Posted by: soniahs | December 1, 2010

Personal information: who can you trust?

In light of the outrage of Wikileaks’ release of classified government information, I would just like to relate two examples of cases where the government has screwed citizens over when it comes to their own privacy. Now, these examples are in no way comparable to more egregious breaches of citizen privacy by the government, but I think they do illustrate that assumptions of data privacy nowadays are pretty naive.

Example 1: University of Hawaii
In the past 6 months, University of Hawaii students and former students (like myself) have been informed twice that our personal information, including SSNs and possibly credit card information, has been breached twice. Part of the reason for this is that UH until very recently used students’ SSNs as identifying information in their databases, rather than student ID numbers. This means that, when coupled with basic data security incompetence, a whole slew of identifying information has apparently been available simply on the Internet because of UH-related screw-ups.

The first incident involved a server at the Parking Office that was breached. 53,000 students, faculty, staff, and anyone who had a car towed on campus were affected. The second incident was more egregious: apparently a faculty member who was doing research on student records (including SSNs, names, dates, grades, academic history, etc.) “mistakenly” uploaded 40,000 student records onto the Internet. (The faculty member is now “retired”.) I suspect that this last breach may leave UH in violation of FERPA, which could mean serious fines.

I’ve checked my credit records, and they’re fine, but I really have to wonder what steps UH is taking to upgrade their systems after these two incidents, now that they have a reputation for having crappy data-security policies.

Example 2: State of Florida
If the University of Hawaii is guilty of incompetence in a number of areas, it now appears that the state of Florida has been breaking federal privacy laws since 1995:

…the state, specifically the Department of Highway Safety and Motor Vehicles, improperly sold personal information gleaned from about 31 million driver’s license records to Shadowsoft Inc., an Irving, Texas-based Internet marketer. Shadowsoft then sold the information to other firms that target consumers.

…Such sales, however, violate a federal statute banning the disclosure of personal information from driver’s licenses, said Howard Bushman, an attorney with the Miami law firm representing the affected drivers. The information released included addresses, dates of birth and possibly Social Security numbers, Bushman said.

Florida has no personal income tax. Therefore, it has high property taxes, lots of toll roads, and generally shitty public services (schools, public transport, etc.) It seems that another way the state has been making money has been by selling its citizens’ personal information to unspecified data miners. Over 31 million people have been affected by this practice. (It looks like other states may do it, too.) But hey- you can drive on the beach! Woo-hoo!

…Oh, and just for more paranoia,  here’s another fun Florida story that suggests that you might be more at risk shopping at retail stores than online, just to add to the mix. Happy shopping!



%d bloggers like this: