Search This Blog

Saturday, September 29, 2007


DUMBING DOWN ON PRIVACY


Junk mailers need more honesty in their editorializing. That’s my answer to an editorial in the junk mail industry publication, DM News, with the headline “Consumers need more data knowledge” by Eleanor Trickett, Ed. In Chief. In the first sentence she cites “government laptops stolen,” but fails to mention the breach by junk mail data broker ChoicePoint, which put this whole identity theft issue in motion. She proceeds to talk about how much information consumers are asked to give up for the sake of convenience or a discount, but completely skirts the fact that junk mailers are the ones to blame for this insane drive to find out everything there is to know about every individual in the US. Just once I would like to see these people come right out and say, “This identity crisis is all our fault, and it’s time we did something to stop it.” Yeah. That’ll be the day. Junk mailers are lobbying their way out of federal legislation they don’t want and the consumer is the loser. It’s so obvious by the fact there isn’t one piece of data breach legislation that is close to becoming a law. CNNMoney.com did a recent piece on ChoicePoint’s lobbying expenditures: $500,000 in just the first half of 2007. I figured if CP was doing this, other junk mail data brokers couldn’t be far behind. I was so right. OpenSecrets.org is a great site to find things that business and government would rather you didn’t know. I went to their Lobbying Database and this is what I found on the top data brokers and credit bureaus: Acxiom spent $160,000; Lexis Nexis $40,000, their parent, Reed Elsevier, $3,380,000; Experian $300,000; Equifax $100,000; and TransUnion $80,000. Experian, Equifax and TransUnion are credit bureaus, as well as maintaining huge consumer databases chock full of personal data as well. You have to wonder what all this money buys, but a quick guess would be favorable data breach legislation, or none at all. Phishing just got more sophisticated, and they’re taking on the GOV. The latest uses an IRS front to contact someone offering a tax refund, for which you have to give up private information, of course. According to ZDNet.com, the bad guys send thousands of e-mails that in many cases are hard to differentiate from the real thing. So much so, 8.2 percent of online households have taken the bait losing an estimated $630 million. The Government Accountability Office (GAO) puts the figure at $1 billion annually. Most people hate statistics but you’d better pay attention to these, because they have the potential for significant growth, considering the number of federal agencies that deal with the public. This is a trend, folks, and it isn’t going away. It will only get worse unless you join my grass-roots movement to grant consumers control over their names and personal data, with compensation to the name-holder when it is sold. Let me hear from you!

FOCUS ON PROTECTING YOUR IDENTITY


Control Your Name Alliance, Inc. (CYNA) is a non-profit organization formed for the purpose of achieving individual control over our names and personal data, and compensating the name-holder when it is sold. It is a grassroots movement conducting research and education on this issue to determine the best approach to accomplish these goals. Please support your right to control your sensitive data by making a contribution to CYNA and send your check to Control Your Name Alliance, Inc., at P.O. Box 347, Cave Creek, AZ 85327. Please contact me by e-mail (jack.dundiv@cox.net) with any questions.

Friday, September 28, 2007


SOPHISTICATED HACKERS GO FOR TOP PRIZE…GOVERNMENT SECRETS


Don’t think the consumer is getting a reprieve on identity theft just because the hackers have decided to go after a larger jackpot. I am talking about the recent break-in to Department of Homeland Security (DHS) computers by a Web site in China. It seems that Unisys Corp. was hired by DHS for $1.7 billion to build and secure information technology networks for the Transportation Security Administration (TSA) and DHS headquarters, according to a piece in the Washington Post. Apparently it doesn’t work since for at least three months there were cyber-intrusions into 150 DHS computers, including one in the Office of Procurement Operations, which handles contract data. The national security community is up in arms because of their concern that the Chinese government’s intent is to steal military secrets. This would certainly go for a higher price around the world—say Iran?—than possibly the largest personal data breach we have seen or ever will see. I bring this all up to prove to you just how sophisticated these people are becoming, and just how much planning is going into the stealing of valuable information, be it individual sensitive data or national secrets. Unisys says no one has told them yet that anything is wrong with the system, but it is alleged by the House Homeland Security Committee that the contractor falsely certified all was good to cover up “lax oversight.” Am I the only one who sees a trend of incompetence in the handling of information by government agencies, contractors and data brokers; something that should be waking up the apathetic American public and a comatose Congress? Of course not, and someone else who is as concerned about this privacy issue as I am is William Morriss who runs the Ephemerrallaw blog. He is an attorney interested in information security and its relationship to data privacy. He is dedicated, and provides insight into the subject you won’t find elsewhere. Another concerned person is James Lewis, a fellow at the Center for Strategic and International Studies, who is “troubled” that DHS officials are indifferent to the matter. The House committee reports that, although no one knows how the hackers entered the DHS systems, they were able to crack account passwords, install malicious software, while temporarily keeping Unisys’ employees in the dark. All this when the $1.7 billion Unisys security devices had been designed to detect intrusions into DHS computers and flag suspicious activity. So much for quality oversight. According to the committee, Unisys tried to “hide gaps” from the government to play down the magnitude of the breaches, and even failed to disclose the fact that the data was going to a Chinese Web site. Now it’s obvious why the “cold war” ended. Our enemies don’t need spies on the ground to steal our secrets. They just have to get on their computers and start hacking.

Thursday, September 27, 2007


WILL YOUR CREDIT SCORE EVENTUALLY CONTROL YOUR LIFE?


In a recent post about credit bureaus, we explored the fact that it is near-impossible to file a dispute with these organizations without undue stress and almost unlimited effort that often leads nowhere. The general consensus from comments on my blog in the past is that telephone calls go nowhere and written correspondence produces no results. Congress is looking at the problem but Congress looks at a lot of issues like this, and then does nothing about it. Business is in control of this country, and it is frighteningly becoming hopeless for the consumer to get the rights due them. MSN.com’s “Money Central” has an interesting article from the Christian Science Monitor, “Credit checks: A civil-rights issue?” which makes some pretty good points on the subject. Foremost is that research has found no link between poor credit and job performance, yet many employers use credit reports in deciding whether or not to hire employees. A lot of the interest has been directed toward minorities which is probably justified, but the total population suffers when it comes to the accuracy of these reports. In a 2004 study by Public Interest Research Group, one of the country’s leading privacy advocates, they found 54 percent of credit reports had mistaken personal information, 25 percent with errors that could result in denial of credit…or a job. I could rest my case right there but household and auto insurance are another case for concern in this issue. Many insurance companies use credit reports to determine your insurance rates. The Motley Fool has a good article that inquires into what bad credit has to do with driving. As a junk mail data broker, I specialized in auto insurance at one time, and watched the industry move from lists that performed very profitably to credit related lists touted by TransUnion, one of the big three credit bureaus. From an inside perspective, what worried me most was that, rather than confirming those with low credit scores had more accidents, what the insurance companies were shooting for was the fact that people with these low scores filed more complaints. And why not—assuming they were justified—since they probably didn’t have the money for the repairs like higher scores with more available credit. On the other hand, those who could afford to pay might prefer to do so rather than have a claim on their record. In this case, it might be considered a case for civil rights action, and it would be great to hear from attorneys on this issue. In any case, if you really want to dig into the subject further, look at the Insurance Information Institute’s site on “Credit Scoring” for an in-depth look. Whatever the future is for using credit reports to determine certain aspects of the consumer’s life, they’d better clean up their act, or they could find their backs up against the wall like ChoicePoint.

Wednesday, September 26, 2007


SUPPLEMENTING SOCIAL SECURITY WITH JUNK MAIL TAKES ON NEW MEANING


In 2005 when Bush was pushing his Social Security “fix” that included the creation of private accounts for younger workers, Democrats were solidly against, as were many Republicans. It never came to a vote. During the same period, GWB also said his drug bill would reduce Medicare costs, citing this as a reason to concentrate on Social Security not Medicare. At the time Medicare’s shortfall was $8.1 trillion, over twice that of Social Security’s $3.7 trillion. The Center on Budget and Policy Priorities did an excellent review on the issue in February of 2005. (Read Here) As usual, the reality of the situation was considered by experts to be contrary to what the Bush administration was saying. The Center made an interesting observation that the cost of the 2001/2003 tax cuts, which were $11.1 trillion, was triple the projected Social Security shortfall. Taking it further, should the tax cuts be made permanent, the amount just for the most affluent one percent of Americans would equal the entire SS shortfall. Now let me see if I get this right. We can cut the Social Security and Medicare benefits for the other 99 percent, as long as the fat-cats get their tax cuts. Pathetic! In a more recent MSNBC.com article, the Treasury Dept. is putting out more reports that tell us what we already knew. The total shortfall has risen to $13.6 trillion, an increase of 15.3 percent. That would mean if we don’t “fix” the system soon, it could be almost 16 trillion by 2009. But Bush has stated adamantly that he does not approve of increasing taxes, nor will he agree to even revising tax cuts for the rich, much less eliminating them. The New York Times had a piece in January of 2007 that concludes the tax cuts offered the most for the very rich because that category has the most taxable income and estate taxes. Middle-income households had slight benefits but significantly lower than the upper-income group. I have a plan that would be equitable for all, while at the same time righting a wrong that has existed for years in the junk mail industry. Grant consumers control over their names and personal data, and compensate them when it is sold. The high income group gets even richer since they are regular customers of upscale junk mail items. If they lose their tax cuts…well, it’s not the same, but it’s something. For the rest of us, take back half of the $4 billion made annually from the sale of names and private information and give it to the name-holder. After all, without them, there would be no list business. Then, invest the $2 billion at simple interest, and at age 65, retirees could supplement their Social Security or other pension income an average of $607 monthly. In just one unmistakably appropriate action, we’ve solved two major problems: eliminating the identity crisis, and helping to shore up Social Security.

FOCUS ON PROTECTING YOUR IDENTITY


Control Your Name Alliance, Inc. (CYNA) is a non-profit organization formed for the purpose of achieving individual control over our names and personal data, and compensating the name-holder when it is sold. It is a grassroots movement conducting research and education on this issue to determine the best approach to accomplish these goals. Please support your right to control your sensitive data by making a contribution to CYNA and send your check to Control Your Name Alliance, Inc., at P.O. Box 347, Cave Creek, AZ 85327. Please contact me by e-mail (jack.dundiv@cox.net) with any questions.

Tuesday, September 25, 2007


ID THIEVES TURN TO THE DISTRIBUTION OF “TOOLKITS” FOR MORE ILLEGAL INCOME


For the last three years I have been posting on how the identity theft bad guys are growing their technology much faster than our security systems can cope. Now, they have discovered they can sell the software that is the tools of their trade for a premium. Online crooks have formed a distribution network to market this “malicious” software or code, as it is described in an Associated Press story on MSNBC.com. They sell it to “middlemen” for $1,000 per program, even locking them into long term contracts. Like Al Jolson used to say, “You ain’t heard nothin’ yet,” when it comes to the next phase of the identity crisis. My crystal ball says that would be when an organized crime network—not necessarily the mob but it could be—takes over this lucrative scam, and establishes a hierarchy that runs the business like today’s corporations. In a Symantec report taken from 120 million computers running their anti-virus, they found that the US is tops in underground identity thieves, and the fact that malicious code has accelerated 185 percent in the first six months of 2007. However, the research community agreed this new distribution-style approach is the “most alarming trend.” Also for sale are “toolkits” that give criminals the ability to customize their cons for $300 to $800. Yet another toolkit targeting Web browsers moving quite well in 2007 is the MPack which goes for $1,000, and appears to come with tech support. It is so “robust,” as the AP article states, that “it benefited from professional development.” Symantec has a good article on the MPack, as an explanation of what the problem is, and the extent of its seriousness. In closing, there are two points to be made here: One) the need for an organization to track data breaches that lead to victims of ID theft should be a priority now…today in the world of privacy advocates; Two) Number one would not be necessary if consumers were given control over their names and private data.

Monday, September 24, 2007


BIG BROTHER JUST KEEPS ROLLIN’ ALONG


We knew the government was spying on innocent Americans, and had been for years, perpetrating the façade of a Big Brother that seems to have taken on a life of its own recently. But we keep being reminded of just how prevalent this is, and how threatening it is to our privacy. This latest incident involves US citizens who fly, drive, or take cruises abroad, according to an article in the Washington Post. That would be 63.6 million American consumers each year, and here’s the data they retain on you: people with whom you travel and stay; personal items carried; and books you take on the trip. Additional information is collected from border points and the airlines’ Galileo and Sabre reservations systems. This includes passenger name record (PNR) data consisting of name/address, credit card information, telephone, e-mail, itineraries, hotel and car rental reservations, even the type of hotel bed requested. All these records come under scrutiny in the Department of Homeland Security’s (DHS) Automated Targeting System (ATS). This has been going on since the mid-1990s, so you can’t blame it all on Bush. However, it was significantly expanded in 2002, in connection with a host of other surveillance techniques, compliments of this administration. DHS spokesman, Russ Knocke, said the agency is “completely uninterested” in what the traveler is reading, referring to the terrorist novels of Tom Clancy. So why bother retaining the titles of these books in the system? Even though the book in question was about marijuana, this kind of data collection violates the Privacy Act, according to privacy advocates. The Identity Project, another advocacy group, claims that the data held by ATS is more detailed than what is in Galileo or Sabre, indicating another personal data provider, perhaps? Edward Hasbrouck, a civil liberties activist, recounted a situation where he was recorded as traveling with someone, but didn’t, and the record was left in the system, uncorrected. Hasbrouck’s comment was: “If you sit next to someone once, that’s a coincidence. If you sat next to them twice, that’s a relationship." The latter would include a large majority of the business traveling public. I have traveled out of the country by plane and cruise ship, and when you combine that with this blog’s criticism of this administration’s Big Brother tactics, I am probably at the top of the ATS list.

Friday, September 21, 2007


CREDIT BUREAU SCHLOCK: BACK BY POPULAR DEMAND


I did two posts on the Experian credit bureau in August of 2006, when my credit report mysteriously vanished from the system, not to be located by even top Experian and Credit Manager officials. Credit Manager, a branch of Experian, is a paid service I have maintained for over 25 years to monitor my credit activity. See post one and two. My credit report returned to the system, again mysteriously, about two months later without a peep from anyone at Experian or Credit Manager. As if it had never really happened. The reason I use the term mysterious is that the timing was somewhat coincidental with some earlier posts I did on credit bureaus, mentioning Experian. Within minutes after the second post where I talked about Experian’s refusal to allow me to dispute the problem, I had several comments posted with complaints about credit bureaus, one specifically about Experian from someone obviously at the end of their patience. The person said that Experian is incompetent, which agreed with my earlier post comment. In the process of filing a dispute, this person also found out you can only go so far, and then they refuse to let you dispute further. In recent months readers’ interests have been overwhelmingly for more information on either credit bureau disputes or Experian specifically. Unfortunately, nothing new has happened to rectify the problem except a feeble attempt by Washington to look into the matter. The Boston Globe did a story on Barney Frank’s plan to hold hearings about consumers’ ability to correct errors on their credit reports. Frank is a Democrat from Massachusetts, and this was back in December of 2006. The Globe did another piece in June to update hearings that were held, but the findings reported are the same thing privacy advocates have been saying for years. Primarily, data is inaccurate, credit bureaus do not respond to consumer complaints, and victims are frustrated about where to turn. Frank blamed things on the FACT Act, a law meant to improve the credit reporting system passed in 2003, but hung in federal regulatory BS as usual. Obviously the public can’t turn to this Congress based on a statement by the Congressman: “Frank said that he hoped the hearing would spur the agencies to finish the rule (FACT Act), but that new legislation may be required to put the FTC in charge of implementation. Yeah. Like the legislation the Congress was going to pass to protect us from data breaches. Pathetic!

FOCUS ON PROTECTING YOUR IDENTITY


Control Your Name Alliance, Inc. (CYNA) is a non-profit organization formed for the purpose of achieving individual control over our names and personal data, and compensating the name-holder when it is sold. It is a grassroots movement conducting research and education on this issue to determine the best approach to accomplish these goals. Please support your right to control your sensitive data by making a contribution to CYNA and send your check to Control Your Name Alliance, Inc., at P.O. Box 347, Cave Creek, AZ 85327. Please contact me by e-mail (jack.dundiv@cox.net) with any questions.

Thursday, September 20, 2007


DUMBING DOWN ON PRIVACY


It doesn’t get much dumber than to send junk mail (US Postal Service or e-mail) to people who have said they don’t want it. But 14 percent of junk mailers say they still send marketing e-mail to people who have opted out of receiving it. Industry publication Direct says it comes from giants like Circuit City, Kmart, Colgate-Palmolive, Williams-Sonoma, Plow & Hearth and Smithsonian magazine. The article by Ken Magill titled “DMers Show Signs of Getting it…Sort of” sounds like even he isn’t sure whether this bunch will ever learn. To quote Magill: “Though they’re a heck of a lot of fun to drink with, sometimes my DMer friends can be mind-bogglingly stupid. As I recall, that’s what annual junk mail conventions were a lot about (drinking), so watch out Chicago, they’ll be there in October. For those of you planning to back Rudy Giuliani, you might want to think twice after what was recently published in the Huffington Post. Stephen Schlesinger’s headline reads: “Giuliani: worse Than Bush.” Giuliani not only wants to keep the USA Patriot Act in force, he wants to strengthen it by not “unrealistically” limiting electronic surveillance. The word “unrealistically” reeks of Big Brother Bush, and Schlesinger thinks he could be scarier than GWB. All we need is someone even scarier than Cheney—if that’s possible—to be his VP. I don’t know about you but this bothers me more than what we might expect from the remainder of this administration’s term in office. Something to think about is Schlesinger’s reminder to voters that the highest post to which Giuliani has ever risen is Mayor. In late August, the California Public Employee’s Retirement System (CalPERS) decided to out the Social Security numbers of its retirees, a total of around 445,000 of them. See the stories in Government Technology and COMPUTERWORLD. Seems like yet another very dumb employee sent a disc to the printer with all the Social Security numbers on it, when it was supposed to contain only names and addresses. The SS numbers were printed on a brochure in “a sequence of numbers without hyphens. Now here’s where we come to the second, even dumber move by CalPERS. They told the retirees that, because the numbers were printed without hyphens, they shouldn’t worry, because no one but them would recognize them as Social Security numbers. Where have these people been, shut up in a room without TV or newspapers for the last three years? Most ID thieves would recognize the numbers in a heartbeat, but now CalPERS has led the least sophisticated of the crooks to the treasure trove with its release of how the numbers were printed. ChoicePoint started it, but government agencies have taken the lead in compromising our sensitive data.

Wednesday, September 19, 2007


FEDERAL VERSUS STATE LEGISLATION: WHICH WILL ENACT THE BEST DATA PROTECTION BILL FIRST?


The battle is on and so far the states are making the federal government and Congress look like amateurs. If it hadn’t been for California’s Security Breach Information Act (SB 1386), the ChoicePoint loss of 163,000 personal records would never have been acknowledged. Minnesota’s Data Retention Law (H.F. No. 1758) is taking it a couple of steps further requiring some sensitive data to be deleted after 48 hours, and for businesses who drop the ball on information security to pay some of the costs of consumer data theft. See the article Privacy and Security Law Blog. There are currently five more states considering the adoption of similar laws. Great job, but we’re not there yet. Both the states and the federal government are ignoring—could this be business pressuring Congress?—the only approach to solve the identity crisis: Grant control over our names and private information to the individual. InfoWorld did a recent piece on Cyber Security Industry Alliance’s (CSIA) goading of the feds to move faster on this issue. CSIA is an international organization working with top world information security providers to help ensure consumer privacy, among other goals. Members include IBM, Symantec and Vontu. The group has chastised Congress for “passing the political football” and not getting the job done of protecting your privacy. That’s a nice way of saying our representatives in Washington are inept at their jobs. So what’s the answer? State or federal legislation…which is better? It is obvious that federal legislation would simplify the whole process for both consumers and business, rather than 50 different state laws. However, there are as of this posting 39 states that have passed security breach laws, according to Consumers Union. That said, the “inept bunch” doesn’t appear to be able to get any data breach bill passed, much less one that gives individual control over sensitive data. As a result, some brave, non-business-fearing state must come forward and do the right thing, which hopefully would show Congress how to do it. I’m working on Arizona. I hope you will do the same with your state, and please let me know if I can be of any support. E-mail me at: jack.dundiv@cox.net.

Tuesday, September 18, 2007


NOW THAT I HAVE CONTROL OVER MY NAME AND PRIVATE INFORMATION, WHAT HAPPENS NEXT?


It is apparent that, with the widespread apathy over the identity crisis issue—the outlook that it happens to others, not me—most consumers are saying to themselves: “I don’t know if I want the responsibility of this control.” An understandable point in today’s hectic life, but in the long run, not in your best interest. The primary reason is that the situation can only get worse, and here’s the reason why. There were a total of 336 data breaches in 2006 or 28 per month; in 2007, as of Sept. 13, 252 breaches or 29.7 per month. It isn’t a big increase, but neither is it getting better. In 2006, 8.4 million victims suffered an average loss of $5,720, with a total loss of $49.3 billion. Others’ experience can be the learning blocks of your readiness. The next victim could be you. You can see my last Friday’s post for all the ways your sensitive data is maneuvered around the world; and Monday’s piece on how we would take control. Now to the benefits of control. In a national registry similar to the FTC’s Do-Not-Call list, the consumer’s name, address and unique ID number would be recorded. The individual would also be given the opportunity to indicate their interests for what junk mail they want, or to be able to opt-out completely. Every blind transaction—one where the consumer is not a direct participant—in the marketplace (financial, medical, government, etc.) would require validation. An example could be an unsolicited credit card offer that is stolen, the crook tries to open the account, and is prevented doing so because you don’t validate the transaction. It would be possible to pre-clear transactions, like placing orders online, applying for credit, etc., and arrangements would have to be made for select financial, medical, and national security emergencies. In the validation process the consumer would be contacted by e-mail, telephone, or snail mail for confirmation. E-mail and telephone would be instantaneous, using a personal identification number (PIN) selected by you in the registry procedure. A toll-free number would be provided for mail confirmation. After 35 years working with junk mail technology, I can assure you that a fast and practical method for validation can be developed that will be close to effort-free for both the individual and business. Next, the benefits of compensation. Junk mailers take in $4 billion annually from selling your names and personal data. Return one half of that to the consumer; reasonable, since the list industry would have nothing to sell without them. You could take your compensation once a year, around $64, or you could let a non-profit group formed for this purpose invest it at simple interest and supplement your retirement for an average of $607 monthly at age 65. My formula is not a secret, and I would be glad to share it with you if you e-mail me at jack.dundiv@cox.net. This plan is not only doable, it has become essential if we are to survive the identity crisis, and bolster Social Security and/or private pension plans. What do you think? Please let me know with your comments.

FOCUS ON PROTECTING YOUR IDENTITY


Control Your Name Alliance, Inc. (CYNA) is a non-profit organization formed for the purpose of achieving individual control over our names and personal data, and compensating the name-holder when it is sold. It is a grassroots movement conducting research and education on this issue to determine the best approach to accomplish these goals. Please support your right to control your sensitive data by making a contribution to CYNA and send your check to Control Your Name Alliance, Inc., at P.O. Box 347, Cave Creek, AZ 85327. Please contact me by e-mail (jack.dundiv@cox.net) with any questions.

Monday, September 17, 2007


SO YOU WANT TO TAKE BACK CONTROL OVER YOUR NAME AND PERSONAL DATA? HERE’S HOW


At the end of Friday’s post, I promised to solve the problem of your sensitive data being in places all over the world, not one of which you have control over. I assure you that a resolution will be provided before the end of this post, but as any advocate with a new and controversial concept such as this must do, it is necessary to make my case before supplying the solution. Otherwise, you won’t feel the urgent need for this protection of your privacy as I do. First, take another look at Friday’s post. Then, here is another frightening statistic that could make you think twice about that next junk mail purchase. By just placing one order with one junk mail company, you will generate a minimum of 500 pieces of mail to your household from similar businesses in just one year. That’s because the company you bought from sells your name and private information somewhere between 25 and 50 times, requiring numerous moves of this sensitive data. The first sale probably occurred even before you received the products you ordered. On average, your name sells for around 15 cents, a drop in the bucket you’re thinking. But that drop turns into an ocean of revenue for junk mailers—not any of which ends up in the pocket of the name-holder—as they gross $4 billion annually from names and personal data collected from around 73 million trusting households. But do they deserve that trust? In this past Sunday’s Parade magazine reaching 50 million readers, Sean Flynn’s article “Is Anything Private Anymore?” points out the array of occurrences where your sensitive data is not secure. I was quoted in the article saying, “There’s almost nothing they can’t find out about you.” A statement so true, it dramatically articulates the subject of this post: how do you take back control over your name and personal data? This does require some effort and commitment on your part. Together, we must convince a do-nothing Congress to pass federal legislation that will give the individual control over their sensitive data. As constituents, if enough of us demand this right, we can make it happen. Second, as a back-up to a national law, I am searching for a strong state willing to pass this same legislation, in case the federal effort drags on, as it has with other data breach bills. You can help by letting me know of state legislators that are pro-consumer privacy. Just one state—like the California law that exposed the ChoicePoint breach and shamed Congress into addressing this subject—could force the issue and pressure the feds to act. With this control in your hands, you could stop ID theft, and put money in your pocket for retirement. So we have concluded that you can take back control over your name and private information, and you can be the sole monitor over how it is used, while sharing in the profits. On Tuesday, just how this works to your benefit, especially your participation in the compensation.

Friday, September 14, 2007


THE REAL STORY BEHIND HOW COMPANIES SCHLEP YOUR NAME AND PERSONAL DATA AROUND THE WORLD


If you have read The Dunning Letter before, you know my position that consumers should have control over their names and private information, and that they should be compensated when it is sold. That said, you must wonder how my concept of control can solve the problem of your sensitive data being everywhere from Los Angeles to India. But first, that trip your personal information takes resulting from any number of simple transactions you might make in a day. These can range from surfing the Internet for something intimate like a contagious disease, providing facts about yourself that could later be used to deny insurance or employment, to applying for a mortgage where you must lay out complete details on every facet of your life, all of which ends up in office file cabinets we all know are vulnerable to determined crooks. And then there are the six to ten pieces of junk mail per week that go to approximately 73 million households, many of which are unsolicited credit card offers, some pre-approved, that, if not shredded, are the catalyst for thieves to steal your identity. The list goes on and on: loyalty programs collecting your buying habits, pharmacies and pharmaceutical companies assembling your prescription data and selling it, questionnaires and surveys asking questions that identify your daily lifestyle right down to what you drink and where you gamble, thousands of junk mail companies, most of which have your credit card numbers attached to your name and address. Each time you give up your name and personal data it is recorded either on paper or electronically; today it all eventually ends up as electronic records so they can be moved around and sold at will. Every day billions of consumers’ sensitive documents are manipulated between thousands of junk mail and non-junk mail companies, hundreds of computer facilities, countless transport organizations, off-site locations—many overseas—where customer service is conducted, and a number of backup warehouses—also possibly overseas—where your names and private information are kept in case the other stash is lost. And…it is all completely out of your hands. On Monday, more terrifying facts and statistics, and why and how you can take back control over your sensitive data.

Thursday, September 13, 2007


FOCUS ON PROTECTING YOUR IDENTITY


Control Your Name Alliance, Inc. (CYNA) is a non-profit organization formed for the purpose of achieving individual control over our names and personal data, and compensating the name-holder when it is sold. It is a grassroots movement conducting research and education on this issue to determine the best approach to accomplish these goals. Please support your right to control your sensitive data by making a contribution to CYNA and send your check to Control Your Name Alliance, Inc., at P.O. Box 347, Cave Creek, AZ 85327. Please contact me by e-mail (jack.dundiv@cox.net) with any questions.

DIRECT MARKETING ASSN. (DMA) ANNUAL JUNK MAIL CONVENTION ONE MONTH AWAY…MINUS CONSUMERS


The Direct Marketing Assn. (DMA) is still planning to hold its annual junk mail convention in Chicago starting October 13, but the consumer—without whom the industry would have no business—is still locked out. I just received a brochure from the DMA asking me to sign up for their gala, but nowhere do they invite the public to be their guest to learn just how their names and private information are being manipulated and sold in the amount of $4 billion each year. I had implored John Greco, DMA President, to allow interested consumers in to the exhibition free to quiz the list professionals on just how secure was their sensitive data in all this selling frenzy. Not even the courtesy of a reply to my e-mails. See earlier posts one and two. A lot of big guns will attend from Amazon.com to Xerox to lend their knowledge to participants, many of whom come there just for the socialization. I should know. As a data broker I was there for close to seventy of these get-togethers myself. I always wondered why it was such a secretive business; tell a friend you were in direct marketing and they replied, “What is that?” Tell them you’re in junk mail and they counter, “So you’re the one.” The biggest secret in junk mail is an audited accounting of just what the actual total is for the sale of names and personal data; my figure of $4 billion is based on 35 years in the business, and a formula I had to develop because no one in the industry could, or would, give me a figure. Since it is the individual’s name, address and private information, and because it is he or she who suffers as an ID theft victim if it is lost or stolen, this person should have control over their sensitive data, and they should be compensated when it is sold. It is a fiduciary arrangement of sorts, and there should be a legal means of enforcement heavily in favor of the consumer. Just how to get this done—and an about-face from an earlier position—in tomorrow’s blog.

Wednesday, September 12, 2007


TO SHRED OR NOT TO SHRED


Let me be clear from the beginning that I am in favor of the shredding of all personal information documents, not the old method of just tearing the material in half, or even in small pieces, and throwing it in the trash. The latter is what the ID thieves want you to do so they can go dumpster-diving and steal your identity. I also feel the ease in which this is disposed of can encourage more people to do it. I have done several posts on the number of unsolicited credit card offers—some pre-approved, stated blatantly on the envelope—we receive in this household, and how each could be the crooks’ entree to heist my credit. We shred everything that comes into our home that has any connection with the private side of our life. Medical bills, auto maintenance, online transactions, paid bills, old insurance papers are a few of what we add to the credit card offer shredding. If you’re not sure, shred it. And after we’re done shredding, where does all the confetti go? In the recycler you say? Not in Phoenix, Arizona, where shredded paper is not acceptable in recycle bins, according to Terry Gellenbeck, Administrator for the city of Phoenix Solid Waste Contracts and Education department which controls recycling. She says when shredded paper is placed in recycle bins and then goes into the sorting process, it makes it “impossible manually and not economical or easily done mechanically.” I asked Ms. Gellenbeck if it wasn’t more important to help protect the people of Phoenix by providing this convenient method of disposal. She countered with the fact that Phoenix does not discourage residents from shredding, and backed off a little from shredded materials “not acceptable” to “We just ask that they not be placed in recycling bins.” I interpret that as the fact the city isn’t really sure about their position. But it has to go somewhere since 73 percent of Americans now say they shred personal documents, according to non-profit Identity Theft Resource Center. I’d be very interested in your feed-back on whether your city allows the placement of shredded paper in the recycle bins. Los Angeles does, and there are several million more people there than in Phoenix. I wonder what Phoenix mayor Phil Gordon would say about the issue? I’ll ask him if he wins reelection on Tuesday.

Tuesday, September 11, 2007


PFIZER DIAGNOSED INEPT WITH PERSONAL DATA


Starting in June of 2007, we learned from Pharmalot, a blog covering the pharmaceutical industry, that in the first incident 17,000 current and former employee names and Social Security numbers were exposed online by an employee’s spouse, some of which were accessed and copied. Then, in August, Pfizer reports the loss of two laptops containing the names, addresses, social security numbers and cell phone numbers of 950 health-care professionals considering possible contract services with Pfizer. And yet still in August, it was announced that another 34,000 employees’ names, Social Security numbers, addresses, dates of birth, phone numbers, bank account numbers, credit card info, signatures and other personal data had possibly been breached. In a recent Pharmalot post, apparently the Pfizer employees are up in arms against their employer for the lousy handling of their personal data, and also the way in which the company has reacted to the whole situation. Pfizer World, the drugmaker’s Internet system, spouts a series of protestations from employees unhappy with having their private information revealed, and then waiting weeks to learn of the breaches. Ed Silverman, founder of Pharmalot, was the first to expose these episodes, which is a dash of hope in an industry that holds an enormous amount of sensitive data on the American public. Next time it could be yours, or my private records of what medications we are taking, indicating any ailments we have been diagnosed with, no matter how personal a nature it may be. Business must be held accountable for the personal data it collects, and sometime sells, on the American public. Especially companies like Pfizer where the data is a by-product, and they may not be fully aware of its value, or potential for disaster if lost. In my 35 years as a data broker, the junk mail industry methodically and unceremoniously gathered every piece of information available on American consumers, and is selling it now to the tune of $4 billion annually. It is time that we place this sensitive data under the control of the name-holder before more commercial enterprise decides to get in the business of collecting and selling our names and private information.

Monday, September 10, 2007



WIRED CONFIRMS WE ARE SURROUNDED BY “APATHETICS”


I found a new, interesting blog, EphemeralLaw, that is manned by attorneys interested in the protection of your privacy. One of these attorneys, William Morriss, just did a post, “Is Privacy Worthless?” quoting from the Wired piece, that will ring your bell if you’re one of the “apathetics.” If you don’t remember, that’s my term for those of you out there that refuse to accept the fact that you are in constant jeopardy of having your identity stolen. And I know this because I spent 35 years as a junk mail data broker selling your names and private information, observing the careless, even incompetent handling of this sensitive data. The Wired article, “Privacy Market Has Many Sellers, but Few Buyers,” has so much good information to shock the privacy palate, that it is a must read. Like the fact that business and government are selling their “achievements” in privacy, but in fact it is a façade for the fact that personal data breaches continue at an alarming rate: 245 so far in 2007, 673 total, accounting for almost 166 million private records lost, since Privacy Rights Clearinghouse started keeping records, January of 2005. Do you understand that some of these records are still out there, waiting to be used when the heat is off, like after one year of monitoring your credit is over? Although down somewhat from 2005, according to Javelin Research, there were 9.3 million victims of identity theft in 2006, resulting in a consumer loss of $49.3 billion. Folks, the ID thieves are seasoned professionals now, technologically organized to the hilt. And if they don’t find you, the amateurs who surf the Internet underworld for your personal data to make enough money to feed their drug habits or other pastimes will. You can fight the battle by joining my grass-roots movement to give this control of names and private information back to the consumer, and compensate them when it is sold.

FOCUS ON PROTECTING YOUR IDENTITY


Control Your Name Alliance, Inc. (CYNA) is a non-profit organization formed for the purpose of achieving individual control over our names and personal data, and compensating the name-holder when it is sold. It is a grassroots movement conducting research and education on this issue to determine the best approach to accomplish these goals. Please support your right to control your sensitive data by making a contribution to CYNA and send your check to Control Your Name Alliance, Inc., at P.O. Box 347, Cave Creek, AZ 85327. Please contact me by e-mail (jack.dundiv@cox.net) with any questions.

Monday, September 03, 2007


JUNK MAIL LIST COMPANIES FIGHT OVER YOUR NAMES AND PERSONAL DATA


During my 35 years in junk mail, I got used to being referred to as a list prostitute. That was because of the way some individuals did business similar to the ladies on New York’s Lexington Ave. They would do anything to turn a name. Once they got your business, they would do anything to keep it. Those days are probably passed—I’ve been out of the junk mail business several years now—but they are still fighting over your names and personal data. Industry publication, Direct, recently reported on the Chapter 11 bankruptcy of list broker, Mal Dunn, who owes close to $9.3 million and has assets of around $4.4 million. It’s hard to understand how a company with such a generous commission structure—between 10 and 20 percent—could falter like this until you think again of that infamous nickname. Hookers are always ready to negotiate, and this has either forced some list firms out of the business, or compelled others to consolidate. In either case, it’s your sensitive data that is the nucleus of the struggle, and, of course, you have no control over the money owed, which, by the way, was generated from selling your sensitive data. Some of Mal Dunn’s top creditors include Gevalia Coffee, Checks Unlimited, Dun & Bradstreet and OSHA, to which money is owed for names and private information. Your names and private information. My point is that you, the name-holder, should have been a part of this whole process from the beginning. With control over your name and personal data, you would be compensated for its sale long before the list company got into financial trouble. I’m sorry to see this happen to Mal Dunn, but I’m sorrier that the consumer was never a part of the financial equation.

YOU ARE A “JUNK MAIL” STATISTIC


According to StopTheJunkMail.com website, the age 65+ crowd is receiving the most unwanted junk mail, reports DM News. An eleven question survey conducted by Harman Research Inc., which owns StopTheJunkMail, is asking why you don’t like junk mail, and even identifies the top catalogs with the most requests for opt-outs. The company located in Boulder, Colorado is interested in improving the environment, but they also want to sell you their service to stop junk mail. Additional data in the report included that a majority of you trash your catalogs within 24 hours, one-third would rather shop online, and over three-quarters complain of too much charity junk mail. The top catalogs you don’t want include Frontgate, Pottery Barn, Travel Smith Restoration Hardware, and Victoria’s Secret. Other junk mailers you don’t like are Experian and Equifax—both data brokers and credit bureaus—InfoUSA, Bank of America, Capital One, Chase Bank, and ValPak. Ponemon Institute finds many corporations oblivious to lost laptop syndrome. In a study by this research firm, 73 percent of companies either had a loss or theft of your data in the past two years, yet they are doing little to rectify the situation. 62 percent don’t even know if their off-network equipment, such as laptops, contains sensitive information, 39 percent don’t take the security of laptops seriously, while 70 percent of all data breaches result from the loss of off-network equipment. 30 percent wouldn’t even know if the data was missing from a laptop. With statistics like these, it would appear your names and personal data go anywhere the employees want it to with no supervision by management. The Direct Marketing Association’s (DMA) “DM Consumer Response Study” announced by DM News, says 24.4 percent of respondents didn’t buy in a certain time period because it wasn’t the right time. A shocking 23.6 percent said the mailing wasn’t relevant to them, which is yet another example of the lack of consideration some junk mailers have for consumers’ time and effort. You did buy (24.7 percent) due to a good price, and 8.6 percent because of the convenience of this method of shopping. Just a few years ago the latter was the primary reason for junk mail shopping, but with the deluge of catalogs, and so many breaches of our personal data, most folks are now simply looking for a deal.

FOCUS ON PROTECTING YOUR IDENTITY


Control Your Name Alliance, Inc. (CYNA) is a non-profit organization formed for the purpose of achieving individual control over our names and personal data, and compensating the name-holder when it is sold. It is a grassroots movement conducting research and education on this issue to determine the best approach to accomplish these goals. Please support your right to control your sensitive data by making a contribution to CYNA and send your check to Control Your Name Alliance, Inc., at P.O. Box 347, Cave Creek, AZ 85331. Please contact me by e-mail (jack.dundiv@cox.net) with any questions.

THE MONSTER STORY JUST WON’T GO AWAY


The International Herald Tribune—a subsidiary of the New York Times, who has an agreement with Monster.com to sell help-wanted advertising—printed a story on August 31, updating the earlier version. It quoted Monster’s CEO, Sal Iannuzzi as saying the data stolen “might be much bigger than the company believed…” Haven’t we heard this one before? He went on to say, “It could be in the millions.” We have also learned that 146,000 users of a government site, USAjobs.gov, run by Monster, had their data stolen. Using passwords lifted from companies that use Monster to find new employees, the scam progresses to the con artists contacting job applicants, posing as Monster.com, and asking them for personal data, ultimately to be used to hijack their identity. This is called spear-phishing, a technique that parallels a personalization ploy used by junk mailers in affinity mailings when they use the name of a major company as endorsement in mailing offers to their customers. It is this way that I received my United Airlines Mileage-Plus Visa card. The added endorsement by United, with whom I had been a member of Mileage-Plus for years, gave me confidence in the mailing. It is in this same level of implied assurance that Monster job-hopefuls are in when they receive these bogus e-mails. Back in 2005, my wife gave me a post from Monster.com relating to the protection of their online clients titled, “Protect Your Info,” by a member of Monster’s staff. This is a must read! It is almost as if the writer, Ben Murray, had a premonition of what just happened. Quotes from this article like “…would-be swindlers have found a new avenue by which to reach victims: Online job postings…” and “…allows con artists to reach vast numbers of potential victims.” and “Taking advantage of job seekers’ desire to please potential employers…” The piece goes on to caution users of the site what data to provide and what not to give up. Many obviously didn’t read this, and will suffer the consequences of the theft of their identity resulting in hours of effort, and thousands of dollars to put it back in order, if ever. But the worst blow to the Monster situation is Iannuzzi’s comment: “There is no guaranteed fix.” Interpreted: future breaches will occur unless you take control of your sensitive data.

NSA WARRANTLESS EAVESDROPPING ACCOMPLICE, AT&T, HAS A DATA BREACH


The latest data breach by AT&T couldn’t have been timed better. It came only a day before it was announced by GWB that he “wants the power to grant legal immunity to telecommunications companies that are slapped with privacy suits for cooperating with the White House’s controversial warrantless eavesdropping program.” Give it up or lose it…not much difference anymore. In an article by MSNBC.com, AT&T, along with Verizon, would gain the most from Bush’s move, resulting from action that was brought by the American Civil Liberties Union. But in the matter of the breach, it is yet another case of the laptop of a company performing services for another company left in the trunk of an employee’s car, in this case containing former AT&T employee unencrypted personal data including names, Social Security numbers, and other “personal details.” ComputerWorld covered this story just one day prior to Bush’s ploy to halt investigations of AT&T’s and Verizon’s actual level of involvement in the NSA spying episode. Were they coerced, or did they just throw our private information to the federal wolves? I’d like to know, if only because I am a customer of Verizon, but my gut feel is it is something we all need to know to make our case against Bush and his flunkies for their surveillance on innocent citizens. AT&T learned of the theft on July 31, but didn’t tell anyone until August 20; completely unacceptable. One former employee whose information was lost, Tony Walton, called the toll-free number provided by AT&T and was told that he shouldn’t worry because the data was encrypted, which it wasn’t. And Walton made an excellent comment, a point I have been making since this whole identity crisis began, the fact that one free year of credit-monitoring service provided by AT&T “may not be good enough.” It definitely will not because the sophistication of this new brand of crooks is far more advanced than our ability to thwart them. And guess who else is making out like a bandit in this whole scenario? You guessed it…the big three credit bureaus: Experian, Equifax and TransUnion.

THE PROOF IS IN THE TECHNOLOGY


How many times have you heard this blog exclaim that the ID scamsters have become so advanced in their technology that it is impossible to determine what they will come up with next, or how they will do it. To emphasize this progress, I call your attention to the 17 year old from New Jersey who unlocked the innards of the iPhone to allow owners to use wi-fi providers other than AT&T, who had an exclusive up to then. You can read coverage in the Washington Post. I certainly don’t mean to infer in any way that George Hotz, the young mastermind who pulled this off, has ever had anything to do with the ID theft issue. In fact, this talented geek is on his way to college to further his genius, and will probably someday end up at the top of the technology field. What I do want to say is that this kind of knowledge is not uncommon, especially in the personal data underworld where intelligence of this nature is worth a lot of money. It is especially troubling when the crooks are overseas with little chance of being caught, and with enough time on their hands to explore every possibility. It is never-ending, and with the rampant race of science, it is only just beginning. In fact, my prediction is that by the end of 2007, at least early 2008, there will be groups of identity thieves all over the world, organized to the level of Cosa Nostra, and connected in a similar manner that allows them to work together no matter where they are located. Neither AT&T nor Apple, maker of the iPhone, had contacted Hotz when the WP piece went to press. I would think both would want to line him up for employment following his graduation from college.