Saturday, October 20, 2007

Data Collection & Compromise Not Identity Theft – an Ongoing Corporate Crime

Andres Kargar (galileo19@hotmail.com)

These days, we hear a lot about identity theft and the horrors associated with it from America’s corporate media, and don’t get me wrong. I am not intending to state in this article that there aren’t individuals who try to embezzle funds by collecting information about others. My goal is not in any way to minimize the pain and suffering resulting from ID theft. However, just like other delinquencies, crime or terrorism, for example, ordinary citizens generally engage in petty and isolated acts, while the major crimes or acts of terrorism, harming the society as a whole are committed by governments and corporations (1). Here, too, what impacts the society on a large scale is not identity theft, but collection and compromise of data about ordinary citizens by corporations and the government. Identity theft, then, is a fall out and the trickle down result of such a crime, even though not all incidents of the theft of people’s identities are the outcome of such compromises. In summary, what impacts the livelihood and the pocket books of all Americans en masse is government and corporate gathering and compromise of information about them and not isolated instances of identity theft.

I will try to further illustrate my point by giving you an example or two: take the credit card, for example. You have all seen the magnetic stripe on the side of the card that contains your signature. What some of you might not be aware is that your credit card generally contains two tracks of magnetic data that encrypt all sorts of information about you: names, account numbers, expiration dates, pin numbers, etc. Much of this information is necessary in order to get a transaction authorized, so you as a customer in a gas station or in a department store can make your purchase. Once the transaction is completed, however, the merchant’s computer should clear all information retrieved from your card. Unfortunately, most point-of-sale systems retain and collect this data. This is only one-way corporations snoop on you. In addition to credit card information, they collect and store other data, such as address, phone number, drivers’ license, social security number, military identification … for future marketing and advertising purposes. The wealth of information these entities retain about you the customer is unbelievable. Now imagine what happens when this data which has been mostly illegally retained is stolen or in some way compromised.

This is happening all the time. For example, in January 2007, TJX Corporation, the owner of T J Maxx, Marshalls, Home Goods, and other chains announced a breach of data in its central computers, including large numbers of credit and debit card accounts (2). By some estimates, 40 million accounts were compromised. Polo Ralph Lauren, another big corporation announced a similar breach in 2005.

More often than not, and to protect themselves, corporations keep the news of the breach from the public or at least wait for quite some time, until their investigations have completed (3). Moreover, when such large numbers of accounts are involved, it is practically impossible and absolutely cost-prohibitive for the companies to notify all customers and replace all accounts, so a lot of times, the firms resort to the policy of wait and see or speculation.

If you who are the real victims of such episodes ask these corporations for an explanation, their response is generally simple: mistakes or accidents. They also try to accuse individual hackers of malfeasance, in which case you should rightfully be asking why they have been illegally collecting and maintaining so much information about you in the first place.

All over the country, corporations are amassing detailed information about you while selling you their products or providing you with their services, but there are also other companies whose sole business it is to obtain as much data about people as possible (and this is not just credit reporting bureaus), and they sell this information to the highest bidders over and over again. Your personal information is then used and abused by corporations (or the government) in mailings, phone calls, and other forms of solicitations.

When an employee of Fidelity National Information Services stole 2.3 million customer records (4), he contacted Jam Marketing, Inc. of Seminole, Florida that paid him a “considerable sum” for the booty. You might be thinking: “this is not the company’s fault. It is the delinquent employee who is guilty”, and of course, you are right; the employee is also guilty, but to those who focus on the guilt of individual hackers, I ask the following: who produces the largest numbers of malicious cookies and spyware (5) to snoop and monitor your every move online? Is it individual hackers or corporate America? And speaking of hackers, I can assure you there are more of them employed by US corporations than the ones acting on their own, from the data security companies to the music and entertainment industry to the financial world, …(6).

Your personal information is a commodity, precious as gold, being traded without your knowledge, from hand to hand while some of it winds up into the hands of petty thieves who try to take their share, and your bank and insurance company have the audacity to rip you off even more by attempting to sell you identity theft or credit protection insurance using all sorts of fear-mongering tactics.

Is there an end to corporate abuse? As usual, the owning classes are committing the crime while the working people are getting the blame and having to pay for it.

++++

Notes and Reference

(1) Government misbehavior requires separate focus. This article deals entirely with corporate misconduct, although one should not forget, even in this context, the immense dimensions and impact of government spying and collection of information pertaining people residing in the US.

(2) TJX data breach

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9011655

http://www.infoworld.com/article/07/01/17/HNtjxbreach_1.html

(3) A number of states have passed some form of data compromise disclosure legislation to force the companies to take some action on this.

(4) Fidelity National Information Services data breach

http://www.fstc.org/news/reprints/07.05.07_ambanker.php?PHPSESSID=16e08171a47f437ddecb83d6b5378400

http://www.bizjournals.com/tampabay/stories/2007/07/02/daily13.html

(5) Cookies are strings of information placed on your computer by the websites you visit (and of course, later retrieved). At the very least, they can track your web surfing habits.

Spyware refers to programs placed on your computer by some websites. They can be anywhere from so-called harmless (return surfing information about you to their producers or display advertising) to malicious (store and email out your keystrokes or hijack your computer, etc.).

(6) The idea of pre-emptive snooping and strike, I assure you, comes from corporate America, now adopted by the Bush administration in the process of integration of the government and coporatism.