Congress to Investigate ChoicePoint 259
twzop writes "I just saw a story on the CBS evening news about the previously posted story about ChoicePoint, Inc. in Atlanta, GA getting hacked and US citizens' data being compromised. The story stated that Congress was going to get involved by investigating the scandal and that there was a large class action lawsuit against the private firm."
damage size? (Score:5, Interesting)
Re:damage size? (Score:4, Informative)
Re:damage size? (Score:3, Insightful)
145,000 (Score:5, Informative)
ChoicePoint data theft widens to 145,000 people [zdnet.com]
Re:145,000 (Score:5, Insightful)
The public certainly doesn't know the number. My guess is ChoicePoint (a) knows it is higher (b) doesn't know the total.
sPh
Re:145,000 (Score:2)
Remember the tsunami? The initial estimate was 10000 and every story that appeared on the wire jacked it up by 20000 or 30000. That's quite impressive, actually, for a corporate fuckup to reach the point where it reminds me of the tsunami.
Re:damage size? (Score:3, Insightful)
ChoicePoint Execs Seem to Know (Score:3, Interesting)
Apparently, some of the choice point executives knew there was going to be quite a bit of fallout over this. This morning's Atlanta Journal/Constitution [ajc.com] (reg. required - Google cache anyone?) is reporting that:
Full Text of AJC Article (Score:3, Informative)
By ROBERT LUKE, MATT KEMPNER
The Atlanta Journal-Constitution
Published on: 02/25/05
Thirteen days after the arrest of a suspect in the ChoicePoint identity theft case -- and more than three months before the problem surfaced publicly -- the company's top two executives began selling their stock.
Since the sales began in November, ChoicePoint CEO Derek Smith and President Douglas Curling have sold 472,000 ChoicePoint shares worth nearly $21 million, according to the ex
Re:damage size? (Score:5, Interesting)
I'm from a private company, and I'm here to help myself without your consent.
I work in the goddamn insurance industry (IT; not sales; I'm not completely evil) and even my co-workers think Choicepoint are a bunch of evil thieving bastards.
My own personal experience with them revolved around the three weeks it took to get them to remove accidents that my sister had on her own automobile policy (i.e: no relation to me!) off of my CLUE report. They claimed that they showed up on my CLUE report because her SSN is only two digits removed from mine.
In the process of trying to get this fixed so that I wouldn't be surcharged for my sisters accidents they stonewalled me and generally tried to walk all over me. Every time we would change something they would need to generate a new clue report. But they could only generate those reports overnight. Apparently the computer system that allows an insurance company to get a copy of your CLUE report in about 15 seconds only allows one copy of the consumer version of that report to be generated -- and it takes several hours for them to generate it.
Furthermore I take exception to the fact that they listed an accident that I had under my parents policy (borrowed car while mine was in the shop). Perhaps I sign away my own rights when I buy my own insurance policy but I don't recall signing anything with my parents insurance company when I borrowed the car that authorized them to release my personal information (SSN/lic #) to Choicepoint. Where the hell is the outrage? I'm sick and tired of companies stockpiling information on me without permission.
In a fair world they wouldn't be allowed to release that sort of information to some data clearinghouse. So what if the insurance industry can't verify your accident record? If you lie to them then it's insurance fraud (felony in most states) and your policy is null and void. Why can't they use that as an enforcement mechanism rather then enriching the likes of Choicepoint and the big-three credit reporters?
Bah! End rant...
Re:damage size? (Score:3, Interesting)
It's not a fair world. In this world choicepoint is one of most politically connected companies in the world and nothing will happen to them.
Re:damage size? (Score:2)
Re:damage size? (Score:2, Interesting)
Re:damage size? (Score:5, Informative)
You're assuming there was an accident, and that he was at fault. CLUE (Comprehensive Loss Underwriting Exchange) reports are reports containing CLAIMS information provided by cooperating insurance companies
You explained it better then I could. In my instance I was driving home from work in lousy weather and got run off the road by a snowplow. My choice was to hit the snowplow (in a Dodge Neon) or hit the guardrail. I called the police but was informed that it would take them over an hour to get to me so I choose to proceed without a police report.
The bottom line being that there was no information of public record from this accident. And when I talked on the phone to the CSR from my parents insurance company I certainly don't recall giving her permission for them to disclose my information to Choicepoint. If they wanted to report the fact that my parents had a claim then fine (I'm sure they signed something when they bought the policy saying that their carrier could do this) -- but they had no right to include my SSN and NYS DMV id number on that report. I signed nothing for the claim (my interaction with them was limited to the aforementioned phone call) and I certainly signed nothing that authorized them to release my information. Yet I am told by my lawyer and by Choicepoint that I can't do a damn thing about it.
Your summary of CLUE reports was dead on BTW. Insurance companies love them -- most independent agents hate them. We also hate credit reports being used for underwriting - as a quick example without going too far off topic: My girlfriend has had a lousy run with accidents and tickets lately. She has a speeding >20mph, a following too close (with accident) and a traffic device (with accident) tickets. She also had a license suspension (too many points) back in November. Yet she gets into a better rating tier then I do with the exact same insurance company because her credit is better then mine. I've had one ticket in my entire time behind the wheel (missed a no u-turn sign) and the aforementioned accident. I have never filed a claim on my own policy (aforementioned accident was parents car). I also have three years more experience and a defensive driver course. Which one of us is more likely to get into an accident? Yet who pays more for his policy -- without the physical damage coverage that she carries?
Damn the man I say.
Re:damage size? (Score:3, Interesting)
The whole insurance business is a crock, these comp
Nothing to see indeed. (Score:3, Insightful)
Before we get too excited about the possibility of justice, let's remember that it's only a crime if it wasn't a rich person that did it.
Re:Nothing to see indeed. (Score:4, Informative)
You can't just round up a lynch mob for these kinds of crimes. First, you plea bargain with the little fish so you have plenty of evidence to use against the big fish. its common practice in any attempt to bring a down an organized criminal establishment, which is basically what the higher levels of Enron were.
Re:Nothing to see indeed. (Score:2)
I realize there's a lot of difference between the Stewart trial and the Enron investigation - comparing apples to watermelons, perhaps - but I still can't help but wonder, if Martha had had the same political connections, would she behind bars right now?
Re:Nothing to see indeed. (Score:2, Insightful)
Re:Nothing to see indeed. (Score:2)
That said, anyone who was so heavily invested in a single company that it's collapse could bring about their ruin had it coming. DIVERSIFICATION, fucktards.
And that is just the beginning of the nightmare (Score:5, Informative)
Trust me, its not just ChoicePoint. (Score:4, Informative)
One place I did a job for actually had a symbol AP in the ceiling of the factory, login: Symbol, pass: (blank) and unencrypted transfers. The domain admin acct (win2k) had no password, and guest was active. They also bungled up a RAS so that anybody that knew that number had "root".
Those were just external security issues.. It took 50 hours to barely fix their problems.
Still, problems are abound just like that: No or bad security. Many times, it has to do with plain laziness, not thinking anybody cares about us, just not knowing, or trying to do security and maintainence without understanding.
Another amazing this is how well modem-scanners work these days... Back in the day, all the security nuts cared about dial-back and other things... Now, everybody thinks of always-on internet so you need a firewall. Not so. Many machines have dialup gateways or interfaces in which most are just not configured. Even (to my knowledge, I use freeBSD and linux) Windows RAS server has dialback capability.
Now, why Congress wants to scrutnize them, well.. Wonder if they've secured THEIR wireless network since I was in DC...
Re:Trust me, its not just ChoicePoint. (Score:5, Insightful)
This is very interesting, but didn't ChoicePoint sell this personal information to the people that "stole" it? The issue is that people were buying credit reporting services from choicepoint, since choicepoint is in the business of selling this data to companies. The people who stole this data just posed as real companies, and choicepoint didn't do their homework and check on the black hats' bona fidus.
This is not a hacker issue; no one is claiming a computer was rooted or compromised or that some kid with a script was punching passwords into choicepoint's web site. Choicepoint was selling this data, and the they were human engineered into selling the data to people who had malign intent.
The issue is wether anyone should be selling this stuff AT ALL.
Re:Trust me, its not just ChoicePoint. (Score:4, Insightful)
I consider misleading to get information the same as hacking to get it. The only difference is that ChoicePoint was paid. Why should they care?
---The issue is that people were buying credit reporting services from choicepoint, since choicepoint is in the business of selling this data to companies. The people who stole this data just posed as real companies, and choicepoint didn't do their homework and check on the black hats' bona fidus.
Sometimes hacking has to do with throwing up a huge wall of "mistrust" and make the other party believe in something they shouldnt. Still, couldnt you claim that many "legit" companies use this data in what could be considered very improper?
Guess that brings up the question whether we should punish the company(s) or the people who do wrong...
---This is not a hacker issue; no one is claiming a computer was rooted or compromised or that some kid with a script was punching passwords into choicepoint's web site. Choicepoint was selling this data, and the they were human engineered into selling the data to people who had malign intent.
Still, this shows one of my points: Laziness. A "identity" company not checking the corporate identity. And then the people in the "evil" company do evil things.
Who's to be punished?
---The issue is wether anyone should be selling this stuff AT ALL.
Would you accept checks from somebody for medium-large amounts without checking up on who they are, and whether they've bounced checks before?
In reality, the law SHOULD be that you have full access to YOUR information, and can correct provable, factual parts that are incorrect. I really cant answer if they should be selling this data...
Re:Trust me, its not just ChoicePoint. (Score:5, Interesting)
Absolutely, and I would add that there should be a stiff penalty if a data aggregator denies a citizen that ability, and such denial results in a crime.
I really cant answer if they should be selling this data...
Sure you can! Think about how this came about, and where it's going.
Originally, collecting and maintaining the so-called "credit history" on individual citizens was all about risk avoidance. That's still the case, of course. Businesses have always maintained records about past customers, so that they could then decide how, and if, to do business with said customers in the future. That's been true since we kept records carved on rocks or stamped in clay. The problem came in when business realized, with the advent of the mainframe, telecommunications and vast, cheap, readily-accessible storage that they could share this information with each other, thus dividing the risk. Thus was born the credit bureau. To my mind, the whole concept of the credit bureau is on ethically shaky ground anyway
So where are we now? Well, what has changed is that the demand is no longer just for security (customer "x" wants to buy product "y", give me yes/no on the transaction) but for the actual information used to make such decisions
ChoicePoint and similar organizations concentrate private information to a degree that makes it very, very dangerous to the individual by its mere existence. And then
In answer to your question, I would say, "no", ChoicePoint should not be allowed to do what they do. I mean, they are taking chances with the financial lives of millions of Americans, who in return get
Re:Trust me, its not just ChoicePoint. (Score:2)
>Absolutely, and I would add that there should be a stiff penalty if a data aggregator denies a citizen that ability, and such denial results in a crime.
Really, after thinking about it, couldnt you sue them for libel if they refuse to correct your information? They send and receive the "written word" and it's wrong.. Damages in refusal of sales and other ne
Re:Very good point (Score:2)
I also wonder - the root cause of identity theft is the absolute unwillingness of anyone in Congress to step up to the plate and enact legislation that will penalize the misuse of personal information (warehousing it qualifies). As a result, identity theft is almost a no-brainer.
What's their solution? Biometrics and national ID cards? Yeah, right. It's just one MORE avenue that thieves will have to rape innocent people. More information about more people, the security of which is only as strong as its weak
How to Fix It? (Score:2)
One would hope that these vendors check that our companies are statutory entities and that our e-mail and mailing addresses are associated with these entities, but these can all be spoofed or are difficult to verify.
Re:Trust me, its not just ChoicePoint. (Score:2)
Offer, say, for 1000$ a full, comprehensive network, computer, data security, and personnel scan. Do the usual scare-campaign, but with a very professional slant, such as "how much would this assessment cost in compairson to legal fees?" and
Re:Trust me, its not just ChoicePoint. (Score:2, Interesting)
Not the first time with Choicepoint (Score:5, Interesting)
that's why this investigation will go nowhere (Score:3, Interesting)
Re:that's why this investigation will go nowhere (Score:2, Offtopic)
1.) security starts with Iraq
2.) security can only be established with a Patriot Acts
3.) security begins with the FBI, CIA, NSA, Bush security advisors
Apparently it's ok to favor shipping every other IT job abroad, since IT security folks in corporate america are not part of the security equation.
Re:that's why this investigation will go nowhere (Score:2, Informative)
Wrong. Choicepoint was contracted to generate the list before [salon.com] Katherine Harris was in office. And they were hired by a woman named Ethel Baxter, who is a Democrat.
The list included thousands of blacks who weren't eligible to vote (at least 5,000).
Good. That was the goal- to identify the peopl
This is so wrong, it's frightening (Score:4, Informative)
ChoicePoint/DBT originally produced a list of about 8000 voters to remove from the electoral rolls. Katherine Harris got back to them and told them to widen the net - by omitting a few data integrity requirements, such as middle names, dates of birth, and dates and details of their convictions - and assured ChoicePoint that they needn't worry about the number of false positives in the list. This increased the size of the list to about 58,000 voters, more than half of whom were African-Americans.
When the fraud was officially investigated, ChoicePoint admitted to a false-positive rate of up to 15%, which was already far in excess of Bush's lead in the Florida poll. Later, an independent investigation showed an error rate of more than 90% - some 55,000 voters, some 30,000 of whom were black.
This is a flat-out lie. Read some first-hand accounts of voter disenfranchisement for yourselves. [usccr.gov] Voters were erroneously scrubbed from the electoral roll, were not adequately notified in advance, tried to vote anyway and were turned away - simple as that.It's surprising how many people don't know this when it's actually very well documented; in fact, the story broke long before the election actually took place. My suggestion to the doubters is to watch Unprecedented: The 2000 Presidential Election [unprecedented.org], a very thorough documentary on the topic.
Re:This is so wrong, it's frightening (Score:4, Insightful)
When the fraud was officially investigated, ChoicePoint admitted to a false-positive rate of up to 15%, which was already far in excess of Bush's lead in the Florida poll. Later, an independent investigation showed an error rate of more than 90% - some 55,000 voters, some 30,000 of whom were black.
What you seem to be missing here is that a false positive on the felon list does not mean that person was disenfranchised. Instead it meant that the election supervisor of the county that the individual lived in was required to verify that they were eligible to vote (that is, if the county used the felon list at all- over half of the counties ignored the list completely). You see, the list was designed to have false positives. As Katherine Harris said, it was supposed to cast a wide net to find ineligible voters that were registered to vote. In other words, if somebody was disenfranchised, it is the County Election Supervisor's fault.
So please stop calling it "fraud". There was no fraud here.
This is a flat-out lie. Read some first-hand accounts of voter disenfranchisement for yourselves. Voters were erroneously scrubbed from the electoral roll, were not adequately notified in advance, tried to vote anyway and were turned away - simple as that.
It is not a lie. None of the witnesses that the USCCR heard from were prevented from voting because of the felon list. Allow me to quote from the dissenting statment [usccr.gov]:
Re:This is so wrong, it's frightening (Score:2, Insightful)
Did you read the post you linked to? http://www.usccr.gov/pubs/vote2000/report/ch2.htm [usccr.gov]
It does list people who were unable to vote, but not because of the felon purge.
Donnise DeSouza was told that her name was not on the rolls ... Furthermore, Ms. DeSouza learned that her name was actually on the rolls of registered voters
So, she was not purged.
Angenora Ramsey, an African American former poll worker with 18 years' experience, had changed her address prior to November 7. Based on her familiari
Re:This is so wrong, it's frightening (Score:3, Insightful)
The same thing is now happening with the Ohio frauds. Doubters needn't look any further than the statements of Ken Blackwell (Republican)
Re:that's why this investigation will go nowhere (Score:3, Informative)
Re:that's why this investigation will go nowhere (Score:2)
Greg Palast is so twisted up in hate that he can't see straight. His conclusions are not supported by any of the data he presents. Yet, people are so eager to hate President Bush that they are willing to accept his fluff at face value. Its sad, really.
Re:that's why this investigation will go nowhere (Score:2)
Re:Not the first time with Choicepoint (Score:2)
If that's one of your favorite sites, it's no wonder you are so deeply franchised inside the 4th reich.
We really need facts, not propoganda. Fact: Dubya has consistently lied to the american people.
Enough said
It's about Time (Score:5, Interesting)
I'm not normally a "Big brother is watching you" kind of girl, but the amount of power these companies have over our lives - the ability to deny us life, home, and auto insurance, to get a home or auto loan, to even get a job! - is insane. Especially when you try to correct inaccurate information and they refuse to accept it! For example, I don't rent, I own my own house. But for years I've tried to correct that - and my status, which is married, not single - and have had them tell me flat out that THEIR data is correct and I must be dreaming about my husband & house...
Re:It's about Time (Score:2)
Re:It's about Time (Score:2, Interesting)
Another poster said Choicepoint doesn't care about you because you are just a number - you don't pay for its services, the companies do. Right, makes sense.
But, reading your situation above, could someone bring a libel suit against Choicepoint? According to some random site I found [freeadvice.com], libel is a written defamation, and defamation is:
Defamation, sometimes called "defamation of character", is spoken or written words that falsely and negatively reflect on a living person's reputation.
If a person or the n
Re:It's about Time (Score:3, Funny)
You wouldn't be the first girl to be told that.
Re:It's about Time-Security puncture. (Score:5, Insightful)
Furthermore, people keep complaining that their information got stolen. It's not your information. It's ChoicePoint's information. It belongs to them, and to the people that purchase access to it from them. They took the time to collect and aggregate it, and they own it. The fact that it may or may not directly affect your life for better or worse in substantial ways does not even enter the equation.
Obviously, there is something fundamentally wrong here that needs to be corrected. In my opinion, information should be held by an organization specicially authorized by the government to do so. The information should be encrypted and secured, and leaks should be punishable by prison time. A standard, open algorithm should be created, to convert the information into a simple number (like a "credit score.") Companies pay for access to these scores. Only upon showing direct need, in a court of law, should specific information be given to specific companies, under strict confidentiality. If a particular company needs to know a specific detail about all of their customers, they can petition to be granted access to that information only, under the same confidentiality agreement.
Furthermore, individuals should be given unfettered access to their own information, on request. (Identity verification should be draconian here.) Individuals should have the right to challenge an inaccuracy, and to provide documentation disproving it.
Granted, it may have some issues of its own, but at least it's a step up from "give everyone's most intimate financial details to every company that pays us a nickel." Any thoughts?
Re:It's about Time-Security puncture. (Score:2, Insightful)
Ultimately, there may be some protocols legislated to protect information, but these will be feel good measures more than adequate protection (most will be geared towards consolidation with data companies suggesting regulations). The bottom line will be what types of services different companies can provide, and how accurate/specific those databases will be. Anticipate
Re:It's about Time (Score:2)
Re:It's about Time (Score:2)
Re:It's about Time (Score:2)
I do know that what the credit card companies do to send out those offers doesn't count as a 'credit check'. It's important that it doesn't: every time a lender checks your credit, it lowers your credit score slightly. This is intended to prevent people from taking out too many loans, credit cards, etc., and also to disc
Damn! (Score:2, Interesting)
On a more serious note: Big brother
So if big brother, has like all this information on us (creditcard numbers places we freq eat and stupid random intel like that), then what if THEY get hacked? Wouldnt that mean hell for everybody thats ever been in america? I could only imagine standing in line at a public school to get my friggin id back, but how would they validate whose who?
Re:Damn! (Score:3, Interesting)
Im no lawyer, but if you just _cant_ prove your identit
Re:Damn! (Score:2)
The frinds have to be authenticated, usually by birth certificate AND a photo ID. They MUST be identified and noted.
They then testify in front of a judge that person X is, and has been a citizen of this country. Things like friends and family are taken into account, as business relationships are wanted too.
If the group testifying that the person is from (say..) the USA and wasnt, they're all put in for
Top post for great justice! (Score:2, Informative)
Time to set an example (Score:2, Insightful)
Screwed by ChoicePoint (Score:5, Interesting)
Funny, ChoicePoint kind of reminds me of what Microsoft wants to do with their
Re:Screwed by ChoicePoint (Score:3, Informative)
The federal government.
There are many "baskets" like Choicepoint.
Re:Screwed by ChoicePoint (Score:3, Insightful)
What's really ironic about this statement is that Choicepoint does background checks for employeers.
Last several times I was accepted for a job, I had to submit myself to a background check provided by Choicepoint.
They could do a similar background check on their clients, but I bet that would be bad for Choicepoint's business.
Re:Screwed by ChoicePoint (Score:3, Insightful)
Because it would cost money that's why. The only reason you know what happened is because the left wing hippies in california passed a law that holds businesses sort of kind of responsible.
Businesses have no morals or conscience. They don't care about you. It's up to you (through your govt) to make sure the businesses don't run amok.
Re:Screwed by ChoicePoint (Score:2)
The business model is predicated on accumulating vast quantities of personal data on people and then selling access to other companies.
You see the problem is they will in fact sell the information to pretty much any company who wants it for a price.
If you want to commit identity theft all you have to do is create a legitimate company, if necessary fronting it with people without a criminal record, if you have one. As
ChoicePoint has many tentacles (Score:4, Interesting)
Interesting choice (Score:2, Funny)
Re:Interesting choice (Score:2)
On a side note, the CBS web site is sponsored by WalMartFacts.com. Surely another sign of the of "liberal media" right?
Bruce Schneier (Score:5, Informative)
Score another for the New Media (Score:2)
NoChoicePoint (Score:5, Interesting)
10 million victims lose 300 million hours... (Score:5, Insightful)
- over 3 million Americans had fraudulent ID theft (the worse kind), and 10 million total had some type of ID theft
- ID theft victims spent a total of 300 million hours "fixing" their problems.
- Fraudulent ID theft averaged $10,000 stolen. The total cost of all ID theft is $50 billion.
- the monetary cost to fix fraudulent ID theft averages $1,200 per ID victim.
But in reading this report the bias that "businesses are the true victims" shows up. The $5 billion in costs to the identity victim (and 300 million hours of time) is described as "Individuals whose information is misused bear only a small percentage of the cost of ID Theft" (pg 6). That's a bad way of thinking about it for several reasons:- 300 million hours of victims' time = 300 million hours of research and investigative time = a 'donation' of at least a few billion dollars.
- The ID theft victim gets hit with real and lasting costs. Companies get to write off their losses, or use insurance and pass their costs on to consumers. A year after ID theft is discovered, the theft is just a blip in a spreadsheet to the companies where the stolen identity was used. The victim will still be writing letters, finding new ramifications, and losing time and sleep over the matter.
- Those 300 million hours also = stress, lost time from work, family, charities, plus also extra medical expenses.
- "15 percent of ID Theft victims reported that their personal information was misused in nonfinancial ways. The most common such use reported was to present the victim's name and identifying information when someone was stopped by law enforcement authorities or was charged with a crime." What's the cost of your kid seeing you arrested because someone else used your name? Not to mention...
- Now that the government gets data from Choicepoint and others, and because the government has no legal responsibility to find or fix bad data in its files, the rest of your life could be hobbled by bad data and you won't quite know why.
So basically Choicepoint and the credit card reporting agencies are creating a "public bad." Like polluters, they force other people and companies to bear the cost of problems they've created. 300 million hours and $5 billion dollars would = fantastic security finished in months if the companies themselves had to pay these costs. Instead, 10 million people are forced to do their own cleanup work, and the fact that 9.999 million people have already done the job doesn't make it any easier for you when you're the victim.Mitigating damages (Score:5, Interesting)
Why is it such a concern that something as benign as a 10 digit number, plus information that can be found in the phone book, should be of such a concern? One reason is that armed with such a small amount of information, someone can do a tremendous amount of harm to people, and the companies those people do business with.
Someone can get a driver's license in your name, and build a bad driving record, or worse, in your name. And the state will insist it is you. The affected state will file this with your state, and your own state may cancel your driver's license because it looks like you moved to the other state. In extreme situations you could be arrested.
Someone can get a bank account in your name. Then with these checks that have your SSN and address on them, make a hundred fraudulent purchases totaling tens of thousands of dollars, on an account they probably stuck just $250 in to get it open. This will ruin your rating with banks, which is kept by a separate reporting agency not subject to the same reviews as the 3 big credit reporting agencies are.
There are many other kinds of examples, including opening credit accounts. The common problem in all of these is the assumption that by having certain information, the person with it must actually be you. Those of us familiar with security protocols already know that having the very information you give to someone else to show who you are, enables who you just gave it to to masquerade as you. Most people are honest but a slight few are dishonest. Theft of identity information has been happening for decades but it is only now becoming so widespread that politicians and lawmakers are no longer going to be able to hide their head under the carpet and pretend it doesn't exist in order to avoid the hard choices they will have to make.
And remember, this is identity theft; it is not authenticity theft. Identity only says who you are. We need to stop businesses and governments from assuming that identity is authenticity.
Re:Mitigating damages (Score:5, Insightful)
Can't have it both ways, Slashdotters.
Re:Mitigating damages (Score:2, Insightful)
That's an interesting way to look at it. You could say it was stolen from who holds it, and infringing on who it refers to. It's not who it was stolen from who suffers the most. I like this concept.
Re:Mitigating damages (Score:2)
Theft is somebody using that information to draw money out of my bank account. Hardly anybody would justify signing Hillary Rosen's name on phony checks.
congress needs to run netcraft on cracked ... (Score:2)
ChoicePoint NOT hacked (Score:5, Insightful)
Re:ChoicePoint NOT hacked (Score:3, Insightful)
Tell it, brother (or sister) (Score:2)
I've been writing nastygrams to NPR all week, viz: ChoicePoint were not "hacked", and the data were not "stolen". ChoicePoint sold the data through their regular sales channels. And presumably the fraud ring made payments, 'coz they kept this up for a year.
And yes, ChoicePoint are likely only the tip of the iceberg, though they're one of the larger, and newer firms. Larger means more data and more attractive target. Newer means they've had less time to get experienced (trans: to f*ck up before and g
As if (Score:3, Informative)
Class action lawsuits were essentially outlawed by the Rupublican Congress and President Bush this week. Nobody will ever get any damages from Choicepoint.
Re:As if (Score:4, Informative)
It was passed in the Senate 72-26, with 8 Democrats sponsoring the bill. That's a veto proof majority. That's bipartisan dude.
Y'all have it backwards (Score:3, Insightful)
Class dismissed. (As in the "no class" action suit.)
Close Enough For Government Work (Score:5, Interesting)
Re:Close Enough For Government Work (Score:2, Funny)
Several possibilities come to mind:
- Honest, hard work, American Dream(tm) etcblabla
- They are just smarter than anyone else, you sore loser!
- CHOSEN by GOD to be SUCCESSFUL evermore!
(Yes, I am bored)chl
Re:Close Enough For Government Work (Score:2)
Hank Asher->DataBase->TIA->Matrix->40k>CIA->KGB
Looks like Art Bell has been sharing his bong again...
.
It can takes years to fix this sort of thing... (Score:5, Insightful)
I had (regular) mail stolen from my mail box (before I realized how bad it is to actually use your mailbox for outgoing mail), at first I thought it was a post office screw up, but several months later, I got a call from a bank employee who just completed a transaction which he thought was fishy. He asked my if I had just cashed a four figure check there. When I told him that I hadn't he warned me that somebody was stealing my Identity. I called my credit card companies to get new cards and security added to my accounts, contacted all of the big three credit agencies and got a hold put on my credit, contacted the local police.
The next thing I knew it was raining collection notices on me.
This guy was printing checks with my name and driver's liscense number. For Id, he had a printer which could create fake driver's liscenses with all of my information, but his face and description.
Fortunately, I was lucky, this guy got pulled over for a faulty brake light and the officer looked into the car and saw over a dozen driver's liscenses on the back seat of his car, all with his picture on them, but different names. The officers told me that I was the one in a hundred whose Identity Thief was caught.
Now, 8 years later, I can share some lessons with you. Trust me, you don't want any of this to happen to you, arguing with collection agencies is no fun at all, they assume that everybody is a slimeball.
1) Get a shredder. Get two in case the first one breaks. Shred everything that has anything that can identify you. Id Theives also dumpster and dump dive to look for your information, don't give them any help. shred shred shred...
2) Get your annual credit report from the big three credit bureaus. Take the time to review it, carefully. They each have a formal procedure for clearing up problems. Follow it to correct your information. They can be reached here http://www.creditreporting.com/ [creditreporting.com]
3) Check your credit and bank statements, you never know what they have on you or when they get it.
4) If it does happen to you, file a police report immediately. This report number is your best defense against the onslaught of collection agencies that will soon be banging down your door.
Isolation versus Aggregation (Score:2, Interesting)
Clearly, the more aggregated information can be, the higher the value because those using it do not have to look so far to get other, related facts about a subject.
Perhaps the form of regulation on the topic of information security for these large clearinghouses should be to keep as much information isolated as possible...so th
DMCA them. (Score:2)
Remember that under the provisions of the DMCA, they can't REVERSE ENGINEER, which is exactly how these credit reporting agencies gather information about you.
I think it's high time individuals treated themselves like corporations. Corp's are protected under the New America, people are not. Th
Re:DMCA them. (Score:2)
Maybe because they didn't create them? You also can't copyright 'tekrat' or similar names/titles because names/titles are not works in themselves.
I think it's high time individuals treated themselves like corporations.
Corporations are virtual persons. So you got this backwards. If you treat yourself as a corporation, well, can I buy your shares then? You can then be my slave!
Don't lower yourself to a co
Blood Money (Score:3, Interesting)
Corrupt law enforcement (Score:2)
He worries that thieves will eventually do to him what sheriffs detectives in Los Angeles say they've done to more than 700 other people -- reroute his mail, ring up credit card debts, buy a car or even commit a felony in his name.
As if the thieves themselves weren't bad enough? Now I can't trust my sheriff's department! Why, just the other day, I gave some officer all my financial data over his website. Why would they do a thing like this? </sarcasm>
Solomon Chang
Whew! (Score:2, Funny)
Hah! I called this one (Score:2)
Re:GOP & ChoicePt in attempted Chavez coup (Score:2)
Not saying it is, or isn't, but Palast seems to be lacking a certain number of actual facts, and instead seem to be relying on rhetoric.
Show me the facts.
Re:Dear Choicepoint... (Score:2, Informative)
That's because you don't have the authority to give that permission. Public records belong to the public.
Re:Dear Choicepoint... (Score:2)
Of course they are!!! You didn't create the number, the number was branded on you by the gov't.
Credit information is not *your* information. It is information *about* you.
What people should sue choicepoint about is facilitation of the id theft resulting in loses to you. People should also sue the gov't for allowing companies like choicepoint to sell data on individuals.
Re:Dear Choicepoint... (Score:3, Insightful)
The right-wing anti-liberty^H^Hals have been spreading the meme lately that you never had a right to privacy, contrary to the fourth amendment. Their argument is that the Constitution only limits what the government can do, so that Choicepoint and their ilk are not obligated to respect your right to privacy.
IANAL but I notice that the Civil Rights Act of 1964 gives the power 'to aut
Re:Dear Choicepoint... (Score:2, Interesting)
Just be persistent, firm, refrain from profanity, and send a letter to your state's AG complaining of the company....
Worked for me.
The first time I got an email back saying I had to use a Do Not call list from the DMA website, but I replied back to that email with a firm request that I wanted my data OFF their servers. Of course, I have no way of knowin
A couple of things: (Score:3, Interesting)
Re:Class action suit? (Score:2)
Re:Class action suit? (Score:2)
You can always tell you're being fucked over when you hear the word "reform".
Re:enhance social security number based life (Score:2)
this works.
Links for the book... (Score:2)
Amazon.com [amazon.com]
Barnes & Noble [barnesandnoble.com]