The Daily Caveat is written by Michael Thomas, a recovering corporate investigator in the Washington, DC-area. [More]
Got scoops? Comments? Send'em on, care of
4/09/2008
Fifteen Bucks
Intellius Pizza Delivery Phone Database Outed
Learning to Live With Big Brother
Government Announces Restriction of Access to Student Loan Database
Nevada Moves to Ban the Sale of Prescription Information to Data Bokers
Fifteen Bucks
That's about how much your identity is work, according to a new Symantec security threat report.
And, a little more color on the sound footing of cyber crime economies.
Check it out.
-- MDT
1/31/2008
And, a little more color on the sound footing of cyber crime economies.
Check it out.
-- MDT
Labels: data brokers, hacking, identity theft
Intellius Pizza Delivery Phone Database Outed
This has been widely known and used in the investigative world for several years now, but this is the first time I've noticed a prominent story on the subject appearing in the media... Cell phones present a problem for investigators. Unlike landlines there have been no entrenched ways of getting good data on who a cell number belongs to, or vice versa - what a person's cell number might be. They're essentially all unlisted.
The need for this type of data is at the heart of the investigative enterprise. Forget all that pretexting, cell phone record swiping jive. Cell phone numbers, on their own merits are one of many indicators that can help you tell two John Smiths apart and can in some cases make or break a due diligence investigation. I can't even tell you some of the things that I've uncovered based on knowing a cell. Nuclear stuff....
But these numbers are hard to come by and coverage has been spotty. Maybe you find one because somebody used a cell number when filling out their personal data in some form of public record. Might help you in that one case, but to really be a reliable and regular tool for investigators you need to aggregate massive amounts of numbers and be able to link them to just about anyone you might be called upon to investigate.
In seeking to meet this demand (and parallel demand from other quarters - investigators are hardly the only customers for this sort of thing), the big database companies have come a long way in cataloging cell numbers, in part be making some creative moves that go beyond the scope of typical public record buys. You do realize that your state government probably makes money selling your records to these companies, yes?
Well, now you do.
Now, it is actually illegal for telephone companies to compile mobile numbers in a directory without users' consent. This would seem to imply that cell phone numbers are meant to be essentially private personal data. But the rules governing wireless companies don't cover third parties. This loophole has allowed data aggregators to do off the wall things like buy your phone numbers in bulk (say, 90 million of them) from pizza delivery companies.
To be fair, from the perspective of an investigator and his or her clients, there is much to defend the access to and use of these numbers as a research tool, given that mobile phones have become the defacto way in which many if not most of us communicate (currently there are more mobile-only homes than land line-only households). But I am all for transparency in the investigative process and our citizens deserve to know how their personal and explicitly non-public information is be used by vendors and accessed by third parties.
I must confess, having been out of the biz for a few years I am behind the times on what all is being used out there. But discussing these things in the open and refining the rules surrounding their use is good for all of us and for the investigative community. If the tools we use make us ashamed, we should question their appropriateness. If the tactics and practices of our industry cannot bear the light of day, all the more reason to let the sun shine on them.
If anyone can point out other odd-ball or potentially controversial data being collected by the big aggregators - do tell.
-- MDT
9/30/2007
The need for this type of data is at the heart of the investigative enterprise. Forget all that pretexting, cell phone record swiping jive. Cell phone numbers, on their own merits are one of many indicators that can help you tell two John Smiths apart and can in some cases make or break a due diligence investigation. I can't even tell you some of the things that I've uncovered based on knowing a cell. Nuclear stuff....
But these numbers are hard to come by and coverage has been spotty. Maybe you find one because somebody used a cell number when filling out their personal data in some form of public record. Might help you in that one case, but to really be a reliable and regular tool for investigators you need to aggregate massive amounts of numbers and be able to link them to just about anyone you might be called upon to investigate.
In seeking to meet this demand (and parallel demand from other quarters - investigators are hardly the only customers for this sort of thing), the big database companies have come a long way in cataloging cell numbers, in part be making some creative moves that go beyond the scope of typical public record buys. You do realize that your state government probably makes money selling your records to these companies, yes?
Well, now you do.
Now, it is actually illegal for telephone companies to compile mobile numbers in a directory without users' consent. This would seem to imply that cell phone numbers are meant to be essentially private personal data. But the rules governing wireless companies don't cover third parties. This loophole has allowed data aggregators to do off the wall things like buy your phone numbers in bulk (say, 90 million of them) from pizza delivery companies.
To be fair, from the perspective of an investigator and his or her clients, there is much to defend the access to and use of these numbers as a research tool, given that mobile phones have become the defacto way in which many if not most of us communicate (currently there are more mobile-only homes than land line-only households). But I am all for transparency in the investigative process and our citizens deserve to know how their personal and explicitly non-public information is be used by vendors and accessed by third parties.
I must confess, having been out of the biz for a few years I am behind the times on what all is being used out there. But discussing these things in the open and refining the rules surrounding their use is good for all of us and for the investigative community. If the tools we use make us ashamed, we should question their appropriateness. If the tactics and practices of our industry cannot bear the light of day, all the more reason to let the sun shine on them.
If anyone can point out other odd-ball or potentially controversial data being collected by the big aggregators - do tell.
-- MDT
Labels: cell phone numbers, data brokers, Intellius
Learning to Live With Big Brother
A must read series from The Economist.
The magazine's September 29th issue features the second article in a series about the growing collection and mining of personal data around the world. This would include everything from well meaning health and safety data, to security-oriented government agencies and contractors to private companies' marketing efforts.
Across the globe, the amount of personally identifiable data being collected, parsed, sold, resold and the minimal level of regulation surrounding these processes is unprecedented in human history and provides just cause for alarm. But don't take my word for it, I'll let those radicals at The Economist lay it out for you:
4/18/2007
The magazine's September 29th issue features the second article in a series about the growing collection and mining of personal data around the world. This would include everything from well meaning health and safety data, to security-oriented government agencies and contractors to private companies' marketing efforts.
Across the globe, the amount of personally identifiable data being collected, parsed, sold, resold and the minimal level of regulation surrounding these processes is unprecedented in human history and provides just cause for alarm. But don't take my word for it, I'll let those radicals at The Economist lay it out for you:
These days, data about people's whereabouts, purchases, behaviour and personal lives are gathered, stored and shared on a scale that no dictator of the old school ever thought possible. Most of the time, there is nothing obviously malign about this. Governments say they need to gather data to ward off terrorism or protect public health; corporations say they do it to deliver goods and services more efficiently. But the ubiquity of electronic data-gathering and processing—and above all, its acceptance by the public—is still astonishing, even compared with a decade ago...
...electronic surveillance has not yet had a big impact on most people's lives, other than (usually) making it easier to deal with officialdom. But with the collection and centralisation of such vast amounts of data, the potential for abuse is huge and the safeguards paltry. Ross Anderson, a professor at Cambridge University in Britain, has compared the present situation to a “boiled frog”—which fails to jump out of the saucepan as the water gradually heats. If liberty is eroded slowly, people will get used to it. He added a caveat: it was possible the invasion of privacy would reach a critical mass and prompt a revolt...
The whole piece - the whole series in fact - is required reading.
Labels: data brokers, data mining, Seisint, The Economist, The Matrix
Government Announces Restriction of Access to Student Loan Database
As you saw in this space earlier in the week, along side that other more sensational student loan scandal, there have been increasing calls for greater vigilance regarding how student loan companies utilize theNational Student Loan Data System.
It has been suggested that lenders have used this database, which includes the full range of personal information on tens of millions of students, well beyond its prescribed purpose and have done so for some time without adequate enforcement or oversight. Members of congress have also been loudly critical of the Department of Ed's failure to shore up protections for the sensitive data the system contains.
Last night the Department of Education, while defending its internal practices and personnel, shut off outside access to NSLDS. The shut down was described as temporary, and no doubt would never have happened if the student loan conflict of interest scandal wasn't heating up the papers.
Further details here, via the NYT.
-- MDT
4/09/2007
It has been suggested that lenders have used this database, which includes the full range of personal information on tens of millions of students, well beyond its prescribed purpose and have done so for some time without adequate enforcement or oversight. Members of congress have also been loudly critical of the Department of Ed's failure to shore up protections for the sensitive data the system contains.
Last night the Department of Education, while defending its internal practices and personnel, shut off outside access to NSLDS. The shut down was described as temporary, and no doubt would never have happened if the student loan conflict of interest scandal wasn't heating up the papers.
Further details here, via the NYT.
-- MDT
Labels: data breach, data brokers, student loans
Nevada Moves to Ban the Sale of Prescription Information to Data Bokers
Don't worry. They aren't buying YOUR prescription data (although you know they would if they could). Data brokers specializing in the medical sales arena are much more interested in getting access to data about what doctors tend to prescribe. This profiling can be sold for beau coup bucks to drug companies eager to target hot prospects for their products. New Hampshire already bans the practice and Nevada may soon become the second state to do so.
-- MDT
-- MDT
Labels: data brokers, doctors, prescription
Create a Link