[LINK] Number One Privacy Debacle

Fri Oct 20 12:33:14 AEST 2006

At 02:36 PM 19/10/2006, Karl Auer wrote:
>This was Number One in the Privacy Debacle Hall of Fame in 2003:
>
>1. The creation of the Social Security Number:
>Although security blogger Adam Shostack is known for his expertise on
>information-age data leaks, he considers the creation of the Social
>Security Number in 1936 to be the "largest privacy disaster in the
>history of the U.S." Referencing controversy over the card's creation at
>the time, he said, "Ironically, privacy advocates warned that the number
>would become a de facto national ID, and their concerns were belittled,
>then proven right, setting a pattern that still goes on today."

I don't even think a Social Security number, which is akin to our 
Centrelink Reference Number is really that big an issue.

I think Date of Birth is the single biggest security and privacy issue we 
have.  Every Agency and often businesses keep telling me that DOB is the 
"key" to protecting my privacy.

In Orwell "NewSpeak" it's totally true.  By giving this string of numbers 
to someone I protect my privacy by letting them have access to pretty much 
anything about me they want.

One only needs to know the Name, Address and Date of Birth of a person to 
be able to use that information over the phone to be identified with any 
bank, Centrelink, Electricity, Water, Telephone, RTA and the list goes on.

I have databases here of hundreds of thousands of people, with their names, 
addresses and date's of birth.  I find it ludicrous that anyone in this day 
and age would accept of even consider a Date of Birth as a security identifier.

What's worse, is, instead of Centrelink putting a unique number on my 
Pension card, they use my Centrelink Customer Reference number.

Gee lets see, how many people take photocopies of the pension card for 
"their records" that I did something as a pensioner!

What a joke!  So now the my Name, Address, Date of Birth and my unique 
private and confidential - use this only to access Centrelink services 
Customer referance number is as published and known as my name!

The belief in Privacy is a joke.  The belief that a number or code can 
protect your privacy and prevent someone who is not you accessing your 
records, is an even bigger joke.

Here's another one.  I've discovered recently.

I just put on a new telephone service.  Works really well so finally I now 
have, at least some of the time, a land line number again.

When I applied for it, I just filled in a web form.  It doesn't ask me for 
anything provable.  And I have the number for three months.  It's cheap 
too!  I even paid for it by my anonymous PayPal account!  Amazing!

(Ask me offlist about how to create an anonymous PayPal account!  Tis quite 
clever and simple really!  But has limited use.)

Yet when I have a telephone account activated, I have to give all this "ID 
information" because apparently it's required by Law.  I know the laws, 
there isn't anything requiring 2/3rd of the information phone companies ask 
for.

So why do most people believe that the information needs to be given?

Worse why do so many people give the information and then complain about 
privacy!