eavesdropping rule was adopted on an emergency basis last week, without the usual waiting period for public comment. The rule raises serious constitutional problems and will face a severe challenge.
FTC Chairman Timothy Muris was the sole witness at a hearing organized by the Subcommittee on Commerce, Trade, and Consumer Protection on November 7, 2001. This was his first hearing before Congress and the Subcommittee members questioned him closely on his proposals to protect consumer privacy both online and offline.
While the hearings did not get too far into the specifics, the Subcommittee did send a signal that consumer privacy is one of the top items in their agenda. Muris told the subcommittee that his agency is working hard to implement the major themes of the privacy agenda he announced last month, including a national do-not-call telemarketing list, and a crackdown on identity theft and on- and offline scams.
Marc Slemko, a software developer, developed a technique to steal a person's Microsoft Passport, credit card numbers -- and all, simply by getting the victim to open a Hotmail message. He cobbled together this technique in just half an hour. Slemko withheld publication of the flaws until Microsoft had an opportunity to correct it. The attack renews questions about the inherent security of Passport, which is being positioned by Microsoft as the lynch pin of its .NET e-commerce service initiative. Slemko argues that, "Passport's greatest marketing strength -- the single sign-on -- is also its chief technical weakness."
A provision in the recently passed anti-terrorism legislation may create a scheme where all non-citizens would have to use an identification card to enter the country. The provision calls upon the Attorney General to create an �integrated entry and exit� system that could include biometric identifiers and improved identity documents.
