Congress to Investigate ChoicePoint 259
twzop writes "I just saw a story on the CBS evening news about the previously posted story about ChoicePoint, Inc. in Atlanta, GA getting hacked and US citizens' data being compromised. The story stated that Congress was going to get involved by investigating the scandal and that there was a large class action lawsuit against the private firm."
damage size? (Score:5, Interesting)
Not the first time with Choicepoint (Score:5, Interesting)
It's about Time (Score:5, Interesting)
I'm not normally a "Big brother is watching you" kind of girl, but the amount of power these companies have over our lives - the ability to deny us life, home, and auto insurance, to get a home or auto loan, to even get a job! - is insane. Especially when you try to correct inaccurate information and they refuse to accept it! For example, I don't rent, I own my own house. But for years I've tried to correct that - and my status, which is married, not single - and have had them tell me flat out that THEIR data is correct and I must be dreaming about my husband & house...
Damn! (Score:2, Interesting)
On a more serious note: Big brother
So if big brother, has like all this information on us (creditcard numbers places we freq eat and stupid random intel like that), then what if THEY get hacked? Wouldnt that mean hell for everybody thats ever been in america? I could only imagine standing in line at a public school to get my friggin id back, but how would they validate whose who? if theres no pictures, oculd you just steal somebody's drivers liscence or wallet and say that your them?
Re:Damn! (Score:3, Interesting)
Im no lawyer, but if you just _cant_ prove your identity cause XYZ documents are stolen/lost, you bring acquainances who are legitly proven and they vouch for you. People like that could be friends, family, employees, teachers...
Essentially, its like that Orkut. If you cant prove who you are, people who are proved back you up. And if they lie, its perjury and a bunch of other charges.
Screwed by ChoicePoint (Score:5, Interesting)
Funny, ChoicePoint kind of reminds me of what Microsoft wants to do with their
ChoicePoint has many tentacles (Score:4, Interesting)
It's about Time-Security puncture. (Score:1, Interesting)
Two ChoicePoint needs to backup it's customers when it comes to consequences of it's failure. In other words it accepts financial and legal liabiliy (to me) for the consequences of it's failure.
And last, inefficiencies be damned. Data doesn't really need to be centralized. Talk about single point of failure.
NoChoicePoint (Score:5, Interesting)
Re:Trust me, its not just ChoicePoint. (Score:2, Interesting)
Mitigating damages (Score:5, Interesting)
Why is it such a concern that something as benign as a 10 digit number, plus information that can be found in the phone book, should be of such a concern? One reason is that armed with such a small amount of information, someone can do a tremendous amount of harm to people, and the companies those people do business with.
Someone can get a driver's license in your name, and build a bad driving record, or worse, in your name. And the state will insist it is you. The affected state will file this with your state, and your own state may cancel your driver's license because it looks like you moved to the other state. In extreme situations you could be arrested.
Someone can get a bank account in your name. Then with these checks that have your SSN and address on them, make a hundred fraudulent purchases totaling tens of thousands of dollars, on an account they probably stuck just $250 in to get it open. This will ruin your rating with banks, which is kept by a separate reporting agency not subject to the same reviews as the 3 big credit reporting agencies are.
There are many other kinds of examples, including opening credit accounts. The common problem in all of these is the assumption that by having certain information, the person with it must actually be you. Those of us familiar with security protocols already know that having the very information you give to someone else to show who you are, enables who you just gave it to to masquerade as you. Most people are honest but a slight few are dishonest. Theft of identity information has been happening for decades but it is only now becoming so widespread that politicians and lawmakers are no longer going to be able to hide their head under the carpet and pretend it doesn't exist in order to avoid the hard choices they will have to make.
And remember, this is identity theft; it is not authenticity theft. Identity only says who you are. We need to stop businesses and governments from assuming that identity is authenticity.
that's why this investigation will go nowhere (Score:3, Interesting)
Because of this political debt, the Congress will block any serious investigation of Choicepoint.
Re:damage size? (Score:5, Interesting)
I'm from a private company, and I'm here to help myself without your consent.
I work in the goddamn insurance industry (IT; not sales; I'm not completely evil) and even my co-workers think Choicepoint are a bunch of evil thieving bastards.
My own personal experience with them revolved around the three weeks it took to get them to remove accidents that my sister had on her own automobile policy (i.e: no relation to me!) off of my CLUE report. They claimed that they showed up on my CLUE report because her SSN is only two digits removed from mine.
In the process of trying to get this fixed so that I wouldn't be surcharged for my sisters accidents they stonewalled me and generally tried to walk all over me. Every time we would change something they would need to generate a new clue report. But they could only generate those reports overnight. Apparently the computer system that allows an insurance company to get a copy of your CLUE report in about 15 seconds only allows one copy of the consumer version of that report to be generated -- and it takes several hours for them to generate it.
Furthermore I take exception to the fact that they listed an accident that I had under my parents policy (borrowed car while mine was in the shop). Perhaps I sign away my own rights when I buy my own insurance policy but I don't recall signing anything with my parents insurance company when I borrowed the car that authorized them to release my personal information (SSN/lic #) to Choicepoint. Where the hell is the outrage? I'm sick and tired of companies stockpiling information on me without permission.
In a fair world they wouldn't be allowed to release that sort of information to some data clearinghouse. So what if the insurance industry can't verify your accident record? If you lie to them then it's insurance fraud (felony in most states) and your policy is null and void. Why can't they use that as an enforcement mechanism rather then enriching the likes of Choicepoint and the big-three credit reporters?
Bah! End rant...
Close Enough For Government Work (Score:5, Interesting)
Re:damage size? (Score:3, Interesting)
It's not a fair world. In this world choicepoint is one of most politically connected companies in the world and nothing will happen to them.
Isolation versus Aggregation (Score:2, Interesting)
Clearly, the more aggregated information can be, the higher the value because those using it do not have to look so far to get other, related facts about a subject.
Perhaps the form of regulation on the topic of information security for these large clearinghouses should be to keep as much information isolated as possible...so that even if there is a fault, the effects are minimized.
This approach works in plenty of scenarios as far as contingency planning and fault tolerance goes. Faults and failures can occur, but in this case, the owners of the information should work towards containment for the sake of those they are representing (that is, those they have data about).
I am interested to see how the proposals for regulating this industry emerge, or if they will be squelched by various lobbies. We'll see.
Re:Trust me, its not just ChoicePoint. (Score:5, Interesting)
Absolutely, and I would add that there should be a stiff penalty if a data aggregator denies a citizen that ability, and such denial results in a crime.
I really cant answer if they should be selling this data...
Sure you can! Think about how this came about, and where it's going.
Originally, collecting and maintaining the so-called "credit history" on individual citizens was all about risk avoidance. That's still the case, of course. Businesses have always maintained records about past customers, so that they could then decide how, and if, to do business with said customers in the future. That's been true since we kept records carved on rocks or stamped in clay. The problem came in when business realized, with the advent of the mainframe, telecommunications and vast, cheap, readily-accessible storage that they could share this information with each other, thus dividing the risk. Thus was born the credit bureau. To my mind, the whole concept of the credit bureau is on ethically shaky ground anyway
So where are we now? Well, what has changed is that the demand is no longer just for security (customer "x" wants to buy product "y", give me yes/no on the transaction) but for the actual information used to make such decisions
ChoicePoint and similar organizations concentrate private information to a degree that makes it very, very dangerous to the individual by its mere existence. And then
In answer to your question, I would say, "no", ChoicePoint should not be allowed to do what they do. I mean, they are taking chances with the financial lives of millions of Americans, who in return get
Re:damage size? (Score:2, Interesting)
So information that is not a matter of public record is indeed disclosed by CLUE reports.
Re:It's about Time (Score:2, Interesting)
Another poster said Choicepoint doesn't care about you because you are just a number - you don't pay for its services, the companies do. Right, makes sense.
But, reading your situation above, could someone bring a libel suit against Choicepoint? According to some random site I found [freeadvice.com], libel is a written defamation, and defamation is:
Defamation, sometimes called "defamation of character", is spoken or written words that falsely and negatively reflect on a living person's reputation.
If a person or the news media says or writes something about you that is understood to lower your reputation, or that keeps people from associating with you, defamation has occurred.
In some ways its a stretch, as it isn't directly related to your "character," but its hard to deny that erroneous information doesn't lower your reputation. Companies charge higher interest rates or insurance premiums to "riskier" types of people; if your Choicepoint says you rent when you own and are single when you're married, then, hey, to an auto insurance company, you look riskier. Looks to me like your reputation was falsly lowered. Also, remember, average Joes don't need to show negligence like public figures do (that is, you don't need to prove that Choicepoint is knowingly publishing bad information, just that they are).
IANAL, nor a law student, so I have not studied libel case law to know if this would hold up, but it makes a lot of sense to me. Anyone have any thoughts?
Re:Dear Choicepoint... (Score:2, Interesting)
Just be persistent, firm, refrain from profanity, and send a letter to your state's AG complaining of the company....
Worked for me.
The first time I got an email back saying I had to use a Do Not call list from the DMA website, but I replied back to that email with a firm request that I wanted my data OFF their servers. Of course, I have no way of knowing they did it, but it is nice that my firm letter notifying my state's AG of their practices was enough of an incentive to get them to do something.
Blood Money (Score:3, Interesting)
Re:damage size? (Score:3, Interesting)
The whole insurance business is a crock, these companies make shitloads of money off everyone for years and years, and then when something like 9/11 happens they cry and moan to congress (despite the fact that in the end they still end up making a ton of money). It's a huge profit business driven by more executives and board-types. What we need are community insurance bureaus. Kind of like credit bureaus where the bureau revolves around some sort of organization (a university, a large company for its employees, etc). We have this sort of thing with health insurance, but as far as I can tell, we don't have it for vehicle or property insurance.
My insurance bill per year is nearly 1/2 the cost of my vehicle (I drive cheaper used vehicles) and my record is spotless other than 1 ticket (not a speeding ticket or anything, it was a technicality akin to a parking violation).
A couple of things: (Score:3, Interesting)
ChoicePoint Execs Seem to Know (Score:3, Interesting)
Apparently, some of the choice point executives knew there was going to be quite a bit of fallout over this. This morning's Atlanta Journal/Constitution [ajc.com] (reg. required - Google cache anyone?) is reporting that: