Search


  • Categories


  • Archives

    « Home

    Computerworld: Why You Should Be Worried About Your Privacy on the Web

    Computerworld has an interesting story about privacy. The reporter decided to investigate how much and what kind of personal data he could find out about himself online. (There’s also a good companion piece with tips for managing your online data.) I have written about database errors and the problems they can cause.

    What information is available about you in cyberspace? Where does it come from? What risks does it present and what, if anything, can you do to protect yourself? To answer those questions I decided to use my own identity, Robert L. Mitchell, a national correspondent at Computerworld, as my research subject.

    Starting with the information [privacy activist Betty Ostergren] had turned up about me, I spent a few weeks combing through more than two dozen public and private resources on the Web and visiting many other Web sites to build a dossier on myself. I conducted both free and paid searches. I contacted a private investigator for tips on my investigation. And I spoke with data aggregators and privacy experts.

    I quickly discovered that while the quantity of publicly available information about individuals to be found online is vast, it is riddled with inaccuracies. For example, I changed my primary residence more than a year ago, but many databases online still have my old address. In other cases, the information is just plain wrong.

    The reporter homed in on government records:

    Much of the publicly available information on individuals online is sourced from online county, state and federal government records databases, and this is where Ostergren found my Social Security number. She hadn’t purchased it from a hacker chat room or from shady characters in Russia. She got it by browsing an image of a mortgage document stored in a county database located in a building half a mile from my house.

    Over the past five years, bulk scanning and online publishing of such documents have proliferated in many states. In many cases, including New Hampshire — my state of residence — little or no attempt has been made to redact sensitive personal data such as Social Security numbers before moving those records online. The public is blissfully unaware that these documents, which were once accessible only in dusty books inside the walls of the registry of deeds, are now freely available over the Web to anyone in the world with a click of a mouse.

    Ostergren says that this information is a treasure trove for data aggregators, brokers and criminals. Unlike financial and medical records, which are regulated, Social Security numbers gathered from public records come with no strings attached. They can be republished anywhere with impunity. “You’re in a state that is spoon-feeding Social Security numbers to everybody,” Ostergren says.

    Read the full story for much more about data found though other ways, such as free and paid online services.

    One Response to “Computerworld: Why You Should Be Worried About Your Privacy on the Web”

    1. Loophole Says:

      I don’t get why the privacy community is so concnrd about protecting privacy here in the US, when firms can simply offshore. Why don’t privcy activists adress that issue. See the folllowing blog entry from http://www.ESRcheck.com :

      Do You Know Where Your Personal Information is Going? Your PII may be going Offshore When Some Employers Perform Background Checks
      Many job applicants in the US may not realize it, but when you fill out a job application you may be sending your personal data including date of birth and/or social security number offshore beyond U.S. privacy laws. How? There are some background screening firms that routinely send their data to India or other destinations for processing, including calling past employers and schools. The information sent could well be the basis for identity theft. A recent sting operation by the BBC showed that confidential data can be purchased from Indian call centers for as little as $10 each. See: http://news.softpedia.com/news/Symantec-Sends-Notification-Letters-Announcing-Possible-Security-Breach-108320.shtml

      Of course, identity theft can happen in the US, but at least here there are resources and recourses. Try calling the Mumbai or Bangalore police and filing a complaint. Nor does it help if the foreign call center is owned by a US firm. The same issues still apply.

      The best advice for job seekers; Do NOT consent to a background check if the employment screening firm used by your prospective employer does not guarantee that they do all of their work in the USA. ESR does NOT offshore.

    Leave a Reply