more on "Identity Theft for Dummies"?

[David Farber <dave () farber net>]

------ Forwarded Message
From: Bob Frankston <Bob2-19-0501 () bobf frankston com>
Date: Sun, 27 Feb 2005 15:26:37 -0500
To: <dave () farber net>, 'Ip' <ip () v2 listbox com>
Cc: 'Randall' <rvh40 () insightbb com>
Subject: RE: [IP] "Identity Theft for Dummies"?

How stupid can society be -- if all it takes is a {name, phone, ss#} to
steal someone's identity then we're fucked (oops, there goes $500,000).

It's perimeter security all over again -- why does it take so little
information to "steal an identity" and why is it so hard to correct such
problems? Those are the important questions -- it's not so much making sure
we've closed ever last barn door -- it's what to do with the horses running
about.

We keep running into these problems -- we've had naïve garage door designs
that created an easy entry to homes, connecting vulnerable PCs etc

We're still learning that we can't rely on simple perimeters. But at the
same time we have to have some trust and discretion but more important, we
need the ability to make mistakes and survive them.

In a sense this is also Y2K -- assuming everything is brittle.

In this case it is necessary to understand identity theft rather than
assuring that these magic names can never be discovered except by those
keying the information in from all those forms while in prison.

It'd be a shame if we could never find old friends again. How long before
road maps salted with incorrect information to assure they can't be misused
for purposes other than -- I don't know, what is the "proper" purpose?


-----Original Message-----
From: owner-ip () v2 listbox com [mailto:owner-ip () v2 listbox com] On Behalf Of
David Farber
Sent: Sunday, February 27, 2005 14:43
To: Ip
Subject: [IP] "Identity Theft for Dummies"?


------ Forwarded Message
From: Randall <rvh40 () insightbb com>
Date: Sun, 27 Feb 2005 13:37:32 -0500
To: cyberia <CYBERIA-L () LISTSERV AOL COM>
Cc: Dave <dave () farber net>
Subject: "Identity Theft for Dummies"?

http://money.excite.com/jsp/nw/nwdt_rt.jsp?section=news&cat=INDUSTRY&feed=dj
i&news_id=dji-00115220050224&date=20050224

Sen Schumer Urges Westlaw To Close Identity Security Hole


Thursday February 24, 1:40 PM EST



WASHINGTON (Dow Jones)--U.S. Sen. Charles Schumer, D-N.Y., has asked
Westlaw to shut down its People Finder database, warning that the
service could easily be exploited by identity thieves.

Westlaw is a product of Thomson West, a division of Thomson Legal &
Regulatory, which oversees all of the legal and regulatory businesses
worldwide of the Thomson Corp. (TOC).

The People Finder databases cover 230 million names, 139 million
households, 71 million phone numbers and 160 million Social Security
numbers, according to Westlaw promotional material. The database is a
Credit Bureau Person Tracker and allows the user to find a person using
only a partial name, address or Social Security number, Westlaw says.

The company is preparing a response to Schumers' allegations, said Jason
Stewart, Thomson Corp.'s vice president for media relations.



Schumer said the major flaw with the system is that there is no
restriction on who can use the system once its been sold.

"When we called Westlaw, we learned that you offer this service to
anyone who is willing to pay for it, regardless of their need for it and
without even the most cursory background check," Schumer wrote in a
letter to Thomson West President and Chief Executive Peter Warwick.

Speaking to reporters Thursday, Schumer said his staff was later told
that Westlaw relies on an "on-you-honor affirmation by users that they
will not use the information they find illegally."

While that may be good for Westlaw's business, it's not good for
security, Schumer said.

Schumer said he learned of the "gaping hole" through a constituent
working for the federal courts. U.S. Senate offices also have access to
People Finder and his staff readily looked up the personal information
for several celebrities and top politicians ranging from Paris Hilton to
Vice President Dick Cheney. In each case, they learned the person's
latest address and Social Security number.

"This search engine could be called `identity theft for dummies',"
Schumer wrote to Warwick.

Schumer said he decided to call a press conference on the matter only
after he called Warwick earlier this month, but received no further
response to his concerns.

The senator said the People Finder service, as well as the Choicepoint
(CPS) scandal, should serve as warning that Congress should act to
replace the " patchwork of state and federal laws" governing personal
data with a comprehensive federal law.

In the mean time, companies entrusted with this data must take every
precaution to protect it, Schumer said.

-By John Godfrey, Dow Jones Newswires; 202-862-6601;
John.Godfrey () dowjones com



------ End of Forwarded Message


-------------------------------------
You are subscribed as BobIP () Bobf Frankston com
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/


------ End of Forwarded Message


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/