A recent Gartner survey of public opinion regarding identity theft revealed that many consumers, “half those polled, either weren’t aware they were entitled to a free credit report or considered them ‘not effective’ in fighting ID theft” (quoted from this MSNBC article). The article goes on to say that about one-third of those polled were “very concerned” about becoming ID theft victims themselves. Perhaps the clearest result from the survey - entitled “Increased Phishing and Online Attacks Cause Dip in Consumer Confidence” - is that the free credit reports are nowhere near enough protection for consumers against the increasing threat of identity theft.

Enter in new legislation from two U.S. Senators, which joins a slew of other proposed legislation aimed at tackling the ID theft epidemic. Senators Specter and Leahy have recently put forth their own bill, which would establish penalties for not disclosing data breaches nationwide, as well as limit the sales of SSNs and increase consumers’ abilities to access the information data brokers have on them. This Reuters article describes the bill in a bit more detail.

Read the rest of this entry »

The epidemic of information theft, leakage, and loss continued this past weekend with the announcement by MasterCard that 40 million credit card accounts had been compromised. The breach - as always attributed to hackers first, although this may be later clarified - affected almost 14 million MasterCard accounts, with the rest belonging to Visa and other companies. The lapse in security was at a third-party processing facility (CardSystems Solutions Inc), not MasterCard itself.

The latest twist in this story, just being reported this morning, is that the third-party processing company is now admitting that they were breaking rules established by Visa and MasterCard regarding information storage. Consumer records were being stored for ‘research purposes’, according to the company’s CEO; the CEO explicitly states that “we should not have been doing that” (first reported by The New York Times). The same article also reports that CardSystems Solutions was storing the 3/4-digit verification codes that are supposed to heighten credit card security in online purchases. The presence of that information can “double or triple the black-market value of a cardholder’s account” - even more reason to question the company’s unnecessary data storage practices.

Read the rest of this entry »

President Bush is stumping for many provisions of the original Patriot Act to be not only renewed before expiring at the end of 2005, but permanent fixtures in the American legislative landscape. Bush argues that these provisions have all but singlehandedly saved America from terrorism, having “closed dangerous gaps in America’s law enforcement and intelligence capabilities” (as quoted in this CNN article).

While Bush is presenting the frightening could-have-been scenarios that were thwarted by the Patriot Act’s presence, however, many civil liberties and privacy advocates continue to argue the potential and real abuses of the Patriot Act’s sweeping power. While the opposition has been hard-pressed to point to specific cases of overreaching authorities, many still argue from a fundamental and constitutional standpoint that the Act should not be renewed. Some Senators are pushing for a scaled-back version of the Patriot Act (see this Wired article). The same article quotes an ACLU senior counsel’s key point: “the lack of a documented case of abuse doesn’t mean the law doesn’t violate civil liberties.”

Read the rest of this entry »

Ph.D Student Travis Breaux has been awarded the Cisco Systems Information Assurance Scholarship for the Fall 2005 semester, valued at $2,500. He is one of just four students in the country selected to receive the scholarship this semester. He joins three previous ThePrivacyPlace.Org CISCO Scholarship recipients: Qingfeng He (Spring 2005), Matt Vail (Fall 2004) and Neha Jain (Fall 2003).

The epidemic of stolen privacy-sensitive information, largely starting with the fraud committed against ChoicePoint that came to light this February, has spurred states to adopt disclosure measures similar to the California law that has existed since July 2003. The California law was the first of its kind in requiring companies to notify consumers if privacy-sensitive information has been lost or stolen. Many privacy advocates heralded the California law as the only reason that ChoicePoint’s fraud issues entered the public spotlight. To date, five states - Arkansas, Georgia, Montana, North Dakota, and Washington - have already passed similar laws, while two other states - Florida and Illinois - are simply awaiting the governor’s signature.

A recent article that covers this recent legislative push by states can be found here.