Search This Blog

Wednesday, May 30, 2007


P.T. Barnum, the circus mogul, said it: “There’s a sucker born every minute.” He died in 1891, and could not have envisioned how this trait would blossom and be exploited in future generations. Last week in my “Junk Mailers Make It Easy to Bilk the Elderly” post, I refuted a statement by a junk mail company spokesman that “they,” the industry, does not characterize some of its customers as gullible. From my experience as a list broker, one particular category of lists, “Opportunity Seekers,” was referred to, even promoted, as “the gullibles.” An InfoUSA list subsidiary, Walter Karl, was reported in a New York Times article as the seller of names of scores of elderly Americans to “known lawbreakers.” The Iowa Attorney General hauled Walter Karl in to explain its actions, and parent InfoUSA says in a recent press release that the meetings with the AG were ultimately to their “apparent” satisfaction, and that we (Walter Karl) “appear” to have cooperated. According to government investigators, major banks have made it possible for the crooks to access victims’ accounts, citing Wachovia Bank, along with InfoUSA, as continuing to work with the bad guys even after being warned they were “aiding continuing crimes.” Folks, there are still unsuspecting people out there that think private business always deals honestly with its customers. And even others are so busy that they overlook the danger signals that often end up as problems. We all need to be protected against what has become the international movement to abuse the public’s sensitive data. This can only be accomplished by giving consumers control over their names and private information.


When we head for the great beyond, the last thing on our mind is, will they steal my identity. Unfortunately, this last event in our lives is prime opportunity for the ID thieves. For those of us who leave behind a good credit record, we are top prospects for the crooks. I did a post on this several months ago, using the Social Security and Direct Marketing Assn. lists as examples of more in a series of databases where our private information could be vulnerable…even after we’ve passed on. At the same time, I cautioned those of you experiencing this kind of loss that although this is a time for bereavement, don’t forget to keep watch on the personal data of the deceased. MSNBC did a piece on the subject recently where numerous credit cards were fraudulently obtained; even a new car had been purchased. The pathway is from obituary to purchase of the deceased Social Security number, and the bad guys are on their way. The article states that 100 car loans amounting to $1.5 million have been acquired in this manner. It also gives three common-sense ways for prevention: 1) No details such as exact birth date, address in the obit; 2) Notify Social Security immediately; 3) Notify all three credit bureaus (listed in the article) with a copy of the death certificate. Surviving family members aren’t likely to be held responsible for these debts, but the time and money involved in straightening it out could be considerable. The Identity Theft Resource Center did a Fact Sheet May 1, 2007, with some excellent points on how to handle this kind of situation.


Whether you agree with Cindy Sheehan or not, there is one conclusion that we can draw from the results of her fight with this administration on the Iraq War. When the going gets tough, your supporters suddenly become your enemies in a last-ditch effort to cover their bottoms. That is exactly what happened when the Democrats “…caved in to George Bush.” a quote from Sheehan in the MSNBC article, “Sheehan resigns as war protest leader.” When she thought she had the backing of the liberal left for her grassroots movement to stop the war, they turned on her using the same insults as the GOP Right. Any way you look at it, this Democratic Congress did in fact “cut and run,” and leave a courageous woman swinging in the breeze. I was against the war, but whether you are or aren’t, we need to be able to trust that the party elected to power carry out the will of the people who elected them, particularly when the line is so clearly drawn in an issue. This is the reason I feel so strongly about an Independent Party that will once again represent its constituents, and fight to preserve their civil rights, making the individual’s right to privacy a major plank in the party platform. If you think about it, everything you do somehow impacts on your predilection to feel secure in your personal environment, without intrusions from either government or private business. Howard Fineman’s piece from the June 4, Newsweek on Independents currently in the running features New York’s Mayor Bloomberg and Senator Chuck Hagel from Nebraska, both Republicans. Nice start, but we need to keep looking for the right candidates.


DM News started up several years ago when I was flying high as a list broker selling your names and personal data, and making a lot of money. It quickly took over as the “must read” publication, if you wanted the straight scoop and inside story. They have pretty much lived up to that reputation, and a recent article by Mickey Alam Khan, “The direct marketing industry needs to act – now,” follows the pattern of giving readers both sides of the picture. The “picture” here is that the junk mail business has failed pitifully to police itself, and face up to the fact that the only solution is to give consumers control over their sensitive data. Khan mentions the May 20, article in the New York Times about InfoUSA list subsidiary, Walter Karl, and how some elderly Americans lost money to illicit telemarketers who bought their data from WK (covered above), as the latest incident. And then the New York Times reports how Presidential candidate, Barack Obama singled out InfoUSA as “deserving scrutiny.” Have we finally gotten the attention of someone who could do something about the identity crisis? I wrote Obama with my ideas on individual control, and received the normal “canned” answers. If I hear anything substantive, I’ll let you know. In the meantime, Stormy Dean, InfoUSA’s CFO, says if the company was breaking any laws the Federal Trade commission would be investigating them. Looks like they spoke too soon, as the FTC said recently it might open an investigation of InfoUSA.


Why would George W. Bush—and his arrogant “?second?” in command—go to war in Iraq with the warnings detailed by intelligence agencies months before the invasion took place? (See Washington Post story) The admonitions were vivid in descriptions of reprisals by al-Qaeda and other insurgents, notice that Iran would assert its regional influence, and generally piss off Muslims around the world to the point of action. And, of course, it all happened, as if it had been scripted in Hollywood. I may get a visit soon from the FBI or Secret Service for my opinions, but I honestly think the Bush/Cheney team is trying to fulfill the prophesy of George Orwell’s Big Brother in 1984 before the end of this administration. Not necessarily in the purest form visualized by Orwell, rather a movement to rule the world and control the production of oil. It didn’t start with GWB, or his father; the trend began when the petroleum industry wrested from the coal industry the number one spot as energy provider. But America’s imperial ambitions are well spelled out in Noam Chomsky’s book, Hegemony or Survival: America’s Quest for Global Dominance. Take my advice and read it. Here’s a quote: “Within establishment circles, there has been considerable concern that ‘America’s imperial ambition’ is a serious threat even to its own population. Their alarm reached new heights as the Bush administration declared itself to be a ‘revisionist state’ that intends to rule the world permanently, becoming, some felt, ‘a menace to itself and to mankind’ under the leadership of ‘radical nationalists’ aiming for ‘unilateral world domination through absolute military superiority.’” In his notes substantiating this material, Chomsky refers us to John Ikenberry, Foreign Affairs, Sept./Oct. 2002, and Anatol Lieven, London Review of Books, October 3, 2002. In another article from MRZine, the Campaign Against sanctions and Military Intervention in Iran (CASMII), criticizes the UK newspaper the Guardian for republishing unconfirmed Bush administration propaganda that could be used to justify escalation of the Iraq military surge, and even later military action against Iran. I guess this answers my original question.

Wednesday, May 23, 2007


I have been advocating an Independent Party since early 2006, and registered as an Independent for the 2006 election. The reason for this is to return to the core values of this country and its Constitution, and to give back to the voters their individual rights. One of those rights is the privilege to expect that their privacy is protected from intrusions by government and private business. See earlier posts on this subject: 3/2/06 and 3/9/06. And now a well respected journalist from Newsweek magazine, Howard Fineman, has written an article, “The year of the Third Force.” He talks of the “festering dissatisfaction” among the electorate, which could lead to a problem for the Dems and the GOP in 2008. If you’re mad as hell and won’t take it anymore, let it be known by taking up the gauntlet for the Independent of your choice. Personally, I would like to see a new political party built around the privacy issue, particularly the rights of voters to control their names and personal data. If this is too narrow for you, let’s all get together and build our own Independent Party based on taking back our individual rights. Let me hear your comments.


The New York Times has done an excellent piece on how the junk mail industry makes it easy for the scam artists to steal from our senior population. Charles Duhigg’s article tells of the sale of a list by InfoUSA, a large compiler of names with several list broker subsidiaries, to “known lawbreakers,” according to regulators. A 92-year-old man from Iowa by the name of Richard Guthrie was the victim, and his family says he lost over $100,000. InfoUSA lists included such titles as, 3.3 million “Elderly Opportunity Seekers;” and “Suffering Seniors,” 4.7 million people with cancer or Alzheimer’s disease. One of the list descriptions even stated: “These people are gullible. They want to believe that their luck can change.” That’s like telling the crooks to come take their money. But rather than taking responsibility for the incident, InfoUSA has maintained through two junk mail publications, Direct and DMNews, they don’t characterize these people as “gullible.” To which I say, bull----! In the 35 years I spent selling names and personal data, opportunity seeker lists were constantly touted as “the gullibles.” They worked on junk mail offers from “How to make a million,” to auto insurance. It seems like this profile has a tendency to be a more determined junk mail buyer than other groups. Unfortunately, Richard Guthrie was lonesome—his wife had died nine years earlier—and he welcomed the supposed friendship of the telemarketers that stole his money. He even remarked after it was all over that he really enjoyed the calls. More on this next week, including Wachovia Bank’s part in the incident, and a look at the over nine-hundred “Opportunity Seeker” lists on the market.


In a recent data breach at the University of Missouri, the hacker was in China or Australia, but was able to steal the Social Security numbers of more than 22,000 current or former students. This was the second attack this year, and proves the fact that technology has given the bad guys all the tools they need to cop your identity from anywhere in the world. According to an MSNBC article, the hacker acquired the information from a temporary or “floating database” that was compiled for a report, but not removed from the computer system after being used. The SS#’s were probably on the black market within the hour. Which brings us to the latest flash on the TJ Maxx data theft of over 45 million personal records that were hijacked and sold to fraudsters. InformationWeek quotes from a Wall Street Journal report that the incident was the result of “wardriving,” which is simply the cyber thieves driving around a mall in a car with a laptop, a telescope antenna and a wireless LAN adapter. They pointed the equipment toward a vulnerable TJ Maxx store which allowed them to penetrate the parent company TJX’s system, and haul off 45.7 million credit card and debit card numbers. did a piece on what this costs companies like TJ Maxx, and at a projected rate of $305 per record lost, the total cost is a staggering $13.9 billion. And considering the $10 million fine levied against ChoicePoint by the FTC, could they hit TJX with something like $100 million? Still, they don’t seem to have lost customers, and the stock price remains steady. The “Apathetics” prevail.


The immigration issue has given Big Brother Bush another chance to spy on American citizens, with the justification that this Employment Eligibility Verification System (EEVS), as it is being labeled, will identity the employment of illegal immigrants. Agreed, something must be done about the “illegals” situation, but putting the current political version of the “Keystone Kops” in charge is the wrong answer. ZD Net’s account of this new undertaking backed by the Bush administration and many members of Congress, says that anyone who fails the database check would be fired. The data, which includes Social Security numbers, is shared with Homeland Security with no privacy protection to delete the information once authorization is given or denied. One more “floating database” under the control of an incompetent government that has lost millions of individual personal records. But that’s not all. The EEVS will no doubt turn to private business again for some of its data, where companies like ChoicePoint and Acxiom will play an important part. As I have disclosed repeatedly in past posts, the former has a reported error rate in its data of 73 percent, the latter 67 percent. The feds will probably also look at credit bureau reports which boast overall error rates of 79 percent, 25 percent serious enough to deny credit. The answer is not to throw more bad data into the system, but rather to give individuals control over their names and private information with a national system of recognition that can accurately identity each American citizen, while at the same time providing full protection of their privacy.


If you think you’ve received a phishing e-mail, or you just want to stay abreast of what’s going on in the world of fraudulent cyberspace, there’s a site that meets this need. has all the information in a compact format for look-up that expands to give you specifics on each incident. Non-members can get events of the last 48 hours, but you can sign up for $24.95 a year for full membership benefits. As a non-member, I have checked the site regularly to report on phishing scams, and recently made use of their Search Box to look up a Western Union e-mail I received that was obviously a scam. There were 31 hits, which tells me the “scamsters” are active in this company’s name. According to Phish Tank, a collaborative clearinghouse for data and information about phishing on the Internet, the U.S. is top host to phishing sites with 24 percent, South Korea second at 14 percent, followed by India, 8 percent. Like identity theft, phishing is also global, but localized. Microsoft has a good site, “Recognizing phishing scams and fraudulent e-mails,” that walks you through the process of avoiding this kind of deception. With all the hullabaloo over this issue, you’d think most people would approach suspicious e-mails with caution, but every day there are new victims. Folks, responsibility for your sensitive data starts at home, and it’s time we took this to heart because it’s only going to get worse.

Thursday, May 17, 2007


My wife just received an offer from American Express for ID theft insurance in conjunction with her credit card. The cost is $71.40 yearly, and the protection coverage goes “up to” $15,000. This includes “up to” $5,000 for attorney fees, “up to” $2,000 for lost wages, and “up to” $2,500 reimbursement of fraudulent withdrawals. What they don’t explain is what constitutes the “up to.” Amex is there to help, after a $100 deductible for each occurrence, except in the case of an act of war (does that include 9/11 or Iraq?), or in the case of a criminal act by you or your authorized representative (does that involve family members who steal your identity which accounts for 50% of the cases?). Many people rush to judgment based on the trust of a famous company name or because the offer comes from their homeowner insurance company. If you Google “identity theft insurance,” you get 5.4 million hits. Some are articles, but many are offers for this new fad I like to compare with cancer insurance, which is simply a scare tactic for the uninformed. Chuck Jaffe of does an article, “Stupid Investment of the Week” regularly in which he covered ID theft insurance in December 2006. The title speaks for itself. Jaffee says the typical policy costs between $25 and $100, but the problem is the coverage. In the worst case scenario, identity theft insurance isn’t going to reverse a ruined credit record. It’s simply a crutch that would be rendered unnecessary if the average consumer would take the necessary steps to protect their personal data. It would be a slam dunk if you had control over your name and private information.


Global Knowledge is another company in the information technology field that assists large companies in turning knowledge into productivity. They have published an excellent reference guide, “Ten Ways Hackers Breach Security” that you can download in PDF format. Although designed for corporations, by reading only seven pages, you can get ahead of the bad guys and maybe prevent a personal ID theft incident. James Michael Steward of Global Knowledge gives three steps to reduce the threat of a breach. One, understand your vulnerabilities; two, analyze potential problems and determine what to do about them; three, do something to correct weaknesses. If you don’t, this is how the hackers could make life miserable. I have chosen those most applicable to an individual situation. Stealing your passwords. To avoid this, don’t use the same one in multiple accounts, don’t write them down, and change often. Trojan Horses. Delivered by an e-mail as an attachment, or in a Web site download, or placed on removable media, your best protection is reliable, anti-virus software, and always know what you are accessing. Phishing attacks. If you receive a look-alike business e-mail directing you to what is probably a rogue link, first check with the company by telephone before giving out personal information. Hackers do homework too. If they want to break into your system, they can find enough public data online to finish the job. Maintaining a good firewall is the best security for this. The crooks are patient. Keep your guard up at all times, just like you would if walking to your car in a dark and deserted parking lot. It’s the individual, stupid. If it’s your computer, only you can do something dumb that will compromise your security system. Don’t. Because Global Knowledge makes their living selling this kind of advice to big business, we would be advised to pay attention, even if we’ve heard it before.


The Transportation Security Administration (TSA) just reported 100,000 employee records including Social Security numbers, bank data and payroll information missing from a controlled area. It was on a hard drive at TSA headquarters, and the agency doesn’t even know if it was stolen, or still somewhere within the premises, according to an article on MSNBC. TSA is a division of the Homeland Security Department, and is responsible for the security of our transportation systems. The question you should all be asking is, just how far down the line does the incompetence go? I’m getting on a plane with my wife in the near future, and this doesn’t give me a warm feeling about our safety. But this same band has been playing the same tune since the ChoicePoint incident of February, 2005, and it does not look like there’s any chance of the music stopping. Since last checking the Privacy Rights Clearinghouse Chronology of Data Breaches on April 12, there have been 17 new breaches with the loss of 242,264 personal records. Some of the newest breachers are companies you’ve heard of, like Caterpillar, Google Ads, Neiman Marcus, Albertsons and the Dept. of U.S. Agriculture. There were also a number of educational institutions losing sensitive data. Like a broken record, the only way to stop this is for consumers to take control over their names and private information, and at the same time you should be compensated when it is sold. Let Congress know what you think: House of Representatives; Senate.


With over 40 percent of the search engine market, Google wants to expand its services into displaying your public records online. They’ve “partnered” with four states: Arizona , California, Utah and Virginia, as reported in a piece. Privacy advocates are worried because in some cases, personal data is stored with the public records and would be revealed in an Internet search. You can get a lot of this information now, but in most cases you have to pay for it. With Google’s move, it’s out there for anyone to claim. In a situation not connected to Google, a Phoenix television station, KPHO-TV, did an investigative report on Arizona’s release of this data. They learned that the home address, phone number, birth date, and even Social Security number of the subject of the investigation were made available online by the Maricopa County, Arizona Recorders Office. In a quasi-sting operation, KPHO had him request that it be removed right away. Since this was a restitution lien—he owed the county $1,200 for a decade-old court charge—the clerk refused. Not so said the Chief Deputy Recorder to KPHO-TV, and the private information was deleted. The question arises: how many victims can get their local television station to go to bat for them? Also, Maricopa County says it will now take up to six months to eliminate two decades worth of documents. For the Google connection, I’m following up with Arizona’s chief information officer to find out exactly what records are being made available, which I will post later. So good luck if you live in Arizona…and I do.


If we all had the ability to stand back and look at the comprehensive state of the identity crisis, what we would observe would be a condition in this country whereby private business and government are sucking the personal data out of our lives. Dramatic? Yes, for effect. It would be impossible for me to count the times each day your private information is uprooted from a number of computers somewhere here in this country and overseas, and either moved to another location or massaged for data mining. Based on my experience as a junk mail data broker, it numbers in the hundreds or thousands. It may not be your name they’re after, but you are housed in a database with millions of other names, along with their sensitive data, and to reach John Smith they have to bump up against you and me and several million others. You say, so what? Well, the answer is that each time the bump occurs, there’s the chance your personal data could be lost or stolen. And with the recent incompetence we have witnessed in both business and government’s handling of our private information, there’s plenty of reason to worry. Most of us have enough to deal with living our every day lives, but your identity is your life and it is being threatened on a daily basis. Individual control is the answer, but it won’t happen unless you want it to.

Wednesday, May 09, 2007


From time to time I cover junk mail mailing lists that deserve attention based on their ability to pry into your private life. From my background as a former data broker, I know just how intrusive these lists can be and their potential danger to your identity. The latest is one called “Net Blue,” a compilation of almost 24 million names, with 75,000 new names added daily. (Click here for more info) The names are collected from over fifty Web sites that Net Blue either controls or has an arrangement with. Here’s what they know about you. Of course your name and address, but also e-mail address, birth date, gender and your telephone and cell phone numbers. They also know your lifestyles, and surfing habits. This personal data comes from over 2 million surveys consumers complete each month, giving it up private information as readily as if you were passing out cigars for a new baby. If you are one of those that does this regularly, or even infrequently, take into consideration that all the ID thieves need to get started is your name, address, and date of birth. Bingo. It’s relatively easy to get the rest of your life history. I tried contacting Net Blue headquarters asking about their collection of this sensitive data, but after a month, no reply. If you have filled out one of these surveys and have experienced problems, please let me know about it at:


When is the last time you rented a car or refinanced your mortgage? Chances are your name was checked against a government hit list to make sure you aren’t a terrorist or drug trafficker. If denied services, your name may have been similar to one on the list. This archive of supposed bad guys has been around for years but after 9/11, Bush decided to expand its use in “unforeseen ways,” according to an article in the Washington Post. They’re called “specially designated nationals” and so far at least a dozen cases have been documented where an innocent U.S. customer was denied or delayed in the completion of their transaction. There’s a good reason for over reacting; anyone doing business with a person on the list could be fined up to $10 million and 10 to 30 years in prison. A Maryland lawyer who describes the list as “ridiculous” says the local deli could sell an SDN a sandwich and violate the law. I know something about getting false results in the comparing of names from my experience in the junk mail industry. When you run several lists against each other to eliminate the duplicates, the error rate could be significant because of the similarities. I don’t know what kind of match formula the government list uses but it would be impossible to get certifiable results just comparing names. Some other factor is required to validate the results. There are other mistaken cases that you can read about in the article, but it all comes down to more Big Brother and less civil rights.


Black Box Voting, a non-profit, non-partisan watchdog group says that the government and some vendors of voting products “…can now access your secret ballot.” There are two product lines that make up the process. On the vote tracker side, Vote Here and Populex maintain the election audit and verification technology and a digital paper ballot created on a computer-based touch screen system. For voter data retention, Diebold and Hart Intercivic provide a system of election management services to complete the loop. Each in itself is harmless, but when you mix the tracker companies with the voter retention firms, the ballots hit the fan. According to an article by Black Box Voting, the bar code on the ballot allows the vote counter to create a computer file with the voter information, storing the ballot images in directories. In other words, your voter ID is embedded with the vote you cast. Black Box thinks political appointees are the most at risk, if they should vote against the administration they work for. And all these voter ballot images can be transferred to database formats, where we begin to understand the intent of this whole private business/government collusion. The Patriot Act started the Bush/Cheney spy machine rolling, followed by the NSA prying into the lives of innocent Americans, and now this possibility. You may say I cry Big Brother too often, but these new methods by business and government to snoop into our private lives pop up too regularly to ignore.


Based on a recent report by the Treasury Inspector General for Tax Administration, the IRS has had hundreds of laptops lost or stolen, data has gone unencrypted, and password security is lacking. reports that “…sensitive data for a ‘significant number’ of taxpayers has become available for potential identity theft and other fraudulent schemes.” The breaches occurred between Jan. 2, 2003, and June 13, 2006. Here’s what the report says is causing the incidents: unlocked laptops; laptops left in vehicles’ trunks unattended; left at home when not in use. The advent of the lackadaisical handling of laptops with consumers’ personal data by business and government is completely out of hand, and nobody seems to be doing anything about it. The 60-year old VA analyst that lost 26.5 million veterans’ records in May of 2006—eventually recovered—was fired, but then there was another laptop stolen in August of 2006, and a portable hard drive stolen or missing in February of 2007. The U.S. Transportation Dept. had three laptop thefts in a row, August 9, 15, 25 of 2006. In the private sector, some big names unable to keep up with laptops containing consumers’ private information are Starbucks, Bank of America, J.P. Morgan/Chase Bank, Boeing, Verizon, Aetna Insurance, Equifax (0ne of big three credit bureaus), and Chevron. There are more, both business and government, particular educational institutions where data security is the lowest. During the time period 2003 through 2006, above, the Tax Administration reports that IRS staff were unaware of security requirements, and get this “…somehow did not know that your personal financial information is considered sensitive data. This out-dumbs everything I have ever heard on this issue. And in the end something that may surprise many but not me, the agency hired ChoicePoint, the company that literally introduced us to the ID theft issue with the first reported breach in Feb. 2005, to help manage their public records. As John Stossel would say: Give me a break!


People have been writing bad checks as long as this paper currency has been available. The latest is a con that entices the consumer to trade their good money for bad. There are at least three ways the crooks carry out the scam. One, you get a check from what appears to be a trusted source, like Readers Digest, advising you of a prize, or lottery or cash reward. To win, you must deposit the check and wire back a portion of the funds for fees, taxes, etc. Their check is fake and of course you’re out what you wired. Two is one I can’t believe anyone would fall for…but? You’re selling something on E-Bay and a potential buyer contacts you to buy the item, but wants to send a check with an overage, requesting you send back the difference. Again, their check is bad. Three, the scam artists recruit you as a secret shopper, sending you a check to cash, asking that you wire back most of it except for a small portion for your fee. You guessed it, bogus again. Readers Digest has done a good article on this in the June issue of their magazine, which also gives advice on how to protect yourself. Publishers Clearing House is another big name used by the crooks, as well as Alcoa, Welch’s and Bank of America. According to the National Consumers League (NCL), the average victim is out from $3,000 to $4,000. Folks, they’re coming out of the woodwork.

Thursday, May 03, 2007

If you are still getting those nagging phone calls from telemarketers, you’d probably prefer that your telephone were in a tree in the backyard. If, however, you did sign up for the Federal Trade Commission’s (FTC) Do-Not-Call list in the summer of 2003, you will need to re-register in the summer of 2008 to block those unwanted junk telephone calls. Not sure when you made the application? Go to the FTC Telemarketing Site, click on the “Verify a Registration” on the left, and you are carried through the process with ease, resulting in an e-mail sent to you within minutes noting your date of registration. As does the FTC, I urge you to keep a copy of this to refer to in the future. As of September 30, 2006, more than 132 million telephone numbers had been registered, with 25 million new registrations in 2006. And it works. We signed on in 2003 and the junk calls abruptly ended. There were a couple of violators, but once I reported them to the FTC—also an easy process—they were history. There’s a good article on that provides a lot of information on this issue from both the business perspective, as well as the consumer. It also mentions jurisdictions not covered by the FTC, like banks, common carriers, and certain other businesses, which are controlled by the Federal Communications Commission (FCC). What a phenomenal success—especially considering it is a government project—and it is this same kind of procedure that I have built into my concept of consumers controlling their names and private information, putting you in the driver’s seat again.


I just uncovered some old research on the use of “special interest” areas for marketers to sell their wares. The trend probably originated with affinity credit cards, whereby environmentalists would apply for a credit card co-sponsored by the World Wildlife Fund. Nothing wrong with that, because the charity gets a fee for bringing in the customers. But the idea of using religion to induce people in financial trouble to deal with you is a step in the wrong direction. Since the rise of the Religious Right, predators are running at full-speed to capitalize on naiveté and trust of the individual in need of help. If you Google “Christian debt counselors,” you get almost 1.2 million hits. Some of these organizations are obviously legit, but apparently some are not, according to complaints submitted to Frank, an 80 year old man who didn’t understand what he was getting into, had a problem with Christian Debt Services. Another person combined debts with Christian Debt Consolidation (CDC), and later found out that because of this no mortgage company would refinance a loan. Carol, also working with CDC, signed on to consolidate all her credit card debt paying $832 monthly, and found out CDC had only negotiated with one credit card company. Joseph hired Christian Debt Management (CDM) to settle four credit card debts. His account was transferred to Nationwide Consumer Credit Services, he ended up paying off the CC’s himself, but when he tried to get his $795 deposit and $400 in fees back, all CDC phones had been disconnected. His credit rating also went down. Oh, there’s one more thing. These companies ask for personal data like your Social Security number, date of birth, income, and of course your name, address and telephone number. All the ingredients necessary for identity theft, if falling in the wrong hands.


In Orwell’s prophetic novel, the three ministries of Plenty, Peace and Love were named to confuse the people of his fictional city of Oceania into thinking Big Brother was always working in their behalf. In each case they meant just the opposite, while representing a level of propaganda that we hadn’t seen again until the current Bush administration. In keeping with this, the Federal Trade Commission (FTC) goes on its merry way winning some and bungling others. The Do-Not-Call law, above, is sheer genius, but certainly an anomaly considering it was enacted under a Republican administration. The FTC’s handling of the identity crisis is a complete bust as far as I am concerned, a view also shared by some other privacy advocates. My reasoning is that you cannot repeatedly side with business in consumer issues when you are supposed to be representing the consumer. The issue in point is a recent report from the FTC recommending standards for consumer data. Junk mail industry publication, Direct, reports the FTC “… recommended that standards be established to provide for notification of consumers when a data breach occurs that poses a significant risk of identity theft.” In other words, let the data breacher decide when it is appropriate to confess. ChoicePoint’s February, 2005 loss to data thieves of 163,000 private records would probably never have been reported if not for a new California law. But the agency did expand the number of ID theft victims from the CP breach from 1,500 to 2,900. That is almost 2% of the 163,000. When you apply that percentage to the 154 million sensitive records lost since Feb. 2005, you get over 2.7 million victims. History tells us that if you leave this kind of judgment to business, they will always err on the side of their stockholders; the consumer be damned. And then the article quotes some heavy statistics showing 30 to 48% of consumers shop less online due to fear of financial information being stolen. The FTC’s concern: “Consumers’ fears of becoming identity theft victims may harm our digital economy.” All hail The Ministry of Consumerism.


In an account by ZDNet, “Are businesses getting complacent on security?” Larry Dignan quotes John Pescatore from Gartner Research: “Security has fallen out of the top ten business priorities and complacency may be setting in without big attacks grabbing the headlines.” My personal interpretation: When the breaches go away, business will play. Like I said in the last blog, leaving decisions on these matters to a corporate mentality always favors the needs and bottom line of the company. Chief Information Officers (CIO’s) are more concerned with “improving business processes, controlling costs and retaining customers, according to Pescatore. Bye bye security, hello profits. He also talks of the business world going to the next step in networking, Web 2.0, where security could be threatened by new developments like “mashups.” If you’re not familiar—I wasn’t—the latter term refers to a new breed of Web-based applications created by hackers and programmers where one data source could be combined with another, even multiple locations, into one dynamic entity. So we’re embracing new technology to further improve business interests, while at the same time putting personal data security on the back burner…again. Is there a cycle to all this, and, if so, when does the consumer come out on top?


The Federal Trade Commission (FTC) joined with the Department of Justice (DOJ) to come up with a White House plan to curb ID theft that has little substance and goes nowhere. To start, privacy-rights and consumer groups want much tighter controls to overcome the accelerated advances in technology. Bush’s scheme “…shies away from glaring systemic problems.” say the privacy advocates in an article in The Center for Democracy and Technology (CDT) wants guarantees of a consumer’s right to know the data being collected on them. In contrast, the federal task force does not support consumers’ rights for actions against companies breaching their personal data. Ed Mierzwinski of US Public Interest Research Group (PIRG) criticized the task-force for not targeting loose credit-granting practices. This would include the millions of unsolicited credit car mailings annually, repeatedly discussed in this blog. The piece revisits a sore spot in the ChoicePoint issue. After reporting a breach of 145,000 individual private records in 2005, they signed a five-year contract with the Internal Revenue Service (IRS) to help manage their public records. And the breach didn’t prevent CP from providing the government services under the USA PATRIOT Act. In this plan, the White House is even touting the value of the Real ID Act in standardizing consumer data, but the privacy groups scream Big Brother and the database’s susceptibility to the bad guys. Is there any way to narrow the gap between now and November of 2008?