Identity Theft

Original  3/13/06

OK, maybe we have to have some method of determining, in this ever-expanding world of commerce, who is and is not likely to pay back borrowed money.

But the companies that have amassed our most secret information are not just selling it to "authorized" agencies, but are also not securing the data to keep it away from criminals.

And don't think you will be able to sue them for the breach, the subsequent ruination of your credit, reputation, ability to get a job, etc; because we can expect Congress to soon (if it doesn't exist already) pass a law protecting these "vital national resources" against "un-warranted litigation", just as they did the drug companies that make vaccines. That piece of legislation will certainly come back to haunt us - as companies make mistakes that easily should NOT happen, and they simply hide behind the 'law'. While we have to have vaccines, they have always come with warnings like "made with eggs - don't use if allergic"; but Congress has now taken our Constitutional protections from us!

On top of all this, if we catch the criminals that steal our information, and ruin our lives, they get a sentence of a couple months to a few years - then they go do it again! (see Criminals and the slap on a wrist)

Update 10/28/09

Now we have to also add to the mix - theft of your very personal medical records! The Federal Government wants to put ALL of your medical info online so even if you take a trip around the world and get sick/injured, you won’t get a shot of something you are allergic to, an MRI when you have a piece of metal that would be ripped through your body, etc. All of this is “good”.

I would love to see this happen. Imagine not having to pay for x-rays again because you were shipped across town but they lost the films, to state one easy case.

But let’s face it - your information had not been secured very well so far, and I doubt we can expect the companies writing the programs (software) to institute any methods to keep the data safe. They are in this to make money, and if making it secure would add $100K to the price, they won’t do it because someone else will underprice them for the contract. [Some help - see below]

What do we have right now? First, every doctor’s office demands your SS# - why? They are not paying you, so they don’t need it. Insurance companies want it too, though I don't think they really need it. But many of these offices have people working in the office with questionable backgrounds, so your SS# should not be released; even if they are not criminals, they don’t secure the data, and may send it wirelessly throughout their offices, making it easy for “drive-by hackers” to steal it. If you have insurance they give you a policy number - that is all any doctor needs. No insurance? Then you pay at the time of service, so again they don’t need the SS#. [I joined a bowling league - THEY wanted my SS# too!! (I did not give it, they flipped out; in about a year, they stopped asking for it from anyone)]

Now I could go through pages of more problems with all this, but to get to the point, any data should be heavily controlled and protected. How? First secure the data at every stage of transmission with encryption, including (*especially*) over any wireless nodes since these are the easiest to steal from; and the encryption should be far better than the current 1,024 bit standard - more like 10K or 1Mbit scrambling that is changed on a random basis. With the amount of computing power available to criminals (equal to a supercomputer of just a few years ago) anything less will be decoded within days, if not hours! Think they won’t care that you had a broken leg when 12, or your “tubes tied” at 24, think again. Most of the activity involving computer data theft is now done on a large scale. It’s like a major retailer - to sell everything cheap you get everything cheap, and hope for a home run on a few products, but low-margin stuff still adds to the total volume and brings in a lot of $$ too. [Think about the standard ID theft - you may not be rich but they steal it anyway and over-charge on your dime. Then you may spend YEARS getting things straight while they sit in comfort. Even shoplifting is being done by organized groups.]

SO [some help] - contact your Senator and Representative today and demand a LAW that forces any companies (software, hospitals, etc) writing for or handling sensitive data to ensure that encryption is the most important factor in the process; that if your SS# is required at some point, that it is NOT displayed on every monitor or printout (they can substitute a randomly generated number at the federal level so it matches up only at the most protected point), and that mandatory sentences are imposed for any willful act that causes your personal information to be even potentially stolen (in other words, if your data is not protected then someone goes to jail even if you are not directly harmed - sentences could start with 30 days or a fine for stupidity, and the more egregious violations could result in 20 years-to-life).