How Secure is Your Personal Information?
By Lynn Stuter
June 27, 2006
http://www.newswithviews.com/Stuter/stuter94.htm
Over the course of the last year mainstream media has
reported the loss of data from banks, credit card
companies, and more recently the Veterans Administration
in Washington, DC. It was three weeks after the theft of
a laptop containing the personal information of some 26.5
million veterans before the public was made aware. Then,
over the course of the next two weeks, it slowly came
forth that not only were veterans affected but also
approximately 2.2 million active duty and reserve
personnel whose data was also on the laptop.. What was
never reported by the press but was learned through a
letter from the Veterans Administration to veterans
possibly affected was that the data stolen also contained
the personal information of spouses, greatly increasing
the number of people affected beyond the 28.7 million
veterans, active duty, and reserve personnel originally
reported.
On June 21, 2006, it was reported that someone breached
computer security measures at the United States
Department of Agriculture (USDA), and may have obtained
the social security numbers and personal information of
some 26,000 employees and Washington-area contractors.
The USDA will, when implemented, oversee the National
Animal Identification System or NAIS.
On June 23, 2006, it was reported that the Social
Security numbers and other personal data for 28,000
sailors and members of their families was found on a
civilian web site. Accompanying this report was a
statement that “As many as a half dozen federal
agencies have been affected by computer data losses in
recent months.” (Associated Press; Lolita C Baldor;
June 23, 2006)
How did this data end up in the wrong hands?
In the case of the banks, credit card companies, and the
USDA computer security systems were breached. In the case
of the Veterans Administration, the information was
downloaded from VA computers to a laptop and removed from
the Veterans Administration by an employee who did not
have authorization to do so. Subsequently, the
employee’s home was burglarized and the computer
equipment housing the data was stolen. In the case of the
Navy personnel, it is not known how the information was
obtained but obviously was obtained from government
computers.
What is so very obvious here and so very significant is
the ease with which computer security systems --
specifically for the purpose of keeping sensitive data
safe -- can be breached; how easy it is to transfer
sensitive data to portable devices and walk out with it;
how irresponsibly and carelessly sensitive data is being
safeguarded. It is not inaccurate to say that personal
information, held in a database, is not, under any
circumstance, secure no matter what the holder of that
data contends. And there is not a security system built
that cannot be breached as has been more than adequately
demonstrated time and again.
People are often told that their information, held in
databases, is confidential. Confidential does not mean
secure; nor does it mean anonymous; nor does it mean that
the information cannot be used by the agency holding the
information in a manner the individual might find
inappropriate. In the case of the VA loss of data, the
Department of Defense supplied the Veterans
Administration with the addresses of former military
personnel (veterans) who might be affected. Subsequently,
an e-mail was sent out to some veterans by the Department
of Defense; the e-mail addresses were obtained, at least
in part, from a database of “log on” e-mail
addresses captured when retired military personnel sought
access to benefit information on the DOD website. In both
instances, the use of personal information for other than
intended use was done without the consent of those
affected which makes it very clear that personal
information in the hands of any government agency is not
confidential irrespective.
With more and more records and personal information being
data based, the likelihood of that data falling into the
wrong hands greatly increases. Identity theft is one of
the fastest growing types of crime in the United States
today. And there is no easier or faster way to get access
to information amenable to identity theft then through
breaching security measures employed to protect data.
When we talk about data basing information, what kind of
information are we talking about? Everything you can
possibly imagine. The National Center for Education
Statistics (NCES), under the auspices of the U.S.
Department of Education, has for some years now,
published the Student Data Handbook for Early Childhood,
Elementary, and Secondary Education. While one might
presume this publication to be rather limited in what it
seeks, it isn’t. It is very extensive in the data
it seeks.
Who is data basing information? Everyone. Every
government agency out there, companies, health care
professionals, credit card companies, banks, lending
institutions, you name it, they database it. Following is
just some of the instruments being used to gather and
data base information:
Your Ad Here • RFID (radio frequency
identification) chips
• Microchip implants -- both human and animal
• Computers in automobiles
• OnStar
• On line purchases
• Charge cards
• Debit cards
• Bank records
• Loan papers
• Credit records
• Mortgage papers
• Rental contracts
• Driver’s license
• Membership cards (grocery chain cards, club
cards ...)
• Political party membership lists
• Utility companies
• Subscriptions
• Insurance cards
• Medical records -- dental, health, auditory,
mental, hospital, pharmacy
• Do not call lists
• Firearms registration
• Court records
• Tax records
• Surveys
• Polls
• Cookies on computers
• Spyware on computers
• IRS forms
• Military records
• Veteran records
• Welfare records
• Unemployment records
• Disability records
• Census forms
-- just to name some.
Can all this information be compiled in one place? All
that is needed to compile all information on any given
individual is the ability to interface computer
systems, requiring interface technology. For example,
the data the NCES seeks comes from companies such as
Pearson Assessments (formerly National Computer
Systems) who scores state assessments and is provided
personally identifiable information on students by
school districts. NCES is a government agency. Pearson
Assessments is a privately held company. The transfer
of data is via computer interface technology. At the
same time, the data acquired by NCES is housed by such
as Boeing Computers -- owned by Boeing, a private
company, and the National Institutes of Health --
another government agency, both with whom NCES has
computer interface capability.
"All that is necessary to make that information
accessible to any other entity is the capability to
interface computers such that the receiving computer
can correctly identify and assimilate the data being
transferred."
Another example, reported recently by main stream
media, concerns access to the telephone records of
AT&T, Bellsouth and Verizon by the National
Security Agency (NSA). Such was accomplished through
computer interface technology. On June 23, 2006, the
New York Times reported that the U..S. Treasury
department has been secretly trawling through the bank
records of American citizens just as they have been
trawling through the phone records.
Is your data, held by a private enterprise secure from
the prying eyes of government? No. The access to data
allowed by AT&T, Bellsouth and Verizon and banking
institutions violates the Foreign Intelligence
Surveillance Act (FISA) of 1978. Did that stop it from
happening? Obviously not. Today it is phone records and
bank records under the guise of the fighting terrorism;
what will be the excuse tomorrow?
As pointed out by Jonathan Schell in his article
“The Hidden State Steps Forward”,
"But if he [the Commander in Chief] can suspend FISA at
his whim and in secret, then what law can he not
suspend? What need is there, for example, to pass or
not pass the Patriot Act if any or all of its
provisions can be secretly exceeded by the
President?"
Is your data, held by a private enterprise secure from
the prying eyes of government? Absolutely not when
there is no accountability for government officials,
elected or otherwise, who violate the law. And there
has been no move to hold President George Bush
accountable for violating the law and the privacy of
millions of American citizens.
Why does the government want all this information?
Systems governance is dependent on data. The gathering
and analyzing of data is essential to keeping systems
in balance -- assessing whether goals on the road to
the “created future” are being achieved and
what needs to be done if they are not. In his book, A
Strategy for the Future; the systems approach to world
order (copyrighted in 1974), Ervin Laszlo predicted
that by the mid-1980’s computers would be
sophisticated enough to be able to perform this
function in the interests of keeping systems in
balance, measuring progress toward futuristic man-made
goals, and leveraging systems that were not performing
accordingly. Laszlo was a little off in his time line,
the level of sophistication sought being reached in the
mid- to late-1990’s.
One of the most important aspects of the gathering and
data basing of information is that it be personally
identifiable. Now, with illegal aliens becoming an
issue that has people across the United States up in
arms, the National ID is being pushed as a means of
identifying illegal aliens. To that end, the cause of
implementing a National ID card is being taken up by
people who should know better. You cannot logically go
from a need to identify illegal aliens to numbering
every American citizen to identify illegal aliens. The
logic is simply not there. This is the same flawed
logic that says we should register all guns to keep
guns out of the hands of criminals.
The gathering of data also has a side to it that people
would do well to consider -- one of the reasons the
National ID card is being sought is so people who tend
to throw cogs in the wheel of systems governance
(resistors, dissidents) can be identified and
remediated (brainwashed, terminated, incarcerated) to
the proper (acceptable) ideology. Systems governance
must, by its very nature, be totally inclusive -- all
really does mean all. To this end, the National ID card
is being pushed by elected officials and government
bureaucracies.
This is no different than the identification and
extermination of Jews and dissidents in Hitler Germany!
How can we possible ignore a president who thumbs his
nose at laws intended to protect the American people
from a despot such as Hitler?
People ask, “What can we do?” Systems
governance demands data. The absence of sufficient and
reliable data will result in systemic failure.
1. First and foremost, do not give out personal
information indiscriminately.
2. Provide information on a “need to know”
basis.
3. If the information is not needed to address the
situation, don’t give it.
4. Make those requesting the information tell you why
they need the information and for what purposes it will
be used, now and in the future.
5. Guard your information zealously and that of your
children.
6. Do not allow your children to participate in
surveys, state assessments, and other non-objective
assessment tools at school.
When anyone tells you that your information is
“secure” in their hands, do not for one
minute believe it.
www.newswithviews.com/Stuter/stuter94.htm