Home / Blog
Written by: 7/28/2011 11:15 AM
Officials in Florida admitted last week that the state made $63 million last year selling PII gathered through the Department of Highway Safety and Motor Vehicles. But you may not have heard much about this…since it is totally legal.
Yup, not scandalous in anyway. No press conferences, no fired officials, and no one caught surreptitiously giving away people’s names, addresses, and dates of birth. Apparently, according to a Florida judge, some companies (like insurance) are entitled to this sort of information. And really, just about anyone who wants to pay for it can get it—as long as they promise not to harass anyone.
This should not come as a shock to the average American. The holes in our primitive systems for identifying individuals based on “personal” information have become more and more apparent as 1) people have become more comfortable passing personal information over the insecure Internet and 2) as some of this information has become a marketable commodity.
And sometimes, when one piece of info is easily available, it makes it easier to pick up or guess something else. Just a couple of years ago, two Carnegie Mellon professors completed research that proved it possible to guess social security numbers using birth date and birthplace with accuracy up to 10% of the time.
Shoot. So what does that mean?
Well…nothing, really. Since no one has done anything illegal, there will be no lawsuits to shut down the selling of personal info and once again restore our hope in the infallible Social Security Number system. The fact is, that system is outdated and overused for personal identification. And while some advocate the issuance of new SSNs to every American, the fact remains that the system can (and will) be cracked again.
It’s time for some out-of-the-box thinking. Call centers, for example, need to reconsider their verification procedures when verifying customers over the phone. No more birthdates, no more SSNs.
Perhaps the future of security lies in security questions, though nothing involving your pets, your kids, or your mother’s maiden name. And not just one or two questions, but a whole bunch of varying length, type, and subject.
Sigh. That does not sound like much fun for anyone.