The Privacy Podcast

Despite data breach notification laws across the country, many breaches just simply go unreported. We need changes in our legal systems to help shape market forces in behalf of privacy. SSNBreach.org was designed to help push market forces in favor of privacy.

File Download (6:53 min / 6.4 MB)

Aaron - you should check out the new report on breach notification from University of California-Berkeley School of Law. See Security Breach Notification Laws:
Views from Chief Security Officers - see http://www.law.berkeley.edu/clinics/samuelson/

Very interesting to say the very least. It is good to see you striving to fight the good fight. It is also nice to see what you have been up to since high school

Thanks for the privacy podcasts and best wishes to you and your family.

Senator Benjamin Cardin has been kind enough to respond to my objections after a disturbing run-in with the Department of Homeland Security (DHS) in March, 2007. After months of prodding in my behalf, his office finally received a letter from DHS that purported to address my case. In reality, the letter was a complete side-step of the issues, which is not really surprising. So, I made a couple of direct requests to the Senator.

File Download (5:28 min / 5.1 MB)

In late June, 2007 I discovered almost 200 files with personal information for 200,000 Louisianans, including 163,000 Social Security Numbers. The files were on a Louisiana State Board of Regents website that appeared to be an internal network, placed online without passwords in some areas.
I am working with the Liberty Coalition to launch SSNBreach.org, where affected individuals can search for their names to find out if they were affected by this, or future information breach.

• SSNBreach.org :: Search for your name- were you affected?
• Liberty Coalition :: Organization sponsoring ssnbreach.org
• Board of Regents Advisory :: Board of Regents Press Release
• Board of Regents Breach :: Blog entry on the Breach
• Louisiana Board Of Regents Acknowledges Security Breach :: First WDSU Story
• La. Security Breach Exposes Thousands To ID Theft :: Second WDSU Story
• Board of Regents :: Home Page

File Download (6:13 min / 5.7 MB)

Kudos to you on discovering the Louisiana breach and to Liberty Coalition for SSNBreach.org. Have added it to the Resources page on the site. :)

Yikes, Aaron -- After reading Attrition.org's "rant" on their web site, I just tested SSNBreach.org and now I see that the site is actually exposing information on individuals that the public -- and identity thieves -- would not otherwise have.

Anyone entering any input can find out the full names of people that we otherwise would not know.

Anyone entering any input can not only get others' names, but their employment status and partial addresses, it seems.

The road to hell is paved with good intentions. I hope you and the Liberty Coalition will re-think the wisdom of this site.

Do you have any information on the theft from Certegy (Fidelity National Information Services) of 2.2 million consumer records? See Certegy.com for more info. If you are familiar with the theft, would you comment on the possiblity of suing Certegy for providing inadequate protection for the data they collected from the merchants (without our written permission, as far as I can tell). See the recent comments at 'http://www.topix.net/forum/com/bbby/TK6H9RIQRCBI72B32/p17'

Thank you for this information. I found that I am on 4 different files as an employee and have had much more than SS# posted. Unthinkable that they would be that careless and wreckless.

When people say, "I have nothing to hide," they really mean, "I am not ashamed of anything." The truth is, we all have a lot to hide, and shame is just one of many reasons to keep information private or confidential. Having something to hide is not an admission of guilt, and it does not mean you have anything to be ashamed of.
We keep Social Security Numbers private not because we are ashamed of the number, but because we fear identity theft. Sometimes medical conditions remain confidential because others may react irrationally to them.
Privacy is the recognition that individuals and institutions act unreasonably and irresponsibly to the detriment of individuals and society, when in possession of truthful facts. Humans are biased.

• Georges Seurat-La Parade :: The most instructive visualization of privacy I've seen.

File Download (11:56 min / 11 MB)

In the context of a recent international trip, this podcast is about three things: First, the authority of the Department of Homeland Security to track the movement of United States citizens once they arrive in the country. Second, useless security tactics that harm freedom of movement and privacy without increasing security, and third, a growing culture of lawlessness and intimidation, as a result of expanding executive power, in the name of National Security.

• Example Customs Declaration Form :: I refused to fill out lines 4(a) and (b), my destination street address.
• Front of Form 6059B :: An informational image from cpb.gov, showing the Declarations form
• Back of Form 6059B :: An informational image from cpb.gov, showing the Declarations form
• Pl@stic Soul :: Music today is 001-1 Acoustic Guitar, by Pl@stic Soul.

File Download (0:00 min / 12.7 MB)

Thanks for this podcast. I have had similar experiences when entering the US. When filling out the form i forgot something on the back side, and then when I had corrected my self and came back to the officer he sent me directly to the secondary check. If that was because I forgot the backside, I'm a young adult traveling alone or just a routine I don't know.
At the secondary check the officer was really strict and rude (if I can call it that), but when he saw my Norwegian passport he got all nice and friendly. Then he quickly checked my backpack (not half as thorough as my bag) and sent me off.

Thanks again for a nice podcast.

Espen

I love this episode. I have been a long time defender of our rights and at times feel alone in my beliefs in this city.

Listening to this episode, I applaud your courage, your inteligence in answering all pertinant information, and believe you were justified in not answering the 2 questions on the form.

Unfortunately, I also think you will now be on a watch list and have problems from now on when you travel. Let's hope we never have to experiance an official Martial state or you may be off to a detainee camp.

I have oft wished to do similar actions (or non actions) but in doing so I would loose my license and not be able to do what I can for another right, our second amendment.

Please keep up the good work.

Linda

Long before Will Smith and Tommy Lee Jones hit the screen as intergalactic secret agents, the MIB was amassing storehouses of medical information. The Medical Information Bureau maintains a sort of Medical Credit Report on roughly 20% of the United States Population.

• Medical Information Bureau :: Founded in 1902, the MIB gaters medical data to fight insurance fraud.
• Request your MIB Record (at your own risk) :: Call (866) 692-6901 for the automated request, but beware- they will ask you for a ton of personal information.
• MIB Customer Service Number :: Tucked away deep within the website, their customer service number is (781) 751-6003
• The Tiler :: Music today is My Aunt, by The Tiler

File Download (0:00 min / 3.8 MB)

Though most colleges and universities no longer use the Social Security Number as the Student ID, financial, lending, and some hold-out colleges regrettably use the SSN as a convenient, but unnecessary identifying number. Because of the sensitive nature of the SSN, a few states, including New York, have outlawed placing the Social Security Number on official University documents, including transcripts; professionals and government officials uniformly warn of the dangers of disseminating a SSN. Notwithstanding, a student's name, Social Security Number, and birth date appears on a distinct minority of nationally ranked school's transcripts and students are not given the option to hide this sensitive information.

• January 2007 Survey of Nationally Ranked University Registrars :: By January 2007, only ¼ of nationally ranked universities placed student SSNs on their transcripts, without allowing students to hide or withhold it.
• 2003 AACRAO National Registrar Survey :: In 2003, more than ¾ of national colleges & universities reported using the SSN on transcripts, to AACRAO.
• AACRAO :: The American Association of Collegiate Registrars and Admissions Officers
• The Tiler :: Music today is Zoomin Home, by The Tiler.

File Download (7:16 min / 6.7 MB)

Hello,

I am president of a security document print company and I just read the article (http://www.adamdodge.com/esi/the_secure_transcript) on secure transcripts and the printing of SSN's on the transcript. We offer a security feature to protect against copying for universities who print ssn's or other ID data on the transcript. We have several versions but one specifically is designed for schools to print sensitive information to prevent it from being ledgible on copies, scans, faxes, etc. while the original remains readable. We also have many other patented features for securing scholastic transcripts but this one seemed fitting for your article.

You can view a PDF overview of this technology here.
http://www.isp-vft.com/DownloadBrief/metallicsafessnsafe.pdf

Regards,

Noal Phillips
International Security Products, Inc.
www.isp-vft.com

Identity thieves use many tactics to gather sensitive personal information. Some check your mailbox. Others dumpster-dive. But now a more sophisticated identity thief might be found slowly cruising medical park parking lots with a laptop. This episode explores the risks to your medical and personal data when your family doctor sets up a wireless network improperly.

• JCAHO- Joint Commission on Accreditation of Healthcare Organizations :: This organization fields complaints on HIPAA violations

File Download (9:07 min / 4.2 MB)

We trust private organizations and corporations with massive amounts of private data on a regular basis. While recognizing a vague moral obligation to protect their members, many organizations take only minimal steps to protect privacy. The reason is simple: Privacy violations are low-cost, and low-risk. This episode explores one case study of overcoming internal organizational inertia in favor of privacy.

File Download (12:36 min / 5.8 MB)

If the Education Department Secretary, Margaret Spellings, has her way, next year every college student across America will be forced to participate in the largest student surveillance program in the history of the country. Whether students have Federal loans or not, they will be forced to hand over SSN, DOB, location, courses, majors, GPA, and a host of other very sensitive data to a centralized federal database. The goal: Create more accurate college rankings for parents, students, and congress. This database will also be available to congress and the Department of Homeland Security for fighting terrorism. Regardless of the intent, this program is a cure that is worse than the disease.

• National Center for Education Statistics Committee Report :: A 2005 National Center for Education Statistics Committee Report, urging the adoption of a Unit Record system, or complete student surveillance.
• AOL Search Records Database :: Demonstration that anonymizing records is not a solution to keeping identifications safe.

File Download (9:20 min / 4.3 MB)

Imagine a world without privacy. In this not-so-fictitious world, explore realistic scenarios of how cutting the wrong person off in traffic could get you arrested, how calling overseas can land you on a terrorism watch list, or buying a gallon of milk could threaten your credit. With standing on both sides of the political ideological divide, it is surprising that Privacy does not get more political traction, especially in this charged election season. Despite the government and private sector affirmatively eroding privacy rights of large classes of people, privacy has not yet caught on as a major social movement. Privacy advocates must spur a debate about what role privacy should play in our democratic society.

• Privacy Tips :: Privacy tips from privacyrights.org

File Download (10:04 min / 4.7 MB)

Now that you have graduated from high school, your text messages are probably a bit more sophisticated than: cya l8r @ Strbks lol :-P g2g. …or perhaps not.
As it turns out, people text message about just about everything—from confidential business arrangements, to extramarital affairs. Where do all of those text messages go? Well, nowhere. They stay right on your cell phone… even after you have deleted them, and sold your phone to someone else.
http://www.aarontitus.net/privacy/

• Strong Bad E-mail: "Technology" :: The ever-venerable Strong Bad, animated by the Brothers Chaps, imparts wisdom on technology and cell phones.
• Foley.com :: September 2006 Privacy Report by DC law firm, Foley.

File Download (10:50 min / 5 MB)

Hello Mr. Aaron Titus my name is Donna Alston. My idenity has been plastered all over the web by WMATA. I received a letter indicating my social security number has been leaked. The workers compensation section leaked this. Please help me. Already my mail is turning up all over the place including my family. Lawyer offices said I owe them when bills have been paid. Please call me 2029054599

Repeat after me: The internet is NOT a fuzzy cloud. The "fuzzy cloud" picture was developed by a group of wannabe techies who were looking for job security by keeping the rest of us in the dark. The internet is an actual, real-life wire, actually buried in the ground. It might be fiber optics or copper, but the internet is simply a wire. You are now smarter than 25% of your peers- which makes this an extremely efficient podcast.
Armed with this understanding, you will be able to sort out the real and bogus threats to privacy online.
http://www.aarontitus.net/privacy/

• Your Accreditation Certificate :: Proudly print and display this certificate once you've listened to this podcast
• NOT The Internet :: The Internet is NOT a fuzzy cloud. And don't forget it.
• The Internet (For Real) :: This is the Internet. It's actually a real, live wire, buried in the ground.
• "ping" and "tracert" :: Using these two functions, you can learn a lot about packets, routers, and IP addresses.

File Download (12:21 min / 5.7 MB)

Perhaps you've actually taken time to read a so-called "privacy policy" or two. If you've read closely, you might have noticed that most privacy policies are more akin to "waivers," than a guarantee of rights. The usual result is Junk mail.
This podcast will discusses how to avoid common privacy policy snares and junk mail.

• Opt Out Prescreen :: Official consumer credit reporting industry opt-out website
• Junk Busters :: Good advice on avoiding Junk Mail
• Maryland Property Tax Code § 2-211 :: Proof that homeownership thwarts the fight for privacy
• Podsafe Network :: A collection of independent artists' music available for podcasting
• The Freesound Project :: A collection of sounds available under a public license
• Stonewashed :: A collection of sounds and sound effects

File Download (12:41 min / 5.9 MB)

Part Three of three parts exploring Identity Security at our Nation’s Universities.

File Download (16:40 min / 7.7 MB)

University of Idaho, and University of Alabama, Birmingham representatives posted sensitive information online about their students in excel files. Join Aaron Titus to review these case studies, and learn helpful tips on how to protect your identity along the way.

File Download (8:57 min / 4.2 MB)

Universities maintain very private records about students’ finances, health records, location, SSN, and other personal data, often for decades after the students attend. Yet every week, about 60,000 identities are reported compromised from university databases nationwide; mostly at the hands of hackers, thieves, dishonest insiders, or human error. While universities spend millions on information security, this show identifies several common behaviors that put your identity at risk.

File Download (13:51 min / 6.4 MB)

Very informative. A seriously misunderstood area of the public domain. I never knew that going to college could be so dangerous!