IdentityDB
-
This is a good idea by the wrong people. It's a database, actually a web site that allows database lookups to let you check to see if your identity information has been stolen or lost. By putting in your Social Security Number or credit card number, the database can tell you if your information was lost or exposed and how you can protect yourself.
But this is the wrong way to go about it. Having this type of data available to a private corporation, and more importantly, allowing a private corporation to request your data, is a bad idea. Private companies are not necessarily more or less secure than a government authority, but we have less recourse. Companies go out of business, have a profit motive, and other problems. What happens when this or some other company needs a new source of revenue? Or if the site gets hacked or hijacked?
I think this is a good service. It's just not something a private enterprise should be involved in. This is something that some part of each government or even potentially the banks should be providing. Personally I'd like this in the US to be some part of the Justice Department and require filings similar to what the SEC requires of companies. Having companies complete a monthly filing that would include any data breeches would be a good way to help ensure that individuals could have some knowledge of when their information was exposed.
I think the bottom line is that the US needs to develop stronger laws that not only protect individual's information, but also require stronger protections for it. Information is becoming a currency as more and more of our lives move to the digital world. Shouldn't regulators and insurers require the same level of protections they do for banks?
Follow me on Twitter: http://www.twitter.com/way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com -
So it won't be long before we see the almost identical (but scam) site where you can enter your credit card number etc and have your identity stolen - while being reassured that it has not been!
Or am I just being cynical?
-
Exactly what sprang to my mind! Get people used to entering their identity and bank data into a website for safety, and they will soon give it to any site - safe or uncertain - that claims to provide the same functionality.
In fact, the correct way of doing this is through a one-way trapdoor function: IdentityDB hashes their database of compromised data into an irreversible value; the client PC does the same on the credit card or social security number and sends just the hashed value to check for a hit. The original data is never revealed to whatever website.
-
Yes, the government does need to get involved. Private companies are too subject to personal interests to serve as the safeguards of people's ultimate identity protection. That said, though, laws that inflict financial penalties for bad data protection (I am ignorant about whether such laws already exist), do seem like they would help companies "walk the line."
P.S. The picture looks like it's from one of the "Bourne" movies. I can't recall which one. But I liked The Bourne Supremacy more. The suspense was better, the execution of the film was better, and the action scenes more realistic. But talk about identity issues!!
webrunner
-------------------
A SQL query walks into a bar and sees two tables. He walks up to them and asks, "Can I join you?"
Ref.: http://tkyte.blogspot.com/2009/02/sql-joke.html -
I'm guessing The Bourne Identity 🙂
-
I think the government would bungle this much worse than a private company would.
r
-
A government agency may be better or worse than a private company. Consider the difficulty in obtaining recourse in the event of a data breech with a federal agency. The odds of successfully suing the federal government are about as good as finding extraterrestrial life on the moon.
On the other hand an quasi government agency-public company MIGHT have a chance under one condition: the financial penalties for a data breach affecting at least 1 consumer must be as ruinous to that company as they potentially are to the consumer. We cannot entertain the possibility that someone will escape prosecution by dying (with apologies to Ken Lay's family).
------------
Buy the ticket, take the ride. -- Hunter S. Thompson -
You mean the same government that has massively violated its own privacy laws because of an administration's obsession with 'expediency'?
...
-- FORTRAN manual for Xerox Computers --
-
Um,er yes... yes... stolen
... so the only difference is that you 'gave' 
it to a complete stranger, rather than they taking it, which IS illegal. But it is not against the law to ask for someones private information, well certain types and under certain situations might be.
So when they use the information without your knowledge or for bad things, which is ANYTHING in my mind, you can't go to the authorities to complain... because you 'gave it' to them.
Stupid wins. I give up.
-
Yeah, that would be the same government where the FEMA personnel start the conversation with "We're from the government. We're here to help." Followed by guffaws.
Perhaps this information should be stored in Iraq. It would be about as easy to locate there as WMDs.
------------
Buy the ticket, take the ride. -- Hunter S. Thompson -
That retort was glib and weak.
Again although its a simliar situation where these alledged 'WMD's' ( I can't believe i'm entertaining this discussion.) can be said to be "had" to create an aura of 'power' while not actually having them. The problem leads when that misinformation gets to people who's job is to stop that sort of thing.
It's like saying I have a gun. You do not have to have one for you to get attention. Try it. Say in church or an airplane. You will have everyone's complete attention.
-
I don't trust the govt to do anything but what is in their best interests to stay in power... I particularly don't expect them to protect my privacy when they're perfectly happy to subvert it in the name of "national security" because hey... national security is a bigger soap box then privacy nowadays...
Here's a better idea, let the govt create a subset of one of it's agencies in charge of investigating unreported information breeches, couple that with a law with very stiff penalties, and public outing of any company that attempts to cover up a breech. make it MANDATORY that they report even the most minor violation to the customer, and we wouldn't need services like this...
-
I think Kevin Brown, Steve Jones and Shushie, should hold onto the worlds population's identity information and keep them in clearly labeled mason jars.
Then they should come over to my place and sort out my dvd's, cd's and sock drawer, I'll provide cheese, crackers, and crayons for the nights entertainment.
(I'm not sure I can get anymore rediculous) but I will try.
Edward W. Stanley
Personal plug... http://stillunwound.blogspot.com/ for my other musings and art and such .. i promise you will not be enlightened by going there..
-
hey, just because I'm a paranoid delusional DBA doesn't mean that I'm good at organizing physical objects.
Besides, I already have most of the mason jar organization done. I don't need help with that. I'm just trying to figure out how to mine that data for a profit...
no cheese and crackers please... just give me a nice data warehouse to dig around in.
-
And one really dissatifying note or possible sad truth might just be .. the government does not care who we are at all. When's the last time you received a christmas card from GWB?
Viewing 15 posts - 1 through 15 (of 30 total)
You must be logged in to reply to this topic. Login to reply