20 2000 |
Since I'm a licensed insurance agent, I get a lot of notices of a variety of seminars & classes on important info. A couple days ago, I got one notice which attracted me more than "state government law revisions 1999" or anything like that. Free for all, and not limited to just insurance agents, today I attended a Privacy and Cybercrime Summit, sponsored by the state Attorney General's office, with the office of the State Insurance Commissioner. The summit consisted of four sections -- the first two being panels of experts in electronic privacy, the first panel specific to the financial world, the second being medical. After a generous 1-1/2 hour lunch, things restarted with an Identity Theft context; first, the Chief Agent of ND BCI showing how information can be found & misused, and second, The director of Consumer Protection with the Attorney General's office spoke about how to protect against identity theft.
The first two panels had an excellent cross-section of influential people. Ed Mierzwinski, of the
Jeff White of BCI and Parrell Grossman of Consumer Protection both provided worthwhile presentation of facts & info on how a person can acquire personal information on any other individual without their authorization and misuse that data for their own desires. It was all pretty much old-hat, things I've been reading about online since my pre-internet days. I was tempted to ask questions, but my fears of being exposed as knowledgeable to the police would be dangerous in some way. Jeff White was actually a very good speaker, making jokes in his presentation, quite cool, and definitely the kind of person who could match a hacker in wits. He had an air of hiding knowledge beyond what he showed us. As he had said - "Information is Power," which he demonstrated both in his speech and attitude. Strangely, for as internet-related as he seems to be, I cannot find any online information about Mr. White's cybercrime initiatives, and the ND BCI doesn't even have a webpage. Maybe it's all a scam?
Before you think I'm just going to issue commentary on the people I saw present their ideas & opinions over 8 hours today, you are quite wrong. Today I learned a handful of important things, and if you've read my other articles on identity and privacy, you'll see that I already have a theory behind how things work. Today didn't change my mind on anything, but has given me viewpoints which help flesh out some ideas.
First, I came to the realization that everyone, including myself, lumps "non-public personal information" under one single heading of, um, non-public personal information. But, when the various panelists began to cite specific instances and examples of added privacy and lack of privacy, I agreed with some cases I agreed with more privacy, in other cases I disagreed, and in other cases I saw no applicable option. Once I divide up the types of info, I found 3 distinct types of data -- Facts, Results, and Conjecture.
Facts should be freely disseminated and circulated: addresses, phone numbers, store purchases, bank transactions, and such. Got your attention? The reason they should be freely transferrable is because they are all facts. You cannot dispute them, you cannot disprove them, and they occur wether you think anyone should know about them or not. The only reason people want to hide facts about themselves is because they wish to alter or conceal aspects of their life, effectively creating a new life of their own making which obscures reality. Facts are how banks are able to reduce interest rates roughly 2% compared to other civilised nations, it's how insurance companies can pool risk, and it's how marketing agencies can direct ads at spefic likely customers and not just every potential customer.
Results are less reliable, but in theory, using data, can be reached by other methods. A result, for instance, is deciding that a specific person should have to pay higher interest due to their credit history. That interest rate is not a fact -- it's a result of analysis of the facts. A result can develop into a fact, for instance, if the person accepts the insurance rate, opens the account, and begins to pay interest. Being declined for insurance is also an excellent example of a result -- the subject of the data does not create the decline, but instead the insurance company creates the decline based off of facts created by the actions and life of the individual. From another direction, a marketing agency choosing to market tampons to a specific person is equally a result,most likely due to a history of tampon purchases a specific time of the month. The marketing decision is not the result of direct actions on the part of the individual, but is instead the result is created from analysis of the data in the individual's life.
Third, and least reliable, are Conjecture. These are analysis based on compilation of results. This has very little reliability on the part of any individual, but can have serious application in analysis of society as a whole. To decline someone for insurance because their bank limited the length of a car loan due to a history of speeding tickets is an examaple of conjecture. Don't laugh - it's not far fetched. Genetic profiling is a more serious example of conjecture. The factual data is the genetic fingerprint of the individual, medical analysis creates resulting data which says that heart disease may be likely, and the insurance company denies coverage because the result is that people with a potential for heart disease are a serious insurance risk. The DNA data is not what the insurance company used -- they based their decision on the informed analysis of doctors, and based their consideration on that. However, a non-profit public health organization may use conjecture by offering stress-reduction services to people determined to posibly have a potential for heart disease due to genetic profiling.
There are two different ways these three categories of information can be used: data-to-individual, and individual-to-data. Data-to-individual is the one people fear most, because it is so prevelant, but is is the least harmful. Used this way, an agency takes a broad data set, and then sets criteria to limit the data set to reach a specific set of individuals. The agency using the data could care less as to who comes out in the wash, as long as they meet their data criteria. The individual remains meaningless, except as a part of a set. In fact, but restricting information to data-to-individual agencies causes adverse selection. Adverse selection is the skewing of a data set by outside influence. Opt-out lists create adverse selection because the people smart enough to opt-out are the ones with data they want kept to themselves. That private data is the data which sets that individual apart from all others, but without a broad crosssection of participants, it becomes difficult to see patterns if there is a homogenous data set. The differences in purchasing practices, the variance in product choice, is what data-to-individual analists are looking for, and without those differences and variances, we end up with what we have now. Because data analists only have limited data sets, they must struggle to reach a result, so we end up with 10-year-olds getting credit card offers, dead people get offers for life insurance, and blind people get phone calls from opticians. In the noise of data, analists are looking for a scream. If the screamers are given the option to be excused from the data set, the next-loudest people are picked, and so forth, until you're looking at 15 shades of white, expecting to limit them down to just one which meets the characteristics you're looking for.
Individual-to-data is more serious, but people readily get themselves into this situation under the assumption that it is neccesary. This data model results in an agency starting with a person's identity, and assembles the data around it. This is how creditors decide wether to give a credit card, insurors decide wether to insure, landlords decide wether to rent, and doctors decide how to heal.
The individual-to-data model is how identity theft occurs. The same system which allows worthy agencies to make informed decisions about their interaction with an individual also gives fraudulent access to impersonation of the innocent individual. This isn't the fault of freedom of information -- in fact, if agencies had greater access to personal data, they would be able to prevent fraud. If a person fills out an online form to apply for a credit card, if the credit bank were able to see that the IP address of the user was located in California, when the applicant had made a deposit at his bank hours before in Conneticut, there could be prevention of fraud. The deposit at the bank is an indisputable fact, the IP address is an indisputable fact, so obscuring that information only creates disinformation. The alteration of truth which was the intent of Big Brother in 1984 (which Glen Pomeroy laughingly tried to use as comparison to today's information freedom) is, in fact, caused by privacy-demanding people who use the obscuring of factual data in order to manipulate their environment. Facts, indisputable and verifiable, need to be available in order for fraud to be averted.
Freedom of information is not the only way to prevent unauthorized impersonation. A hot-point at the conference was the pervasivness of numbers. Social Security numbers, account numbers, credit card numbers, phone numbers, and any other number you could connect you to a bit of information. In my opinion, this isn't an issue of privacy, but of inappropriate use of the numbers. There are ID numbers, and then there are Keys. ID numbers are like your Social Security number. It is a unique identifier which aplies only to you, and nobody else. It is used inappropriately as verification, which is horribly wrong. Consider this: If I walked into a bank, said I want to withdraw money, my name is Bill Anderson, would I get anything? Of course not - saying a name is not verification of identity. Providing a Social Security number cannot be considered verification of a person's identity. The Number is nothing more than a digital name. Other forms of verification need to be considered before identity can be determined, not just a name, address, & SSN.
The numerical Keys are the way you interact with banks, insurance companies, and other agencies. These need to be concealed and protected - they are your account numbers, policy numbers, and employee numbers. These are the keys to the things which you are awarded due to the freedom of data in your life, and the only way to access them is by providing the Key. However, unlike a saftey deposit box or the key to your house, it is easily and infinitely reproduceable and identifiable. The Social Security number is treated like a key, when it is not. However, Keys are not hidden very well, and (especially with insurance), an easily guessable number like the SSN is used instead.
The final piece of identification is Verification. This is the touchy one -- Verification should not be easily guessed or reproduced, but must be readily available to the person to be verified. Handwritten signature is the perfect example of this - everyone knows how to spell their name, a signature is infinitely creatable by the owner, but it's difficult to exactly reproduce, and depending on the situation it may be difficult to guess the spelling or how they write their own name. PGP and other encryption forms provide the next best opportunity for unbreakable signature, but it is not readily available to the person to be verified. Fingerprints and other biometrics are readily available, but they are not easily verified. Intermediate options are passwords, PIN numbers, mother's maiden name, what year you graduated from high school, and so forth. Verification runs the gambit from highly secure to barely secure, with no easly all-purpose option. But, considering the immense number of possibilities for Verification, just a Social Security number or a birth certificate should be absolute last on the list of infallible verification of identity.
What all these big words and complex generalization of everyone's lives & actions is that I believe that factual information needs to be readily available to anyone. They are fact, they are not disputable, and is used to reach a result. Accurately tying the data to the owner of the data is the second important part: by connecting data directly to an individual, fraud is avoided. Imagine a dandelion flower gone to seed. Each bit of data is an individual seed - from the outside, looking close, you can see one or more bits of information at a time, but each seed leads directly back to the center, the individual. The fronds of the seed don't connect to the other seeds -- they may brush each other, touch, interact, but they are not integrated parts of one another. The center, the individual is the most important part, because all data needs to lead only to the individual in order for prevent fraud. Altering the consistancy of the data world surrounding you creates a string of connections. One piece of data connects another, through using a non-SSN on your driver's license, insisting your bank use a different identifier for you, opening accounts using different variants of your name, only creates avenue for fraud. If all data connects to each other before reaching the individual, it can be cut and redirected by any criminal who happend upon the right bits of data. Protecting privacy only makes it harder to track the access of the criminal; in order to find him, you must try to navigate the entire string until you happen to run across the criminal. With a dandelion, if a seed is disturbed, it falls free, and the individual is right there. The rest of the data is left intact, and the interference of the criminal can be easily verified because data is not obscured. Correction is simple, because the same data which exposes the individual to the outside also does not hide the actions of the criminal. By providing privacy of factual information, you also allow a criminal to hide the facts of his transgression, you allow marketing agencies to use scrupulous tactics in finding customers, and you force pooling agencies, like banks and insurers, to use conjecture gained from non-customer sources to build their products.