Tuesday, March 2, 2010


Citizens' electronic data privacy (and lack thereof) is certainly a complicated issue. Lately several otherwise unrelated occurrences have given me pause.

Item: five catalog companies that I've done business with in the past mailed me Christmas catalogs at my new address - without me telling them I'd moved.

Item: I had to call United Health Care regarding my mother's Teacher Retirement health benefits. The nice customer service person took note of my address - and then compared it with the Post Office database. The Post Office database concurred that I live where I claimed to live and I continued with the business at hand. Good thing I moved a few months before I had to get on the phone to sort out my mother's health benefits.

Item - or more like 15 items and counting: every charity I've ever donated anything to, plus a few new ones, has now sent me donation requests that include a small bribe of mailing labels printed with my new address complete with my unit number and the ZIP + 4 code.

Counter-item: the bank that holds my mortgage, on the other hand, lost track of my unit number in my condo complex. Correcting the matter by phone failed. The Mail Carrier figured it out and delivered the letter from the bank that that said, ATTENTION! WE ARE UNABLE TO CONTACT YOU BY MAIL. I wasn't getting my payment coupons and had to go to the nearest branch of the bank to pay my mortgage three months in a row. Finally I switched to on-line payment. How come every catalog and charity in North America knows my unit number but the bank that has my mortgage doesn't?!

Item: when I called the bank's Tech Support division while trying to sign up for online access to my account, they verified my identity by asking questions for which the right answers were "in publicly available databases." Have I ever owned an Olds Intrigue, Toyota Celica, or Jeep Grand Cherokee? Ahh - Celica. It was a little unnerving how fast they pulled up the databases to pitch that question and a couple more. They decided that I was me, and proceeded to help me access my mortgage account online.

Offhand I'd say there's a lot of publicly available data that's damn easy to get into for people who have legitimate reasons. It's probably easy for people with illegitimate reasons too.

Where it comes to the other kind of data about me on the Internet, the kind that isn't publicly available because it's supposed to be private, I'm a relatively crafty password user. My passwords would not be easy to guess. Unlike a lot of other peoples'. The New York Times reports that an awful lot of people use passwords that are w-a-y too simple. Researchers were able to analyze a trove of 32 million stolen passwords. The analysis showed that the most popular password was: 123456. Also in the top 30: "qwerty", "tigger", "sunshine" and "soccer." Twenty percent of the passwords were drawn from the same pool of 5000 easily guessable ones; so hackers with fast computers could - and they probably do - break into such accounts just by firing off strings of computer-generated guesses. Talk about making your data publicly available. . . .

No comments: