Identity Protection is Up to You
By Trevor Bauknight

Last week, Atlanta-based Choicepoint (http://www.choicepoint.com),
a giant consumer information clearinghouse revealed that some
of the massive amounts of personal data the company stores on
virtually every American citizen was compromised. We found out
about this because some 30,000 Californians received mail
warning them that the personal information in question may have
belonged to them. That was the tip of the iceberg.

Since the initial story broke, we have found out that the
compromised information was not restricted to Californians. Only
the notification was. Why? California is the only state where
the law requires such notification. The company says it sent out
an additional 110,000 letters when investigators told them that
people outside California may have been affected; but the Los
Angeles County Sheriff's office investigating the incident
suspects that the number of people affected may reach half a
million nationwide.

What is ChoicePoint?

ChoicePoint is a data broker holding some 19 billion records
obtained from government, insurance and business sources. The
Electronic Privacy Information Center (EPIC - http://www.epic.org)
describes the company this way: "According to a recent quarterly
statement filed at the Security and Exchange Commission,
ChoicePoint sells: 'claims history data, motor vehicle records,
police records, credit information and modeling services...
employment background screenings and drug testing administration
services, public record searches, vital record services,
credential verification, due diligence information, Uniform
Commercial Code searches and filings, DNA identification
services, authentication services and people and shareholder
locator information searches...print fulfillment, teleservices,
database and campaign management services...'".

Since its spinoff from Equifax in 1997, the company has built
its massive databases through the strategic acquisition of some
60 companies, among them: Pinkerton, Inc., a pre-employment
screening company; Bridger Systems, a USA Patriot Act compliance
company and Bode Technology Group, a DNA identification company.
According to EPIC: "At Privacy International's Big Brother Award
ceremony held in Cambridge, MA on March 7, 2001, ChoicePoint
received the 'Greatest Corporate Invader' award 'for massive
selling of records, accurate and inaccurate to cops, direct
marketers and election officials.'" Powerful stuff.

What Happened?

The ChoicePoint website points out (in boldface): "This
incident was not a breach of ChoicePoint´s network or a 'hacking'
incident, and did not involve any of ChoicePoint´s customer
information." They're right. The data wasn't stolen. It was
sold. And we can safely say that with a 22% growth on net sales
of $918 million and 4% year-over-year growth in net profit, the
company came out pretty well on the transactions.

Sometime last year, about 50 companies were set up for the
specific purpose of accessing ChoicePoint data and defrauding
private individuals, and these businesses became ChoicePoint
customers in their own right with working logins and passwords.
They proceeded to guzzle and exploit ChoicePoint data; and in
only a few months, at least 750 cases of actual identity theft
originated in the abuse of this data. Organized crime has taken
on new dimensions in the age of the Internet, and to say that
this was "not a breach of ChoicePoint's network", while
technically true, leaves the most important things unsaid.

As the infamous computer hacker Kevin Mitnick
(http://www.defensivethinking.com) points out in his book on
"social engineering" _The Art of Deception: Controlling the
Human Element of Security_, a determined criminal need not be
technologically-inclined to help herself to the data she wants.
ChoicePoint's failure was in doing the very thing it claims to
enable its customers to do -- verify that their customers are
who they say they are.

What Should You Do?

Everyone is potentially impacted by this incident. As private
individuals, you must be ever more vigilant of your personal
identity. Some of the best ways to do that are outlined at the
EPIC site above. Your credit report is usually the first
indicator that something has gone wrong, and checking it
rigorously and regularly for unusual queries, account activity,
etc. should be your first order of business. Mechanisms are
finally being put in place to allow you to do so free of charge,
and details are available at [...]

One thing Green referred en passant struck me as both amusing and oddly resonant. Last year Geoff Travis was given some kind of Mojo Award for his lifetime’s contribution to British music, and at the ceremony, Green and Carl Barat from the Libertines appeared onstage to jointly present the award to their benefactor. That chalk-and-cheese pairing struck me as containing volumes--or at least a decent-sized essay--about the last 25 plus years of British independent music culture. The obvious thing to say would be to see it as symbolizing a contraction of vision, a loss of ambition, sonic risk, and a sense of purpose: from Scritti’s attempt to dismantle rock form and rock ideology to the Libertines rehashing of rock’n’roll's (in)elegantly wasted Romantic dissolute-ness, all that worn threadbare mythology and its attendant sonic clichés.