Forgot your password?
typodupeerror
Privacy Crime Your Rights Online

New Jersey DMV Employees Caught Selling Identities 279

Posted by samzenpus
from the how-about-some-new-id dept.
phaedrus5001 writes "Ars has an article about two New Jersey DMV employees who have been accused of selling personal information they routinely had access to. The NJ prosecutor's office claims (PDF) their investigation 'uncovered that two employees of the New Jersey Motor Vehicle Commission were providing the names, addresses, dates of birth and social security numbers of unsuspecting residents that they obtained through their employment. They were charging as little as $200 per identity.'"
This discussion has been archived. No new comments can be posted.

New Jersey DMV Employees Caught Selling Identities

Comments Filter:
  • This is more proof (Score:2, Insightful)

    by Anonymous Coward

    More proof that the best government is the one that governs least.

    • by Jeng (926980)

      How so?

      • by DanTheStone (1212500) on Monday November 28, 2011 @02:12PM (#38192758)
        Obviously the government shouldn't know your Social Security number...
        • by rickb928 (945187)

          Well, at least not for your dirver's license. Kinda like using the same password everywhere. Break into one, break into them all.

        • by erroneus (253617) on Monday November 28, 2011 @03:57PM (#38193926) Homepage

          Yeah, this is thought to be funny, but in reality, the SSN should be used only for Social Security purposes. Instead it is a national serial number which was everyone's concern when the program was set up.

          Texas does not use the SSN for the driver's license... not yet anyway... not the last time I got it renewed. I hate to see when other states disregard this and abuse its citizens for a bit of convenience like this. And of course, the SSN is a widely abused thing and the more abused it is, the more damage abusers can case innocents. It's annoying.

    • by s73v3r (963317) <s73v3rNO@SPAMgmail.com> on Monday November 28, 2011 @01:51PM (#38192500)

      Because a private company would never be caught doing something like this. Nope. They are all completely above any kind of corruption.

      • by 0123456 (636235) on Monday November 28, 2011 @01:59PM (#38192612)

        Because a private company would never be caught doing something like this. Nope. They are all completely above any kind of corruption.

        Unlike the DMV, a private company can't force you to use their services. Nor can they push a unique identifier on you which is then used as an id by numerous different databases.

        • by zAPPzAPP (1207370) on Monday November 28, 2011 @02:03PM (#38192664)

          If the private company owns any of your local infrastructure, or it got an outsourcing deal for a former gouvernment service that you need to use, how do you avoid them?
          Because that's what "less gov" means around here.

        • by cptdondo (59460) on Monday November 28, 2011 @02:04PM (#38192672) Journal

          Experian? Other credit rating companies?

          I'm sure I could come up with a lot of others that disprove your hypothesis. There are lots and lots of private companies that we have to do business with. We have no choice in the matter.

          • You have a lot more choice in the matter than with governmental agencies.
        • by corbettw (214229)

          Can't force you to use them? Sure, OK. Can't make you use a unique identifier that's then used by other orgs? Bullshit. How many websites use Facebook, Google, or Yahoo login services for their users?

          • In effect, none that matter. I don't use my Facebook credentials anywhere except Facebook. The popup says "Log in with Facebook", and I say, "Fuck you!" I either register with a throwaway email, or I don't bother logging in at all.

          • by Bigby (659157)

            I don't sign up for services when they require a Facebook account because I don't have a Facebook account. I, as a human being located in the United States of America do not need a Facebook, Google, or Yahoo account. In fact, more than half the country don't have any of those accounts.

            You can't say the same thing about who is in a DMV system. Even if you don't drive or even not allowed to drive, you need to have identification. Just the basic idea of being a human being in the US at 20 years of age will

        • by Jessified (1150003) on Monday November 28, 2011 @02:17PM (#38192802)

          Well, just like if you don't like airport security you don't have to fly, if you don't like the DMV you don't have to drive, amiright? /sarcasm

          • by rickb928 (945187) on Monday November 28, 2011 @02:45PM (#38193140) Homepage Journal

            This is the debate. If you don't like the restrictions, don't drive.

            This is the WRONG attitude and approach.

            We expect our government to, among other things, serve us by managing certain things. One of these is the licensing of drivers, so that we can be marginally safe on the roads, that entirely unqualified drivers are not allowed to operate vehicles, and that dangerous drivers are removed from the road to some degree. Imperfection is rampant, but it works farly well.

            Driving is, in much of American a NECESSITY. To claim it is a privilege may be linguistically accurate, but it is not accurate at all. It is a necessity for most of us.

            In that light, our governments' role shoudl never be to make licensing as difficult as possible, nor should it be to force applicants to exert themselves merely to satisfy the bureacracy's self-serving purposes. It should be the goverments' role to facilitate and deliver the needed service, IE licensing etc.

            The argument that driving is a privilege is to leave open the option that for some reason, we should serve our govermnent. The opposite is the desired relationship, and one that should be not only normal, but expected.

            I know you're being sarcastic, and you're excused from being the target this screed. But some people actually hold that driving as a privilege means that the agencies can be permitted to make it difficult to maintain the privilege.

            That is wrong.

          • by Bigby (659157)

            I know it is sarcastic, but a license is more than about driving. It doesn't even have to do with driving. In most States it is required to have identification, and that is handled by their DMV-like institution. You don't have to drive. You don't have to drink alcohol. You don't have to vote. But you still need an identification.

      • by Hentes (2461350)

        In a private company, it's not the employees who do this, and they charge more for it.

    • by cptdondo (59460) on Monday November 28, 2011 @02:01PM (#38192642) Journal

      Great soundbite. Now expand on it. Tell us how, exactly, you would put your proposal into practice.

      Fewer cops? Less regulations? Which ones? Fewer teachers? No DMV (and no vehicle registrations, or safety regulations, or license plates, or insurance?)

      I want to know.

      • by vlm (69642) on Monday November 28, 2011 @02:23PM (#38192854)

        No DMV (and no vehicle registrations, or safety regulations, or license plates, or insurance?)

        The following licenses I have, or previously held, none of which are "IDs" requiring SS number:
        ham radio license
        GROL
        former private pilot license (maybe this has changed to photo now?)
        former fishing license
        several former military operators licenses including really weird stuff like immersion heater (I kid you not) and RTFL rough terrain forklift
        my library card is functionally a license as opposed to an ID card
        my old non-photo college ID card (I guess those are mostly photo "real forms of ID" now?). It was mainly used at the library and to pay for photocopies.
        My temp drivers license when I was 15 until I passed my formal DL test had no "id" properties, it just gave me permission to drive with a parent in the car supervising me.

        Functionally American drivers license functionality is merged with ID card functionality, as if any separation is impossible, but its certainly not required. None of the stuff you listed requires ID directly, although registration title transfer is gonna require the services of a notary, and the notary will demand an ID, or the DMV personnel could operate as notaries, ending up right where we started...

    • Yes, and our roads will be awesome when any asshole can just hop into a car and put the pedal on the floor....

      Please, explain how the free market regulates people that don't know how to drive without causing millions of people to lose their lives in accidents. I would love to hear it.

      I swear, some of these anti-regulation people must just be closet anarchists. It seems more and more like they just want to live in the Old West where the only rule of law is the one that comes out of the end of a gun...

      • Re: (Score:2, Funny)

        by Anonymous Coward

        Yes, and our roads will be awesome when any asshole can just hop into a car and put the pedal on the floor....

        You haven't driven in Boston, have you?

      • . . . ummmm every asshole does jump in a car, every day. Or do you think that the DMV regulates drivers? Because regulation means that some cant do it, and with tests for a drivers licence entirely on a computer and renewals online, they arent actually regulating -anything-, except for age.

        These anti-regulation people would say that the market adjusts and insurance prices would keep the bad drivers off the road. Do you honestly think that without a drivers licence telling people that they can drive that mi

        • by bws111 (1216812)

          This is about the fifth time you posted this crap. What states allow a previously unlicensed driver to obtain a license without a road test?

      • by vlm (69642)

        Yes, and our roads will be awesome when any asshole can just hop into a car and put the pedal on the floor....

        What stops them now? Absolutely nothing? No problemo then, I guess.

        Please, explain how the free market regulates people that don't know how to drive without causing millions of people to lose their lives in accidents. I would love to hear it.

        If the manufacturer and/or seller of a gun is liable for what the new owner does with it, or a bartender is liable for what a patron does after purchasing booze, or I get in trouble for selling you a class 4 laser and you do something dumb, I see no reason why Ford can't be legally liable for handing over the keys to someone who didn't pass a vehicle test, or a parent can't be legally liable for loaning the keys to a teenager. Thats how i

        • by mcgrew (92797) * on Monday November 28, 2011 @04:02PM (#38193980) Homepage Journal

          If the manufacturer and/or seller of a gun is liable for what the new owner does with it,

          He isn't. Where are you getting this nonsense?

          or a bartender is liable for what a patron does after purchasing booze,

          He isn't liable selling booze to a sober person. Are you ten years old? It is definitely irresponsible to sell booze to someone who's drunk, especially if you know he's driving. In this case the bartender is responsibe, as he should be.

          or I get in trouble for selling you a class 4 laser and you do something dumb

          But you don't. Are you trolling, or are you really that ignorant?

          Thats how it works in private aviation, anytime anyone crashes for any reason, the vehicle manufacturer gets sued, because that's where the money is.

          Citation needed... and considering the earlier fantasies in the same comment, it needs to be a damned good citation.

  • Wow (Score:2, Funny)

    by DWMorse (1816016)
    I bet there are a whole SLEW of Psychiatrists that would just LOVE to learn their methodology for making identities!
  • by Lyrata (1900038) on Monday November 28, 2011 @01:50PM (#38192480)
    I wouldn't pay more than $200 to be from New Jersey, either!
  • SSNs? (Score:5, Insightful)

    by Manip (656104) on Monday November 28, 2011 @01:51PM (#38192490)
    Why can normal day to day employees even view plain text social security numbers? Wouldn't it make a lot more sense to hide that information like banks do with credit card numbers?

    Also, I find it ironic that these two relatively low level criminals will get the book thrown at them, but when the DMV legally sells that information to marketing companies everyone is happy. I guess they don't sell SSNs but still, thin line.
    • Re: (Score:3, Interesting)

      by Moheeheeko (1682914)
      You would be suprised. At the local Community college, thats like a student ID number.
      • Re: (Score:3, Informative)

        by Narcocide (102829)

        I've seen employers use it as the employee ID too. One place I worked at you had to type your SSN in to a physical console twice a shift (to punch in and out.)

    • Re:SSNs? (Score:5, Insightful)

      by the_fat_kid (1094399) on Monday November 28, 2011 @01:58PM (#38192578)

      normal day to day employees can probably read them because we have become lax about where we use our SSN.
      Want a phone? SSN
      want a rental? SSN
      want credit? SSN
      talk to someone at support? SSN

      Once upon a time these were supposed to be a Secret number that you only shared with the government and an employer.
      Now it's how you prove your citizenship and credit worth.

      • None of those employees need to be able to read existing entries though. All they need is a field where the rep asks you for your SSN, they type it in and hit a button, and it matches it against the database. If for some reason it wasn't matching, and they needed to actually view the entry, they would request a manager to unlock the one record for them temporarily.

        This would severely limit the amount of information they had access to.
        • Last 4 of SSN
      • by Jeng (926980)

        Drivers licenses aren't national so they don't work well as identifying information and passports aren't common enough to work either.

        The one piece of identifying document everyone has in the US is a social security number, until a national ID is standard the SS# will be used out of necessity.

      • Re:SSNs? (Score:5, Informative)

        by Urza9814 (883915) on Monday November 28, 2011 @02:49PM (#38193182)

        Once upon a time these were supposed to be a Secret number that you only shared with the government and an employer.

        No. SSNs were NEVER supposed to be private. It's a freakin account number. The problem isn't them being used publicly, the problem is them being assumed private.

      • Re:SSNs? (Score:5, Informative)

        by mcgrew (92797) * on Monday November 28, 2011 @03:26PM (#38193560) Homepage Journal

        Are you kidding, or are you young? Keeping SS#s secret is a new thing. Hell, they used to print your SS# on your driver's license. ID theft didn't become a big problem until the internet.

    • Re:SSNs? (Score:4, Insightful)

      by flaming error (1041742) on Monday November 28, 2011 @02:01PM (#38192640) Journal

      Social Security Numbers were never really meant to be all that secret.

      Every organization that decided to use them as a secret was stupid, and if they were intended to secure anything important, irresponsible/criminal.

      SSNs, like biometrics, have all the right characteristics for account ids, and all the wrong characteristics for a password.

      • Lets be clear here, it was criminal to use them for anything other than social security for anyone, private or government.

        Now it is illegal for any government agency to require you to give your SS#, apart from the social security office.

        • by DRBivens (148931)

          Lets be clear here, it was criminal to use them for anything other than social security for anyone, private or government.

          Now it is illegal for any government agency to require you to give your SS#, apart from the social security office.

          {{Citation Needed}}

          I don't believe you're correct. A person's SSN is also their TIN, so the IRS requires it. Also, HHS requires it for Medicare (and--I think but am not sure--Medicaid), FEMA requires it on disaster aid loan applications, and every employer is required to col

    • I haven't had my SSN on my driver's license for a long time. I'm not sure why anyone ever would.

    • by Bigby (659157)

      There is no incentive for the DMV to hide that information.

      There is a lot of incentive for a bank to hide a credit card number...they are the ones ultimately liable for all the purchases.

  • by smpoole7 (1467717) on Monday November 28, 2011 @01:52PM (#38192508) Homepage

    It's not a government vs. private sector thing, either. The simple fact is, you will always be able to find some corruptible person who's will to sell (or "leak," if he/she is just trying to harm a rival) information.

    I'm a geek and I loves me some technology, but still, I'm not blind to the dangers of giant databases filled with sensitive data And to be honest, I itch at the thought that anyone -- be it the federal government (with the Affordable Health Care Act) or private business (think of some large, national hospital group) has access to all of my medical records -- including prescriptions, diagnoses, and all the rest of it.

    But I don't know what the answer is. Someone smarter than me will have to come up with that.

    • by Sir_Sri (199544) on Monday November 28, 2011 @02:06PM (#38192692)

      The answer is government run healthcare with a government run database. Then if your medical records leak out it is *only* a privacy violation, and cannot effect further access to employment or medical care.

      The advantages of a functioning single database are enormous. Depending on where you live, you may have to carry all of your relevant records between specialists as you get sent through the system when something is wrong with you. Each of those steps risks you losing something important, and puts undue pressure on the doctor you are seeing to assess whatever you bring them right there in front of you, while you're waiting. Assuming everything you bring is in a format they can use, and if not, well then there's a lot of time spent faxing/phoning etc. back and forth. The risk that your privacy can be invaded is well outweighed by the fact that your allergy to some random medication, or obscure but potentially serious condition is going to show up in a record somewhere when you get into a car accident on holiday out of province/state.

      I'm in canada, so the only people who particularly care about my medical records but wouldn't be granted access to them are, my 'spouse' my kids (which I don't have but you get the idea), and well, that's it. And it doesn't matter who runs the healthcare system, if there's something in there I'm trying to hide, it's equally likely they'll be told regardless of who runs the database. But in a system where that information matters to insurance companies and employers, well then you have a problem.

      The DMV thing having SSN's is unfortunate, but I guess it makes sense. Criminal activity (which I guess would be tied to your SSN?) is going to impact your ability to interact with the DMV, and as a government agency they're authorized to collect that data. Unfortunately, there's not a lot you can do to secure information they have legal access to under normal circumstances, it doesn't matter if it's paper or electronic.

      • The answer is government run healthcare with a government run database. Then if your medical records leak out it is *only* a privacy violation, and cannot effect further access to employment or medical care.

        Well, we'll just chop off your nose, that way if you cut yourself shaving it's really no big deal.

        • by jpapon (1877296)
          Yes, because a privacy violation is "chopping of your nose", while not being able to access medical care is "cutting yourself shaving". I think you have your analogy backwards, buddy.
        • I'm sorry you feel that way. To many of us around the world, the US War on Public Healthcare looks an awful lot like the US War on Drugs. The information is only valuable because of how it can be (mis)used. Give everyone equal access to what the private information grants a select few, and the problem goes away. Of course, there *are* other problems created, but not of the "chop off your nose" variety.

    • by dkleinsc (563838) on Monday November 28, 2011 @02:13PM (#38192768) Homepage

      The solution that someone much smarter than me (Bruce Schneier) has repeatedly proposed is this: When doing something that involves sensitive data, you don't verify identity, you verify transactions. For instance, if you want to transfer money from your bank account, the question is not "Are you smpoole7?", it's "Does smpoole7 really want $150,000 to go to an account in Pakistan?". A smart bank will use alternate ways of contacting you (if they're really worried, they might even ask that you do this in person) to confirm that it is in fact your intent.

      This has a lot of ancillary benefits that probably make it worth the expense. For instance, it helps catch errors by the actual owner of the account.

      • by smpoole7 (1467717)

        > you don't verify identity, you verify transactions.

        I'll Google Schneier's proposal. I was thinking about something like that this morning, only for online transactions. I mean, it can't be all THAT deep, can it? I know it'll cost and it'll slow down the speed of transactions, but ... well, the way I look at it, 100 years ago, you either paid in person and/or signed a contract, or you didn't get what you wanted. I know we can't go back to that now, not unless we want to wreck e-commerce and online recor

    • every now and then, I see pushes (by someone) to have me put health records online or to have exchanges with doctors be online.

      I have to explain to them - out of force of habit - that as a computer professional, and one who has a tiny bit of experience in security, I can't recommend this. I'm not sure if they are being pushed (the doctors) to advise their clients to 'go online' but I have to point out that I don't recommend it. I take advice *from* the doctor about bodily matters; but I would like them to

      • by Zironic (1112127)

        What are you on about? We don't 'all know' that 'nothing good will come from this'.

        There's massive HEALTH benefits in having better communication with and between your doctors, it's those benefits you have to weight against the potential privacy issues and for most people personal health will win over privacy risks any day of the week.

        • by swb (14022)

          The health benefits only occur if you're actually sick or regularly need treatment from multiple providers, but the privacy and security risks are continuous and ongoing.

          Plus, in my experience, the benefits of EHRs are kind of limited -- Doctor B probably won't bother to read the chart from Doctor A unless he wants to, in which case he'll ask for it, and most of the time they will otherwise run their own tests. Duplicated effort, but unless you force Doctor A to share risk with Doctor B, Doctor B will alwa

    • by Bigby (659157)

      Very true. It happens in all systems with similar ideas. The different here is that with the DMV, you don't have a choice. In a way it is like being forced into military service. You can disagree with the idea all you want, you would be forced into it. Hence the moral issue with government. It is giant trade-off between freedom and services.

  • Sigh (Score:5, Insightful)

    by Aerorae (1941752) on Monday November 28, 2011 @01:52PM (#38192510)
    I didn't realize that our identities were so worthless. Whether it is attributed to evil, or a lack of humanity on the part of the two employees, this represents a fundamental problem among people today: "Doesn't affect me, so I don't care."
    I believe that will destroy us even faster than bank collapses or political corruption, in a sense because those maladies are results of the "I don't care" problem. "I can buy these horrible securities, if it goes bad, it doesn't affect me, so I don't care", "My constituents want this, sure it'll put 100,000 people out of work, but it doesn't affect me, so I don't care", "Hell I'll sell peoples identities, sure they'll be plagued by this for a matter of decades to come, but it doesn't affect me, so I don't care."
    People need to care about things that don't affect them or else this world is very very doomed.
    • Re:Sigh (Score:5, Funny)

      by Jeng (926980) on Monday November 28, 2011 @01:58PM (#38192582)

      If the person cared about others they wouldn't be working at the DMV.

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      Welcome to the repercussions of the "Me" generation. It all started with shifting focus from the outside and how to fit into society and live with others to the inside. People don't know how to empathize with others any more. If it feels good to them, do it. Thanks hippies.

  • by schwit1 (797399) on Monday November 28, 2011 @01:53PM (#38192532)

    How does providing a SSN verify that the DL requester is who they say they are?

    • by JJJJust (908929)

      It doesn't directly.

      But, through SSOLV (Social Security Online Verification), DMVs match name and date of birth in SS record to name and date of birth on driver license/ID. If they don't match, no license is issued until the social security or license record is updated.

    • by vlm (69642)

      How does providing a SSN verify that the DL requester is who they say they are?

      My father did occasional DB consulting work for a collections agency in the 90s, so this is at best hearsay, non the less:

      Places that accept personal checks, like to take either the DL number directly or a pointer to the DL such as a grocery store loyalty card.
      The DL number points to a theoretically valid SS number.

      So, if a guy bounces a check, standard procedure if he completely fell off the face of the earth, with the assistance of the judge, was to ask the bank for money from other accounts owned by the

  • $200 is not cheap (Score:4, Interesting)

    by argmanah (616458) <{moc.oohay} {ta} {hanamgra}> on Monday November 28, 2011 @01:59PM (#38192608)
    If you work in computer security and have dealt with the black market for stolen identities, you'll find out that $200 an identity is really pricey. It's a little scary, but the market rate for this kind of information is more like $5 a pop.
    • And, what's worse, it means that the real identity thieves rarely get caught. Someone can use their place of employment to steal personal information and quietly sell it on the black mark for $5 a pop. They can even sell the same identity more than once. Those buyers, then, turn around and commit the fraud that is usually associated with ID theft. (Buying electronics under another person's name, opening and maxing out new credit cards, buying homes, committing crimes and giving another person's name/DOB

  • by corbettw (214229) <corbettw.yahoo@com> on Monday November 28, 2011 @02:10PM (#38192740) Journal

    You have to stand in line for hours just waiting to get the CD with the data on it. And don't get me started on all the forms you have to fill out!

  • And give these greedy assholes a decade or two in prison with no chance of parole.

  • by Oswald McWeany (2428506) on Monday November 28, 2011 @02:23PM (#38192852)

    I'm really not worried; at the speed the DMV moves, we'll have already lost to China in WWIII and have a Chinese ID card (and number) long before they manage to actually sell my American SSN.

  • Why trouble yourself making fake licenses when you can get a real one!
  • "as little as $200 per identity"

    Must have been the identities of the cast of 'Jersey Shore'

  • ... to bribe the legislature to weaken the laws concerning social security numbers. Used to be that it was actually illegal to use a SS number for any purpose other than tracking your social security. Now it's basically the key into all your private accounts.

If a listener nods his head when you're explaining your program, wake him up.

Working...