Search This Blog

Thursday, April 26, 2007


The Bush administration has pried into the lives of thousands of unaware US households using our personal data in the name of foreign terrorists, but can’t come up with a simple database that would have kept a mentally ill, domestic terrorist from slaughtering 32 more innocent Americans? The same is true for both parties of Congress and the state of Virginia, the latter of which seems to have some of the worst state gun laws in the nation. This post is not meant as a political statement against guns—although I am pro-gun control—but rather a bewilderment over how this country has proceeded so vigorously in one direction (catching the terrorists), and lags so significantly in another (protecting our kids from horrible occurrences like Columbine, the Amish school killings, and now Virginia Tech). Unless the University comes up with a valid answer re. why all the danger signals did not lead to measures that would have prevented Cho’s violent actions, the Virginia Tech administration is also at fault. It all comes down to the fact that we are too anxious to protect the rights of people like Cho, hesitating to breach the privacy of an individual on the one hand. On the other, we are not willing to guard the 4th Amendment rights of innocent American citizens to be secure in their homes and the search of their sensitive data. Or are we always so in fear of a lawsuit in cases like this that we acquiesce to a decision of non-action, just hoping for the best? Read more on Newsweek/MSNBC.


Earth Day was this past Sunday, April 22. Although no junk mail was delivered on Sunday, on the Monday following, American households received almost 13 thousand tons, numbering around 200 million pieces. Approximately 98 percent went in the trash, ending up in landfills that disfigure rural areas and pollute ground water, according to Saving Our Resources Today ( SORT claims that if one individual eliminates junk mail for one year, you’d conserve 1.7 trees, amounting to 205 pounds of the waste, and conserve 28 billion gallons of water. It would also save you 8 hours each year having to dispose of it. 100 million trees are required annually for unsolicited mail, and because of the heavy concentration of heavy metals in the ink, the paper is hard to recycle. 41 reports that the production and disposal of junk mail requires more energy than 2.8 million automobiles. They also say that the state of California spends $500,000 each year collecting and getting rid of AOL’s junk mail disks alone. I know statistics are boring, but it’s hard to keep the alarm bells from going off when you look at these figures. How many publications would stay in business if they had a readership of 2 percent, which is basically the share of recipients that seriously look at their junk mail? So how do these people stay in business? They sell your names and personal data for an astronomical figure of $4 billion each year. That’s the reason they are so secretive over how this private information is manipulated and used for maximum profit. Try asking the junk mailer you buy from just how much they make from the sale of their list of names. More on this later.


Trust funds for Social Security and Medicare will last one more year than anticipated, according to the trustees for the funds. That puts SS to 2041, and Medicare to 2019. I’m not sure how they come up with these figures, but if they originate with the same people the Bush administration uses to evaluate the progress of the Iraq war, I don’t believe any of it. What we need is for some non-partisan, analytic mathematician to go into the Social Security administration, look at all the factors like $ input and output, birth and death rates, cost of living increases, etc. and tell us when the system is going to tank. And then the intelligentsia who supposedly represent us in Congress—assuming we can find this profile—should get to work and not stop until they figure a way to fix Social Security and Medicare. In 2004, the latest year I could come up with, the average monthly benefit for retirees was $954.90, according to Infoplease. If you are interested, go to the SS Administration site and calculate your future benefits. Hopefully you will be pleased, but you might be surprised. Let’s assume with annual cost of living increases, today the average benefit is around $1,000. I want to add an average of $607 monthly to that by using your portion of the revenue from the sale of your names and personal data by junk mailers, to provide you a supplement to your Social Security and/or pension. To do this, congress must pass federal legislation that gives consumers control over their names and private information. If you think this is a good idea, let your congressional representatives know. Senate; House of Representatives.


In a hearing back in March of this year Democratic Senator DianneFeinstein of California resurrected her lackluster four-year-old data breach bill, the Notification of Risk to Personal Data Act. The only Senators in attendance were her and Jon Kyl of Arizona, a Republican. Kyl left after 30 minutes. According to an article, with Feinstein’s bill, people would be notified of a breach only if the company doing the breaching thinks there is “significant” risk of harm. Useless, considering the methods data brokers have used in the past to circumvent this responsibility. There has also been talk, and some congressional action, for a Privacy and Civil Liberties Oversight Board as an independent agency under the Executive Branch. Yeah. That’s something we would want Bush in charge of. Junk mail industry publication, DM News, reports that Susan Collins of Maine just introduced a bipartisan amendment, protecting sealed mail from being searched. Pathetic since federal law and the Constitution give us this protection already, but Collins, a Republican, wanted to blind-side Bush because of one of his signing statements over whether or not he would abide by these given rights. And the Real ID Act is till taking flak. Maine and Idaho are refusing to participate, and other states are joining the revolt. So what’s the answer? Federal legislation that will give consumers control over their names and personal data, and compensate them when it is sold. Join my grass-roots movement and contact your local TV, radio and newspapers and let them know how you feel about this issue.


Most of us were taught to trust our parents from birth, and this kind of rubbed off in later years to other people and things like friends, business, the government, etc. And then along came the Bush/Cheney administration with their blatant lies and deceptions that suddenly pointed out the fact that this had been going on for years, but only more subdued in the past. And, without the enthusiasm and frankness of the blogging world. This is all leading up to the fact that, based on a recent article on ZD, and a study by Javelin Strategy & Research, 77% of the public says it will stop shopping at merchants that breach personal data. This came in the wake of TJ Maxx’s announcement that 45.7 million accounts were compromised over a period of two years. On MSNBC in a piece by Mark Jewell, someone had “free rein” over TJX companies’ (TJ Maxx parent) computers for at least 17 months. You can rest assured they weren’t in there just hacking for pleasure. It is hard to fathom, considering all the media attention to ID theft in the last two years, how a company could allow this to happen. But it clearly illustrates once again how business is simply not willing to take the necessary steps to protect consumers’ private information. This one is so big—actually the largest to date we are aware of—the secret service is involved, and TJX hired IBM and General Dynamics to investigate the breach. However, we know the fickle behavior of the American public. This is what you say today, but will you actually do it tomorrow? It’s decision time on who controls your sensitive data, and you are the only one who can make the right decision.

Thursday, April 19, 2007


I’ve never done this before, but a recent comment I received deserves…no, demands, mentioning. It came from Christi, located out there in the anonymous land of those who believe we should do something now about controlling our names and personal data. She said what I’m doing is “wonderful,” and I have to tell you that busted a few buttons, and gave me the encouragement one needs to plow ahead in this kind of activism. Christi thinks we should all educate ourselves about the dilemmas facing us today, and that more people should share their experiences in areas that could help others cope with certain situations. I agree whole heartedly, and firmly believe that the education of consumers in the issue of ID theft and the factors evolving from this fraud is the only way to bring it to a halt. So, thanks Christi, and keep spreading the word. Your obvious dedication to this concept certainly qualifies you to start your own blog, and I would welcome the opportunity to assist you in your endeavors. If you’re interested, just e-mail me at

It’s too late for this year, but at least you can be on the lookout when filing your 2007 taxes. The crooks have, of course, come up with a way to break even the security of the Internal Revenue Service. Newsweek magazine reports on MSNBC that the IRS discovered the latest scam; one that rivals the phishing tactics that have been prevalent recently. The feds have a program available through the IRS Web site where individuals can prepare and file their taxes free through 19 pre-approved private-sector companies. The phishing comes in where the bad guys pose as one of these companies, and when you enter and provide your info for the return, the crooks simply change your bank account number to theirs, and collect your refund. They don’t know how many incidents have occurred yet, not how much money was lost, but you can bet that this will be headlines in the coming months. Caution: ALWAYS backtrack to the official source when you are giving out sensitive data. NEVER use a Web site that portends to represent someone like a bank or the IRS unless you check them out on the organization’s legitimate site.


And then there’s the scenario where the ID thieves highjack your identity, filing an online tax return in your name to receive refund anticipation loans (RAL). The latter is given by some lending institutions when you can prove you are due a refund. MSNBC carried a piece on this, demonstrating how easy it is by using an extremely qualified source: Evangelos Soukas, who is in a California prison for several ID theft scams. Soukas even says he would file some returns that showed he owed money, but by returning to the site and changing numbers, come up with the refund. Yoki Echols of Ft. Worth, Texas was part of the 18 percent of the 45,000 2006 fraudulent returns that was due to identity theft. The culprit also received a RAL loan, and this time a tax preparer processed the return, but was no where to be found when the fraud was discovered. That was when Echols was contacted by the IRS telling her that her tax return was going through a “more thorough review,” and she told them she hadn’t even filed her taxes yet. The Santa Barbara bank providing the loan wanted their money back, and Echols is still trying to convince them and the IRS of the mistake. The Treasury Department admits that ID theft is a “growing problem” in tax refund fraud. Because it is so universal in its ease of success, the identity theft crooks will continue to find new avenues to use this means of destroying American households.


Where are the protesters? You’re willing to protest over the war or the environment, but you do nothing when your personal data is being used inappropriately, even illegally. Haven’t you heard of the identity crisis? Almost $50 billion lost to ID theft in 2006. By the time you get to college, you should have discovered all that private stuff you gave to the MySpaces, Friendsters, or other social networking Web sites, had its drawbacks. Like exposing your personal life. Now, when it comes to outing your Social Security number, birth date and other financial data, it seems to me you should have learned enough to know where to draw the line. Get out there today and tell your college or university administration officials that you demand they insure the security of your sensitive data in the National Student Loan Data System. It is a database of 60 million student records maintained by the U.S. Department of Education. The Washington Post has disclosed improper searches in this database by companies surfing the data purely for marketing information. With the bungling record for protecting citizens’ data by federal agencies—the VA lost 26.5 million veterans’ personal data—and the educational systems’ record of being one of the largest entities to breach the information of its students, faculty and staff, you should already be irate enough to take action. You’re young, and on the way to a great life and career of your choice. Don’t start both by digging out of an identity theft situation that could cost you significant time and money.


The nation’s super spy, Mike McConnell, Director of National Intelligence, wants even more surveillance capabilities to pry into the lives of American citizens. While cloaked in the fast becoming tiresome grounds that it will help find more spies and terrorists, McConnell now wants to plant listening devices, install hidden cameras, and search luggage and break into homes to copy hard drives. Orwell has been in perpetual turnover in his grave during the Bush/Cheney administration. Here’s what McConnell wants:

• Power to monitor foreigners without seeking FISA court approval, including tapping e-mails in the United States.
• Clarify (meaning lower) standards the FBI and NSA use to get court orders for personal information.
• Triple the life span of a FISA warrant for U.S. citizens from 120 days to one year.
• Provide immunity to telecommunications companies in civil liability for cooperating with Bush’s terrorist program
• Extend from 72 hours to one week the surveillance time to spy on suspects without a court order.

The ACLU says Congress should be very leery of giving this administration any more power to spy on “…its own citizens,” in an MSNBC article. Kate Martin of the Center for National Security Studies says these changes will have “…basically done away with the protections of FISA.” It’s all coming to a head, and, meanwhile, a lackluster Democratic Congress just stands by and lets it all happen. Here’s where I get to use one of my favorite words: PATHETIC!

Wednesday, April 11, 2007

For two years now I have been posting on the importance of consumers gaining control over their names and personal data. Unfortunately for the American public, either business or government gives me more ammunition for this on almost a daily basis. The latest is the Transportation Security Administration’s (TSA) “Secure Flight” computerized passenger prescreening system, set to go into effect by the fall of 2008. As reported in, before the 9/11 terrorist attacks, the list of terrorists banned from traveling totaled 16. By March 2003, after indiscriminate dumping of information by government agencies, it had risen to 75,000. Evolving from a failed CAPPS II project, the Secure Flight list has mysteriously progressed to 325,000 names in 2006. Either the keepers of the “list’ were completely asleep at the switch prior to 9/11—suggesting an intelligence incompetence that has been constant throughout the Bush administration—or the proliferation of terrorists in the U.S. is outpacing the world population explosion. Here’s an example of what to expect. Some antiquated algorithm by the name of Soundex is being used to identify names similar to, say, Osama bin Laden, using certain letters of the last name. Laden gets a code of L350, also given to the name Lydon, which would potentially prevent Sex Pistols’ Johnny (Lydon) Rotten from entering the U.S. Whether or not you are a Sex Pistols fan, just put yourself in this position, wondering if your last name carries the same code as a terrorist in an error-prone technology that continues to be used because the feds don’t have the acuity to come up with anything better.


It’s like you’re in the jungle with predators on all sides trying to take you down. That’s what has happened in the identity crisis since the bad guys have discovered the value of sensitive data. Now they can have their surgical operation on you, and possibly kill you in the process. By stealing your medical information from a health care provider, the crook could go in for an appendectomy, and say you went to the emergency room soon thereafter and get the crook’s blood type. If that doesn’t do it, you receive a medication, compliments of the bad guy, to which you are highly allergic. And the possibilities go on and on. Incidents similar to this have happened, according to an MSNBC article, “More doctors, insurers asking, ‘Who are you?’” by NBC’s Anne Thompson. In fact, the World Privacy forum reports that the number of Americans who are victims of medical identity theft has tripled in just four years. You can check your state’s laws and how to get a copy of your medical records at the Georgetown University’s Center on Medical Rights and Privacy site, and I suggest you visit it soon to familiarize yourself with your rights. Unfortunately, HIPAA, the federal Health Insurance Portability and Accountability Act of 1996 only gets you in the front door of the problem. Even if you find an error, HIPAA doesn’t require them to remove incorrect information. The act also offers little help in disputes. The MSNBC piece also confirms my theory that organized crime is well infiltrated in the identity crisis, thus, proving the organizational level to which this issue has risen. I’ve said it many times in earlier posts: one of the largest depositories of personal data resides in the offices of doctors and hospitals throughout the country. And from what I’ve witnessed, the security level is far from adequate.


A company by the name of Mintel Comperemedia has just released a report that showed “substantial” growth in 2006 over 2005 in credit card and insurance mailings. Just what we need… billions of pieces of mail going out with enough information to allow ID thieves to steal our identity and bank account. The article in junk mail industry publication, DM News, appears to be boasting of this 6 percent increase. However, I know that the majority of you do not shred these mailings, and just tear them up, sometimes only tearing the info page in half. If you do, you might want to look at how easy it is for the crooks to reassemble the pieces in’s “The Torn Up Credit Card Application.” I realize this is something you should know, but statistics prove that the general population refuses to take the time to securely destroy these mailings. For credit cards alone, more than 9.2 billion pieces of junk mail were sent to U.S. consumers in 2006. Top mailer was Chase, followed by Capital One, American Express, Citibank, and Bank of America. At least two of these companies have been involved in breaches of customers’ personal data in the past. The DM News article fails to address the fact that this colossal number of unsolicited, potentially way of life-threatening pieces of mail could literally wipe out the good credit records of hundreds, maybe thousands of American households. The word to focus on here is “unsolicited.” We didn’t want it, but they crammed it down our throats, so who should pay for the damages? Since the Banks mailing the solicitations refuse to accept any responsibility, it is time to seriously consider giving consumers control over their names and private information. Join my grass-roots effort and let me hear what you think.


Starting with a lost disk in Georgia with the names, birth dates and Social Security numbers of 2.9 million Medicaid and children’s health care recipients that was lost in shipment by a private vendor by the name of Affiliated Computer Services, the march to disaster goes on. MSNBC reported the incident, which is yet another example of incompetent third party handling of your sensitive data. And then a couple of laptops were stolen in Chicago; again names and Social Security numbers, but no addresses. ZD Net’s April 9, article says they might know who it was, and a reward of $10,000 has been offered for information. By the way, just because it was name and SS# only doesn’t mean the crooks can’t match that to the appropriate data to complete the identity theft. So far it isn’t known if the laptops were stolen for the value of the hardware or for the personal information. But the one that worries me the most is at the University of California, San Francisco, where a hacker broke into a server and may have compromised the records of 46,000 faculty, staff and students, including their names, Social Security Numbers, bank account numbers and payroll account information. Read more on I picture some sleazy individual in a small room where his or her computer equipment is the center of attraction, and they are trying to make a quick buck by stealing and selling your sensitive data like the situation portrayed in the recent NBC Dateline shows. If you think we’ve had enough of these breaches, let your congressional representatives know you want control over your name and personal data. House of Representatives; Senate.


One of the largest privacy research firms, Ponemon Institute, just conducted a study that found, “…in spite of compelling evidence that privacy-conscious marketing strategies appeal to consumers and are instrumental in building trust and greater campaign profitability, corporate marketing and privacy organizations often operate at odds with each other.” Simply put, business, including junk mailers and non-junk mailers, thinks your privacy is a pain in the butt either because of costs to implement, or it puts too many barriers between the company and the customer. There’s a good article in the junk mail industry publication, DM News, by George Giordane, that is directed to junk mailers, but also reveals the many negatives in the study toward consumers. Like the figure that 70 percent or respondents feel privacy compliance “…adds unnecessary cost to a marketing program.” And the fact that a paltry 13 percent work with their privacy department in the marketing of their products or services. His headline, “Use privacy to build customer trust, loyalty,” should be turned around to read: “Who can we (the consumer) trust? You can see the complete study by “Googling” the subject: “What Marketing Professionals Think About the Value of Privacy to Consumers.” In the links you’ll also find a summary of the study by Ponemon. I can’t say it’s thrilling reading, but it should be required for anyone who thinks the business world is protecting their sensitive data.

Thursday, April 05, 2007


The TJX Companies, which includes TJ Maxx, Marshall’s, and other retailers, has now admitted that information from over 45.7 million credit and debit cards was stolen, not the “limited number” and “relatively small number” reported earlier by the company. Read more on MSNBC. And that’s not all. Another 455,000 customers returning merchandise without receipts had their personal data including driver’s licenses stolen. What scares me most about this is the utter confusion over this incident from the beginning. The company not knowing what was stolen and when it was taken. Why it took them almost four years to discover that a hacker had breached their system. Why transaction data was being kept after the fact, and what was the accountability of Fifth Third Bank, TJX Companies credit card processor. A similar incident was the 40 million credit card number breach at CardSystems Solutions, Inc. in Tucson, Arizona. Unfortunately, now we have a new winner. Because business won’t self-police itself in these matters, it is obvious the consumer must be given the right to control their name and personal data.


Radio Shack is being sued by the Texas Attorney General for “…exposing customers to possible identity theft after records that included Social Security and bank account numbers were found in garbage containers behind the store.” according to an article in the Waco Tribune. An honest “dumpster diver” reported the incident, which is pure luck since in most cases the diver is specifically looking for this information to sell on the open market. It is beyond me how an organization as big as RadioShack would not have a policy in place that requires all personal data be shredded, overseen by store management. Bad enough that TJ Maxx loses it to a hacker, but brazenly putting it out for the bad guys to take at will is unconscionable. RS has always coveted customer’s private information. Years ago in California, when trying to purchase an electronic product, the clerk wanted me to fill out a form with facts about my household, in addition to the credit card data. He even said it was necessary for the purchase. I grabbed the credit card slip and walked out of the store.


In the last couple of weeks, NBC’s Dateline show put on the best performance of “To Catch an ID Thief” I have seen. If you missed them (March 27 and April 3), the two reports are available online at MSNBC: Report 1; Report 2. Chris Hansen, NBC reporter, along with Dan Clements, president of “Card Cops,” an Internet security company, and one of the most prolific legitimate hackers you’ll ever run into, started with a search in chatrooms where criminals go to buy your personal information. You’ve heard how easy this data is to find, but I was shocked to see Social security numbers that normally go for around $60, selling for just $5. That’s what competition does for the marketplace. In another virtual online scenario, Clements, in the same chatrooms, offered stolen credit card number accounts for sale that NBC had created for the show in cooperation with a major credit card issuer. First hit in 12 seconds; another buy in 26 seconds. And then starts the fraudulent use of the cards, and to make a long story short, it took less than 13 minutes to max out the $1,000 limit. I urge you to read the reports which are actual scripts of the shows. If you can walk away from that without demanding control over your name and personal data, then the “Apathetics” have truly taken over this country.


If enough states pass laws governing the protection of our sensitive data, maybe the junk mail lobby will swoop down on Congress to standardize federal legislation for this issue. The feds are toying with several bills from Diane Feinstein in California to Patrick Leahy of Vermont. They all stink for one reason: They do not give control of your name and personal data to you, the individual. Do they think we are idiots, unable to handle this responsibility? Or are they—and by “they” I mean Congress—afraid that with control, most consumers will begin to demand the civil liberties that go with this important right? had a good article on the state approach in March, focusing on California. Two bills have come out of that state; one, SB 1386, the California Data Protection Act, enacted in September of 2000, which exposed the ChoicePoint data breach. The second, SB 27, which keeps most data brokers honest by allowing state residents to demand to see the data in their personal records. Unfortunately, neither address the main issue which is where should the control over sensitive data reside. A bevy of states have passed data protection bills recently, and quite a few others have legislation pending. However, nothing even comparable to California’s, must less giving consumers the control. I will guarantee you though that when congress gets enough lobbyist calls, they will pass a bill. It is up to each of you to see that is the right law. Contact your Senator; Representative.


In the last part of this series on the apathy that exists in today’s population over the identity crisis, Uncle Sam is the focus. You remember the NSA spying, the accessing of Americans’ financial information, and the recent discovery that the FBI has issued more national security letters to see your personal data than what anyone thought possible. The total was 140,000 between 2003 and 2005. That’s right. Looking at your sensitive data without subpoena or showing probable cause. Just…let me see it because GWB wants me to look at it. The feds have also done some warrantless wiretapping so you get the idea; we’re not safe anywhere from Big Brother. But it’s all done in the name of protecting us from terrorism, so it must be OK. Are you aware that the amount of useful information gleaned from all this undercover intrigue is close to negligible? According to Matt Helton’s study, we are bombarded with propaganda over why all this surveillance is necessary in justification of the actions taken by the Bush administration. On the other hand, terrorists are very concerned over their privacy, thus, encrypting most of their information. Something even the largest data brokers in the U.S. refuse to do because of the cost. Where is the logic in all this? You tell me.