Search This Blog

Friday, December 29, 2006

Big Brother Just Got Bigger

Civil Libertarians Bash Bush’s Privacy Guidelines

If you look inside the White House, there is a new extension of Big Brother taking legs from the administration’s latest attempt to curb our ability to know who is spying on us. Bush’s new privacy guidelines fail to protect the rights of Americans, according to what civil libertarians told the privacy board’s first public forum. Right out of the box, his imperial majesty is being told he is all wrong again by some of the top privacy advocates in the country.

Weaker Than Privacy Act of 1974

Over thirty years later, with the shortcomings of the Privacy Act of 1974 well known—government able to bypass law and collect data on citizens from private data brokers—this President still can’t get it right. In a Washington Post article by Ellen Nakashima, “Civil Libertarians Protest Privacy Policy,” Marc Rotenberg of the Electronic Privacy Information Center is quoted as saying, “…the guidelines pale in comparison to protection offered under the Privacy Act of 1974.”

Once Again, Innocent Americans at Risk

James Dempsey from the Markle Foundation, which focuses on improving national security while protecting established civil liberties, says the guidelines don’t allow redress for people erroneously targeted in counterterrorism programs. This is a subject I have been blogging on for almost two years now. No matter how many times this administration tells us they don’t spy on innocent Americans, with the data mining techniques now being used, they cannot avoid it. I know. Predictive modeling was a part of my function as a mailing list broker and database expert.

Technology Must be Harnessed to Protect Consumers

The technology revolution is only going to grow at an accelerated pace based on the recent past, and the one thing missing in the equation is the individual’s right to privacy. The original inventors of the computer—and there were a few—could not foresee the problems their inventions would bestow on the average person. Nor were they concerned about this at the time because, like today, they were in a hurry to advance this technology to its greatest height. Now we are there and still progressing at the speed of light. The time has come to focus on the consumer by giving them control over their names and personal data.

Another Extension of Big Brother

Like the USA Patriot Act and NSA spying, Bush has once again manipulated this bureaucratic body so that it is solely under his wing. Lanny Davis, the privacy board’s only Democrat, along with four Republican members, commented that “…he was puzzled about why Congress had placed what was supposed to be an independent oversight board under the president.” Obviously a hypothetical statement. Davis was no doubt thinking ahead to 2007 when Democrats take over Congress.

Wednesday, December 27, 2006

Junk Mail Industry Rag Belittles Consumer Rights...Again

Richard H. Levy is a Loose Cannon

In an April 2006 article, “Junk Mail Industry Rag Puts Down Consumer,” I refuted the publication Direct Magazine in their belief that consumers should never have control over their names and personal data. Read it here; scroll down to the second post. Now, Richard H. Levey, one of Direct’s reporters, in a column called “Loose Cannon,” once again diminishes the importance of the identity crisis by parodying the critical need to protect consumers’ sensitive data. Instead of inviting opinions from industry leaders—some of which I have received that are favorable to more individual control—he takes the failed-attempt-at-humor approach. Pathetic.

Junk Mail Industry Won’t Address Real Issue

There are two major issues that junk mailers refuse to acknowledge as a benefit to their customers, as well as the junk mail companies themselves. One, consumers should have control over their names and private information. Two, they should be paid each time it is sold. Oh horrors, Richard H. Levey—and most others in the field—would scream. It would be the beginning of the end, and put most companies out of business. Hogwash. It could improve the industry significantly, if we do it right this time. And here’s how.

Formula for Success Where Everyone Wins

When you grant individual control, the consumer elects whether or not they want to receive junk mail. If they don’t want it, why send it? That’s the way it got its name in the first place. At the same time, we categorize wants and desires to determine specifically what kinds of offers they want. Why send someone hundreds of additional apparel offers just because they ordered a scarf they couldn’t find at the local department store. And, these wants and desires could be updated on a regular basis.

Finally, each sale of the consumer’s name and personal data is recorded by the dollar amount, and filed away to confirm future payments to the individual. At the same time the list seller deposits an amount equal to one-half of the gross sales of the name and private information in a simple interest-bearing account that can be drawn-on at a later date. A typical junk mail shopper could receive an average of $607 monthly at age 65, if their buying habits began at age 18.

Industry Rewards of My Concept

To start with, junk mailers can eliminate unresponsive households, while still realizing their revenue goals by mailing to those who are. Mailing costs go down; response rates, and average orders, go up. Environmentalists get off your backs because you are finally doing something about the paper waste.

I could hear the outcry over the sharing of mailing list revenue even before finishing this sentence. However, it makes complete sense to me that if the customer can expect this compensation from their purchases; it just means they will buy more often. Traditional retail shoppers would now flock to junk mail to participate in the sharing of the sale of their names and personal data. List sales dollars may not double to make up for the losses from paying customers, but, then, lists are a gold mine at any figure. Junk mail could be known as the business that solved the Social Security dilemma.

It’s Time for Compromise

Unfortunately for the junk mail industry, most of the concessions will have to come from their side. Of course, that is where 100 percent of the control now resides and has since the business first evolved decades ago. There is a choice, and that is to pass federal legislation giving the individual control over their names and private information. Unhappily, it has been this method that most junk mailers have chosen over the years.

I didn’t cover the how-to in the procedure for consumer approval in the use of their names and private information. That was detailed in an earlier post you can find here.

Friday, December 22, 2006

2007 Could Be Awash In ID Theft

Creeping “Creepy” Figures

In just October of 2006, Tom Zeller of the New York Times was telling us, “Data breaches near 94 million.” You can see the Chronology of Data Breaches at the Privacy Rights Clearinghouse site where they have been keeping track since the ChoicePoint February 2005 awakening. He continues with some figures from the Ponemon Institute, a privacy consulting company, that are really no longer alarming; just a continuing, pathetic illustration of the state of the identity crisis.

The survey found evidence that over fifty percent of corporate laptops have unprotected sensitive data; one out of every ten laptops is stolen, 97 percent of which are never recovered. Of these same firms, 81 percent reported that laptops or similar devices with private information were stolen. Ample reason why all this data is on the street.

What a Difference Eleven Weeks Can Make

And then on December 18, Zeller comes back with an update article: “An Ominous Milestone: 100 Million Data Leaks.” Apparently a breach of 800 thousand records at U.C.L.A, 130 thousand at Aetna, and 382 thousand at Boeing put us over the top. Each included most of the ingredients necessary to lift your identity, including Social Security number, birth data, driver license number, etc. But even that wasn’t the worst of the news.

The Perfect Caper for Organized Crime

I have been blogging for over a year now that ID theft was made for organized crime. This doesn’t have to apply to just the “Wiseguys” of The Godfather era, although there is evidence this group is involved. There’s a new breed of inherent crook—the kind that preys on any opportunity, like the work-at-home scams or a Katrina disaster—that is more sophisticated and technologically minded, and has the patience and means to wait for the right moment.

In the new article, Zeller tells us there is intelligence out there indicating the black market sites for data are becoming conscious of their mother lode, and that it is just a matter of time until they discover the right formula for exploiting your private information. Remember, 100 million personal records are out there. That’s one-third of the U.S. population. I’m betting—but hoping for the opposite—that 2007 will be the year the bad guys figure it all out.


The reason for my hope is that the American consumer will wake up soon and demand that business and government give them control over their names and private information. And pay them each time it is sold. The individual’s window of opportunity is just shy of closing. The ID thief’s is opening wider each day. Contact your congressional representatives: House; Senate.

Tuesday, December 19, 2006

"Apathetics" Taking Over the World

Webster Should Add “Apathetic” to Dictionary

I have coined a new word to describe the typical consumer when it comes to taking responsibility for their rights. In this case, the right to privacy, and to be free from identity theft. The word is “Apathetic,” and it refers to the majority of individuals today who seem to care less about the alarming amount of fraud being carried out using their names and personal data. Further, most seem even less concerned over the incompetence of the companies handling this private information. As a former broker of mailing lists for 35 years and database expert, I do and I am.

The Abysmal Track Record

Privacy Rights Clearinghouse has recently reported that the number of breaches of personal data records has passed 100 million. And that’s just since the awakening incident by ChoicePoint in February of 2005. And from my experience in the junk mail industry, I can assure you that there were millions prior to 2005 that went unreported due to the lack of a notification law like California’s Senate Bill 27, which went into effect January 1, 2005. Based on a Javelin Research/Better Business Bureau survey on identity theft which started reporting figures in 2003, it is easy to project that there will be somewhere around 8.5 million victims in 2007.

United Kingdom ID Thieves Encrypt Fraud/American Companies Say Too Costly

In an article on ZDNet, “Jailed ID thieves thwart cops with crypto,” crooks in the UK were not only able to initiate the deleting of their databases—while handcuffed, no less—but also to trigger encryption that police technology experts were unable to decrypt. US business has maintained for years that encryption is too expensive to implement. But, does the UK incident give you an idea of the level of sophistication the bad guys have been able to achieve? It is a business, folks, and the product they are selling is your sensitive data. Look in the mirror. It’s just a matter of time.

Identity Crisis Battle Lost in Three Major Areas

I posted a comment to the above UK article to demonstrate three critical points of the identity crisis. The first was that the business community is concerned only with profits; therefore, the protection of our personal data is secondary. Second, congressional leaders are only interested in getting re-elected, thus, their vote also goes with the money. Third, and the substance of this article, is the apathy of the American public over the possible loss of their identity, eventually their right to privacy.

Some Consumer Opinion Polls Report the “Apathetics” Do Care

I’ve read surveys that report that consumers are concerned about their privacy, and are also troubled over the potential of identity fraud. Yet many make the same mistakes over and over in protecting their private information. Not shredding credit card offers before discarding is at the top of this list, along with freely giving out sensitive data like Social Security number, birth date, driver license, etc. They also don’t demand control over their names and personal data; at the same that they be paid whenever it is sold. It’s time to lose the apathy.

Let me know what you think.

Thursday, December 14, 2006

What I Want for Christmas is Control over My Name and Personal Data

Santa Claus’s Bag of Tricks

If there is one thing I wish that Santa could pull out of his bag this Christmas for this household, it is the right to take back control over our names and personal data. It should be easy to get down the chimney, and we would even settle for it as a stocking-stuffer. I can see leaving tons of cookies to reward the old guy for doing something the outgoing 109th Congress seemed completely incapable of. I’ve lost track of the actual number of identity theft bills that were introduced and allowed to just…languish, but one was too much.

Data Breaches Go Merrily On Their Way

Articles abound on data lost—the latest, 800 thousand student, faculty and staff records from UCLA—and even a few that claim the identity crisis is overblown. Somewhere in the middle—and that’s exactly where the consumer is caught—there is a balance. But it all must start by business and government turning over control of individual sensitive data to the name-holder. That’s you, and you should get ready to accept and shoulder this responsibility. It is a concept that would offer significant improvements to every U.S. household.

Just a Few of the Perks

• First of all, if implemented correctly, my concept could stop ID theft overnight. That’s because you would approve any transaction using your private information.
• Second, you could decide on a national level what junk mail you want and what you don’t want.
• Third, you would have access to any personal data collected about you, in order to assure that it is accurate, with the right to correct. This would include data brokers, credit bureaus, and medical and financial databases.
• Fourth, although in cases of national security emergencies your data could be accessed, the government agency in question would be required to notify you.
• Fifth, and second only to the first perk, you would be paid each time your name and private information was sold.

New Year’s Resolution

We should all make a New Year’s resolution to lose the apathy over the identity crisis issue, and start standing up to business and government to let them know we want back control over our names and personal data. Either join my grass-roots movement by letting me know how you feel, or join other advocates in fighting for this right to privacy. Also let your congressional representatives know. Contact: House of Representatives; Senate.

Tuesday, December 12, 2006

Personal Data Breaches--Your Private Information--Are Still Rampant

1 Million Data Breaches in the Last 60 Days

That’s right. One-million records of personal information have hit the street in the last 60 days. They’re out there for the taking and don’t fool yourself, the ID thieves are becoming more sophisticated every day. They can outwait you to steal your identity, and cause complete chaos in your household. As an example, the original February 2005 ChoicePoint breach of 163,000 names initially produced 800 actual data thefts. That figure is now up to 1,400—a 75 percent increase—according to the Federal Trade Commission.

The Latest List of Breachers

Starting back in late October, The Sisters of St. Francis Health Services, which operates ten hospitals, lost compact discs with Social Security numbers and more sensitive data on 260,000 patients, as reported by A medical billing contractor copied the data and then lost it in a store. Dumb, but see how easy it is.

And then a USA Today account in early November about how Starbucks lost 4 laptops with Social Security numbers and more on 60,000 employees—over 40 percent of their workforce—missing from a closet in the Seattle corporate office. It took several weeks for the workers to find out what happened, a more than adequate period for the crooks to swoop down. No report yet on actual theft, but, again, the bad guys know to wait for the right moment.

In Pennsylvania, thieves stole computers from a driver’s license center containing dates of birth, drivers’ license numbers and full and partial Social Security numbers on over eleven thousand people. The crooks apparently disabled a “quite complex” security system, again, according to

But the big one was at UCLA in Los Angeles when a hacker broke into a campus computer system, affirmed in another article. One of the largest ever in higher education, 800 thousand students, faculty and staff were alerted that their sensitive data including Social Security numbers and birth dates, was in jeopardy.

In all of these cases, the victim’s name and address were also part of the information stolen.

Two Recent Bizarre Forms of Data Breach to Look Out For

The state of Utah mistakenly exposed the e-mail addresses of kids on their “Do-Not-Email List. Marketing stated that “Proponents of the registry had claimed that it was foolproof.” ID Theft 101: No database is foolproof. Even the data that is supposed to protect against intrusion is somehow accessible.

The other breach is much more frightening. announced that federal agents recently raided several U.S. meatpacking plants to round up illegal aliens who obtained jobs by stealing the identities of American citizens. This means that your private information now has a new pipeline where it can be sold through smuggling operations that fully realize the value of this sensitive data.

Make Your Move Now

Join me! Let the new Democratic Congress know that you want something done about this on their watch. Contact: Senate; House of Representatives.

Friday, December 08, 2006

More Junk Mail Catalogs Opt-Out Dilemma

Junk mail…the Convenient Way to Shop

Junk mail has long been hailed for being a convenient medium in which to shop, albeit a pain in the butt when the mailbox is deluged with unwanted mail. It has become even more accommodating by the use of toll-free numbers to place an order by telephone, and, in the last few years, the Internet.

Junk mailers spent millions on technology to perfect the easiest way to get your order—and money of course—and this continues to be a major outlay for most companies. Of course, in the process, they capture your name and private information—like your phone number and credit card info—which they rush at the speed of light to list peddlers who hawk this sensitive data all over the world.

Taking the Convenience Out of Junk Mail

So how is it that a majority of catalogs our household received recently—in the holiday avalanche, of course—are requiring their customers to either physically send in by mail the actual label on the catalog, or call or fax this information? Why don’t junk mailers just put some of this technology to work setting up an online system for instant opt-out? I’ll tell you why: the majority of their customers would use it, and they wouldn’t have the names available to sell, from which the list business grosses over $4 billion annually.

I did earlier blogs on two catalogs that don’t even offer an opt-out, period. They were Herrington and Brookstone, and maybe you want to read these posts before deciding to shop there. The ones that still make it difficult are: Harry & David; Signals; The Popcorn Factory; Improvements; Crutchfield; The Tog Shop; L.L. Bean; and Pier 1. If you order from any of these companies, you might want to ask their customer service department why they don’t offer online opt-out. That is, unless you’re just lonesome and really crave more junk mail.

Wednesday, December 06, 2006

Brookstone Catalog No Opt-Out Answer Bizarre

We Will…We Won’t…Sell Your Name

I recently did a post on the Herrington catalog, and the fact they do not give customers the option of not selling their name to other junk mailers. This was “Mr. Herrington’s” idea, according to customer service, a policy I followed for several years as a former list broker, wondering how they got away with it. This practice of allowing consumers to say no to the selling of their name is mandated with Direct Marketing Assn. membership. So you can understand my surprise when another major catalog arrives, sans opt-out.

Brookstone Catalog Worse Than Herrington

Looking through Brookstone’s latest catalog, there was no mention anywhere of the right to say nix on selling my name. Once again I went to the source, asking Brookstone customer service why I was not allowed the opportunity to opt-out of selling my name when purchasing from their catalog. The answer I received sounded completely off-the-wall. Patricia said: “Unfortunately, at this time we cannot accommodate your request. We hope to have this service available one day for our customers’ convenience.”

Brookstone Misleads Customers

The above answer leads one to believe they might allow you to say no to selling your name eventually. And why might we expect that “one day” when it hasn’t happened in over forty years. Brookstone started in 1965. It hasn’t happened in the last few years when many junk mail companies have been meticulous about allowing their customers to opt-out of hawking their names all over the universe. It hasn’t happened most recently, when ID theft has become the number one consumer complaint.

Ego-Driven Greed

There is a method to their madness—whether it’s the hold-outs to openly offering the option to not sell your name, or those who do make the offer in the smallest print possible. Collectively, junk mailers believe they own your name and personal data, and can do with it as they please. The customer has no rights in the matter, prompted by the fact that industry-wide, the list business grosses over $4 billion annually from the sale of your names and sensitive data.

Why Should You Care?

Two good reasons. One, if you take back control over your name and private information, you could stop identity theft tomorrow. Two, with this control, you could demand compensation any time your name and personal data are sold. If you chose to sock this away like Social Security, it could provide a supplement to your retirement of an average of $607 monthly. With a new Congress, now is the time to tell your congressional representatives. Contact: House of Representatives; Senate.

Monday, December 04, 2006

Herrington Catalog Opts No Opt-Out

No Option for Name Use

We just received the latest Herrington “Enthusiasts” catalog, and I decided to check to see if they had changed their policy—from several years ago—of not offering the customer a simple box to check on the catalog order form that indicates they do not want their name sold to other junk mailers. Herrington has always stood out in the business as a major player who does not offer this option. So, no surprise that they still do not.

Customer Service Confirms Strange Logic of Owner

I decided to go to the catalog for more information, and e-mailed Herrington’s customer service asking why they do not extend this courtesy. Colleen answered me: “At this time Mr. Herrington has decided not to put this type of option in the order form inserted in the catalog.” Colleen continues by telling me this is a “good recommendation,” that she will forward it to “him,” and hopefully it will be put in future catalogs. Yeah. Sure. The problem here is that Herrington’s customer service representative is leading the customer to believe it might happen, which it hasn’t in 25 years.

Colleen does offer to flag my name so it won’t be sold to other junk mailers in the future. You can also do this by going online and clicking on “Privacy,” but you must either call an 800-number or type in their e-mail address on your browser; they do not provide a link. Yet another clever obstacle. However, I am providing it here. Two things in their favor: they don’t “share” e-mail addresses or telephone numbers.

Is It Greed Or Entrepreneurial Arrogance?

The junk mail industry was conceived and developed by a bunch of driven entrepreneurs working off their kitchen tables, some of which were arrogant and fixed in their ways. In the early days there was some defiance over spending the money to eliminate sending out duplicate mailings to the same household. Some still don’t. Then junk mailers—who gross over $4 billion annually from the sale of names and private information—predicted doom, when they were forced to include the option in their mailings to opt-out of future mailings. Some still don’t…like Herrington.

Inconsiderate or Irresponsible?

You’re inconsiderate if you fail to return someone’s telephone call. You are irresponsible if you do not do everything possible to allow customers control over whether they want their names sold in a fashion that subjects them to mail intrusion they may not want. This kind of policy is why we must pass federal legislation giving consumers control over their names and personal data. Tell your Congressional representative: Senate;House of Representatives.