Highway Radar Jamming
Most drivers wanting to make better time on the open road will
invest in one of those expensive radar detectors. However, this
device will not work against a gun type radar unit in which the
radar signal is not present until the cop has your car in his
sights and pulls the trigger. Then it is TOO LATE for you to slow
down. A better method is to continuously jam any signal with a
radar signal of your own. I have tested this idea with the
cooperation of a local cop and found that his unit reads random
numbers when my car approached him. It is surprisingly easy to make
a low power radar transmitter. A nifty little semi-conductor called
a Gunn Diode will generate microwaves when supplied with the 5 to
10 volt DC and enclosed in the correct size cavity (resonator). An
8 to 3 terminal regulator can be used to get this voltage from a
car's 12v system. However, the correct construction and tuning of
the cavity is difficult without good microwave measurement
equipment. Police radars commonly operate on the K band at 22 ghz.
Or more often on the X band at 10.525 ghz. most microwave intruder
alarms and motion detectors (mounted over automatic doors in
supermarkets & banks, etc.) contain a Gunn type
transmitter/receiver combination that transmits about 10 kilowatts
at 10.525 ghz. These units work perfectly as jammers. If you
cannot get one locally, write to Microwave Associates in
Burlington, Massachusettes and ask them for info on 'Gunnplexers'
for ham radio use. When you get the unit it may be mounted in a
plastic box on the dash or in a weather-proff enclosure behind the
PLASTIC grille. Switch on the power when on an open highway. The
unit will not jam radar to the side or behind the car so don't go
speeding past the radar trap. An interesting phenomena you will
notice is that the drivers who are in front of you who are using
detectors will hit their brakes as you approach large metal signs
and bridges. Your signal is bouncing off of these objects and
triggering their radar detectors! HAVE FUN!
P.S. If you are interested in this sort of thing, get a copy of
POPULAR COMMUNICATIONS. The ads in there tell you where you can
get all kinds of info on all kinds of neat equipment for all kinds
of neat things!
Friday, November 28, 2008
50 Ways To Take Control of Your Personal Data
50 Ways to Take Back Control of Your Personal Data
Use these tips to avoid identity theft, financial loss and other crimes.
Internet scams, phishing, identity theft and other attacks that exploit your personal data are always a threat when you shop online, set up an email account, use a credit card, manage an online bank account or carry your Social Security card. There is hope, however, for fighting these threats, and you can start by taking back control of all of your personal data. The 50 tips and tools in this list will help you understand how these scams originate, how to protect yourself online and offline, and how to track down your personal data on the Internet.
Web Privacy
Protect yourself and your data online by choosing a secure Web browser, understanding the dos and dont's of wireless security, and correctly managing passwords.
1. Use a secure Web browser. Using a secure Web browser can hide your Internet activity, prevent Spyware attacks, and alert you when a Web site asks you to install extra software or doesn't have an official certificate, all of which can leave you vulnerable to an attack.
2. Set up a private wireless connection. If you use a wireless connection to get on the Internet, set up a secure account so that other users can't log on to your account and access saved passwords or ISP information — either by accident or on purpose. You can back up a good wifi account with a VPN (virtual private network).
3. Use different passwords. If you use the same password for every online account you have, you're putting yourself in a very vulnerable position. All it takes is for someone to crack the password on one unsecure site, and they'll be able to access your banking information and a lot more.
4. Don't save email settings or password settings. Online banking sites, social-media Web sites and shopping sites let users save their passwords and log-in information to save them time. Saving this information makes it easy for someone to jump on your account and access your information if they're working on your system. If you share a computer with someone at work or school, you can disable your browser's "remember password" settings.
5. Log out of your email account. If you're checking your email at a library or any other place where you are using a public computer, make sure that you log out of your account when you're finished. The next person who visits that Web site may be directed to your inbox if you don't.
6. Use anti-virus protection. One of the easiest and most basic things you can do to reclaim control of your personal data is to use anti-virus software on your computer.
7. Circumvent keystroke loggers. This tip is especially important when you're using a public computer at an Internet cafe or a library. This article explains how you can type "in a bunch of random characters" in a text editor and "then [copy] the letters and numbers that make up your password." That way, no one will be able to make sense of the letters or numbers you typed in if they're checking the computer's keystroke history.
8. Install pop-up-blocking software. Pop-ups "can be used to install hackers' software on your computer," according to MSN Money, so get rid of this threat altogether by installing a pop-up blocker.
9. Employ off-the-record Messaging. Whether you need to send files or chat at an Internet cafe, or you just feel like someone might be spying on your home computer, consider using an IM (instant-messaging) client that encrypts your messages and ensures your chatting buddy that "the messages he sees are authentic and unmodified."
10. Never store passwords on a public computer. If the computer prompts you to save the password, click "No."
Credit and Finance
Guard your finances with these tips, which can prevent identity theft and save you money.
11. Freeze your credit report. According to The Consumerist, "a freeze means no one can access your credit report unless you 'thaw' your report," so no one can secretly contact your credit bureau and ask for a copy of your report, apply for a credit card or loan, or in any way steal your account information and hurt your credit score.
12. Track your Social Security number. Find out if someone has stolen your Social Security number and published it on the Web by enlisting the services of a company like TrustedID. Just make sure that you thoroughly research the company you use to make sure that they aren't a scamming group either.
13. Check your credit report. This well-known tip can protect you against identity theft by alerting you of incorrect information, atypical credit history, and public-record information that is incorrect or doesn't need to appear on your report.
14. Make sure that charities are legitimate before you make a donation. Before you make a donation to a charity, do a little background check on the organization to make sure that they're a legitimate nonprofit and not a scamming group. You can easily do this by looking up their Web site or calling a reference number for more literature. The IRS (Internal Revenue Service) also publishes this list of registered organizations that are eligible to receive tax-deductible donations.
15. Don't save credit-card shopping profiles online. Some online retailers try to make shopping easier for their customers by giving them the option of creating a saved profile that features their billing information, credit- card numbers and home address. Make sure that an e-commerce site is secure before you save your information. Better yet, take the extra time to manually enter information each time you shop.
16. Never use your Social Security number as a PIN number or password. Some banks automatically use your Social Security number as your PIN number or password but give you the option to reset it. Do so immediately — especially if you plan to manage your account online.
17. Log out of your bank account. Just like it's a good idea to log out of your email account each time you're finished sending and reading messages, logging out of your bank account is also important. It's not enough to simply leave the page or close your browser: Your account information is still available online. As an added incentive, Brian Krebs of The Washington Post reports that you may not be reimbursed for the money stolen through an online account if you do not have anti-virus or anti-hacking software installed on your computer.
18. Never write your PIN number on yourATM card. MSN writer Liz Pulliam Weston warns against this bad habit in case your wallet gets stolen.
19. Use a credit card for online purchases. This method is safer than using a debit card when shopping over the Internet.
20. Drop off checks and sensitive packages at the post office. Use the post office or an official mailbox to send out checks and credit-card information instead of letting the envelopes sit in your mailbox unattended.
General Privacy
Even if you don't maintain a conspicuous online presence, there are other threats and scams that you should be wary of. Learn how to protecting your Social Security number and other personal data.
21. Understand the dangers of pretexting. The FTC (Federal Trade Commission) explains that "pretexting is the practice of getting your personal information under false pretenses." If you get a suspicious, unsolicited email or phone call asking for personal information, ignore it. If you think the communication may have been sent by your bank or other valid organization, call that company's customer-service line to double-check.
22. Get on the National Do Not Call Registry: You can protect yourself against unsolicited calls and telemarketing calls by getting on this official list. Besides relieving you of annoying calls, "telemarketers will be required to get your express informed consent to be charged — and to charge to a specific account," eliminating unauthorized billing.
23. Ask your bank or loaning office how they dispose of their files. Make sure that your personal data won't be sitting out in a dumpster for several nights; no one would ever know it was missing.
24. Don't use your Social Security number as an employee-identification number. PrivacyRights.org reveals that the Social Security Administration "discourages employers from displaying SSNs on documents that are viewed by other people such as badges, parking permits, or on lists distributed to employees." If your boss gives you a choice, ask to have a separate personal-identification number just for your job.
25. Don't put your Social Security number on checks. While some merchants may ask you for your Social Security number so that they can write it on your check, it's generally not a good idea to agree to this practice. Ask to see a manager to discuss the situation if it becomes problematic.
26. Don't share your driver's-license number. Yahoo! Tech writer Lincoln Spector notes that only your state's DMV Web site should request your driver's-license number. Don't write it on checks or any other documents that you aren't sure about.
27. Write checks with gel pens. Bruce Schneier, of the blog Schneier on Security, maintains that "only one type of ink, the kind in gel pens, has been found to be counterfeit-proof to acetone or any other chemical used in check washing."
28. Don't use your mother's maiden name as a password. Some businesses, credit bureaus or other organizations ask you to verify your mother's maiden name as a security measure. Don't use this information as a general password, because if it is stolen, it can grant a thief a lot of access.
Cell Phones and Online Phone Services
Keep your cell-phone conversations and numbers private with the help of these rules and tips.
29. Keep your cell-phone number private. This cuts down on identity theft and will keep you more immune from scam phone calls and telemarketers.
30. Understand your carrier's privacy policy. Before you sign a contract, understand the carrier's privacy policy, since some cell-phone companies have been accused of selling records that can be used to track down sensitive information, including your bank-account details.
31. Get Internet and Bluetooth security for your cell phone. Mobile devices that also have Internet access and Bluetooth need protection, too.
32. Beef up VoIP (Voice over Internet Protocol) security. This article details how Internet communications, including VoIP calls, are vulnerable to identity theft and surveillance groups. Don't neglect to beef up security on these systems to avoid being hacked.
33. Password-protect your cell phone. Set up passwords for your contacts list and other folders or files on your cell phone in case it is lost or stolen.
Rules to Follow to Protect Your Privacy
Practice these rules to protect your privacy and identity.
34. Don't carry all of your important documents with you. If your wallet, purse or car is stolen and you keep your Social Security card and other identification cards in one of those spots, you're completely vulnerable to a major identity-theft attack.
35. Don't put your Social Security number on your driver's license. Some states still give you the option of putting your Social Security number on your driver's license, but it's a bad idea. Again, if you lose your wallet or forget your driver's license in a bar, you never know who might find it.
36. Keep your Social Security card in a safe place. Don't put your Social Security card in your wallet or glove compartment; instead, keep it in a locked box or safe in your house or at a bank.
37. Clear your Google history. This habit will protect you from any personal searches that you don't want others to know about, including those dealing with health and legal information.
38. Shred important papers before trashing them. If you do a lot of business with high-profile clients or if you frequently throw out old bills and bank statements, your trash could be a target for a smart thief. Shred important papers before you toss them.
39. Don't use numbers from your birthday in your email or IM handle. Many people use numbers from their birthday in their email address or IM name to personalize the pseudonym, but this habit publicly reveals personal information, especially if you also use a part of your birthday in a password.
40. Clear your browser's cache. Online Tech Tips recommends erasing "your browser's cache after an online transaction" to get rid of stored information that may be extra sensitive.
41. Clean up your computer before you discard it. Whether you're donating your computer, giving it to a friend or simply throwing it away, it's important to completely wipe it clean, reformat the hard drive or destroy the drive.
42. Look for HTTPS. Online Tech Tips also notes that the "s" at the end of "https" means that the connection your computer shares with that site is "secure and encrypted." A regular "http" URL isn't.
Tools and Tips
To prevent identity theft and online spying, use these tools to keep your personal information safe and private.
43. SpyNot: Visit this site to find out what kind of personal information your browser gives to every site that you visit.
44. Aderes Internet Security: This email system and browser encrypts your messages and passwords so that your credit-card information and personal data remain private.
45. BitWise IM: Chat freely and feel safe sending files over IM with this system, which encrypts messages, files, voice chat and more for Mac OS X, Linux and Windows operating systems.
46. Tor: This system keeps JavaScript from displaying your IP address and uses "a distributed network of relays" to keep hackers and surveillance systems from tracking your activity online.
47. Secure your VoIP system. This article explains how to make your VoIP system more secure, minimizing or even eliminating the risk of someone stealing your sensitive information by hacking into your call or stealing your account information.
48. Get a password-protection system. A password-protection system like the VaultletSuite 2 Go can safely store your passwords on your USB device.
49. Use database-encryption tools. Certain database-encryption tools can encrypt data stored in systems like Oracle so that companies and individuals can safely keep sensitive information on their computers.
50. Get RSA DLP. This data-loss-prevention suite helps companies identify where sensitive information is on their systems, making it easier for them to protect it.
Use these tips to avoid identity theft, financial loss and other crimes.
Internet scams, phishing, identity theft and other attacks that exploit your personal data are always a threat when you shop online, set up an email account, use a credit card, manage an online bank account or carry your Social Security card. There is hope, however, for fighting these threats, and you can start by taking back control of all of your personal data. The 50 tips and tools in this list will help you understand how these scams originate, how to protect yourself online and offline, and how to track down your personal data on the Internet.
Web Privacy
Protect yourself and your data online by choosing a secure Web browser, understanding the dos and dont's of wireless security, and correctly managing passwords.
1. Use a secure Web browser. Using a secure Web browser can hide your Internet activity, prevent Spyware attacks, and alert you when a Web site asks you to install extra software or doesn't have an official certificate, all of which can leave you vulnerable to an attack.
2. Set up a private wireless connection. If you use a wireless connection to get on the Internet, set up a secure account so that other users can't log on to your account and access saved passwords or ISP information — either by accident or on purpose. You can back up a good wifi account with a VPN (virtual private network).
3. Use different passwords. If you use the same password for every online account you have, you're putting yourself in a very vulnerable position. All it takes is for someone to crack the password on one unsecure site, and they'll be able to access your banking information and a lot more.
4. Don't save email settings or password settings. Online banking sites, social-media Web sites and shopping sites let users save their passwords and log-in information to save them time. Saving this information makes it easy for someone to jump on your account and access your information if they're working on your system. If you share a computer with someone at work or school, you can disable your browser's "remember password" settings.
5. Log out of your email account. If you're checking your email at a library or any other place where you are using a public computer, make sure that you log out of your account when you're finished. The next person who visits that Web site may be directed to your inbox if you don't.
6. Use anti-virus protection. One of the easiest and most basic things you can do to reclaim control of your personal data is to use anti-virus software on your computer.
7. Circumvent keystroke loggers. This tip is especially important when you're using a public computer at an Internet cafe or a library. This article explains how you can type "in a bunch of random characters" in a text editor and "then [copy] the letters and numbers that make up your password." That way, no one will be able to make sense of the letters or numbers you typed in if they're checking the computer's keystroke history.
8. Install pop-up-blocking software. Pop-ups "can be used to install hackers' software on your computer," according to MSN Money, so get rid of this threat altogether by installing a pop-up blocker.
9. Employ off-the-record Messaging. Whether you need to send files or chat at an Internet cafe, or you just feel like someone might be spying on your home computer, consider using an IM (instant-messaging) client that encrypts your messages and ensures your chatting buddy that "the messages he sees are authentic and unmodified."
10. Never store passwords on a public computer. If the computer prompts you to save the password, click "No."
Credit and Finance
Guard your finances with these tips, which can prevent identity theft and save you money.
11. Freeze your credit report. According to The Consumerist, "a freeze means no one can access your credit report unless you 'thaw' your report," so no one can secretly contact your credit bureau and ask for a copy of your report, apply for a credit card or loan, or in any way steal your account information and hurt your credit score.
12. Track your Social Security number. Find out if someone has stolen your Social Security number and published it on the Web by enlisting the services of a company like TrustedID. Just make sure that you thoroughly research the company you use to make sure that they aren't a scamming group either.
13. Check your credit report. This well-known tip can protect you against identity theft by alerting you of incorrect information, atypical credit history, and public-record information that is incorrect or doesn't need to appear on your report.
14. Make sure that charities are legitimate before you make a donation. Before you make a donation to a charity, do a little background check on the organization to make sure that they're a legitimate nonprofit and not a scamming group. You can easily do this by looking up their Web site or calling a reference number for more literature. The IRS (Internal Revenue Service) also publishes this list of registered organizations that are eligible to receive tax-deductible donations.
15. Don't save credit-card shopping profiles online. Some online retailers try to make shopping easier for their customers by giving them the option of creating a saved profile that features their billing information, credit- card numbers and home address. Make sure that an e-commerce site is secure before you save your information. Better yet, take the extra time to manually enter information each time you shop.
16. Never use your Social Security number as a PIN number or password. Some banks automatically use your Social Security number as your PIN number or password but give you the option to reset it. Do so immediately — especially if you plan to manage your account online.
17. Log out of your bank account. Just like it's a good idea to log out of your email account each time you're finished sending and reading messages, logging out of your bank account is also important. It's not enough to simply leave the page or close your browser: Your account information is still available online. As an added incentive, Brian Krebs of The Washington Post reports that you may not be reimbursed for the money stolen through an online account if you do not have anti-virus or anti-hacking software installed on your computer.
18. Never write your PIN number on yourATM card. MSN writer Liz Pulliam Weston warns against this bad habit in case your wallet gets stolen.
19. Use a credit card for online purchases. This method is safer than using a debit card when shopping over the Internet.
20. Drop off checks and sensitive packages at the post office. Use the post office or an official mailbox to send out checks and credit-card information instead of letting the envelopes sit in your mailbox unattended.
General Privacy
Even if you don't maintain a conspicuous online presence, there are other threats and scams that you should be wary of. Learn how to protecting your Social Security number and other personal data.
21. Understand the dangers of pretexting. The FTC (Federal Trade Commission) explains that "pretexting is the practice of getting your personal information under false pretenses." If you get a suspicious, unsolicited email or phone call asking for personal information, ignore it. If you think the communication may have been sent by your bank or other valid organization, call that company's customer-service line to double-check.
22. Get on the National Do Not Call Registry: You can protect yourself against unsolicited calls and telemarketing calls by getting on this official list. Besides relieving you of annoying calls, "telemarketers will be required to get your express informed consent to be charged — and to charge to a specific account," eliminating unauthorized billing.
23. Ask your bank or loaning office how they dispose of their files. Make sure that your personal data won't be sitting out in a dumpster for several nights; no one would ever know it was missing.
24. Don't use your Social Security number as an employee-identification number. PrivacyRights.org reveals that the Social Security Administration "discourages employers from displaying SSNs on documents that are viewed by other people such as badges, parking permits, or on lists distributed to employees." If your boss gives you a choice, ask to have a separate personal-identification number just for your job.
25. Don't put your Social Security number on checks. While some merchants may ask you for your Social Security number so that they can write it on your check, it's generally not a good idea to agree to this practice. Ask to see a manager to discuss the situation if it becomes problematic.
26. Don't share your driver's-license number. Yahoo! Tech writer Lincoln Spector notes that only your state's DMV Web site should request your driver's-license number. Don't write it on checks or any other documents that you aren't sure about.
27. Write checks with gel pens. Bruce Schneier, of the blog Schneier on Security, maintains that "only one type of ink, the kind in gel pens, has been found to be counterfeit-proof to acetone or any other chemical used in check washing."
28. Don't use your mother's maiden name as a password. Some businesses, credit bureaus or other organizations ask you to verify your mother's maiden name as a security measure. Don't use this information as a general password, because if it is stolen, it can grant a thief a lot of access.
Cell Phones and Online Phone Services
Keep your cell-phone conversations and numbers private with the help of these rules and tips.
29. Keep your cell-phone number private. This cuts down on identity theft and will keep you more immune from scam phone calls and telemarketers.
30. Understand your carrier's privacy policy. Before you sign a contract, understand the carrier's privacy policy, since some cell-phone companies have been accused of selling records that can be used to track down sensitive information, including your bank-account details.
31. Get Internet and Bluetooth security for your cell phone. Mobile devices that also have Internet access and Bluetooth need protection, too.
32. Beef up VoIP (Voice over Internet Protocol) security. This article details how Internet communications, including VoIP calls, are vulnerable to identity theft and surveillance groups. Don't neglect to beef up security on these systems to avoid being hacked.
33. Password-protect your cell phone. Set up passwords for your contacts list and other folders or files on your cell phone in case it is lost or stolen.
Rules to Follow to Protect Your Privacy
Practice these rules to protect your privacy and identity.
34. Don't carry all of your important documents with you. If your wallet, purse or car is stolen and you keep your Social Security card and other identification cards in one of those spots, you're completely vulnerable to a major identity-theft attack.
35. Don't put your Social Security number on your driver's license. Some states still give you the option of putting your Social Security number on your driver's license, but it's a bad idea. Again, if you lose your wallet or forget your driver's license in a bar, you never know who might find it.
36. Keep your Social Security card in a safe place. Don't put your Social Security card in your wallet or glove compartment; instead, keep it in a locked box or safe in your house or at a bank.
37. Clear your Google history. This habit will protect you from any personal searches that you don't want others to know about, including those dealing with health and legal information.
38. Shred important papers before trashing them. If you do a lot of business with high-profile clients or if you frequently throw out old bills and bank statements, your trash could be a target for a smart thief. Shred important papers before you toss them.
39. Don't use numbers from your birthday in your email or IM handle. Many people use numbers from their birthday in their email address or IM name to personalize the pseudonym, but this habit publicly reveals personal information, especially if you also use a part of your birthday in a password.
40. Clear your browser's cache. Online Tech Tips recommends erasing "your browser's cache after an online transaction" to get rid of stored information that may be extra sensitive.
41. Clean up your computer before you discard it. Whether you're donating your computer, giving it to a friend or simply throwing it away, it's important to completely wipe it clean, reformat the hard drive or destroy the drive.
42. Look for HTTPS. Online Tech Tips also notes that the "s" at the end of "https" means that the connection your computer shares with that site is "secure and encrypted." A regular "http" URL isn't.
Tools and Tips
To prevent identity theft and online spying, use these tools to keep your personal information safe and private.
43. SpyNot: Visit this site to find out what kind of personal information your browser gives to every site that you visit.
44. Aderes Internet Security: This email system and browser encrypts your messages and passwords so that your credit-card information and personal data remain private.
45. BitWise IM: Chat freely and feel safe sending files over IM with this system, which encrypts messages, files, voice chat and more for Mac OS X, Linux and Windows operating systems.
46. Tor: This system keeps JavaScript from displaying your IP address and uses "a distributed network of relays" to keep hackers and surveillance systems from tracking your activity online.
47. Secure your VoIP system. This article explains how to make your VoIP system more secure, minimizing or even eliminating the risk of someone stealing your sensitive information by hacking into your call or stealing your account information.
48. Get a password-protection system. A password-protection system like the VaultletSuite 2 Go can safely store your passwords on your USB device.
49. Use database-encryption tools. Certain database-encryption tools can encrypt data stored in systems like Oracle so that companies and individuals can safely keep sensitive information on their computers.
50. Get RSA DLP. This data-loss-prevention suite helps companies identify where sensitive information is on their systems, making it easier for them to protect it.
Spam Fighters Handbook
The Spam Fighter's Handbook
If you're online, you're getting spammed. It's only a question of how much. Today, over two thirds of all email is spam, and a good deal of it is deceptive, offensive, even dangerous. There's good news though: smart strategies you can start using today to dramatically reduce the amount of spam clogging your inbox. I last wrote about this topic nearly two and a half years ago... so this update is long overdue. I have new tips to share and can recommend new spam-fighting resources I've "battle tested" over the past 32 months. I don't want to jinx my luck by saying this, but I can tell you that I now live a relatively spam-free life. You can too.
You may be wondering just who's sending spam. Some spammers are just small-time "entrepreneurs" who've received bad advice about how to promote their businesses. However, the majority are evil people who are exploiting and destroying one of the greatest communication tools ever invented. Humorist Dave Barry of the Miami Herald calls spammers, "The mutant spawn of a bizarre reproductive act involving a telemarketer, Larry Flynt, a tapeworm, and an executive of the Third Class mail industry."
Here are seven smart things you can do to shield yourself from the continuing onslaught of spam:
Strategy #1: Protect your work email address
If you've been assigned a work email address like "somebody@companyname.com" it belongs on your business card and very few other places. Since that corporate email address usually follows some standard format based on your name (john.smith@company.com, jsmith@company.com, etc.) you're going to have a hard time changing it later on to escape from spam. Never use your work email address in "public" on the web – in an online discussion forum, on a "registration" form, etc. There are automated harvesting programs ("bots") that scour the web sucking up random email addresses and adding them to spam lists. For this reason, if your work email address is listed on your company web site, talk to your web administrator to have it "coded" so it's readable/clickable by a human being but not by a scourbot. Any competent webmaster should be able to do this for you. Here's a link to a nifty javascript encoder in case you want to roll your own "invisible" web-based email addresses.
Please know that the #1 source of spam is machine readable email addresses on web pages. A comprehensive study from the Center for Democracy & Technology, using "baited" email addresses reported that 97% of spam received was from was from web posting. The more popular the web page, the more unsolicited mail received. Now that blogging is becoming more popular, be sure that your email doesn't appear in somebody's web blog. Google your own email address to be sure. Also, if your ISP maintains a "member" directory, opt out of it.
Strategy #2: Have more than one email address
Even if spam didn't exist, it would still make very good sense to have – at a minimum – a separate personal email address for yourself. You can get a web-based email account you can access anywhere from Gmail, Yahoo, Mail.com, Hotmail, and others. [Added motivation: remember that the work email account provided to you by your employer belongs to that employer – and your company has the full legal right to not only read your email messages but also take action against you based on what they see.] One very good spam-related reason for using multiple email addresses is to have "throw-aways." Keep at least your work email and one personal email address very clean (by limiting its distribution to your "inner circle") and use others for buying things online, "registering" for web services and publications, and for posting to online forums.
I recommend against using most webmail services, even their paid versions. Because no payment is required, Yahoo and Hotmail attract people who want to remain anonymous, and are therefore sometimes used to pull scams or make fraudulent purchases. Web merchants are starting to refuse sales to people with yahoo.com or hotmail.com or other no-charge webmail addresses. You're better off paying the nominal fees (about $20 per year or less) most paid services charge. Consider registering your own name as a domain. Once you own jones.com, you can make up email addresses based on it: barney@jones.com, mary@jones.com, etc. You may need some techie help getting this set up, but it's worth it. If you don't want to bother getting your own domain, a paid email service (with good blocking technology), worth checking out is AT&T Lab's ZoEmail.
Strategy #3: Use an email forwarding service
Even better than having multiple personal email accounts is using a free "mail forwarding" service. There are about half a dozen no-charge forwarding services available, including one called Spam Motel (spam checks in… it doesn't check out). Here's how it works (text from the Spam Motel documentation): Whenever you are online and about to give out your e-mail address – STOP! Do you really want to do this? Spam Motel has a better way. Simply type a short reminder memo to yourself, including why and to whom the e-mail address is being given. Spam Motel records this memo, and the date and time, and quickly sends you a special "disposable" address to use instead of your real one. The new address is automatically placed into the "clipboard" memory of Windows, where it can be pasted into any online form that you are filling out. E-mails sent to this special address are forwarded to your regular e-mail account, along with your reminder memo, which appears at the top of the e-mail message. From now on, you'll know exactly when and where the sender or spammer got your e-mail address. But just knowing this information is not enough. So we give you the power to stop spam sent to any of these special addresses. This is done through the Log Page – your online control and information page – where you can delete any of the addresses you've given out. You can also suspend and resume forwarding for each address at any time. Your real e-mail address is never given out, just the special ones you create using Spam Motel. Other forwarding services similar to Spam Motel are Spamex, Sneakemail, and Despammed. Take your pick. They're all good. My personal preference is Spamex, even though it's a paid service ($20/year).
Strategy #4: Use an "odd" email address
If you make up a new email address with some non-alpha characters like "xyz#321@domain.com" you'll get less random spam. That's because of a new insidious spammer tactic called "dictionary spamming." Since it costs next to nothing for these lowlifes to blitz out tens of millions of messages overnight, they just make up addresses with the hope that one in a thousand will be "real" and get through. They'll often try first name initials plus last names (e.g. jjones@something.com). They'll also mix-n-match different popular domains (a domain is the part of your email address after the "@"). If you had an old account like "fredflintstone@aol.com" but cancelled it because it was overrun by unsolicited email (AOL users especially get a lot of spam), and opened a new account at Earthlink: "fredflintstone@earthlink.net" you'll probably get spammed even if you never give out that new address. It therefore makes sense to start completely fresh as "fredflintstone3000BC@earthlink.net" – you're going to have to notify everybody about your new email address anyway. Also, the longer the address you choose, the less dictionary spam you'll get. They start with single letters, then two letter/number combinations, then three, etc. Most spammers get shut down at some point before their full blast is delivered during these "brute force" alphabet attacks, so zzz's get less mail server spam than aaa's.
Strategy #5: Use adjustable spam filters
Many Internet service providers (ISP's) offer different levels of filtering for your inbound email. However, don't expect miracles. At their more liberal settings, most spam will still leak through. At their tightest, most of your legitimate emails will get caught, mixed in with the spam, and possibly lost. You sure don't want to throw the baby out with the bathwater – so experiment a little and see which middle setting works best for you. For many people, an alternative approach that works well is to autosort incoming email into different inbox folders based on a "whitelist" (a list of friendly email senders whom you wish to continue communicating with). Microsoft Outlook, Outlook Express, and most other email programs make this easy to do. A whitelist approach is also better than a personal blacklist. It rarely pays to add people to a "junk senders list." The "from" address in most spam emails is forged so you'll rarely get spam from the same "sender" twice.
Unfortunately, server-level blocking and filtering has gotten out of hand. Much of it is done without your consent or knowledge. Many company IT departments have tightened down the screws so tightly that virtually no HTML mail can get through; not even the newsletters and bulletins you've requested. As you can imagine, legitimate publishers like me are having an increasingly hard time getting our HTML mail delivered to subscribers. Even my own mail host, Verio (now my ex-host) blocked me from getting my own copy of the Urbach Letter. Sheesh. No alert that the trapped mail was being discarded. No option to change it. When I complained, they said there was nothing they could do. But there *was* something *I* could do: find a new mail host... who understands that I want to maintain control over which messages I receive or not. Hasta la vista Verio. I won't be back. Since I'm still on the rant, you should know that after I'm done writing each issue, I still have to spend an hour or more running it through "Spam Assassin" test filters and editing out "bad" words. I can't even tell you what those words are. Listing them here would ensure you'd never get this issue.
Strategy #6: Napsterize your email.
I started off this article by bragging about how little spam I get. That's largely because of a program called MailFrontier (now part of Zone Labs's Zone Alarm Security Suite), based on "peer-to-peer" technology like the original Napster. When you get a spam message, you highlight it and click a button. The message is instantly analyzed and added to a centralized database. Meanwhile, all your incoming messages are scanned to see if they match the profile of spam caught by somebody else on the MailFrontier peer-to-peer network. If it matches, it's filtered out and placed in a spam folder in your inbox. Very cool. By the way, I used to use a competitive program, Cloudmark's SpamNet, but found it had some minor operational problems. But both MainFrontier and SpamNet are very effective weapons in the war against spam. Millions of strangers cooperating anonymously to eliminate spam from their lives. Got to love that concept.
A word about Challenge/Response. MailFrontier has an additional spam-fighting option I recommend you ignore... unless you're totally overrun by spam and are willing to inconvenience all the friends and businesspeople who send you emails. You can set the program to send out a "challenge" message to everyone not already in your address book or on your whitelist. They'll have to respond to your challenge in order to have their original message delivered. Can you see why I'm recommending against this, other than as a last resort? Many people just won't be bothered to play the challenge/response game with you. Life is short enough as it is. Oh, the technology is clever. It requires a real, live human being to confirm the messages, either by presenting a graphic: "How many puppies are in this picture?" or by the more business-like option of showing a scrambled letter/number image and asking the recipient to type it in a box. In theory, people should only have to jump through this hoop once, and then their emails will get recognized from then on.
Besides the anti-spam programs I've mentioned so far, there are others that have received good reviews and are worth considering (although I can't endorse them myself). I've heard that the latest versions of McAfee Internet Security Suite ($40) and Symantec Norton 360 ($60) are quite good -- and provide the all-in-one solution many folks seek (antispam + antivirus + firewall).
Strategy #7 Fight back!
Topping the "dangerous spam" list are phishing scams. From an FTC Consumer Alert: "Internet scammers casting about for people's financial information have a new way to lure unsuspecting victims: They go 'phishing.' Phishing is a high-tech scam that uses spam or pop-up messages to deceive you into disclosing your credit card numbers, bank account information, Social Security number, passwords, or other sensitive information. According to the Federal Trade Commission (FTC), phishers send an email or pop-up message that claims to be from a business or organization that you deal with – for example, your Internet service provider (ISP), bank, online payment service, or even a government agency. The message usually says that you need to "update" or "validate" your account information. It might threaten some dire consequence if you don't respond. The message directs you to a Web site that looks just like a legitimate organization's site, but it isn't. The purpose of the bogus site? To trick you into divulging your personal information so the operators can steal your identity and run up bills or commit crimes in your name."
The bulletin goes on to list some tips to avoid getting hooked by a phishing scam. Think you're too smart to fall for this? Think again. Why don't you take this Phishing IQ Test? It's a quick 10-question quiz to see how well you recognize bogus messages. Not so easy, is it? There's another reason I like MailFrontier. Part of its peer-to-peer analysis tracks phishing scams, and provides and optional taskbar icon that operates similarly to WeatherBug. But instead of a tornado warning, you'll get immediate notification of a fast-spreading phishing or fraud outbreak. By the way, if you do receive a questionable email, forward it on to uce@ftc.gov.
Avoid signing up for freebies or online contests. These often exist solely to collect and resell email addresses. Besides, your chances of wining anything worthwhile are infinitesimal.
A note on spyware and virus spam
Right now, 4 out of 5 computers are infested with spyware. One is five has a virus infection. That's according to the National Cyber Security Alliance in a recent study. While most spyware comes from installing file-sharing programs and "ad sponsored" utilities, and from visiting dodgy web sites, address book spam is responsible for most virus infections. The NCSA study showed that most people (85%) have a virus scanner installed, but only a small number keep their virus definitions up to date. Hopefully, you're smarter than that.
Final words...
Everything in this letter has been a suggestion, except this last thing, which is an ORDER: Never, Never, Never buy anything from a spam message, no matter how attractive it seems. These tapeworm spammers work on very small numbers – if only one person out of several thousand responds, they consider it a big success – so you're actually doing a lot of damage to others if you buy something (plus you're probably going to get ripped off). Don't even click on any links in the spam – especially not on the "remove me from your list" link or button. All that does is confirm that your email address is connected to a live human being, ensuring that you'll be spammed even more in the future.
By the way, you may have noticed I haven't said a word about CAN-SPAM, the U.S. law supposedly regulating spam that's been in place since January 1, 2004. Have you noticed any reduction in the amount of spam you receive because of this law? Me neither. So far, all it's done is make life a little more difficult for legitimate publishers. However, it does open the door for prosecution of black hat spammers, and that's happened to a limited extent.
If you're online, you're getting spammed. It's only a question of how much. Today, over two thirds of all email is spam, and a good deal of it is deceptive, offensive, even dangerous. There's good news though: smart strategies you can start using today to dramatically reduce the amount of spam clogging your inbox. I last wrote about this topic nearly two and a half years ago... so this update is long overdue. I have new tips to share and can recommend new spam-fighting resources I've "battle tested" over the past 32 months. I don't want to jinx my luck by saying this, but I can tell you that I now live a relatively spam-free life. You can too.
You may be wondering just who's sending spam. Some spammers are just small-time "entrepreneurs" who've received bad advice about how to promote their businesses. However, the majority are evil people who are exploiting and destroying one of the greatest communication tools ever invented. Humorist Dave Barry of the Miami Herald calls spammers, "The mutant spawn of a bizarre reproductive act involving a telemarketer, Larry Flynt, a tapeworm, and an executive of the Third Class mail industry."
Here are seven smart things you can do to shield yourself from the continuing onslaught of spam:
Strategy #1: Protect your work email address
If you've been assigned a work email address like "somebody@companyname.com" it belongs on your business card and very few other places. Since that corporate email address usually follows some standard format based on your name (john.smith@company.com, jsmith@company.com, etc.) you're going to have a hard time changing it later on to escape from spam. Never use your work email address in "public" on the web – in an online discussion forum, on a "registration" form, etc. There are automated harvesting programs ("bots") that scour the web sucking up random email addresses and adding them to spam lists. For this reason, if your work email address is listed on your company web site, talk to your web administrator to have it "coded" so it's readable/clickable by a human being but not by a scourbot. Any competent webmaster should be able to do this for you. Here's a link to a nifty javascript encoder in case you want to roll your own "invisible" web-based email addresses.
Please know that the #1 source of spam is machine readable email addresses on web pages. A comprehensive study from the Center for Democracy & Technology, using "baited" email addresses reported that 97% of spam received was from was from web posting. The more popular the web page, the more unsolicited mail received. Now that blogging is becoming more popular, be sure that your email doesn't appear in somebody's web blog. Google your own email address to be sure. Also, if your ISP maintains a "member" directory, opt out of it.
Strategy #2: Have more than one email address
Even if spam didn't exist, it would still make very good sense to have – at a minimum – a separate personal email address for yourself. You can get a web-based email account you can access anywhere from Gmail, Yahoo, Mail.com, Hotmail, and others. [Added motivation: remember that the work email account provided to you by your employer belongs to that employer – and your company has the full legal right to not only read your email messages but also take action against you based on what they see.] One very good spam-related reason for using multiple email addresses is to have "throw-aways." Keep at least your work email and one personal email address very clean (by limiting its distribution to your "inner circle") and use others for buying things online, "registering" for web services and publications, and for posting to online forums.
I recommend against using most webmail services, even their paid versions. Because no payment is required, Yahoo and Hotmail attract people who want to remain anonymous, and are therefore sometimes used to pull scams or make fraudulent purchases. Web merchants are starting to refuse sales to people with yahoo.com or hotmail.com or other no-charge webmail addresses. You're better off paying the nominal fees (about $20 per year or less) most paid services charge. Consider registering your own name as a domain. Once you own jones.com, you can make up email addresses based on it: barney@jones.com, mary@jones.com, etc. You may need some techie help getting this set up, but it's worth it. If you don't want to bother getting your own domain, a paid email service (with good blocking technology), worth checking out is AT&T Lab's ZoEmail.
Strategy #3: Use an email forwarding service
Even better than having multiple personal email accounts is using a free "mail forwarding" service. There are about half a dozen no-charge forwarding services available, including one called Spam Motel (spam checks in… it doesn't check out). Here's how it works (text from the Spam Motel documentation): Whenever you are online and about to give out your e-mail address – STOP! Do you really want to do this? Spam Motel has a better way. Simply type a short reminder memo to yourself, including why and to whom the e-mail address is being given. Spam Motel records this memo, and the date and time, and quickly sends you a special "disposable" address to use instead of your real one. The new address is automatically placed into the "clipboard" memory of Windows, where it can be pasted into any online form that you are filling out. E-mails sent to this special address are forwarded to your regular e-mail account, along with your reminder memo, which appears at the top of the e-mail message. From now on, you'll know exactly when and where the sender or spammer got your e-mail address. But just knowing this information is not enough. So we give you the power to stop spam sent to any of these special addresses. This is done through the Log Page – your online control and information page – where you can delete any of the addresses you've given out. You can also suspend and resume forwarding for each address at any time. Your real e-mail address is never given out, just the special ones you create using Spam Motel. Other forwarding services similar to Spam Motel are Spamex, Sneakemail, and Despammed. Take your pick. They're all good. My personal preference is Spamex, even though it's a paid service ($20/year).
Strategy #4: Use an "odd" email address
If you make up a new email address with some non-alpha characters like "xyz#321@domain.com" you'll get less random spam. That's because of a new insidious spammer tactic called "dictionary spamming." Since it costs next to nothing for these lowlifes to blitz out tens of millions of messages overnight, they just make up addresses with the hope that one in a thousand will be "real" and get through. They'll often try first name initials plus last names (e.g. jjones@something.com). They'll also mix-n-match different popular domains (a domain is the part of your email address after the "@"). If you had an old account like "fredflintstone@aol.com" but cancelled it because it was overrun by unsolicited email (AOL users especially get a lot of spam), and opened a new account at Earthlink: "fredflintstone@earthlink.net" you'll probably get spammed even if you never give out that new address. It therefore makes sense to start completely fresh as "fredflintstone3000BC@earthlink.net" – you're going to have to notify everybody about your new email address anyway. Also, the longer the address you choose, the less dictionary spam you'll get. They start with single letters, then two letter/number combinations, then three, etc. Most spammers get shut down at some point before their full blast is delivered during these "brute force" alphabet attacks, so zzz's get less mail server spam than aaa's.
Strategy #5: Use adjustable spam filters
Many Internet service providers (ISP's) offer different levels of filtering for your inbound email. However, don't expect miracles. At their more liberal settings, most spam will still leak through. At their tightest, most of your legitimate emails will get caught, mixed in with the spam, and possibly lost. You sure don't want to throw the baby out with the bathwater – so experiment a little and see which middle setting works best for you. For many people, an alternative approach that works well is to autosort incoming email into different inbox folders based on a "whitelist" (a list of friendly email senders whom you wish to continue communicating with). Microsoft Outlook, Outlook Express, and most other email programs make this easy to do. A whitelist approach is also better than a personal blacklist. It rarely pays to add people to a "junk senders list." The "from" address in most spam emails is forged so you'll rarely get spam from the same "sender" twice.
Strategy #6: Napsterize your email.
I started off this article by bragging about how little spam I get. That's largely because of a program called MailFrontier (now part of Zone Labs's Zone Alarm Security Suite), based on "peer-to-peer" technology like the original Napster. When you get a spam message, you highlight it and click a button. The message is instantly analyzed and added to a centralized database. Meanwhile, all your incoming messages are scanned to see if they match the profile of spam caught by somebody else on the MailFrontier peer-to-peer network. If it matches, it's filtered out and placed in a spam folder in your inbox. Very cool. By the way, I used to use a competitive program, Cloudmark's SpamNet, but found it had some minor operational problems. But both MainFrontier and SpamNet are very effective weapons in the war against spam. Millions of strangers cooperating anonymously to eliminate spam from their lives. Got to love that concept.
A word about Challenge/Response. MailFrontier has an additional spam-fighting option I recommend you ignore... unless you're totally overrun by spam and are willing to inconvenience all the friends and businesspeople who send you emails. You can set the program to send out a "challenge" message to everyone not already in your address book or on your whitelist. They'll have to respond to your challenge in order to have their original message delivered. Can you see why I'm recommending against this, other than as a last resort? Many people just won't be bothered to play the challenge/response game with you. Life is short enough as it is. Oh, the technology is clever. It requires a real, live human being to confirm the messages, either by presenting a graphic: "How many puppies are in this picture?" or by the more business-like option of showing a scrambled letter/number image and asking the recipient to type it in a box. In theory, people should only have to jump through this hoop once, and then their emails will get recognized from then on.
Besides the anti-spam programs I've mentioned so far, there are others that have received good reviews and are worth considering (although I can't endorse them myself). I've heard that the latest versions of McAfee Internet Security Suite ($40) and Symantec Norton 360 ($60) are quite good -- and provide the all-in-one solution many folks seek (antispam + antivirus + firewall).
Strategy #7 Fight back!
Topping the "dangerous spam" list are phishing scams. From an FTC Consumer Alert: "Internet scammers casting about for people's financial information have a new way to lure unsuspecting victims: They go 'phishing.' Phishing is a high-tech scam that uses spam or pop-up messages to deceive you into disclosing your credit card numbers, bank account information, Social Security number, passwords, or other sensitive information. According to the Federal Trade Commission (FTC), phishers send an email or pop-up message that claims to be from a business or organization that you deal with – for example, your Internet service provider (ISP), bank, online payment service, or even a government agency. The message usually says that you need to "update" or "validate" your account information. It might threaten some dire consequence if you don't respond. The message directs you to a Web site that looks just like a legitimate organization's site, but it isn't. The purpose of the bogus site? To trick you into divulging your personal information so the operators can steal your identity and run up bills or commit crimes in your name."
The bulletin goes on to list some tips to avoid getting hooked by a phishing scam. Think you're too smart to fall for this? Think again. Why don't you take this Phishing IQ Test? It's a quick 10-question quiz to see how well you recognize bogus messages. Not so easy, is it? There's another reason I like MailFrontier. Part of its peer-to-peer analysis tracks phishing scams, and provides and optional taskbar icon that operates similarly to WeatherBug. But instead of a tornado warning, you'll get immediate notification of a fast-spreading phishing or fraud outbreak. By the way, if you do receive a questionable email, forward it on to uce@ftc.gov.
Avoid signing up for freebies or online contests. These often exist solely to collect and resell email addresses. Besides, your chances of wining anything worthwhile are infinitesimal.
A note on spyware and virus spam
Right now, 4 out of 5 computers are infested with spyware. One is five has a virus infection. That's according to the National Cyber Security Alliance in a recent study. While most spyware comes from installing file-sharing programs and "ad sponsored" utilities, and from visiting dodgy web sites, address book spam is responsible for most virus infections. The NCSA study showed that most people (85%) have a virus scanner installed, but only a small number keep their virus definitions up to date. Hopefully, you're smarter than that.
Final words...
Everything in this letter has been a suggestion, except this last thing, which is an ORDER: Never, Never, Never buy anything from a spam message, no matter how attractive it seems. These tapeworm spammers work on very small numbers – if only one person out of several thousand responds, they consider it a big success – so you're actually doing a lot of damage to others if you buy something (plus you're probably going to get ripped off). Don't even click on any links in the spam – especially not on the "remove me from your list" link or button. All that does is confirm that your email address is connected to a live human being, ensuring that you'll be spammed even more in the future.
By the way, you may have noticed I haven't said a word about CAN-SPAM, the U.S. law supposedly regulating spam that's been in place since January 1, 2004. Have you noticed any reduction in the amount of spam you receive because of this law? Me neither. So far, all it's done is make life a little more difficult for legitimate publishers. However, it does open the door for prosecution of black hat spammers, and that's happened to a limited extent.
RFID's - What You Need to Know
RFID's – What You Need to Know
Do you value your privacy? I do. That's why I'm disturbed by the rapid proliferation of a new technology that can track my whereabouts and place a massive amount of personal information into searchable databases. The technology is RFID – Radio Frequency IDentification tags – tiny devices that may be hidden in many of the things you buy, from shaving razors to clothing to car tires.
You are probably already familiar with some RFID applications like E-Z Pass: the device on your windshield that allows you to pass through a toll booth without stopping to toss a token in the basket. Your probably don't give it much thought, but here's how it works. The tag "transmits" a unique ID number to the toll both receiver. This ID is matched to your account, and the toll is debited. Of course, the time and date is also recorded in a database so it can be listed on your monthly statement. E-Z Pass is very convenient. You probably enjoy zooming past all those chumps backed-up in the cash lanes. But… unless those cash-payers and their license plates are being photographed (possible), they are traveling anonymously. You're not. For sure, there's a permanent record of your passage, accessible to the police, government agencies, private investigators, divorce lawyers, and other unsavory characters. Most people never consider this. I have. But I use E-Z Pass anyway. I also love my Mobil SpeedPass (but keep it in the car ashtray instead of on my keyring – you'll see why in this article).
While I like to keep my private life private (you can read my last article on privacy here), I recognize there's a trade off when driving. I'm willing to give up a little bit of privacy in exchange for the convenience. But I do it with full awareness. Same thing with a cell phone. Even without one of the newer GPS-enabled phones, your whereabouts can be determined with a fair amount of precision by triangulating between cell towers. Any time your phone is on (even if you're not on a call), it's transmitting your ESN (Electronic Serial Number), which can be traced back to you. But you know this. You have the option to go into "stealth mode" by shielding the E-Z Pass tag, switching off your cell phone, paying with cash instead of plastic, using coins in the payphone instead of a calling card, etc. RFID's are different. You have no control over whether they're on or off. You probably don't even know they're there in the first place. An RFID has no on/off switch. Most have no batteries and as a totally "passive device," can "live" forever.
Quasimodo BellringerPassive device. What does that mean? Think of a church bell. Most of the time it just hangs there, silently. However if Quasimodo comes up and strikes the bell with a clanger, it will ring out. The peal is a vibration at the bell's natural frequency. A larger bell will have a lower pitch (frequency) and a smaller bell a higher one. This resonant frequency is a fundamental physical property of the bell. RFID's are the electronic equivalent. Most of the time, they just sit there. However, when "struck" by a radio signal, the RFID will "ring out" its own unique ID code. Clever, no? Manufacturers love high tech RFID's. They're cheap – about a dollar apiece now, although rapid advances in technology will bring them down to a penny or less shortly – and enable products to be tracked all the way through the supply chain. From factory to rail car to warehouse to truck to store, each individual inventory item could be monitored. I have no problem with this part of it. Think about how helpful this could have been during the Tylenol poisoning incident many years ago. Besides, I'm all for making businesses run more efficiently.
The problem exists after the sale. If the RFID is not removed or deactivated at the point of sale, it will live on forever. If the purchase information was recorded, that ID code could easily be linked to your name, address, or even the other items you bought at the pharmacy that day. Does this bother you? It can get much worse in the near future. Luckily, serialized RFID's are not yet widespread (although non-uniquely identified RF devices have been used for years as anti-theft devices). I'm talking about the high-tech varieties in this article. Mass privacy-invading initiatives have not been widely deployed – so far. But all the technological bits and pieces are now in place. Tests are underway, and they're disturbing. The British supermarket chain Tesco has admitted using RFID's embedded in certain products to track customers through its stores. Anyone picking up a pack of Gillette Mach3 razors at the Tesco in Cambridge will have his or her picture taken. The RFID triggers a closed circuit TV camera when a package is removed from the shelf. At checkout, the RFID triggers a second camera. Security staff then compare the images, ostensibly as an anti-theft measure.
RFID DevicesCurrent miniature RFID's have limited "data storage," so they're mainly used like the UPC bar codes on a box of corn flakes. Like a model number rather than a unique serial number. However recent advances have upped this storage capability to enable each item to be individually identified.
One frightening aspect of these individualized RFID tags is that they can be read, silently, by almost "anyone" for any reason they choose. It's not like the original manufacturer has any special key to read the tags. They're in the open. A private investigator, for example, could place a detector in a doorway and covertly track people who revisit an area.
Surely, once large numbers of "live" (i.e. not deactivated/zeroed) RFID's escape into the wild, marketers and database compilers will start to capture and use our personal information – in ways we consumers wouldn't want – if we knew what was happening. Wearing my "marketing guy" hat now, I can tell you this prospect is very appealing, and we marketing-oriented folk are a crafty lot. We'll toe right up to the legal line (if you let us) seeking any competitive advantage available. Putting my consumer hat back on, I can tell you that strongly worded legislation is needed to protect us from potential abuse of this technology. RFID's must be permanently and irreversibly deactivated at the point of sale and/or they must be attached to removable warning tags.
The importance of irreversibility became clear in March of this year when apparel maker/retailer Benneton announced plans to attach millions of washable RFID's in their clothing line. Benneton's so called "Smart Labels" cannot be permanently disabled. While these Philips Electronics I.CODE devices can be "put to sleep" at point-of-sale, they can also be awakened at any time in the future. Due to public outcry, Benneton has backpedaled on this program, but have yet to definitively state they won't implement it.
This has been a different kind of article than I usually write for The Urbach Letter. Most of my stuff is how-to (six ways to do this, eight ways to do that…). In this one, I'm just warning you about something that may come to be (that is, widespread monitoring of personal tags without your knowledge), without giving you any great solutions…
I'm hoping this heads-up will raise your awareness of the issue, and possibly motivate you to boycott retailers who are willing to compromise your privacy this way. I also hope you'll support legislation to outlaw or strictly control the dissemination of live RFID devices past the cash register.
Do you value your privacy? I do. That's why I'm disturbed by the rapid proliferation of a new technology that can track my whereabouts and place a massive amount of personal information into searchable databases. The technology is RFID – Radio Frequency IDentification tags – tiny devices that may be hidden in many of the things you buy, from shaving razors to clothing to car tires.
You are probably already familiar with some RFID applications like E-Z Pass: the device on your windshield that allows you to pass through a toll booth without stopping to toss a token in the basket. Your probably don't give it much thought, but here's how it works. The tag "transmits" a unique ID number to the toll both receiver. This ID is matched to your account, and the toll is debited. Of course, the time and date is also recorded in a database so it can be listed on your monthly statement. E-Z Pass is very convenient. You probably enjoy zooming past all those chumps backed-up in the cash lanes. But… unless those cash-payers and their license plates are being photographed (possible), they are traveling anonymously. You're not. For sure, there's a permanent record of your passage, accessible to the police, government agencies, private investigators, divorce lawyers, and other unsavory characters. Most people never consider this. I have. But I use E-Z Pass anyway. I also love my Mobil SpeedPass (but keep it in the car ashtray instead of on my keyring – you'll see why in this article).
While I like to keep my private life private (you can read my last article on privacy here), I recognize there's a trade off when driving. I'm willing to give up a little bit of privacy in exchange for the convenience. But I do it with full awareness. Same thing with a cell phone. Even without one of the newer GPS-enabled phones, your whereabouts can be determined with a fair amount of precision by triangulating between cell towers. Any time your phone is on (even if you're not on a call), it's transmitting your ESN (Electronic Serial Number), which can be traced back to you. But you know this. You have the option to go into "stealth mode" by shielding the E-Z Pass tag, switching off your cell phone, paying with cash instead of plastic, using coins in the payphone instead of a calling card, etc. RFID's are different. You have no control over whether they're on or off. You probably don't even know they're there in the first place. An RFID has no on/off switch. Most have no batteries and as a totally "passive device," can "live" forever.
Quasimodo BellringerPassive device. What does that mean? Think of a church bell. Most of the time it just hangs there, silently. However if Quasimodo comes up and strikes the bell with a clanger, it will ring out. The peal is a vibration at the bell's natural frequency. A larger bell will have a lower pitch (frequency) and a smaller bell a higher one. This resonant frequency is a fundamental physical property of the bell. RFID's are the electronic equivalent. Most of the time, they just sit there. However, when "struck" by a radio signal, the RFID will "ring out" its own unique ID code. Clever, no? Manufacturers love high tech RFID's. They're cheap – about a dollar apiece now, although rapid advances in technology will bring them down to a penny or less shortly – and enable products to be tracked all the way through the supply chain. From factory to rail car to warehouse to truck to store, each individual inventory item could be monitored. I have no problem with this part of it. Think about how helpful this could have been during the Tylenol poisoning incident many years ago. Besides, I'm all for making businesses run more efficiently.
The problem exists after the sale. If the RFID is not removed or deactivated at the point of sale, it will live on forever. If the purchase information was recorded, that ID code could easily be linked to your name, address, or even the other items you bought at the pharmacy that day. Does this bother you? It can get much worse in the near future. Luckily, serialized RFID's are not yet widespread (although non-uniquely identified RF devices have been used for years as anti-theft devices). I'm talking about the high-tech varieties in this article. Mass privacy-invading initiatives have not been widely deployed – so far. But all the technological bits and pieces are now in place. Tests are underway, and they're disturbing. The British supermarket chain Tesco has admitted using RFID's embedded in certain products to track customers through its stores. Anyone picking up a pack of Gillette Mach3 razors at the Tesco in Cambridge will have his or her picture taken. The RFID triggers a closed circuit TV camera when a package is removed from the shelf. At checkout, the RFID triggers a second camera. Security staff then compare the images, ostensibly as an anti-theft measure.
RFID DevicesCurrent miniature RFID's have limited "data storage," so they're mainly used like the UPC bar codes on a box of corn flakes. Like a model number rather than a unique serial number. However recent advances have upped this storage capability to enable each item to be individually identified.
One frightening aspect of these individualized RFID tags is that they can be read, silently, by almost "anyone" for any reason they choose. It's not like the original manufacturer has any special key to read the tags. They're in the open. A private investigator, for example, could place a detector in a doorway and covertly track people who revisit an area.
Surely, once large numbers of "live" (i.e. not deactivated/zeroed) RFID's escape into the wild, marketers and database compilers will start to capture and use our personal information – in ways we consumers wouldn't want – if we knew what was happening. Wearing my "marketing guy" hat now, I can tell you this prospect is very appealing, and we marketing-oriented folk are a crafty lot. We'll toe right up to the legal line (if you let us) seeking any competitive advantage available. Putting my consumer hat back on, I can tell you that strongly worded legislation is needed to protect us from potential abuse of this technology. RFID's must be permanently and irreversibly deactivated at the point of sale and/or they must be attached to removable warning tags.
The importance of irreversibility became clear in March of this year when apparel maker/retailer Benneton announced plans to attach millions of washable RFID's in their clothing line. Benneton's so called "Smart Labels" cannot be permanently disabled. While these Philips Electronics I.CODE devices can be "put to sleep" at point-of-sale, they can also be awakened at any time in the future. Due to public outcry, Benneton has backpedaled on this program, but have yet to definitively state they won't implement it.
This has been a different kind of article than I usually write for The Urbach Letter. Most of my stuff is how-to (six ways to do this, eight ways to do that…). In this one, I'm just warning you about something that may come to be (that is, widespread monitoring of personal tags without your knowledge), without giving you any great solutions…
I'm hoping this heads-up will raise your awareness of the issue, and possibly motivate you to boycott retailers who are willing to compromise your privacy this way. I also hope you'll support legislation to outlaw or strictly control the dissemination of live RFID devices past the cash register.
Stop Telemarketing Calls
Stop Telemarketing Calls
Do you hate getting telemarketing calls as much as I do? Like me, I'm sure you resent having to drop everything and run to the phone… only to end up on the receiving end of a high-pressure sales pitch (or just as frequently these days, “dead air,” when the dialing computer can’t match you up with a live telemarketing drone in time). Well, there’s plenty you can do to fight back. Start with these five simple strategies:
1. Get on the “Do Not Call” list
Many states maintain centralized do not call lists. In New York it’s run by the Consumer Protection Board NYS Do Not Call List. Go there now and add yourself to the list, or register by telephone by calling 1-866-622-5569 (there’s no charge in New York, and it’s free or close to free elsewhere). Also, whenever a telemarketer calls, say this phrase: “Place this number on your do-not-call list.” There are exceptions for charities and some others, but most for-profit telemarketers are required to maintain do-not-call lists. If you’ve requested to be on their do-not-call list, they’re liable for a hefty fine (up to $5,000 in NY) if they ever call you again.
Now, the rules are different when I’m in the office, taking calls on my business phone; I’m a bit more tolerant of business-to-business phone solicitations. However, when I’m at home eating dinner and telemarketers attempt to invade my private time with my family, I have a zero-tolerance policy. No matter what the pitch, I have the same response: “I’m not interested.” Quickly followed by, “Put this number on your do-not-call list.” Click.
2. Never buy anything from an inbound telemarketing call
If you do, you’ll be placed on a “sucker list” which will usually be sold to other telemarketing firms, ensuring even more calls. Don’t engage in conversation with telemarketers. Although the majority of them are low-wage employees of huge telemarketing operations, there are some really bad apples out there – con artists with sophisticated ways to invade your privacy and take your money. Not long ago there was a company whose four-word name had the acronym H.O.L.D. During their telemarketing pitch, the phone solicitors would feign an interruption, and casually ask the homeowner, “Can I put you on hold?” By saying yes, the unsuspecting “mark” signed him or herself up for an expensive program offered by the HOLD company!
3. Get out of the phone book
At a bare minimum, call the phone company today and delete your street address from your directory listing. If you want people to still be able to look up your phone number, just list your first initial, last name, and city (women especially should use initials instead of a first name). This will also cut down on the amount of junk mail you’ll receive; if they don’t have your street address, they can’t send bulk mail to you. If you want to reduce calls by telemarketers, then you should get a “true” unlisted number. Unfortunately, this will definitely impair “old friends” from reconnecting with you – and the phone company will slap on an added monthly fee.
4. Get Caller ID with Anonymous Call Rejection (ACR)
If you have ACR on your phone line, you’ll definitely get fewer telemarketing calls. However, your friends who block the display of their phone numbers on caller ID will have to dial *82 before they can get through to you. A minor annoyance to be sure. Here’s info on Verizon’s ACR service. If you’re concerned about privacy (and you should be), then it’s a pretty good idea to block your name and number from being displayed on caller ID. It’s called “All Call Blocking.” Here’s info on ACB. Please note that if you call a toll-free number (800, 888, 877, etc.) or a 900 number, even with ACB, your ID info will still display.
5. Use Appropriate Technology
There are a lot of gadgets out there that claim to help cut down on telemarketing calls. Some are very good solutions to this vexing problem (like the “Easy Hang-up” described in the “Cool Thing of the Month” sidebar). However most are too draconian or disruptive to your normal way of life, requiring callers to enter security codes or leave messages before your phone will actually ring. There’s a new device called the “TeleZapper” (http://www.telezapper.com) that claims to work automatically, sending a signal which tells telemarketing call centers that your phone is disconnected. However, I’ve heard mixed reviews of its effectiveness and can’t endorse it to you yet.
Do you hate getting telemarketing calls as much as I do? Like me, I'm sure you resent having to drop everything and run to the phone… only to end up on the receiving end of a high-pressure sales pitch (or just as frequently these days, “dead air,” when the dialing computer can’t match you up with a live telemarketing drone in time). Well, there’s plenty you can do to fight back. Start with these five simple strategies:
1. Get on the “Do Not Call” list
Many states maintain centralized do not call lists. In New York it’s run by the Consumer Protection Board NYS Do Not Call List. Go there now and add yourself to the list, or register by telephone by calling 1-866-622-5569 (there’s no charge in New York, and it’s free or close to free elsewhere). Also, whenever a telemarketer calls, say this phrase: “Place this number on your do-not-call list.” There are exceptions for charities and some others, but most for-profit telemarketers are required to maintain do-not-call lists. If you’ve requested to be on their do-not-call list, they’re liable for a hefty fine (up to $5,000 in NY) if they ever call you again.
Now, the rules are different when I’m in the office, taking calls on my business phone; I’m a bit more tolerant of business-to-business phone solicitations. However, when I’m at home eating dinner and telemarketers attempt to invade my private time with my family, I have a zero-tolerance policy. No matter what the pitch, I have the same response: “I’m not interested.” Quickly followed by, “Put this number on your do-not-call list.” Click.
2. Never buy anything from an inbound telemarketing call
If you do, you’ll be placed on a “sucker list” which will usually be sold to other telemarketing firms, ensuring even more calls. Don’t engage in conversation with telemarketers. Although the majority of them are low-wage employees of huge telemarketing operations, there are some really bad apples out there – con artists with sophisticated ways to invade your privacy and take your money. Not long ago there was a company whose four-word name had the acronym H.O.L.D. During their telemarketing pitch, the phone solicitors would feign an interruption, and casually ask the homeowner, “Can I put you on hold?” By saying yes, the unsuspecting “mark” signed him or herself up for an expensive program offered by the HOLD company!
3. Get out of the phone book
At a bare minimum, call the phone company today and delete your street address from your directory listing. If you want people to still be able to look up your phone number, just list your first initial, last name, and city (women especially should use initials instead of a first name). This will also cut down on the amount of junk mail you’ll receive; if they don’t have your street address, they can’t send bulk mail to you. If you want to reduce calls by telemarketers, then you should get a “true” unlisted number. Unfortunately, this will definitely impair “old friends” from reconnecting with you – and the phone company will slap on an added monthly fee.
4. Get Caller ID with Anonymous Call Rejection (ACR)
If you have ACR on your phone line, you’ll definitely get fewer telemarketing calls. However, your friends who block the display of their phone numbers on caller ID will have to dial *82 before they can get through to you. A minor annoyance to be sure. Here’s info on Verizon’s ACR service. If you’re concerned about privacy (and you should be), then it’s a pretty good idea to block your name and number from being displayed on caller ID. It’s called “All Call Blocking.” Here’s info on ACB. Please note that if you call a toll-free number (800, 888, 877, etc.) or a 900 number, even with ACB, your ID info will still display.
5. Use Appropriate Technology
There are a lot of gadgets out there that claim to help cut down on telemarketing calls. Some are very good solutions to this vexing problem (like the “Easy Hang-up” described in the “Cool Thing of the Month” sidebar). However most are too draconian or disruptive to your normal way of life, requiring callers to enter security codes or leave messages before your phone will actually ring. There’s a new device called the “TeleZapper” (http://www.telezapper.com) that claims to work automatically, sending a signal which tells telemarketing call centers that your phone is disconnected. However, I’ve heard mixed reviews of its effectiveness and can’t endorse it to you yet.
Identity Theft
Identity Theft
Do you know anyone who’s been the victim of identity theft? It can be a devastating experience, both financially and emotionally. If you’re unlucky enough to have your identity stolen, expect your life to be turned upside-down for months or even years as you attempt to undo the damage inflicted by “the other you.” Your bank and brokerage accounts can be cleaned out, your credit rating trashed, and worse… Identity thieves usually open a new credit card or charge card account using your name, your date of birth, and your Social Security Number (SSN). Or they’ll call your card issuer and, impersonating you, change the mailing address on your account. After requesting a replacement card, the thief goes on a shopping spree, running up charges on “your” account. Because the statements get sent to the new address, you may not realize there’s a problem… until the account becomes seriously delinquent and the collection agencies start to call. Thieves commonly establish cell phone service in your name and run up huge charges. They often open a bank account in your name and write bad checks. All this negative activity is posted on your credit report. Here are nine ways to protect yourself:
1. Keep your Social Security Number on a strict “need to know” basis. Once an identity thief has your SSN, he or she can use it to obtain other ID’s and open accounts in your name. Some doctor’s offices, schools, and other institutions ask you for your SSN for their forms. I politely refuse to comply unless they can show me a good reason for needing it. Never write your SSN on a check. As your check is processed, it’s seen by many eyes… along with your legal name, address, etc. Never supply any personal information (especially not your credit card number, PIN numbers or SSN) to anyone who calls *you*. Legitimate companies *never* call customers asking for info like this. If you’re compelled to respond, get their number, check it against a web site or directory, and call them back.
2. Subscribe to a credit monitoring service. I use Privacy Guard. For only $80 a year, they send me notices of any inquiries or postings to my file in all three major credit reporting agencies, and provide access to full credit reports, DMV record, SSN record, MIB (Medical Information Bureau) record, and more. Well worth it.
3. Buy a shredder. Thanks to Arthur Anderson, paper shredders have gotten a bad name. That’s a shame. There are a lot of things you shouldn’t just throw into the trash: charge card receipts, expired cards, credit application forms, insurance forms, bank/brokerage statements, cancelled checks, and anything with your SSN or account numbers. Shred instead. And, if yours is like most households, you get several “pre-approved” credit card offers in the mail every week. Don’t just toss them in the trash… you’ll make things way too easy for the identity thieves.
4. Know what's on you. Go over to the copy machine right now. Take everything out of your wallet and lay it on the glass: credit cards, license, insurance cards, ID cards, etc. Make a copy. Flip everything over and copy the reverse. (Tip #1: if you put a coin on the glass in one corner, it’ll help you match the front and back of your cards on the copies. Tip #2: if the raised card numbers don’t copy well, run a magic marker over them lightly.) Make sure the customer service phone numbers are legible, then file your copies in a secure place (but one you can still get to quickly if your wallet is ever lost or stolen). Don’t just stuff everything back in your wallet. Take this opportunity to review and remove anything nonessential. DO NOT carry your social security card in your wallet.
5. Secure your incoming and outgoing mail. Consider installing a mail slot or a security mailbox by the curb like this one from Steel Mailbox Co. Don’t leave mail sitting out anywhere if you can avoid it.
6. Be smart about managing your passwords. Many people get lazy and use the same password for everything. Bad idea. Almost as bad as carrying around a card or having a post-it on your computer monitor with all your passwords. Don’t use publicly known info like your birth date, phone number, kid’s name, etc.
7. Buy a file safe. (Preferably a fireproof one.) Bolt it to the floor or have it professionally installed. Next best is a securely locked file cabinet or desk file drawer. Keep your personal information away from maids, service people, and contractors working in your home.
8. Know your cycles. Be aware of your credit card and store charge card billing cycles. Make a call if your bills don’t arrive on time. Contact your cell phone company and other firms where you have credit accounts. Put a password lock on your accounts. This way, changes can’t be made without your knowledge and approval.
9. Secure your computer. Put a firewall on your home computer. Best is a hardware router/firewall *and* a software firewall like ZoneAlarm. Make sure your web browser supports strong (128 bit) encryption. Of course you should also run an antivirus program like Norton or McAfee, and an anti-spyware program like PestPatrol. You should know that password protecting Microsoft Office documents and Quicken files provides very little security. They’re very easily compromised by commonly available “lost password” cracking tools. Take special care to physically secure your laptop computer. Use a Kensington lock in the office and at home.
A missing wallet or purse is more than an inconvenience. It’s a goldmine of information for an identity thief. Therefore, you must do ALL of the following things if your wallet is lost or stolen (especially if it’s stolen):
File a report with your local police precinct. Do this immediately, and be sure to get a copy of the police report – in case you need proof of the loss for your credit card company or bank.
Cancel ALL your credit cards and store charge cards. Then order new cards with *new* account numbers.
Contact the fraud departments at all three of the major credit-reporting agencies: Experian 888-397-3742, Trans-Union 800-680-7289, and Equifax 800-525-6285. Request placement of a “fraud alert” on your account and also include a “victim’s statement.” Also request a copy of your credit reports and review them carefully. Order new copies in two or three months to verify your corrections or changes, and to watch for unauthorized activity (better yet, use a service like Privacy Guard).
Contact your department of motor vehicles, report your driver’s license as missing, and request a new one. If your state uses your SSN as your license ID, see if an alternate ID is available (same thing goes for your college ID or medical card).
If you carry any bank account information or blank checks in your wallet (and you shouldn’t), report the loss to your bank. Cancel your checking and savings accounts. Get new accounts with new numbers, a new ATM/debit card, new checks, and a new Personal Identification Number (PIN). It’s a pain, I know, but nothing compared to the grief of having your identity stolen and your accounts cleaned out!
If you think you’ve been the victim of identity theft, contact the Federal Trade Commission at 877-ID-THEFT (877-438-4338) or use the online ID Theft Affidavit Form.
Do you know anyone who’s been the victim of identity theft? It can be a devastating experience, both financially and emotionally. If you’re unlucky enough to have your identity stolen, expect your life to be turned upside-down for months or even years as you attempt to undo the damage inflicted by “the other you.” Your bank and brokerage accounts can be cleaned out, your credit rating trashed, and worse… Identity thieves usually open a new credit card or charge card account using your name, your date of birth, and your Social Security Number (SSN). Or they’ll call your card issuer and, impersonating you, change the mailing address on your account. After requesting a replacement card, the thief goes on a shopping spree, running up charges on “your” account. Because the statements get sent to the new address, you may not realize there’s a problem… until the account becomes seriously delinquent and the collection agencies start to call. Thieves commonly establish cell phone service in your name and run up huge charges. They often open a bank account in your name and write bad checks. All this negative activity is posted on your credit report. Here are nine ways to protect yourself:
1. Keep your Social Security Number on a strict “need to know” basis. Once an identity thief has your SSN, he or she can use it to obtain other ID’s and open accounts in your name. Some doctor’s offices, schools, and other institutions ask you for your SSN for their forms. I politely refuse to comply unless they can show me a good reason for needing it. Never write your SSN on a check. As your check is processed, it’s seen by many eyes… along with your legal name, address, etc. Never supply any personal information (especially not your credit card number, PIN numbers or SSN) to anyone who calls *you*. Legitimate companies *never* call customers asking for info like this. If you’re compelled to respond, get their number, check it against a web site or directory, and call them back.
2. Subscribe to a credit monitoring service. I use Privacy Guard. For only $80 a year, they send me notices of any inquiries or postings to my file in all three major credit reporting agencies, and provide access to full credit reports, DMV record, SSN record, MIB (Medical Information Bureau) record, and more. Well worth it.
3. Buy a shredder. Thanks to Arthur Anderson, paper shredders have gotten a bad name. That’s a shame. There are a lot of things you shouldn’t just throw into the trash: charge card receipts, expired cards, credit application forms, insurance forms, bank/brokerage statements, cancelled checks, and anything with your SSN or account numbers. Shred instead. And, if yours is like most households, you get several “pre-approved” credit card offers in the mail every week. Don’t just toss them in the trash… you’ll make things way too easy for the identity thieves.
4. Know what's on you. Go over to the copy machine right now. Take everything out of your wallet and lay it on the glass: credit cards, license, insurance cards, ID cards, etc. Make a copy. Flip everything over and copy the reverse. (Tip #1: if you put a coin on the glass in one corner, it’ll help you match the front and back of your cards on the copies. Tip #2: if the raised card numbers don’t copy well, run a magic marker over them lightly.) Make sure the customer service phone numbers are legible, then file your copies in a secure place (but one you can still get to quickly if your wallet is ever lost or stolen). Don’t just stuff everything back in your wallet. Take this opportunity to review and remove anything nonessential. DO NOT carry your social security card in your wallet.
5. Secure your incoming and outgoing mail. Consider installing a mail slot or a security mailbox by the curb like this one from Steel Mailbox Co. Don’t leave mail sitting out anywhere if you can avoid it.
6. Be smart about managing your passwords. Many people get lazy and use the same password for everything. Bad idea. Almost as bad as carrying around a card or having a post-it on your computer monitor with all your passwords. Don’t use publicly known info like your birth date, phone number, kid’s name, etc.
7. Buy a file safe. (Preferably a fireproof one.) Bolt it to the floor or have it professionally installed. Next best is a securely locked file cabinet or desk file drawer. Keep your personal information away from maids, service people, and contractors working in your home.
8. Know your cycles. Be aware of your credit card and store charge card billing cycles. Make a call if your bills don’t arrive on time. Contact your cell phone company and other firms where you have credit accounts. Put a password lock on your accounts. This way, changes can’t be made without your knowledge and approval.
9. Secure your computer. Put a firewall on your home computer. Best is a hardware router/firewall *and* a software firewall like ZoneAlarm. Make sure your web browser supports strong (128 bit) encryption. Of course you should also run an antivirus program like Norton or McAfee, and an anti-spyware program like PestPatrol. You should know that password protecting Microsoft Office documents and Quicken files provides very little security. They’re very easily compromised by commonly available “lost password” cracking tools. Take special care to physically secure your laptop computer. Use a Kensington lock in the office and at home.
A missing wallet or purse is more than an inconvenience. It’s a goldmine of information for an identity thief. Therefore, you must do ALL of the following things if your wallet is lost or stolen (especially if it’s stolen):
File a report with your local police precinct. Do this immediately, and be sure to get a copy of the police report – in case you need proof of the loss for your credit card company or bank.
Cancel ALL your credit cards and store charge cards. Then order new cards with *new* account numbers.
Contact the fraud departments at all three of the major credit-reporting agencies: Experian 888-397-3742, Trans-Union 800-680-7289, and Equifax 800-525-6285. Request placement of a “fraud alert” on your account and also include a “victim’s statement.” Also request a copy of your credit reports and review them carefully. Order new copies in two or three months to verify your corrections or changes, and to watch for unauthorized activity (better yet, use a service like Privacy Guard).
Contact your department of motor vehicles, report your driver’s license as missing, and request a new one. If your state uses your SSN as your license ID, see if an alternate ID is available (same thing goes for your college ID or medical card).
If you carry any bank account information or blank checks in your wallet (and you shouldn’t), report the loss to your bank. Cancel your checking and savings accounts. Get new accounts with new numbers, a new ATM/debit card, new checks, and a new Personal Identification Number (PIN). It’s a pain, I know, but nothing compared to the grief of having your identity stolen and your accounts cleaned out!
If you think you’ve been the victim of identity theft, contact the Federal Trade Commission at 877-ID-THEFT (877-438-4338) or use the online ID Theft Affidavit Form.
How to Keep Your Life Private
How to Keep Your Private Life Private
Not that long ago, it was possible for a person like you to lead a nice, quiet, private life. Once outside a small town, you could go about your business and pursue your personal affairs without leaving “tracks” – permanent records of where you’ve been, who you’ve talked to, and what you own. No longer. Privacy is dead. Now, nearly every detail of our lives is open to discovery, inspection, or in many cases, exploitation by people and organizations with criminal intent. A frighteningly large database of information about you has already been compiled by governmental agencies and private companies – and they’re adding more info to your file every single day. Despite advertisements that proclaim how much they "care" about you, your "friendly" bank, broker, and insurance company do not have your best interests at heart. Information is power; they will use it to derive maximum profitability from their dealings with you... while remaining within some narrow definition of the law. Even worse, there are many opportunities for criminals to access this information in order to cheat and victimize you. Last month I wrote about the rapidly-growing crime of identity theft – which can only occur when your personal information falls into the wrong hands. You have good reason to be concerned. Fortunately, there are steps you can take to radically lower your risk of being exploited.
Many of the strategies for preventing identity theft and for avoiding telemarketing calls I’ve written about in past issues of The Urbach Letter are also appropriate for protecting your personal privacy. These include:
*
Get on “Do Not Call” lists.
*
Alter your phone directory listing.
*
Restrict access to your Social Security Number.
*
Subscribe to a credit monitoring service.
*
Buy a shredder (cross-cut are best).
*
Limit access to your inbound and outbound postal mail.
*
Physically and electronically secure your computer (very important).
Here are a dozen additional things you can do to protect your privacy. I realize that not all of them will be appropriate for your personal situation, but each one will help lower your profile, and many will have side benefits, like reducing the amount of junk mail clogging your mailbox:
1. Check the online directories. Visit the major online phone directories (SuperPages, Bigfoot Whitepages, etc.) and do a search for yourself. Even if you’re unlisted in the current paper white pages, you’ll often show up in the online directories from prior years’ listings – and you’ll probably be disturbed to see your full address, plus a map with driving directions to your house. Use this link for instructions on how to get yourself unlisted from the online directories: Unlisting Instructions.
2. Opt out whenever you are given the chance. By now you’ve received a privacy statement in all your bank and brokerage statements, insurance premium notices, department store charge card bills, Visa, MasterCard, Amex, Discover bills, etc. They’re all required by law to notify you of their privacy policies and give you the option to restrict how the information they’ve collected about you can be used. But… they don’t have to make it easy! It should just be a checkbox on the reply slip in the payment envelope or an 800 number to call. Instead, in the fine print, you are often instructed to write to a different address, list account numbers, etc. Even though it’s somewhat of a pain, opt out whenever you’re given the opportunity. You’re not being compensated by these companies – who are exploiting your private information – so why in the world would you want to participate in the violation of your personal privacy?
3. Never fill in warranty cards. There is absolutely no reason to fill in the demographic (age, sex, income) or lifestyle fields (preferences, hobbies, interests, pets, etc.). In the vast majority of cases, you do not need to send in the card at all. Your purchase receipt is all that’s needed to make a warranty claim. While it’s true that returning the card with basic “name, rank, and serial number” information will enable the company to notify you about a product recall, this occurs so rarely, it’s ordinarily not an issue. (There are important exceptions like cribs, strollers, bicycles, etc.) However – and I guarantee this – if you supply demographic/lifestyle info, it’s going to be sold to a mailing list company.
4. Look yourself up on the web. Start with Google (http://www.google.com) and type your full name into the search field (in quotes, e.g.: “John Jacobsen.”) Please note, if you have a somewhat common name, you’re going to get thousands of matches – and you’ll need to do a more sophisticated search (in combination with other identifying terms like your hometown). If your name is somewhat uncommon (like “Victor Urbach”) you may find a surprising number of “hits” that refer specifically to you. Some people call this exercise a “vanity search” but you may uncover some links that reveal disturbing personal data. You may or may not be able to get these links deleted (and nearly everything on the web is archived to some extent), however, you can still make things more difficult for the bad guys.
5. Avoid "Preferred Customer" clubs. I don't register for any of these "discount programs" at my supermarket, pharmacy, office supply store, etc. It's not so much that I'm concerned my brand preference for laundry detergent or copy paper is being tracked and compiled, I just object on principle – and fear the data gathered will be aggregated with other databases in the future, with unknown consequences. Besides, I find the supposed "specials" not so special, and the "discounts" still available just by saying "no" when the clerk asks, "Do you have a CVS card?" However, please be aware that your purchases can still be tracked if you pay by check or credit card. As usual, for maximum anonymity, pay with cash.
6. Secure your medical records. Negative information in your medical records can have problematic effects beyond what you'd expect. Aside being denied health insurance coverage or payment of claims, your employer and other non-medical organizations can sometimes access your file. Here are several things you should know:
* Get a copy of your MIB report. No, this has nothing to do with "Men In Black." MIB is the Medical Information Bureau, a central database accessed by many insurance companies. Write to: MIB, Box 105, Essex Station, Boston, MA, 02112 or call 617-426-3660.
* Review your HMO and Medicare/Medicaid files yearly. If you find incorrect, embarrassing, or outdated entries, petition to have them removed or corrected.
* Send a letter to your physician. Ask that your doctor and/or staff only give out the minimum amount of information that's requested by an insurance company or other third party. Without this instruction, many medical offices will hand over your entire file, without considering the potential consequences.
* Never sign a "Blanket Waiver." If you do, it'll authorize the release of ALL information regarding your lifetime medical history, symptoms, findings, and exam results. If you need to sign a release, be sure to edit the wording to restrict its scope and duration (that is, limit it to records from a specific doctor or hospital, and put an expiration date on the release).
* If you need treatment for a sensitive condition, like depression, alcoholism, drug abuse, sexually-transmitted disease, etc., seek treatment at a non-employer-sponsored program. While there is *supposed* to be confidentiality, plenty of abuses occur. If you still wish to be treated at a company-sponsored facility, get written confirmation of confidentiality *before* discussing anything with a counselor.
7. Be aware of how you are monitored at work. Your employer has the legal right to monitor your inbound and outbound email, voice mail, hard-drive contents, and (non-personal) telephone calls. Find out what's actively being monitored at your company and adjust your at-work behavior accordingly. See if you can check your personnel file every six months or so. Most of us still remember the grade school fear that one of our misdeeds would be recorded for perpetuity on our "Permanent Record." The not so funny part is that disciplinary actions and negative/sensitive information are commonly recorded in your real permanent record: your personnel file. If you can determine that it's tainted by these entries, negotiate to have them removed after a reasonable period of time.
8. Not everybody needs to know your birthday. You might think this is a minor point. It's not. While (I hope) you know to restrict access to your Social Security Number, many people give out their birth date to anyone who asks. Here's why you shouldn't. Even though your full name is already listed in thousands of databases, often it's just a name, and doesn't mean much. There are likely thousands of other people who share your name. If you ever find yourself in a position where you need to markedly lower your profile, a person seeking you with only knowledge of your name will have a hard time tracking you down. However, armed with both your name and birth date, any competent private investigator will find you in less than a day. Your friends and family already know your birthday. Very few other people need to know it. While you should be honest on insurance or loan applications, or on government forms, consider making an "honest mistake" everywhere else. Privacy expert J.J. "Jack" Luna recommends transposing the month and day when writing your birth date. For example, if your birth date is June 12, 1951, write it as 12/6/51. While this only works if you were born on one of the first twelve days of the month, it's easy to claim you made an innocent mistake if challenged. (Outside of the US and Canada, dates are commonly written day first, month second.) Another approach is to "swap" birthdates with a family member.
9. Guard your driver's license. Your driver's license shows your home address, and it's better for strangers not to know that bit of information. Especially when you're traveling. Don't put your license in that plastic window in your wallet. One private eye found out a target's address by asking him to break a $10 bill. When he opened his wallet, the PI spotted the information he needed. (It goes without saying that your luggage tags shouldn't have an externally visible address on them. Get the kind that hides it inside the tag.) Consider using a P.O. Box or office address on your license if your state's DMV allows it.
10. Choose the right telephone for secure calls. If you need to have a truly private conversation with someone, do not use your home, office, or regular cell phone. Use a prepaid phone card at a payphone if your call requires extra security. Or consider getting a prepaid cell phone. Even though the cell phone call could be intercepted and recorded, prepaid cell phone calls can't be traced to you. By the way, I learned this from watching an episode of the Sopranos (and verified it afterwards). But I sure hope you'll have a more benevolent reason than Tony for wanting to have a private talk with someone! By the way, even though wiretaps on your landline phone are rare, and require a court order, your phone company records are not legally protected. So while your conversation might be private, it's not that hard to find out to whom you've been talking.
11. Keep your email and web surfing private. I hope you already know that ordinary emails sent from either your home or workplace are not secure at all. If you want email privacy, sign up with Lok.Mail. You'll get military-strength crypto with 1024 bit PGP encryption; however both you and your recipient will need to use Lok.Mail addresses. Your web surfing behavior is easily tracked by anyone with the right technical smarts. If you're concerned about this, consider using Anonymizer.com. for just thirty bucks a year, you'll be become invisible to the web sites you visit, and nothing you see or download can be tracked back to you. It's the best way to surf at work without being monitored. Ad blocking and pop-up stopping are built-in to the service, as is cookie control. However, If you don't want to use Anonymizer, it's a good idea to clear your browser's Internet history on a regular basis. Otherwise, anyone with access to your PC can just click the "history" button and find all the sites you've visited recently. For a higher level of scrubbing, use Internet Trace Destructor. It comes with an electronic "shredder" that destroys all traces of deleted files, according to U.S. Department of Defense standards.
12. Lower your car's profile. You can't hide your license plate number, and that presents a problem. Let's say your car is parked in an airport long-term parking lot while you're out of town. It's very easy to "run" your plate number and get your home address from the DMV registration – another good reason to use a P.O. Box or office address on your vehicle's registration. Also, you should be aware that bumper stickers proclaiming affiliation to specific groups or schools, and parking stickers listing specific organizations can provide an "evil doer" with information that he or she really shouldn't have. This is all the more important if you drive a high-end vehicle, and are therefore a more likely target for both criminal attack and frivolous lawsuits.
So... you have a lot of ways to protect yourself. However before you start employing these strategies, it's important to recognize that achieving privacy entails trade-offs. Most of us lead two separate lives: our public life (associated with our business, the organizations we participate in, our avocations, and our communities), and our private home life with our families. For many people, there are good reasons to maintain a relatively high public profile. Being well-known in our communities and industries has many benefits. Woody Allen once said, “80% of success is just showing up.” While I disagree with the 80% part, Woody’s law largely holds. When you’re a high-profile individual within your “community” (business/industry or town), many interesting opportunities spontaneously open up to you. You become “magnetized,” and attract people who can help you achieve the things you want out of life. The challenge is to lower your private profile without disappearing altogether. You’ll have to decide, for example, whether to have an unlisted home telephone number.
Remember, it’s your right to keep your personal information on a “need to know” basis. Your private information has substantial value – that’s why so many people are trying to collect it. You are under no obligation to provide them with the details of your life.
Not that long ago, it was possible for a person like you to lead a nice, quiet, private life. Once outside a small town, you could go about your business and pursue your personal affairs without leaving “tracks” – permanent records of where you’ve been, who you’ve talked to, and what you own. No longer. Privacy is dead. Now, nearly every detail of our lives is open to discovery, inspection, or in many cases, exploitation by people and organizations with criminal intent. A frighteningly large database of information about you has already been compiled by governmental agencies and private companies – and they’re adding more info to your file every single day. Despite advertisements that proclaim how much they "care" about you, your "friendly" bank, broker, and insurance company do not have your best interests at heart. Information is power; they will use it to derive maximum profitability from their dealings with you... while remaining within some narrow definition of the law. Even worse, there are many opportunities for criminals to access this information in order to cheat and victimize you. Last month I wrote about the rapidly-growing crime of identity theft – which can only occur when your personal information falls into the wrong hands. You have good reason to be concerned. Fortunately, there are steps you can take to radically lower your risk of being exploited.
Many of the strategies for preventing identity theft and for avoiding telemarketing calls I’ve written about in past issues of The Urbach Letter are also appropriate for protecting your personal privacy. These include:
*
Get on “Do Not Call” lists.
*
Alter your phone directory listing.
*
Restrict access to your Social Security Number.
*
Subscribe to a credit monitoring service.
*
Buy a shredder (cross-cut are best).
*
Limit access to your inbound and outbound postal mail.
*
Physically and electronically secure your computer (very important).
Here are a dozen additional things you can do to protect your privacy. I realize that not all of them will be appropriate for your personal situation, but each one will help lower your profile, and many will have side benefits, like reducing the amount of junk mail clogging your mailbox:
1. Check the online directories. Visit the major online phone directories (SuperPages, Bigfoot Whitepages, etc.) and do a search for yourself. Even if you’re unlisted in the current paper white pages, you’ll often show up in the online directories from prior years’ listings – and you’ll probably be disturbed to see your full address, plus a map with driving directions to your house. Use this link for instructions on how to get yourself unlisted from the online directories: Unlisting Instructions.
2. Opt out whenever you are given the chance. By now you’ve received a privacy statement in all your bank and brokerage statements, insurance premium notices, department store charge card bills, Visa, MasterCard, Amex, Discover bills, etc. They’re all required by law to notify you of their privacy policies and give you the option to restrict how the information they’ve collected about you can be used. But… they don’t have to make it easy! It should just be a checkbox on the reply slip in the payment envelope or an 800 number to call. Instead, in the fine print, you are often instructed to write to a different address, list account numbers, etc. Even though it’s somewhat of a pain, opt out whenever you’re given the opportunity. You’re not being compensated by these companies – who are exploiting your private information – so why in the world would you want to participate in the violation of your personal privacy?
3. Never fill in warranty cards. There is absolutely no reason to fill in the demographic (age, sex, income) or lifestyle fields (preferences, hobbies, interests, pets, etc.). In the vast majority of cases, you do not need to send in the card at all. Your purchase receipt is all that’s needed to make a warranty claim. While it’s true that returning the card with basic “name, rank, and serial number” information will enable the company to notify you about a product recall, this occurs so rarely, it’s ordinarily not an issue. (There are important exceptions like cribs, strollers, bicycles, etc.) However – and I guarantee this – if you supply demographic/lifestyle info, it’s going to be sold to a mailing list company.
4. Look yourself up on the web. Start with Google (http://www.google.com) and type your full name into the search field (in quotes, e.g.: “John Jacobsen.”) Please note, if you have a somewhat common name, you’re going to get thousands of matches – and you’ll need to do a more sophisticated search (in combination with other identifying terms like your hometown). If your name is somewhat uncommon (like “Victor Urbach”) you may find a surprising number of “hits” that refer specifically to you. Some people call this exercise a “vanity search” but you may uncover some links that reveal disturbing personal data. You may or may not be able to get these links deleted (and nearly everything on the web is archived to some extent), however, you can still make things more difficult for the bad guys.
5. Avoid "Preferred Customer" clubs. I don't register for any of these "discount programs" at my supermarket, pharmacy, office supply store, etc. It's not so much that I'm concerned my brand preference for laundry detergent or copy paper is being tracked and compiled, I just object on principle – and fear the data gathered will be aggregated with other databases in the future, with unknown consequences. Besides, I find the supposed "specials" not so special, and the "discounts" still available just by saying "no" when the clerk asks, "Do you have a CVS card?" However, please be aware that your purchases can still be tracked if you pay by check or credit card. As usual, for maximum anonymity, pay with cash.
6. Secure your medical records. Negative information in your medical records can have problematic effects beyond what you'd expect. Aside being denied health insurance coverage or payment of claims, your employer and other non-medical organizations can sometimes access your file. Here are several things you should know:
* Get a copy of your MIB report. No, this has nothing to do with "Men In Black." MIB is the Medical Information Bureau, a central database accessed by many insurance companies. Write to: MIB, Box 105, Essex Station, Boston, MA, 02112 or call 617-426-3660.
* Review your HMO and Medicare/Medicaid files yearly. If you find incorrect, embarrassing, or outdated entries, petition to have them removed or corrected.
* Send a letter to your physician. Ask that your doctor and/or staff only give out the minimum amount of information that's requested by an insurance company or other third party. Without this instruction, many medical offices will hand over your entire file, without considering the potential consequences.
* Never sign a "Blanket Waiver." If you do, it'll authorize the release of ALL information regarding your lifetime medical history, symptoms, findings, and exam results. If you need to sign a release, be sure to edit the wording to restrict its scope and duration (that is, limit it to records from a specific doctor or hospital, and put an expiration date on the release).
* If you need treatment for a sensitive condition, like depression, alcoholism, drug abuse, sexually-transmitted disease, etc., seek treatment at a non-employer-sponsored program. While there is *supposed* to be confidentiality, plenty of abuses occur. If you still wish to be treated at a company-sponsored facility, get written confirmation of confidentiality *before* discussing anything with a counselor.
7. Be aware of how you are monitored at work. Your employer has the legal right to monitor your inbound and outbound email, voice mail, hard-drive contents, and (non-personal) telephone calls. Find out what's actively being monitored at your company and adjust your at-work behavior accordingly. See if you can check your personnel file every six months or so. Most of us still remember the grade school fear that one of our misdeeds would be recorded for perpetuity on our "Permanent Record." The not so funny part is that disciplinary actions and negative/sensitive information are commonly recorded in your real permanent record: your personnel file. If you can determine that it's tainted by these entries, negotiate to have them removed after a reasonable period of time.
8. Not everybody needs to know your birthday. You might think this is a minor point. It's not. While (I hope) you know to restrict access to your Social Security Number, many people give out their birth date to anyone who asks. Here's why you shouldn't. Even though your full name is already listed in thousands of databases, often it's just a name, and doesn't mean much. There are likely thousands of other people who share your name. If you ever find yourself in a position where you need to markedly lower your profile, a person seeking you with only knowledge of your name will have a hard time tracking you down. However, armed with both your name and birth date, any competent private investigator will find you in less than a day. Your friends and family already know your birthday. Very few other people need to know it. While you should be honest on insurance or loan applications, or on government forms, consider making an "honest mistake" everywhere else. Privacy expert J.J. "Jack" Luna recommends transposing the month and day when writing your birth date. For example, if your birth date is June 12, 1951, write it as 12/6/51. While this only works if you were born on one of the first twelve days of the month, it's easy to claim you made an innocent mistake if challenged. (Outside of the US and Canada, dates are commonly written day first, month second.) Another approach is to "swap" birthdates with a family member.
9. Guard your driver's license. Your driver's license shows your home address, and it's better for strangers not to know that bit of information. Especially when you're traveling. Don't put your license in that plastic window in your wallet. One private eye found out a target's address by asking him to break a $10 bill. When he opened his wallet, the PI spotted the information he needed. (It goes without saying that your luggage tags shouldn't have an externally visible address on them. Get the kind that hides it inside the tag.) Consider using a P.O. Box or office address on your license if your state's DMV allows it.
10. Choose the right telephone for secure calls. If you need to have a truly private conversation with someone, do not use your home, office, or regular cell phone. Use a prepaid phone card at a payphone if your call requires extra security. Or consider getting a prepaid cell phone. Even though the cell phone call could be intercepted and recorded, prepaid cell phone calls can't be traced to you. By the way, I learned this from watching an episode of the Sopranos (and verified it afterwards). But I sure hope you'll have a more benevolent reason than Tony for wanting to have a private talk with someone! By the way, even though wiretaps on your landline phone are rare, and require a court order, your phone company records are not legally protected. So while your conversation might be private, it's not that hard to find out to whom you've been talking.
11. Keep your email and web surfing private. I hope you already know that ordinary emails sent from either your home or workplace are not secure at all. If you want email privacy, sign up with Lok.Mail. You'll get military-strength crypto with 1024 bit PGP encryption; however both you and your recipient will need to use Lok.Mail addresses. Your web surfing behavior is easily tracked by anyone with the right technical smarts. If you're concerned about this, consider using Anonymizer.com. for just thirty bucks a year, you'll be become invisible to the web sites you visit, and nothing you see or download can be tracked back to you. It's the best way to surf at work without being monitored. Ad blocking and pop-up stopping are built-in to the service, as is cookie control. However, If you don't want to use Anonymizer, it's a good idea to clear your browser's Internet history on a regular basis. Otherwise, anyone with access to your PC can just click the "history" button and find all the sites you've visited recently. For a higher level of scrubbing, use Internet Trace Destructor. It comes with an electronic "shredder" that destroys all traces of deleted files, according to U.S. Department of Defense standards.
12. Lower your car's profile. You can't hide your license plate number, and that presents a problem. Let's say your car is parked in an airport long-term parking lot while you're out of town. It's very easy to "run" your plate number and get your home address from the DMV registration – another good reason to use a P.O. Box or office address on your vehicle's registration. Also, you should be aware that bumper stickers proclaiming affiliation to specific groups or schools, and parking stickers listing specific organizations can provide an "evil doer" with information that he or she really shouldn't have. This is all the more important if you drive a high-end vehicle, and are therefore a more likely target for both criminal attack and frivolous lawsuits.
So... you have a lot of ways to protect yourself. However before you start employing these strategies, it's important to recognize that achieving privacy entails trade-offs. Most of us lead two separate lives: our public life (associated with our business, the organizations we participate in, our avocations, and our communities), and our private home life with our families. For many people, there are good reasons to maintain a relatively high public profile. Being well-known in our communities and industries has many benefits. Woody Allen once said, “80% of success is just showing up.” While I disagree with the 80% part, Woody’s law largely holds. When you’re a high-profile individual within your “community” (business/industry or town), many interesting opportunities spontaneously open up to you. You become “magnetized,” and attract people who can help you achieve the things you want out of life. The challenge is to lower your private profile without disappearing altogether. You’ll have to decide, for example, whether to have an unlisted home telephone number.
Remember, it’s your right to keep your personal information on a “need to know” basis. Your private information has substantial value – that’s why so many people are trying to collect it. You are under no obligation to provide them with the details of your life.
Thursday, November 20, 2008
SPEED TRAPS!
Speed Traps
Nothing is worse than coasting down the highway then seeing those familiar blue lights in your rear view mirror; those lights are a clear indication that you are being pulled over. Perhaps your first thought is to get out of the way of the officer so he can pass you to pull over the culprit then you realize when he pulls directly behind you with his lights still flashing blindly you are the "culprit". Your second thought is probably "what did I do wrong?" still not realizing you were speeding.
Let's face it, speeding is something most of us do and sometimes most of us don't realize we are doing it. We're just cruising along with the rest of the traffic and happen to be the unlucky one who gets pulled over next to receive a ticket.
Our law enforcement officers are simply doing their job but there are some things we can do to educate ourselves to avoid the speed traps that they set for us. Before you take that next trip down the highway check out these interesting sites that will allow you to locate the speed traps before you have to learn the hard way:
http://www.beartraps.com
http://www.speedtrap.org/
Nobody wants to be on the receiving end of an officer handing you a ticket because you can bet it's not going to be to the Policeman's Ball.
Nothing is worse than coasting down the highway then seeing those familiar blue lights in your rear view mirror; those lights are a clear indication that you are being pulled over. Perhaps your first thought is to get out of the way of the officer so he can pass you to pull over the culprit then you realize when he pulls directly behind you with his lights still flashing blindly you are the "culprit". Your second thought is probably "what did I do wrong?" still not realizing you were speeding.
Let's face it, speeding is something most of us do and sometimes most of us don't realize we are doing it. We're just cruising along with the rest of the traffic and happen to be the unlucky one who gets pulled over next to receive a ticket.
Our law enforcement officers are simply doing their job but there are some things we can do to educate ourselves to avoid the speed traps that they set for us. Before you take that next trip down the highway check out these interesting sites that will allow you to locate the speed traps before you have to learn the hard way:
http://www.beartraps.com
http://www.speedtrap.org/
Nobody wants to be on the receiving end of an officer handing you a ticket because you can bet it's not going to be to the Policeman's Ball.
Free Annual Credit Report
California consumers can now receive free copies of their reports once every 12 months thanks to the Fair and Accurate Credit Transactions (FACT) Act.
Go online www.annualcreditreport.com or call (877) 322-8228
Or mail a standardized form which you can get at www.ftc.gov/credit Click on “New Law Promotes Access to Free Credit Reports” then click on “Annual Credit Report Request Form”
Mail to:
Annual Credit Report Request Service
P.O. Box 105281
Atlanta GA 30348-5281
Go online www.annualcreditreport.com or call (877) 322-8228
Or mail a standardized form which you can get at www.ftc.gov/credit Click on “New Law Promotes Access to Free Credit Reports” then click on “Annual Credit Report Request Form”
Mail to:
Annual Credit Report Request Service
P.O. Box 105281
Atlanta GA 30348-5281
The Secret To Removing A Chapter 7 Bankruptcy Permanently
In today’s article I’m going to show you a way to easily and legally remove a Chapter 7 bankruptcy from your credit reports.
Unlike other negative information which stays on your credit report for 7 years, bankruptcy can be reported for up to 10 years.
Bankruptcy courts keep cases active for a period of two years before placing them on microfiche.
If your Chapter 7 bankruptcy has aged at least 27 months since the date of discharge, you’re in a great position to make it disappear forever, simply file disputes with the credit bureaus indicating that your bankruptcy was a Chapter 13 and not a Chapter 7.
You need not provide any documentation to support your dispute; the burden of proof is on the government.
Bankruptcy courts do not respond to requests for verification on cases which has been archived to microfiche, as a result the credit bureaus are required by law to delete the bankruptcy permanently.
Unlike other negative information which stays on your credit report for 7 years, bankruptcy can be reported for up to 10 years.
Bankruptcy courts keep cases active for a period of two years before placing them on microfiche.
If your Chapter 7 bankruptcy has aged at least 27 months since the date of discharge, you’re in a great position to make it disappear forever, simply file disputes with the credit bureaus indicating that your bankruptcy was a Chapter 13 and not a Chapter 7.
You need not provide any documentation to support your dispute; the burden of proof is on the government.
Bankruptcy courts do not respond to requests for verification on cases which has been archived to microfiche, as a result the credit bureaus are required by law to delete the bankruptcy permanently.
Wednesday, November 19, 2008
HOW TO GET OUT OF CHEXSYSTEMS!
HOW TO GET OUT OF CHEXSYSTEMS!
If you’re currently having trouble getting a checking account because you’ve been
reported to ChexSystems, you may have more options than you think.
Basically, a bank can arbitrarily decide to punish you if it suspects you have
"misbehaved" with your checking account. It's called "Chex Systems" and once you
are in this system you cannot have a checking account for five years.
If you don't balance your checkbook and you commit overdrafts, there is a reason
behind the bank's decision. But if you make a mistake or the bank makes a
mistake, there is no recourse.
Say you move and close your account and a check bounces later, there should be
an alternative. But right now there is not. If you get put into Chex Systems, there is no appeals process.
It's highly controversial and consumer advocates have been fighting it for years.
Under recent revisions to the Fair Credit Reporting Act, you can now appeal to Chex
System itself. But the banks can still send you to Chex Systems prison on a whim.
Thankfully, about a dozen states around the country allow you to get out of the
program by taking a course in budgeting and handling finances. You receive a
voucher to go open a checking account once you finish the course.
Go to getchecking.org to see which states offer the class. But if you live in a state
that does not have this "out," appeal to Chex Systems directly.
If you are not in a state that offers Get Checking, you will have to dispute items on
your own.
How to get off ChexSystems
Don't pay a service to send a letter to get removed from ChexSystems. Free
information. Beat ChexSystems! Survive while on ChexSystems! Get a second
chance! Open a non ChexSystems bank account now
Request a copy of your report in by writing directly to ChexSystems at the
following address:
ChexSystems Customer Service
12005 Ford Road, Suite 600
Dallas, TX 75234-7253
Fax: (972) 241-4772
Local (972) 280-8585
ChexSystems toll free phone number
(800) 428-9623 or (800) 513-7125
Visit chexhelp.com and order a copy of your ChexSystems report. This will allow
you to find out what caused you to be placed on their system. This will also give
you a Consumer ID number. If the information on the report is not a true
representation of the facts use the following information to resolve a dispute
Letter 1: Ask them to verify the information
Inform ChexSystems that you have reviewed your report and are unaware of this
negative listing occurring (if you dispute it). Ask them to validate the information
from the bank, and send copies of any documentation they have regarding this
listing that bear your signature, at the same time ask to have the information
deleted from the file under your social security number. (This could be your only
letter.) This maybe enough to have them remove your name from the system.
Keep a copy of the letter for your files and send the original letter Certified Mail
return receipt requested. This will become a legal document. You will want proof
when it was sent out because ChexSystems is required to contact you in 30 days
or delete the listing.
Letter 2: If your dispute was verified yet inaccurate
Inform ChexSystems that you wish to have a description of the procedure used to
determine that the information they sent you was valid. Looking at a computer
screen does not make it valid. Also, request a listing of the names, addresses and
telephone numbers of the people they contacted at the listing bank. There may be
identity fraud involved. Contact the bank and verify the legitimacy of the listing.
I was informed that mentioning to any credit bureau, that you are aware of
Wenger v. Trans Union Corp., No. 95-6445 (C.D.Cal. Nov. 14, 1995) may help.
You will want to request that they respond to your letter in 30 days (may vary by
state). State in your letter, if you are not contacted in 30 days you will contact the
FTC and your state Attorney General's office. This may get some results.
If your letter has been responded to in 30 days and was verified accurate
If you legitimately owe the money, pay it. Some banks will accept people for
checking accounts once the debt has been resolved. If the debt is resolved and
you still can't get a checking account, you may try a small claims action for the
costs of cashing checks and buying money orders. No promises! Ask an attorney or
legal aid society in your state about the specifics in your case before you do!
If your letter has not been responded to within 30 days
Checkout the FTC website for specific information on non complying credit
bureaus. Federal Trade Commission Home
Once ChexSystems has removed the negative listing (s)
As soon as you receive a notice from chexsystems that your account has been
cleared open several checking accounts. It is possible that chexsystems will allow
the disputed claim to creep back on to your report. You will want to have an
account opened by then. Some banks check chexsystems within the first 30 days
of an account being opened. You would not want to take the chance of your
account being closed
If the date of the listing from a credit agency is incorrect
The FTC website just won a Civil Penalty against a collection agency for violation of
the FCRA. Include a copy of this article in your letter to the agency. NCO Group to
Pay Largest FCRA Civil Penalty to Date.
NON CHEXSYSTEMS BANKS
FSNB
www.fsnb.com
(800) 749-4583 ask for new accounts
FSNB is now open to anyone regardless of your location. Take advantage of this
while you can. It may not last.
They DO have online banking/access, however you have to call them and ask for
new accounts. Tell them that you wish to open a checking account. They will send
an application to you.
You will probably get an ATM debit card at first, good at any ATM for cash
withdrawal. After 4 months, you will be eligible for the Visa debit card.
**If you set up DIRECT DEPOSIT, after your second deposit hits, call them up and
ask them to send you a VISA debit card.
Also if you have direct deposit with them, you can get an advance for a $14 fee. It’s
called a temporary overdraft.
*No credit checks
*No applications
They give you an advance, up the lowest of your last 2 deposits for a $14 fee.
USAA FEDERAL SAVINGS BANK
www.usaa.com
USAA uses Tele check not Chex Systems.
Anyone can get an account with USAA. This is an internet bank. You do not have to
be in the military to get an account with USAA. Simply call them and tell them you
need a membership number to get a checking account. If you can give them the
initial deposit of $50 over the phone using a credit card, they will have your account up and running in 2 days. Some have been known to get their checks and Visa
debit cards in under a week!
They also send you postage paid envelopes for deposits. There are cash back
rebates made on all purchases made as a credit card purchase.
SAMPLE CHEXSYSTEMS DISPUTE OF ANY NON-ACCURATE ITEM
Note: Be sure to enclose photocopies of any and all evidence that can help support your dispute.
DO NOT send any original documents, photocopies only.
Your full name
Your address
City, State Zip Code
Date
Your social security number
ChexSystems
Customer Relations
12005 Ford Road Suite 600
Dallas, TX 75234
Dear ChexSystems:
I have received a copy of my ChexSystems report, and I am writing to notify you that the following information is incorrect:
Bank Name
Date
[Indicate: wrong amount, wrong date, this is not your credit line, you do not have a credit listing with this bank, this account was paid off, the dates are wrong, or other reasons you would like this listing verified.]
[Itemize: each correction using the same format]
Based on this, please delete this information and send written confirmation that you have done so to the address above.
Thank you for your assistance.
Sincerely,
Your full name signed here
Your printed full name here
SAMPLE CHEXSYSTEMS DISPUTE FOR 30-DAY TIME EXPIRED
Note: Be sure to enclose photocopies of any and all evidence that can help support your dispute, such as the registered letter confirmation receipt from your first letter. DO I\JOT send any original documents, photocopies only.
Your full name
Your address
City, State Zip Code
Date
Your social security number
ChexSystems
Customer Relations
12005 Ford Road Suite 600
Dallas, TX 75234
Dear ChexSystems:
In a letter dated [Insert: date of first letter], I requested that you correct the following information
in my ChexSystems report:
[List: errors indicated in first letter]
To date, I have not received confirmation that you have done so.
As 30 days have now passed, this letter is my formal demand to be removed from the ChexSystems database. Please note that your failure to do so violates the Fair Credit Reporting Act.
Please immediately send confirmation of the deletion to the address above.
If I do not hear from you within ten business days, I am prepared to take legal action to remedy the situation.
Thank you for your assistance.
Sincerely,
Your full name signed here
Your printed full name here
SAMPLE CHEXSYSTEMS 1S-DAY METHOD OF VERIFICATION REQUEST
Note: Be sure to enclose photocopies of any and all evidence that can help support your dispute, such as the registered letter confirmation receipt from your first letter. DO NOT send any original documents, photocopies only.
Your full name
Your address
City, State Zip Code
ChexSystems
Customer Relations
12005 Ford Road Suite 600
Dallas, TX 75234
Date
RE: Consumer 10 # [your consumer 10 # here]
Dear Consumer Relations Dept.:
I am writing in response to your claim that [Name of Bank] has confirmed my unpaid debt. Please note that you have again failed to provide me a copy of the evidence submitted to you by this bank.
I request that you provide me a description of the procedure you used to determine the accuracy and completeness of the bank's information. Please send this information to me within fifteen (15) days of the completion of your reinvestigation. In addition, please provide the name, address, and telephone number of each person you contacted at [Name of Bank] regarding my alleged account.
I also request a copy of any documents submitted to you by [Name of Bank] which bear my signature and show that I have a legally binding contractual obligation to pay them.
Be aware that this is my final goodwill attempt to have this matter resolved. As it now stands, the information you have presented to me is inaccurate and incomplete and represents a serious error in your reporting.
It is my understanding that your continued failure to comply with federal regulations can be investigated by the Federal Trade Commission (see 15 USC Section 41). For this reason, I am maintaining a careful record of my communications with you should I need to file a complaint with the FTC and the state of [your state] Attorney General's office.
If you do not respond within 10 business days, I am prepared to take legal action against your company for causes of action including, but not limited to, defamation, fraud and violations under the Fair Credit Reporting Act.
Sincerely,
Your Name (printed or typed, not signed)
Your social security number
SAMPLE DISPUTE TO THE
FURNISHER OF INFORMATION
Instructions: Complete and mail this form by certified letter to the bank that has reported you to ChexSystems.
Note: Be sure to enclose photocopies of any and all evidence that can help support your dispute, such as the registered letter confirmation receipt from Form 1. DO NOT send any original documents, photocopies only.
Your full name
Your address
City, State Zip Code
Name and Address of original bank
Date
RE: Acct # [insert your account number here]
To Whom It May Concern:
I am writing regarding the unpaid debt on account # [insert your account number here], which I dispute.
According to the Fair Debt Collection Practices Act, I am requesting "validation," or competent evidence that bears my signature and shows I have some contractual obligation to pay you. Please be aware that any negative mark on my credit report (which includes ChexSystems credit report) for a debt I don't owe is in violation of the Fair Credit Reporting Act (FCRA).
Therefore, if you cannot validate the debt, you must request that all credit reporting agencies delete the entry. In addition, until I have received and reviewed any evidence you provide me, I ask that you take no action that might damage my credit reports.
If the debt described above has been resolved, I ask that you remove, or have removed, any derogatory marks from my credit reports per the FCRA and send me confirmation that you have done so.
Please note that if you fail to respond within 30 days of receipt of this certified letter, I am prepared to take legal action against your company for causes of action including, but not limited to, defamation, fraud and violations under the Fair Credit Reporting Act.
By sending this letter, I am disputing both the validity of the alleged debt and the validity of your claims. This is my attempt to correct your records. Please be aware that any information I receive from you will be collected as evidence should any further action be necessary.
Best regards,
Your full name signed here
Your printed full name here
If you’re currently having trouble getting a checking account because you’ve been
reported to ChexSystems, you may have more options than you think.
Basically, a bank can arbitrarily decide to punish you if it suspects you have
"misbehaved" with your checking account. It's called "Chex Systems" and once you
are in this system you cannot have a checking account for five years.
If you don't balance your checkbook and you commit overdrafts, there is a reason
behind the bank's decision. But if you make a mistake or the bank makes a
mistake, there is no recourse.
Say you move and close your account and a check bounces later, there should be
an alternative. But right now there is not. If you get put into Chex Systems, there is no appeals process.
It's highly controversial and consumer advocates have been fighting it for years.
Under recent revisions to the Fair Credit Reporting Act, you can now appeal to Chex
System itself. But the banks can still send you to Chex Systems prison on a whim.
Thankfully, about a dozen states around the country allow you to get out of the
program by taking a course in budgeting and handling finances. You receive a
voucher to go open a checking account once you finish the course.
Go to getchecking.org to see which states offer the class. But if you live in a state
that does not have this "out," appeal to Chex Systems directly.
If you are not in a state that offers Get Checking, you will have to dispute items on
your own.
How to get off ChexSystems
Don't pay a service to send a letter to get removed from ChexSystems. Free
information. Beat ChexSystems! Survive while on ChexSystems! Get a second
chance! Open a non ChexSystems bank account now
Request a copy of your report in by writing directly to ChexSystems at the
following address:
ChexSystems Customer Service
12005 Ford Road, Suite 600
Dallas, TX 75234-7253
Fax: (972) 241-4772
Local (972) 280-8585
ChexSystems toll free phone number
(800) 428-9623 or (800) 513-7125
Visit chexhelp.com and order a copy of your ChexSystems report. This will allow
you to find out what caused you to be placed on their system. This will also give
you a Consumer ID number. If the information on the report is not a true
representation of the facts use the following information to resolve a dispute
Letter 1: Ask them to verify the information
Inform ChexSystems that you have reviewed your report and are unaware of this
negative listing occurring (if you dispute it). Ask them to validate the information
from the bank, and send copies of any documentation they have regarding this
listing that bear your signature, at the same time ask to have the information
deleted from the file under your social security number. (This could be your only
letter.) This maybe enough to have them remove your name from the system.
Keep a copy of the letter for your files and send the original letter Certified Mail
return receipt requested. This will become a legal document. You will want proof
when it was sent out because ChexSystems is required to contact you in 30 days
or delete the listing.
Letter 2: If your dispute was verified yet inaccurate
Inform ChexSystems that you wish to have a description of the procedure used to
determine that the information they sent you was valid. Looking at a computer
screen does not make it valid. Also, request a listing of the names, addresses and
telephone numbers of the people they contacted at the listing bank. There may be
identity fraud involved. Contact the bank and verify the legitimacy of the listing.
I was informed that mentioning to any credit bureau, that you are aware of
Wenger v. Trans Union Corp., No. 95-6445 (C.D.Cal. Nov. 14, 1995) may help.
You will want to request that they respond to your letter in 30 days (may vary by
state). State in your letter, if you are not contacted in 30 days you will contact the
FTC and your state Attorney General's office. This may get some results.
If your letter has been responded to in 30 days and was verified accurate
If you legitimately owe the money, pay it. Some banks will accept people for
checking accounts once the debt has been resolved. If the debt is resolved and
you still can't get a checking account, you may try a small claims action for the
costs of cashing checks and buying money orders. No promises! Ask an attorney or
legal aid society in your state about the specifics in your case before you do!
If your letter has not been responded to within 30 days
Checkout the FTC website for specific information on non complying credit
bureaus. Federal Trade Commission Home
Once ChexSystems has removed the negative listing (s)
As soon as you receive a notice from chexsystems that your account has been
cleared open several checking accounts. It is possible that chexsystems will allow
the disputed claim to creep back on to your report. You will want to have an
account opened by then. Some banks check chexsystems within the first 30 days
of an account being opened. You would not want to take the chance of your
account being closed
If the date of the listing from a credit agency is incorrect
The FTC website just won a Civil Penalty against a collection agency for violation of
the FCRA. Include a copy of this article in your letter to the agency. NCO Group to
Pay Largest FCRA Civil Penalty to Date.
NON CHEXSYSTEMS BANKS
FSNB
www.fsnb.com
(800) 749-4583 ask for new accounts
FSNB is now open to anyone regardless of your location. Take advantage of this
while you can. It may not last.
They DO have online banking/access, however you have to call them and ask for
new accounts. Tell them that you wish to open a checking account. They will send
an application to you.
You will probably get an ATM debit card at first, good at any ATM for cash
withdrawal. After 4 months, you will be eligible for the Visa debit card.
**If you set up DIRECT DEPOSIT, after your second deposit hits, call them up and
ask them to send you a VISA debit card.
Also if you have direct deposit with them, you can get an advance for a $14 fee. It’s
called a temporary overdraft.
*No credit checks
*No applications
They give you an advance, up the lowest of your last 2 deposits for a $14 fee.
USAA FEDERAL SAVINGS BANK
www.usaa.com
USAA uses Tele check not Chex Systems.
Anyone can get an account with USAA. This is an internet bank. You do not have to
be in the military to get an account with USAA. Simply call them and tell them you
need a membership number to get a checking account. If you can give them the
initial deposit of $50 over the phone using a credit card, they will have your account up and running in 2 days. Some have been known to get their checks and Visa
debit cards in under a week!
They also send you postage paid envelopes for deposits. There are cash back
rebates made on all purchases made as a credit card purchase.
SAMPLE CHEXSYSTEMS DISPUTE OF ANY NON-ACCURATE ITEM
Note: Be sure to enclose photocopies of any and all evidence that can help support your dispute.
DO NOT send any original documents, photocopies only.
Your full name
Your address
City, State Zip Code
Date
Your social security number
ChexSystems
Customer Relations
12005 Ford Road Suite 600
Dallas, TX 75234
Dear ChexSystems:
I have received a copy of my ChexSystems report, and I am writing to notify you that the following information is incorrect:
Bank Name
Date
[Indicate: wrong amount, wrong date, this is not your credit line, you do not have a credit listing with this bank, this account was paid off, the dates are wrong, or other reasons you would like this listing verified.]
[Itemize: each correction using the same format]
Based on this, please delete this information and send written confirmation that you have done so to the address above.
Thank you for your assistance.
Sincerely,
Your full name signed here
Your printed full name here
SAMPLE CHEXSYSTEMS DISPUTE FOR 30-DAY TIME EXPIRED
Note: Be sure to enclose photocopies of any and all evidence that can help support your dispute, such as the registered letter confirmation receipt from your first letter. DO I\JOT send any original documents, photocopies only.
Your full name
Your address
City, State Zip Code
Date
Your social security number
ChexSystems
Customer Relations
12005 Ford Road Suite 600
Dallas, TX 75234
Dear ChexSystems:
In a letter dated [Insert: date of first letter], I requested that you correct the following information
in my ChexSystems report:
[List: errors indicated in first letter]
To date, I have not received confirmation that you have done so.
As 30 days have now passed, this letter is my formal demand to be removed from the ChexSystems database. Please note that your failure to do so violates the Fair Credit Reporting Act.
Please immediately send confirmation of the deletion to the address above.
If I do not hear from you within ten business days, I am prepared to take legal action to remedy the situation.
Thank you for your assistance.
Sincerely,
Your full name signed here
Your printed full name here
SAMPLE CHEXSYSTEMS 1S-DAY METHOD OF VERIFICATION REQUEST
Note: Be sure to enclose photocopies of any and all evidence that can help support your dispute, such as the registered letter confirmation receipt from your first letter. DO NOT send any original documents, photocopies only.
Your full name
Your address
City, State Zip Code
ChexSystems
Customer Relations
12005 Ford Road Suite 600
Dallas, TX 75234
Date
RE: Consumer 10 # [your consumer 10 # here]
Dear Consumer Relations Dept.:
I am writing in response to your claim that [Name of Bank] has confirmed my unpaid debt. Please note that you have again failed to provide me a copy of the evidence submitted to you by this bank.
I request that you provide me a description of the procedure you used to determine the accuracy and completeness of the bank's information. Please send this information to me within fifteen (15) days of the completion of your reinvestigation. In addition, please provide the name, address, and telephone number of each person you contacted at [Name of Bank] regarding my alleged account.
I also request a copy of any documents submitted to you by [Name of Bank] which bear my signature and show that I have a legally binding contractual obligation to pay them.
Be aware that this is my final goodwill attempt to have this matter resolved. As it now stands, the information you have presented to me is inaccurate and incomplete and represents a serious error in your reporting.
It is my understanding that your continued failure to comply with federal regulations can be investigated by the Federal Trade Commission (see 15 USC Section 41). For this reason, I am maintaining a careful record of my communications with you should I need to file a complaint with the FTC and the state of [your state] Attorney General's office.
If you do not respond within 10 business days, I am prepared to take legal action against your company for causes of action including, but not limited to, defamation, fraud and violations under the Fair Credit Reporting Act.
Sincerely,
Your Name (printed or typed, not signed)
Your social security number
SAMPLE DISPUTE TO THE
FURNISHER OF INFORMATION
Instructions: Complete and mail this form by certified letter to the bank that has reported you to ChexSystems.
Note: Be sure to enclose photocopies of any and all evidence that can help support your dispute, such as the registered letter confirmation receipt from Form 1. DO NOT send any original documents, photocopies only.
Your full name
Your address
City, State Zip Code
Name and Address of original bank
Date
RE: Acct # [insert your account number here]
To Whom It May Concern:
I am writing regarding the unpaid debt on account # [insert your account number here], which I dispute.
According to the Fair Debt Collection Practices Act, I am requesting "validation," or competent evidence that bears my signature and shows I have some contractual obligation to pay you. Please be aware that any negative mark on my credit report (which includes ChexSystems credit report) for a debt I don't owe is in violation of the Fair Credit Reporting Act (FCRA).
Therefore, if you cannot validate the debt, you must request that all credit reporting agencies delete the entry. In addition, until I have received and reviewed any evidence you provide me, I ask that you take no action that might damage my credit reports.
If the debt described above has been resolved, I ask that you remove, or have removed, any derogatory marks from my credit reports per the FCRA and send me confirmation that you have done so.
Please note that if you fail to respond within 30 days of receipt of this certified letter, I am prepared to take legal action against your company for causes of action including, but not limited to, defamation, fraud and violations under the Fair Credit Reporting Act.
By sending this letter, I am disputing both the validity of the alleged debt and the validity of your claims. This is my attempt to correct your records. Please be aware that any information I receive from you will be collected as evidence should any further action be necessary.
Best regards,
Your full name signed here
Your printed full name here
How to Drop Off the Grid
How Secure Is Your Phone Privacy?
Your text and phone records can be seen in more ways than you might know. We'll divide the people who can see them into three categories:
1) Your phone company and affiliates– your service provider and their business partners.
2) Government agencies– federal agencies like the Federal Bureau of Intelligence (FBI) and the National Security Agency (NSA), local-level agencies like the police department.
3) Third party persons– anyone that accidentally or knowingly seeks your phone and text records. This includes family, friends, employers, and prospective thieves.
What does a phone record include? For clarity, a "record" in this section is the same thing as a "call log" or a "text log." A "phone record" typically includes: date, time, sender geographic location, recipient phone number, recipient geographic location, and duration of call. A "text record" includes: date, time, and recipient phone number.
Your Phone Company and affiliates—
Of course they have your phone and text records. The real issue here is: who are they sharing them with? Well, if it's an affiliate company, such as the paper printing company they outsourced your bill printing to, then that affiliate will have your information. Good news: that affiliate has to put the same protection standards on your information that the parent company does.
Generally speaking though, phone and text records are considered Consumer Proprietary Network Information (CPNI). This is essentially their "top shelf" data with the most safeguards. This is a highly regulated area of the industry.
Don't expect CPNI information to be sold by them with identifying information about you. That is, they may "sanitize" the data and remove any personally identifying information to sell it to a third party (for example, a market analysis firm). The good news here is, again, this is highly regulated by law—the phone company must always allow for the consumer to "opt-out" of this type of information transfer. Now this "opt-out" may be in the fine print of a user agreement: as simple as a box you check (or don't check), a verbal "yes," or no response to an approval announcement. Click here for more details.
So keep an eye out, if you tell your phone company or anyone that they cannot sell your information; then they absolutely can't. (Unless it's directory information or public information, then they might as well. But it can be unlisted.)
Historically, your phone company must submit all of your call and text records if subpoenaed by a government agency. Your phone company's cooperation is a must or else they get stiff fines and charges brought against them.
Government Agencies—
Historically, if you are involved in a lawsuit or if some lawsuit involves your phone and text records... then they will be handed over to the appropriate court. If you are part of an investigation, then a law agency can obtain your records.
The FBI and NSA can subpoena the phone company for phone records without a prior warrant or any obvious reason as a result of the 2001 Patriot Act . The pretense here is to "aide in the halting of terrorism." They can also wire tap, but that's covered in our eavesdropping section.
The reason the Patriot Act raises so many eyebrows is because it makes it illegal for any phone company that has delivered records to a security agency to make it publicly known or even discuss it. That is a big red flag for the potential abuse of civil liberties to a lot of people.
Third party persons–
Third parties—whether your family members, friends, or prospective thieves—aren't supposed to have access to your information. The only real exception is an employer who issued you a company phone; they have the right to make sure you are not abusing company resources.
SCANDAL!: Until just a year ago, many companies were supplying call and text records on anyone! For less than a hundred dollars, these companies would use illegal tactics to gain these records. Tactics included calling the phone companies impersonating the actual phone customer, and requesting phone records (under the pretense they had been lost in the mail).
The issue gained national attention when a
Other scandals include international breaches of security. Basically, other countries don't have the privacy laws that we do in the U.S. Entire U.S. customer databases are speculated to have been sold by out-source companies in
In 2005, the Electronic Privacy Information Center (EPIC) counted 40 companies that were illegally selling phone records.
Some companies are still advertising call and text records online even though it is illegal! They are breaking the law.
How can another person access my text/call records?
Some very real considerations...
1) Spyware- They can plant spyware on your phone. Smartphone security is far from perfect. Smartphones or any phone with an operating system (e.g. BlackBerry, iPhone), really need to be considered as small PCs. This way even if they weren't receiving your bills or accessing your account, they could have a tracker summary of your calls and text sent to a third party computer. Some services can actually record all of your calls and store them as a file on some third party computer.
2) Paper trails- Don't forget about old fashioned paper in this new tech age. Please consider who has access to your phone bills. They deliver the same amount of information as if a person called the customer service center and asked questions. So do you trust your housemates? Does your mailbox have a lock on it or is it open to the public? Even if you are shredding your mail: mix it or use a "confetti" shredder.
3) At the workplace- Your employer has access to all the calls you make with a work phone. For a cellular, they will get the call record at the end of the month. Also, the can legally plant spyware to see who you're calling. They can even use a GPS system to track you.
Pen registers: For landlines on a phone network, your employer can use a pen register. A pen register allows the employer to see a list of phone numbers dialed by your extension and the length of each call. This information may be used to evaluate the amount of time spent by employees with clients.
Summary: Government security agencies and your phone company have lawful access to your phone and text records. Third party persons cannot obtain them legally but may do so with available tools in the marketplace, or through old fashioned snooping & stealing.
Know your rights
Phone Company: The security and dissemination of customer information is regulated by the Fair Credit Reporting Act (FCRA). To learn more, please follow this link: http://en.wikipedia.org/wiki/Fair_Credit_Reporting_Act
Government:
The National Security Agency can wiretap and seize records without warrant Patriot Act (Title II, Sections 200, 202, 206, 209) for lawful processes.
- 200- Authority to intercept wire, oral, and electronic communications relating to terrorism.
- 202- Authority to intercept wire, oral, and electronic communications relating to computer fraud and abuse offenses.
- 206- Roving surveillance authority under The Foreign Intelligence Surveillance Act of 1978.
- 209- Seizure of voice-mail messages pursuant to warrants.
Third party (person): A third party may not gain access to your phone and text records in a non-professional manner.
Solutions
- Use the solutions under "Phone Companies"
- You can minimize your paper trail for your monthly statements by switching to E-billing.
- If you have a mailbox, make sure it has a lock on it (many mail boxes in residential areas still don't have locks on them).
- Shred your mail with a confetti shredder.
Phone Companies and Your Information
Companies with your personal and non-personal information make them available to other companies everyday.
The Truth is: there are probably plenty of companies out there with your phone number. Entire companies make their living by continually collecting information on people. An extra name is an extra dollar. It sounds crazy, but that's how it is.
The second part the Truth is: there is too much money being made on the spread of people's information for it to ever change on a national scale. Billions of dollars are transferred each year in information brokering.
Just consider that information brokering—information on people, their purchasing, and their lifestyle habits—fuels the direct marketing industry, the purchasing trend analysis industry, the background check industry, health insurance underwriting... and the list just goes on and on.
The good news is that you—as the individual—can control to a great extent who uses or doesn't use your information. But on a national level, don't expect things to change drastically anytime soon.
And if you are reading this, you are a member of a small and intelligent part of the population that can see there is potential for abuse in the spread of all this information and you want to be informed of your options.
Some background: There are two main categories of information through telephone companies: Consumer Proprietary Network Information (CPNI) and directory information.
Included under the umbrella of CPNI are: destination, quantity, and duration of phone calls, product use, and calling patterns. Most phone companies are explicit about not selling CPNI information to third parties (although this data is used for in-house research and may be given to affiliate companies).
Most phone companies appear to sell directory information (by not explicitly stating that they don't—you must read between the lines to derive that). Directory information includes your name, address, and phone number. Remember, in a public directory, you may choose to have your information listed or unlisted.
Additionally, there may be other information sold about you (termed Personally Identifiable Information which may be a mixture of sanitized CPNI and directory information), but because of several laws, the company must always warn the customer, and allow them to "opt-out" of it.
Know your rights
- You have the right to "opt-out" of a company selling your information under the Fair Credit Reporting Act and Gramm, Leach, Bliley Act.
- You have the right to have your phone number listed or unlisted in public directories.
Solutions
If you are okay with your phone company selling your phone number and information: Sit back and enjoy life.
If you want to prevent your phone company from selling your phone number: Search for the "opt-out" box!
- Be aware every time you sign up with a new company or service that they may sell your information to third parties. This includes non-phone companies for whom you fill out a profile. Always search for the "opt-out" box in everything you sign from every company. Each additional offer or service you add with the company may include another "opt-out" box, which if not checked, would over-rule the first.
- Be aware. Here is an example of a large phone company's privacy policy:
"[Company Name] will not disclose personal information other than in accordance with this Policy. In general, that means that you must consent to the disclosure in advance. Depending on the service, we may obtain your consent in a number of ways, including:
* In writing;
* Verbally;
* Online by clicking a button;
* Through the use of a dialing string or button on a wireless device or handset; or
* At the time of initiation of a particular service offering, when your consent is part of the required terms and conditions to use that service.
For example, your consent to disclose personal information can be implied simply by the nature of your request, such as when you ask us to deliver an email or short message to another person. Your return address is disclosed as part of the service and your consent to do so is implied by your use of the service. To determine how personal information may be disclosed as part of a particular service, you should review the terms and conditions of use for that service."
So basically, what this is saying is that the phone company won't give out information unless you give consent: but you can give consent in all of these hard-to-stay-on-top-of ways!
If you wish to address the currently circulating information about yourself, you need to contact the large data aggregators about the use.
Your Phone Number in Public Databases -- and How To Remove It
It's easy to feel like you have no control over your information when so many companies or people seemingly have it at their fingertips. With the digitization of records and technology, information can be transferred and stored with ease. This is a major concern for the future of privacy and civil liberties.
That said, it's a huge trend and it doesn't make sense to fight directly against any strong current. It does make sense to keep a good strategy; stay updated on information and technology to help make the best decisions. That's to say knowing the tide times and having a floatation device can really be very useful.
There are tons of companies out there with your information. Gathering information on people is a multi-billion dollar industry. Entire companies make their living by continually collecting information on people.
Let's just name a few of these data companies so you get an idea: Acxiom, Intelius, Ameridex, People Data, People Finders, SwitchBoard,
You can control to a great extent who uses or doesn't use your information.
It's important to note that certain information typically called directory information—including your name, address, and phone number—will always be made available. With directory information you can keep it unlisted or listed in a public directory. Other forms of personally identifiable information may also be sold from company to company. The good news is that the customer (you!) must consent to these transactions. To learn more, click here.
Our strategy: Minimize your circulating information.
So do you want to remove your phone number and other information from record databases? It would take you hours to research all the companies that have your information and even more time to follow through with their "opt-out" policies.
Lucky for you, we've already done it...
Know your rights
- You have the right to "opt-out" of a company selling your information under the Fair Credit Reporting Act and Gramm, Leach, Bliley Act.
Solutions
Please keep in mind that because of certain government rules, laws, and the sensitivity of some of your information, no third party including our company, can fully opt-you-out of all these companies' databases. The individual must opt themselves out.
We are aware of that some of the information on this site doesn't always pertain to you specifically removing your phone number. These methods help at getting to the root of the problem (and phone numbers just happen to be a big part of that root).
To view a list of the data brokers and public record aggregators, along with complete instructions for opting out, click here.
Eavesdropping -- An Invasion of Your Privacy
Purposely listening to another's private conversation is eavesdropping. Eavesdropping can be illegal. It is an invasion of privacy. That said, it might happen more often than you think. Also, there are a growing number of technologies that enable eavesdropping.
At worst people who eavesdrop may be paranoid, obsessed, or criminal. But it does happen, so we want to share what we know with you.
In this section we will consider third parties listening to landline phone conversations at home, in public, and in the workplace. A third party is anyone who is not the intended sender or recipient of a phone communication.
How might someone eavesdrop lawfully/unlawfully?
1.) Your Phone Company and affiliates. They don't have any purpose to eavesdrop on your conversations and it's against most companies' policies. It is important to note that the phone company is required by law to cooperate with government agencies who request to access your communications.
2.) Government agencies. This includes federal agencies like the Federal Bureau of Investigation (FBI) and the National Security Agency (NSA), as well as local-level agencies like the police department.
Normally, before a wiretap can be placed by any agency, a court order must be issued by a judge who must conclude, based on an affidavit submitted by the government, that there is probable cause to believe that a crime has been, is being, or is about to be committed.
This authority is used to prevent as well as punish crimes. That is, the government can wiretap in advance of a crime being carried out, where the wiretap is used to identify planning and conspiratorial activities. It has been reported that judges almost never deny government requests for wiretap orders.
Government agencies are able to place roaming wiretaps without warrant under the Patriot Act. This essentially allows for a brief period of wiretaps without warrant. Sounds crazy, right? Well, it's true.
3.) Third party persons. This is anyone that accidentally or knowingly seeks to eavesdrop on your communications. This includes family, friends, employers, and prospective thieves. If the third party is not part of the conversation (neither sender nor intended recipient), then they cannot eavesdrop on a communication.
Laws regarding second party (one of the people talking on the phone) call recording or tapping consent vary from state to state. In some states, the tapping or recording party must get consent from the other person on the phone. In some states, you can record or tap without the other person's knowledge.
The Technology:
Radio Taps:
Radio taps include the traditional "bug" seen in the movies that fits on a telephone line: on the phone inside the house or outside on the phone line. It may produce noise (a slight signal feedback on the monitored line due to poorly made equipment). These devices tend to be low-powered because the drain on the line would become too great. As a result, the receiver is usually located within a radius of 1 mile (You know... in the movies, with the detectives sitting outside in a van eating donuts). Law agencies do not usually use this technique because they have access via the "telephone exchange" (at the actual telephone company).
Radio Scanners: Specifically a concern for cordless landlines. These devices pick up the full range of wireless transmissions from emergency and law enforcement agencies, aircraft, mobile systems, weather reports, utilities maintenance services, and more.
As a rule of thumb: the newer your wireless phone is, the harder it is to eavesdrop on. The older analog cordless phones can be picked up with something as simple as a baby monitor. Earlier digital phones that only use one channel for transmission can easily be eavesdropped on.
Newer digital cordless phones transmit over multiple channels and often use Digital Spread Spectrum (DSS). DSS typically uses frequency hopping to spread the audio signal over a much wider range of frequencies in a pseudo random way.
Direct Line Taps:
Direct line taps include tapping via the actual "telephone exchange" at the phone company. Another possibility is the splicing or tapping of the subscriber's phone line near the house. The tap can either involve a direct electrical connection to the line using a Butt set, a Beige box (phreaking), or an induction coil. An induction coil is typically placed underneath the base of a telephone or on the back of a telephone handset to pick up the signal inductively. Direct taps sometimes require regular maintenance—either to change tapes or replace batteries—which decrease their utility.
Speaker Taps:
Anywhere there is a speaker (active or inactive), a tap can be set up by using amplification devices to transmit a conversation. This includes speakers on answering machines as well as those on cell phones.
Did you know?: That up until fairly recently, cell phones were not allowed in any top secret government meetings because of speaker tapping possibilities.
Recording the conversation:
The traditional way: The person making/receiving the call records the conversation using a coil tap ('telephone pickup coil') attached to the ear-piece, or they fit an in-line tap with a recording output. Both of these are easily available through electrical shops.
Much more common now-a-days and increasingly popular is recording software. Typically these devices link the phone up to the computer and save the conversation as a sound file. Many journalists use this technique in their profession.
Did you know?: Under United States federal law and many state laws there is nothing illegal about one of the parties recording the conversation or giving permission for calls to be recorded without the other person's knowledge.
In public:
Don't forget about traditional eavesdropping techniques like lip reading if you're discussing information you consider to be extremely private.
Eavesdropping at work:
A recent study from the American Management Association (AMA ) found:
"The number of employers who monitor the amount of time employees spend on the phone and track the numbers called has jumped to 51%, up from 9% in 2001. The percentage of companies that tape phone conversations has also grown in the past four years. Far fewer employers monitor employees' voice mail messages, with 15% reporting that they tape or review voice mail. Employers are notifying employees that their phone conversations are being monitored. Of those organizations that engage in monitoring and surveillance activities, 78% notify employees when they monitor time spent and numbers called; 86% alert employees when their conversations are being taped; and among the 15% who tape and review voice mail, 76% notify employees that they are monitoring. To help manage employees' telephone use, employers apply a combination of policy and discipline."
So, in reality there is a good chance that you are being fairly closely-monitored while you are at work. The good news is that your employer most likely notified you of the surveillance techniques they do use.
Know your rights
Telecom Privacy Laws:
Title 18. Crimes and criminal procedure Part I—Crimes Chapter 119-Wire and Electronic Communications Interception and Interception of Oral Communications:
"one has a right of privacy for contents of telephone conversations, telegraph messages, or electronic data by wire." 18 USC § 2510 et seq.
Title 47. Unauthorized Publication or Use of Communications:
"one has a right of privacy for contents of radio messages." 47 USC §605
Wiretapping Laws:
(1) The Federal Wiretap Act, sometimes referred to as Title III, was adopted in 1968 and expanded in 1986. It sets procedures for court authorization of real-time surveillance of all kinds of electronic communications, including voice, e-mail, fax, and Internet, in criminal investigations. It normally requires, before a wiretap can commence, a court order issued by a judge who must conclude, based on an affidavit submitted by the government, that there is probable cause to believe that a crime has been, is being, or is about to be committed. Terrorist bombings, hijackings and other violent activities are crimes for which wiretaps can be ordered. (The PATRIOT Act expanded the list of criminal statutes for which wiretaps can be ordered.) This authority is used to prevent as well as punish crimes: government can wiretap in advance of a crime being carried out, where the wiretap is used to identify planning and conspiratorial activities. Judges almost never deny government requests for wiretap orders.
(2) The Foreign Intelligence Surveillance Act of 1978 allows wiretapping of aliens and citizens in the
(3) The Patriot Act – Allows for "roaming" taps. Under Title III, the government has "roving tap" authority, meaning that it can get a court order that does not name a specific telephone line or e-mail account but allows the government to tap any phone line, cell phone, or Internet account that a suspect uses. This authority was initially adopted in 1986 and was substantially broadened in 1999. The PATRIOT Act added roving tap authority to FISA. Roving taps are relatively rare.
The National Security Agency can wiretap and seize records without warrant Patriot Act (Title II, Sections 200, 202, 206, 209) for lawful processes.
- 200- Authority to intercept wire, oral, and electronic communications relating to terrorism.
- 202- Authority to intercept wire, oral, and electronic communications relating to computer fraud and abuse offenses.
- 206- Roving surveillance authority under The Foreign Intelligence Surveillance Act of 1978.
- 209- Seizure of voice-mail messages pursuant to warrants.
(4)
Important: State Second & Third Party Laws at: http://www.rcfp.org/taping/
Solutions
- If you are concerned with phone tapping, your phone should be regularly inspected for new joints, or small wires connected to the line.
- Update your cordless phone. Buy a phone that operates on multiple channels and read into the security features.
- Minimize private conversations in public places.
- Don't forget that if multiple phones exist connecting to the same line, a functional tap already exists.
- Be cognizant of who you're speaking to on the phone and consider if they would allow eavesdropping for any reason.
- Listing for EM "feedback" while on the phone. It is a sign of cheap tapping equipment.
Harassing Phone Calls
Harassing callers can be a real nuisance. These communications can originate from another person, a debt collector, or a telemarketer.
Phone harassment is generally any communication over a phone (land or cell) that is aggressive, unnecessary, disturbing, or vulgar in nature, which makes you feel uncomfortable or even in danger. For specific definitions, see the "Know your rights" section below.
As the severity of harassment increases, the level of penalty and crime increases.
Debt Collectors: operate with a well-established framework. For example:
- A debt collector, by law cannot call "repeatedly or continuously with intent to annoy, abuse, or harass any person at the called number."
- They must also respect a person's right to not be called by them. While this doesn't negate potential debt, it does stop them from contacting you.
- Debt collectors also may not use abusive language including religious slurs, profanity, obscenity, calling the consumer a "liar" or a "deadbeat." The use of racial or sexual epithets is prohibited.
To read more about Debt Collector practices, click here.
Telemarketers: if you believe you are being harassed by a telemarketer, please view our "Telemarketers" section.
Caller-ID changing services: there are some services in the market that will mask a caller's source phone number, or even allow them to input a chosen fake source phone number. Sound kind of shady? Like the premise for a Scream 6 movie? You're right, it sure does.
The good news is that Congress is currently working on a law that would make it illegal to modify caller ID information with the intent to "defraud or harass another person, or to use another person's caller ID information without consent."
So basically, this law will not take ID changing technology off the market, but it will create criminal consequences for people who misuse the technology. The law would not make "joke" or "prank" calls illegal, as long as they don't include the caller assuming someone else's phone number.
Know your rights
- Under the United States Code Title 18 Subsection 1514(c)1 harassment is defined as "a course of conduct directed at a specific person that causes substantial emotional distress in such a person and serves no legitimate purpose."
- The Modern Penal Code section defines harassment as a petty misdemeanor if the purpose is to harass another, he: 1) makes a phone call without a legitimate purpose; or 2) insults, taunts or challenges another in a manner likely to provoke violent or disorderly response; or 3) calls at inconvenient hours or in offensive language; or 4) subjects another to offensive touching; or 5) engages in any other course of alarming conduct serving no legitimate purpose of the actor.
- To learn more about the Act that makes masking your caller ID illegal, check out the Preventing Harassment Through Outbound Number Enforcement Act (H.R. 740 ) at: http://www.govtrack.us/congress/bill.xpd?bill=h109-5304
There is another bill that is very similar H.R. 251 the Truth In Caller ID Act at: http://www.govtrack.us/congress/bill.xpd?bill=h110-251
- There are many state anti-cell stalking and harassment laws:
http://www.ncsl.org/programs/lis/cip/stalk99.htm
- Debt collection: Most collection rules are established under the 1996 Fair Debt Collection Practices Act. If you would like to learn more, please visit:
http://www.ftc.gov/bcp/conline/pubs/credit/fdc.shtm
Solutions
- First thing's first: If you are getting calls from a harassing caller, ensure your safety.
Nothing is more important than your safety. Don't hesitate to contact your local authorities if you feel seriously threatened, even if the harassing call is not recurring.* Provide as much information to law enforcement as you can:
Indicate the gender of the caller and describe the caller's voice. Note the time and date of the call(s). What did the caller say? How old did he/she sound? Did the caller seem intoxicated? Did he/she have an accent or speech impediment? Was there any background noise?
- Tools from your telephone company: Purchase a caller ID feature. Make note of your harasser's telephone number.
If it's a blocked number, try setting up an "anonymous call rejection" feature. This doesn't allow blocked numbers to call without first identifying themselves.
Other services offered by phone companies include running a "trap" (you keep track of the call times of harassing callers, the company tracks the number) or within local service areas many companies offer a "call trace" (e.g. *57 to call last caller).
- In you own hands:
- Is your number is in a public directory or "listed"? Take it off.
- Reverse phone lookup: If it's an annoying caller rather than a threatening one, you can do a reverse phone lookup.
If you don't think the harassing calls are malicious, try calling the number and discussing it with the owner. Perhaps it's a cell phone where the key locks off. Perhaps an annoying pre-teen game at a sleepover (who can say they didn't do that when they were a kid? Oh you? Okay.).
A reverse phone look up will allow you to find out the owner of a phone number (perhaps some parents at that pre-teen sleepover!) or their phone company (often the case with cell phones).
- Consider using developing technology against them. Numerous products will allow you to record telephone conversations as a digital file on your computer. Run a Google search query for "telephone conversation recording" or "phone call to PC" and plenty of these products will come up.
- Telemarketers: If you believe you are being harassed by a telemarketer, please view our "Telemarketers" section.
Interrupting Telemarketers
Telemarketing is a huge industry and can be a huge interruption to you. If you've ever been bothered by a troublesome telemarketer, well... you're probably reading this right now.
A telemarketer is anyone who engages in direct marketing where a salesperson or automated voice uses the telephone to solicit prospective customers to buy products or services. Telemarketers may call landlines or cell phones, but are limited in their use of cell phones because they cannot lawfully use auto-dialers to call cell phones.
The good news is that there are ways to prevent telemarketers from calling you. The best tool is the Do Not Call Registry.
Solutions
- The single most useful tool to prevent telemarketers from calling you is placing your number on the Do Not Call Registry. You can place your cell phone and/or landline number on the list in one of two ways:
1) visit https://www.donotcall.gov/default.aspx and be sure to acknowledge the confirmation email
2) call (888) 382-1222 and follow their directions
All persons with a
- Did you know?: the Do Not Call Registry applies to telemarketers but not to pollsters, politicians, and nonprofit organizations.
- What if I only want to limit calls from some companies?
If you generally want to receive telemarketing calls, but not from some specific companies, you can write those companies or verbally indicate when they call that you do not wish to hear from them. They must respect your request.
The Federal Communication Commission (FCC) requires a person or entity placing voice telephone solicitations to your home to maintain a record of your direct request not to receive future telephone solicitations from that person or entity. A record of your do-not-call request must be maintained for 5 years at the calling company.
- What if I only want calls from a handful of companies?
You can add yourself to the registry, and then specifically write the companies that you wish to hear from. They will be able to call with product opportunities legally.
- To make a complaint: If your number has been on the National Do Not Call Registry for at least 31 days and you receive a call from a telemarketer, you can file a complaint at the registry's website or by calling the registry's toll-free number at 1-888-382-1222 (for TTY, call 1-866-290-4236).
Remember: To file a complaint, you must know either the name or telephone number of the company that called you, and the date the company called you.
Did you know?: If you are on the Do Not Call Registry, and purchase something from a company, their telemarketers can call you...
- One last very helpful option: Get a caller ID. Don't pick up calls from anonymous callers.
Know your rights
The Do Not Call Registry is run by the Federal Trade Commission (FTC). To read more about it as well as the Telephone Consumer Protection Act of 1991 (TCPA), please visit: http://www.fcc.gov/cgb/consumerfacts/tcpa.html
Cell Phone Tracking?
Can someone track you from your cell phone? Absolutely.
Cell phone networks have been designed to identify locations of cellular users since the late 1990's. This was part of a federal mandate to help find citizens in emergency situations and has already saved many lives. At the same time, it introduces a potential tool for invasion of privacy.
More importantly, Global Positioning System (GPS) technology has flooded the market in recent years creating a much more realistic concern. These GPS Trackers (uLocate Trackem, Whereify Wireless) allow a third party to physically install software or a chip on your cell phone and then monitor your geographic location from any PC with complimentary software. More specifically, some programs will not only allow for mapping of location, but will create a real time map or a summary of your movement including stop duration, etc...
The GPS Tracker feature is becoming increasingly common in the market, as a safety feature for individuals wishing to know the whereabouts of their children, partner, or family members.
Again, as a safety feature or as a tool of convenience GPS technology is truly useful. However, it introduces a real tool for the invasion of privacy.
Because technology often develops faster than government legislation and laws that protect a population, many of these concerns realistically lie in a "gray" area with little judicial precedent.
Privacy and Employers:
In a recent American Management Association (AMA) study, employers have been slow to adopt emerging monitoring/surveillance technologies to help track employee productivity and movement. Employers who use Assisted Global Positioning or Global Positioning Systems satellite technology are in the minority, with only 5% using GPS to monitor cell phones; 8% using GPS to track company vehicles; and 8% using GPS to monitor employee ID/Smartcards.
Did you know? If you have a company-issued telephone, it is possible there is GPS Tracker software pre-installed. They could be monitoring your locations during and after work. Your consent would be implicit in you working for them and accepting a company issued phone.
A future source of concern: Radio Frequency Identification (RFID) technology is an emerging tool in the market. The technology allows for a second device, an RFID reader, to read an RFID chip. This chip may contain different types of information.
For example, many manufacturers are currently using RFID technology to keep track of vast amounts of inventory. They use it to help ensure they are never under-stocked and packages are sent to customers.
A more concerning example: The U.S. government is currently researching RFID-embedded passports and driver's licenses. Information regarding your citizenship or your DMV information would presumably be included and readable. The largest current obstacle with use of RFID technology is ensuring security of information. That is, minimizing the likelihood of an ID thief being able to use a RFID reader to steal your personal information.
The good news: realistically, RFID’s aren't of real concern yet. Use on government issued identifications appears to be a few years away. Also, current RFID scanners only have a range of a few feet. The most powerful commercially available is about 300 feet (100 meters).
Know your rights
The law that enables cellular tracking for emergency situations is called: "E911" or Enhanced 911 Wireless Services. It was created by the FCC.
For more information, please visit:
Solutions
Realistically, there is little you can do avoid the Enhanced 911 Wireless Service law. You always have the option of turning off or not carrying your cell phone with you.
You can minimize the threat of a third-party using your cellular phone to track you by:
- Monitoring any new or unknown software on your phone. If there's something new or unknown, research it. Although some spyware will not show up as a program on the phone, some still will.
- Monitoring any new or unknown hardware on your computer. If it's a physical GPS tracker, check under the battery cover or in the "nooks and crannies" of the phone.
- Check with your phone service provider if your account is set up with a tracker/monitor feature. Perhaps a spouse who has access to the account (or manages the finances) set it up, or a third party impersonated you to add the feature to the account.
- If you think someone is interested in tracking you, don't physically leave your phone for too long. These programs need arm's reach installation to get onto your phone.
- If you think a loved one or friend is interested in tracking you: try talking to them about whatever issues pertain to them possibly wishing to track you! Good communication = peace of mind.
- In regards to a work phone, leave the phone at home when you're not "on-call."
- Turn your phone off (This will not work for GPS hardware, only software!).
Opt Out -- An Intro
Opting out of all the databases in which your private information is stored will take about half an hour. Following the guidelines provided on the Opt Out pages, you will have the opportunity to opt yourself out of up to 44 databases (your information may not be in all of them).
These are the databases you can be opted out of through our site:
DATA BROKER (26 total)
1) Acxiom
2) Ameridex
3) People Data
4) Zoominfo
5) Address.com
6) FoneCart (also InfoUSA)
7) Super Pages by Verizon
8) Phone Number (also Whitepages.com)
9) Instant People Finders
10) PeopleFinders
11) PrivateEye
12) Public Records Now
13) Reunion.com
14) US Search
15) USA People Search
16) Veromi
17) ZabaTools
18) Harris Digital Publishing
19) Intelius (also owns several subsidiary brands)
DIRECT MARKETING (6 total)
1) Abicus
2) Aristotle / Voter Lists Online
3) Enformion
4) 555-1212.com
5) ChoicePoint Direct Marketing
6) Dex Media
DIRECTORY (12 total)
1) Switchboard
2) AnyWho by AT&T
3) Switchboard (also Dogpile)
4) MetaCrawler (also WebCrawler and Infospace)
5) Google PhoneBook
6) DA Plus aka Directory Assistance Plus
7) Super Pages by Verizon
Some companies are double listed (e.g. Yellowbook.com and Worldpages.com). That's because when you opt out of the database through one company, the other can no longer access it. This is typically due to the two companies being close affiliates, one being a subsidiary, or one company contracting the use of another's database.
Opt Out - Via Email
First, copy the following email addresses and paste them into the "to" field in a new email.
Tip: If you put these addresses in the "bcc" (rather than "to" or "cc") on your email, they can't see that you're sending the same information to other companies as well.
Next, copy and paste this email template into the body of your email. Then change all the information in the brackets to fit your situation.
For example, change [YOUR NAME] to your actual name. Now do the same for: [Address], [Past addresses], [Email], [Phone Number], and [Date of Birth]. When you are finished with that, look over your information and send the message out.
One last step: Don't forget the header of the email. Use "Delete Me from Your Database" as your header.
CONGRATULATIONS! You've just deleted your information from many of the largest data providers!
Opt Out - Via Online Databases
You can't get out of ALL the major databases with email requests. In fact, some of the most important databases won't even read your email. Lucky for you, we'll take the time to walk you through every website that allows you to opt out online.
With any of these websites, if you search your name or phone number and nothing returns, then you are not in their database (that's a good thing).
However, if you do find your information, the following databases are available online to remove your information from being sourced to other providers.
| Company Name | Website | Information Required of Customer |
| 555-1212.com | Full name, telephone number, address, email address | |
| Address.com | Removal reason, first name, last name, e-mail address, country, phone | |
| AnyWho by AT&T | First, you need to find out online if the number is in the database. ; then you can call to remove the number (you need to call from the phone number, and the call cannot be blocked - *82) If your number was on the Anywho by AT&T database, you will need to call them from the phone number you want removed. You need to call from the same number that you want removed and you need to have your call blocking off (you can do this by pressing *82). | |
| Acxiom | Select "US Consumer Opt Out" at this link. Fill out the form on the site and they will mail you an opt out statement. | |
| ChoicePoint Direct Marketing | Name, address, email address, phone. Allows opt out of email, phone, and mail solicitation [check the box(es) of what you want] | |
| DA Plus aka Directory Assistance Plus | First name, middle initial, last name, address, phone number | |
| FoneCart / InfoUSA | Full name, address, phone number. | |
| Google PhoneBook | Name, city, state, check box for removal reason | |
| Switchboard / Dogpile White Pages | Removal reason, first name, last name, email address, address, and phone number | |
| MetaCrawler / WebCrawlers / InfoSpace White Pages | Perform the search first. If you have a listing, click on the name then click the Update / Remove link to the right of the listing. IMPORTANT: After you fill out your information, click the "REMOVE" icon to right NOT the "UPDATE" icon at the bottom (tricky devils!). To verify your request, InfoSpace will send an email message to the address you provided. Once you verify your submission, the listing will be deleted from their White Pages Directory, generally within 48 hours. | |
| Phone Number / White Pages | Removal reason, first name, last name, email address, address, and phone number | |
| Super Pages
| Removal reason, first name, last name, email address, address, and phone number | |
| Yellowbook.com / WorldPages.com | Select "Delete your residential Internet listing"
| |
| Zoominfo | Visit website. Search your name under people search, then click on the "Forward" link at the top of your profile, your given email address needs to match their email address for you (if the site has it available), fill out the required opt out information and mail the forward to remove@zoominfo.com. |
Opt Out - Via Phone & Fax
Some companies require that you give them a call or fax them in order to opt out of their databases. The majority of them offer other easier ways of opting out, like email or online forms. For companies that offer these alternatives, we used the most convenient for you. There are very few companies that only offer a phone or fax number to opt out: Lucky for you, there's only one of them.
Phone Opt Out:
1) DexMedia Customer Service (dm, dir).
1-800-422-1234. If your number is already unlisted, it shouldn't be in here. This company is a direct market compiler (list makers), and they also create phone directories.
Fax Opt Out:
Take one of your letters from the last section and fax it to the folks at Net Detective. You'll need to include your name, address, any recent addresses, your phone number, and date of birth.
1) Harris Digital Publishing / Net Detective is the only company that only allows opt outs via fax. Fax to 386-736-3882.
Opt Out - Via Postal Mail
You'll have to send in these requests via postal mail. This used to mean a lot of paperwork, but now you can just fill out one simple form, print out several copies, and send them as-is. Of course, you will need to put proper postage on them. It will only take you 5 minutes to fill out the form and print copies, and you won't have to do it again for years!
Open the opt-out request form below and fill out your personal information. Then print out 9 copies. (The form is provided in Microsoft Word or Adobe PDF format.)
Microsoft Word .doc Format:
* Opt-Out Request Form - Click Here * (user: myprivacy1, Password: phone)
Adobe Acrobat .pdf Format:
* Opt-Out Request Form - Click Here * (user: myprivacy1, Password: phone)
Now that you have printed out 9 completed copies of this form, it's time to send them in. Some of the most important database compilers are listed below. Just address standard envelopes, send in your requests...and you're done. There will be two letters left over for the next steps. Send the opt-out letters to these agencies:
| Company Name | Opt-Out Address |
| Peoplefinders | Peoplefinders.com
|
| Reunion.com | Reunion.com, Inc.
|
| Private Eye / Public Records Now | PrivateEye / Public Records Now – Opt out
|
| US Search |
|
| | |
| Veromi | Opt-Out/Veromi.net
|
| ZabaSearch | ZabaTools
|
Opt Out - Via Intelius
The Intelius database is the largest of the consumer data brokers online. If someone is looking for your personal information, this is likely where they will find it. Unfortunately, it takes a little bit of extra work to get out of the Intelius database.
But the good news is that once you've take the necessary steps, your privacy will be safe from strangers and whoever is looking for you.
Intelius supplies people search information for many other companies (sometimes affiliates and sometimes just Intelius doing business under a different name), such as:
1) 99lists.com
2) People Finder
3) People Record Finder
4) Phone Book
5) The Public Records
To remove yourself from the Intelius database, you'll need a copy of a government issued ID (e.g. driver's license) or a notarized form asking for your removal.
Often someone at your bank branch is a Notary. Other likely places to get notarized forms are mortgage broker offices, title company offices, real estate offices, and many copy shops. Also private mailbox places (especially those catering to foreign nationals) often have a Notary on staff.
Your bank will often provide one or two notary sessions at no charge if you are a customer. Any of the other places will do free notary work if you are engaged in a transaction. Otherwise the fee is somewhere between $10-$30, depending on the type of transaction.
Include either of these with your opt-out request form and then fax it to Intelius at (425) 974-6194.
This may seem like a lot of work, but if you're interested in removing your name and information from as many places as possible, this company should rank high on the priority list. Intelius doesn't need your entire driver's license, but they do want to confirm it's you. Cross out your photo and driver's license number. They just need to see your name, address, and date of birth.
Here is their complete removal policy:
"In order for Intelius to ‘opt out' your public information from being viewable on the Intelius website, we require faxed proof of identity. Proof of identity can be a state issued ID card or driver's license. If you are faxing a copy of your driver's license, cross out the photo and the driver's license number. We only need to see the name, address and date of birth. Please fax information to our customer service department at 425-974-6194.If you are not comfortable doing this, you can send us a notarized form proving your identity and we will be glad to remove this public information. Please note removing the data here does not prevent public records from sending us new information in the future. To permanently have your records sealed, you will need to contact your county's records department."
Unlisting Your Number -- Keeping Your Phone Private
So you just deleted your phone number from all these databases; but if you have your phone number listed or publishable from your phone company, they will share it with other companies again. It won't take long before it starts to show up on these websites and databases once more.
When a phone number is publishable, it means your phone company can sell your information to other companies. When a phone number is unlisted, that means your number can still be sold or shared, but it won't be listed in a telephone directory (your telephone company's own directory, or a directory to where your number has been sold).
If you're interested in keeping your phone number unpublished and unlisted, it's fairly simple. Here's what to do:
1) When you sign up for a new phone service, they will give you the option of publishing your phone number AND making it listed or unlisted. Choose "Unpublished" AND "Unlisted." If there is no check box or line for making it non-publishable, then write your request in and verbally tell them you do not want it published in their directories. Your customer service representative may either "unpublish" the number there or will point you to the correct contact person at the company.
2) If you want to change an existing phone number that was listed or publishable, then call your phone service provider. Confirm with them that it's your account, and then request that your phone number is made "Unpublishable" and "Unlisted."
The Do Not Call Registry
If you are receiving too many telemarketer calls, check out the national Do Not Call Registry.
You can place your cell phone and/or landline number on the list in one of two ways: visit https://www.donotcall.gov/default.aspx and be sure to acknowledge the confirmation email, or call (888) 382-1222 and follow their directions.
All persons with a
One last thing: it is against the law for telemarketers to call cell phones... if it happens to you, tell them they are calling a cell phone and they have to remove you from their call list.
Opt Out -- Credit Cards
Prescreened credit cards are those credit card offers we get in the junk mail. Sometimes we go for days without receiving one, and other days it seems like our mailboxes are filled with them.
1. How do all those companies get my mailing information?
Prescreened credit card offers are a result of your credit score. Your credit score is maintained by the major credit bureaus (Equifax, Experian, and TransUnion). Basically, the majority of companies you have accounts with report to these bureaus. Examples of companies that report to bureaus are numerous: banks, car loans, student loans, utility companies, cell phones, and credit cards. They report your current balance to the credit bureaus and whether you're making your payments on time. These credit bureaus create a score based on your income, your amount of debt, and your track record of making payments (on time or not on time).
Basically, if you've ever applied for a credit card, a loan, to become a renter of a home, or for any other large financial contract... they contacted one of these four credit bureaus for your credit report.
A company (creditor or insurer) in search of customers will establish a certain set of criteria—the simplest just being a minimum credit score—and will ask a credit bureau or a consumer reporting agency for a list of prospects that match those criteria.
These credit bureaus and consumer reporting agencies rent their customer lists, delivering customers that meet certain criteria to a company that offers prescreened credit card offers (could be prescreened loan or mortgage offers, or what have you).
2. So how do I opt out of them selling my name in the future?
The major credit bureaus allow you to opt out of prescreened credit cards by:
a) Going to https://www.optoutprescreen.com/opt_form.cgi
You'll need your name, address, and social security number.
b) You can also opt out by calling (888) 5OPTOUT. With this single number (888-567-8688) you can call to opt-out of all of the prescreened credit cards. It is available in English and Spanish.
c) Or you can opt out by contacting all of these companies.
• Equifax Options, Marketing Decision Systems
o By phone: ( 888) 567-8688
o By mail:
Equifax Credit Information Services, Inc.
P.O. Box 740241
• Experian Marketing Solutions
o By phone: (888) 246-2804
o By mail:
Online Privacy Team
Experian
475 Anton Blvd.
Costa
• TransUnion
o By phone: (888) 567-8688
o By mail:
TransUnion Name Removal Option
P.O. Box 97328
Jackson, MS 39288
If you mail the information, include the following information with your request: First, middle, and last name (including Jr., Sr., III), current address, previous address (if you've moved in the last six months), Social Security number, date of birth, and signature.
Once you opt-out, your name will be removed from the prescreen database for 5 years. If you would like a lifetime opt out, you can fill out the request on their website, then just print and sign the "permanent opt out" portion.
Junk Mail
To stop junk mail, the single most important tool is the Direct Marketing Association's (DMA) Mail Preference Service (MPS). The DMA is the "hub" association for the vast majority of direct market advertising companies in the
It will cost you to join this list. But it costs only one dollar. The DMA does this so only people who are serious about being removed from the list actually do it.
You have two choices when you join this list.
The easier option:
Register online at www.dmaconsumers.org/cgi/offmailinglist. In the registration materials, they ask for your credit card information and will charge the $1 to the card. The DMA states that this option is faster than mailing in your registration.
The other option:
Mail in your letter (here's a sample letter- www.privacyrights.org/Letters/jm1a.htm) with your $1 check or money order to:
Mail Preference Service
Direct Marketing Association
By registering for this service, your junk mail will be greatly reduced in less than 3 months. This is because the DMA updates the file every month and then mails it out quarterly. Some direct marketing companies update the list monthly. However the maximum update interval is 3 months.
Who is not included in the Mail Preference Service?
- Companies you regularly do business with. (Because this creates a "business relationship" with them, so they can contact you, however you typically can opt out of direct mail upon signup). For example, many people in the
- Some magazines
- Many charities
- Professional associations
Opt Out Policies
Direct marketing and data broker companies have different opt out policies because they are not required to have a standardized policy by any law. Currently, the law only states that there needs to be an out option in the terms and conditions portion of any contract you sign (when they reserve the right to sell your information). But the law does not state that the opt out policy needs to be via checkbox, email, website, letter, fax, or whatever.
Basically, when you opt out of direct marketing or data broker databases, you opt out of your name being sold... and they lose money. Direct marketing agencies and data brokers (just like most businesses) don't like to lose money.
Some companies greatly respect privacy and make it very easy to opt out of their databases with a simple email or a web form. But there are also a large number of companies that may allow opt outs, but they make it challenging. Some examples of challenging procedures are: certain companies make you fax a copy of your driver's license to them, some will only allow you to opt out if you are victim of identity theft, while others only delete your information from their database if you are a member of a law enforcement agency or have a restraining order against somebody (in all cases, you may be in personal or financial danger because your information is available).
The good news is: We have spent months putting together all the information in one place, and we will take you through the opt-out procedure for nearly every available database in the
Some companies require a higher amount of resources from people who wish to opt out. We will take you as far as we can, and do everything in our power to help opt you out of these databases.
Why some data brokers will not allow an opt out--
All direct marketers offer some form to opt out from their marketing. Not all data brokers offer opt outs however. I believe this shows a lack of respect for consumer privacy and it's simply a bad business practice. Nonetheless, there are companies out there that don't offer opt outs.
When inquired as to why they don't offer an opt out, the most common response is that "our source data comes from open public records." Next, they will tell you if you're interested in removing your data, you should "go to the source." This typically means going to the courthouse or whichever government group holds the record and sealing the record. Public records can be very difficult to seal.
So, they are not doing anything illegal by not offering an opt out, but frankly it's just bad business.
Sealing Public Records with Your Private Information
To seal public records, here is the common procedure:
1) You must file an individual petition and pay a fee for each case or incident you want sealed. The fee varies from jurisdiction to jurisdiction. This typically occurs at the county courthouse level.
2) After you get the necessary forms, you next must determine whether you are eligible to have your record(s) sealed. You are eligible to have your records sealed only if:
- You were not charged
- The case against you was completely dismissed
- You were acquitted of all charges
- And FYI, no criminal justice information involving a conviction may be sealed
3) It is your responsibility to specify in your petition(s), which criminal justice agency(-ies) has a copy of your record(s).
4) Here are some things the records may include:
- The police contact report
- An arrest report
- An indictment, case information, summoning documentation, complaint documentation, and any case data associated with it
- Any other record held by a criminal justice agency regarding the incident
4) You may not petition to seal any records of cases involving a conviction on a
DUI (driving under the influence) or DWAI (driving while ability impaired) and certain traffic offenses and infractions.
5) After the petition is filed and the fees are paid, the court sets a hearing date. Each agency that you listed on the petition will receive a notice of the petition and the hearing. If the court decides to grant your Petition to Seal Arrest and Criminal Records, it orders the record to be sealed.
When you do all of this, and you have successfully sealed your public record.
Data Brokers
Your personal information is more places than you may think. People who aren't reading this page, in their naïveté, probably believe that the only companies out there with their information are the companies with which they are currently doing business: banks, credit cards, utilities, cell phone companies, all the way to the websites they have signed up with like Amazon.com and eBay.
What they don't know is that very frequently, within the fine print (that is, the Privacy Policy and Terms & Conditions Agreements) of their account contract, the company states that they may sell customer information to other companies who are selling marketing products.
They do this legally.
Now I want you to think about the past month of your life... and think of how many brand new services you signed up for (that is, new products that required registration). You may have signed up for these services via phone, in person, via mail, or over the internet. For me, within the past 30 days I have signed up for:
1) An iTunes account (got with the times a few years late)
2) A Safeway Rewards card
3) A member account at a hip clothing store: American Apparel
4) One print magazine subscription: The Economist
5) One online free newspaper profile: The Washington Post
6) A new email address at Gmail
7) A new credit card because my introductory APR was raised on my old one
8) A new cell phone provider, Verizon
That's eight new services I signed up for in the past 30 days (that I can remember). Consider that any of these companies could (and do) have contracts with direct marketing firms who may be collecting your information.
The reality is: the direct marketing industry is thriving because NOBODY ever reads the fine print in their account contracts.
Click here to see an example of the fine print.
Now think about all the junk mail you get. Even if your phone number and address are unlisted in your local phone book, don't you wonder how all these random companies get your information?
Companies that purchase this information and use it are frequently direct marketers.
What is direct marketing?
The direct marketing industry is a multi-billion dollar juggernaut in the
Basically, information is sold from company to company below the public radar...and it is completely legal. It's just one of those things that happen in
Is the company required to tell you anything if they are going to sell your information? What is the government doing to protect consumers? To get some answers, click here.
Each additional name on a customer list and each additional chunk of information increase the worth of the databases when they are sold. So your information can be sold for the purpose of marketing new products to you, but there is also one other main use.
What is data brokering?
The data brokering industry is based simply on maintaining and selling libraries of information on people. This information is then sold for various purposes including: criminal records checks, background checks, address verification, classmate finders, job screening, and more. Once again, the buying and selling of all these libraries largely goes on below the public radar with minimal government oversight and is completely legal.
Much of this information is public, meaning it is available from government agencies or it is termed "directory information" from utility companies. Directory information is defined as your name, your address, and your phone number (if not "unlisted").
Examples of government-kept public information are: marriage & divorce court records, criminal records, real estate records, and driving records.
Why is data brokering necessary?
What are the dangers?
The greatest risk that you face as a result of the data brokering industry is not the prospect of a telemarketer interrupting your Yankee pot roast. Rather, identity theft can be made easier by the sheer availability of all this information (that is by purchase or by stealing).
These personal information libraries are the picnic, and identity thieves are the ants.
There have been several cases in recent years of serious breaches of brokers' databases, which have resulted in an enormous hemorrhage of personal information into the hands of persistently creative criminals. Once a thief has the basics about you, he or she can then go on to pose as you. While they accumulate credit, high-end merchandise, and everything else imaginable, you accumulate nothing but debt and a dismal future.
So, what can you do to protect yourself?
1) Learn how to read a Privacy Policy and Terms & Conditions Agreement:
The meat of what you're after is usually located in the Privacy Policy. Look for key words that companies often use to describe who it is they're selling your data to.
Such entities are often called subcontractors, service providers, affiliates, third parties, non-affiliated third parties, etc. While some of these are completely necessary relationships (like the outsourced billing company they use)... some of these relationships may be to direct marketers or data brokers. So take the time to read the company's definition of these ambiguous entities.
One might wonder what the point is of taking time to read these mind-numbing pamphlets. What makes the eye strain worthwhile is that companies may state in the fine print that they do not share your personal data with these third parties. Although it may necessitate LASIK eye surgery, it is your job nevertheless to read and accept the contract agreements. Those that do will oftentimes have instructions or links on how to opt out of some or all of this process.
2) Ask that your public servants serve you:
While you're online signing up for that new product or service, take a stroll on over to your friendly state or federal representative's webpage. Even the most out of touch politician will usually maintain their presence on a small tidbit of internet turf. Many of you may firmly believe that contacting your elected officials is a pointless exercise. My mother would be proud that I'm about to type this: if more people actually took the time to express their views to their congressmen and women things might change.
3) Contact the data brokers and direct marketers themselves:
Opt out of their databases. Unfortunately, data brokers and direct marketers usually have different opt out policies (that is, there is no standardized way to opt out, each company makes their own). None the less, deleting your data from marketing and broker databases is an important way to protect your privacy, safeguard your family, and keep your "secrets" safe.
The Necessity of Data Brokering
Employers and police agencies use the information they obtain from data brokers to screen potential employees and investigate crimes, respectively. This may seem unsettling in itself at first glance.
However, when looked at from the employer's or the detective's point of view the need for this resource is clear. Should an employer simply ignore a potential way to screen out a drug addicted pre-hire? Would you feel comfortable knowing that your police department wasn't pursuing every possible resource for solving a crime?
The answers to these questions make it clear why the data brokering industry is necessary. That said, the information is used for more than just these noble purposes. Basically, this information may be sold to whoever has the money.
Legal Issues
Why are Direct Marketing and Data Brokering legal? When is it illegal?
Fundamentally, direct marketing and data brokering are legal and most of their practices look to stay legal for the foreseeable future. Basically, there is so much money being made, that governmental changes have largely failed. This type of information used to be very fragmented across the nation. However, with the growth of technology, databases have evolved to include more and more information. Once courthouse and other public records are digitized, they can be duplicated and sold.
Is the government concerned with data brokering?
Over the past three years approximately twenty bills have been proposed in Congress with roughly the same goals in mind. See www.GovTrack.us for more information. The main gists of these bills have been:
- A company failing to reveal the breach of a database would be criminalized
- Citizens would gain the right to view and amend any of their personal information possessed by data brokers
- Data brokers would be forced to initiate their own internal security as well as notify citizens when a breach affecting them has occurred
- The selling of Social Security Numbers or their required use as identification tags for customers would be forbidden
- The government itself would be required to regulate and police its use of information obtained via data brokers
These all sound like great ideas. Unfortunately, as of September 2007 all but the two youngest of these bills have perished like neglected goldfish. Each bill has been proposed, and then routinely no vote has taken place. After a session of Congress all bills not voted on are binned. Politicians seem to grasp that improvements in this sensitive area are needed and wanted by the American people, yet the inaction of both Parties continues to put all of us at risk.
Not even disasters in our own backyard have spurred any change. Case in point: the loss of data on over 26 million U.S. Veterans that occurred last summer. Each veteran received a letter from the Veterans Administration. Other than that not much else has been done.
Is the government concerned with direct marketing?
Government concern for direct marketing has mostly focused on telemarketers. Telemarketers have gotten a lot of attention for disturbing people in their homes and aggressive tactics. The Federal Trade Commission created the Do Not Call Registry in response. The registry prohibits telemarketers from calling you. You'll have a chance to sign up for the registry a bit later.
You can place your cell phone and/or landline number on the list in one of two ways: visit https://www.donotcall.gov/default.aspx and be sure to acknowledge the confirmation email, or call (888) 382-1222 and follow their directions. All persons with a
What do the laws actually state?
The two relevant laws are the Fair Credit Reporting Act (FCRA) and the Gramm-Leach-Bliley Act (GLBA). The FCRA states that if companies are going to sell information to third party affiliates—such as direct marketing or data broker companies—they must provide the customer with an opt out notice. Neither the language of the opt out notice nor the actual opt out method are specified. The opt out means that customers can say "NO" to allowing their information to be shared with other companies.
The opt out does not apply to: information shared with those companies providing priority services to the company (like billing or shipping), marketing of products or services for the company (that is, the companies marketing itself), and when the information is deemed legally required (information will be given if a law agency has a subpoena).
The GLBA requires that a privacy policy is issued to customers at the time of sign up, made available to customers, and customers are informed any time there is a significant change to the policy. The opt out option created by the FCRA act must be in the privacy policy.
Your Online Information
Any information you put online in a public place becomes public. Remember, it's digital; once it's created, it's duplicatable. Most certainly, once information is posted on the World Wide Web... it's public.
Even if you delete your comments or the excessive personally identifiable information you've posted, many online companies archive sites on the internet. The majority of the World Wide Web is archived. To get an idea of what I'm talking about, check out this site.
This means most information out there is available to be copied. Anything you post online basically becomes public information.
The exceptions are: online community profiles that have privacy settings turned on (key words: "turned on," they're not good if they're not turned on), commerce transactions (secure socket layer web transactions) when you purchase things, and any account you have that requires a password (assuming you're not posting to a public space with the account).
Online communities pose a whole new set of interesting issues. These communities are everywhere from your social networking profile to your YouTube feedback profile (I think of this every time I see a racist or particularly ignorant comment on their site... identities are so easily traceable).
What exactly are online communities?
An online community is loosely defined as a group of people that primarily interact over the internet rather than face-to-face. There are multitudes of ways to interact over the internet. Some of the most common ways that average computer users interact are:
Consumer feedback sites: Allow users to buy from a site while interacting. Examples are eBay.com and Amazon.com.
Blogs: Short for web logs. They allow users to chronicle entries, that is, put a personal journal online to be viewed by the public. Visitors can leave comments for the blog writer about particular entries. Examples are Blogger.com and many people "in the know" site Facebook.com and Myspace.com as blogs for their blogging features.
Bulletins/Message Boards: These are groups in which you have a profile, and submit information/commentary onto their message boards or forums. PoliticalForum.com and IGN.com are examples.
P2P (Peer-to-peer) networks: Are very popular and focus on connections between computer users on the network (rather than a large amount of network serves). Kazaa, Morpheus, Napster, and Limewire are examples.
Social Networking: A booming market. Most popular are: myspace.com, facebook.com, and linkedin.com
Rating sites: Allow users to flag, rate, or bookmark articles and websites on the internet. Ideally, this helps users decide and find what's "hot" on the Web. Examples are Digg.com, and Rateitall.com.
UseNet’s: These include online groups you join based on a specific topic. Google Groups and Yahoo! Groups are examples.
Wikis: Are a collaborative form of online community information. The Wiki flagship is Wikipedia, the largest encyclopedia ever (we're talking 7.5 million articles in 253 languages).
What should you be aware of when you join a community?
Think about it. Online communities require a username, email, and password (at the least) in order to contribute. Many ask for a lot more information than that, but these are the essentials. They may ask for gender, birth date, addresses, educational information, phone numbers (home, cell, work), Instant Messenger names, and even more.
Now really think about that. This is a direct marketer's (telemarketers, junk mailers, and customer information brokers) and data broker's dream find. It can be sold by the owner of the website (read the privacy policy to find out) or there is technology out there that allows from the scrapping and storage of your information from the site.
Second, consider that many of these profiles are public and the comments you leave are available in public spaces. The bottom line: 1) don't post information that you're not comfortable sharing with complete strangers, and 2) read the privacy policy when you join these sites.
Remember that comments you post are permanently recorded on the community site.
The more you reveal in your online profiles, blogs, and posts, the more vulnerable you are to data harvesters... not to mention scams, spam, and identity theft.
Sample Privacy Policies
A good guy:
Some companies have straight forward, no nonsense policies. A great example of this is Amazon.com. As of September 2007 their Privacy Policy regarding the selling of your information to direct marketers was:
Does Amazon.com Share the Information It Receives?
Information about our customers is an important part of our business, and we are not in the business of selling it to others. We share customer information only as described below and with subsidiaries Amazon.com, Inc. controls that either are subject to this Privacy Notice or follow practices at least as protective as those described in this Privacy Notice.
• Affiliated Businesses We Do Not Control: We work closely with our affiliated businesses. In some cases, such as Marketplace and Auctions sellers, these businesses operate stores at Amazon.com or sell offerings to you at Amazon.com. In other cases, we operate stores, provide services, or sell product lines jointly with these businesses. Click here for some examples of co-branded and joint offerings. You can tell when a third party is involved in your transactions, and we share customer information related to those transactions with that third party.
• Third-Party Service Providers: We employ other companies and individuals to perform functions on our behalf. Examples include fulfilling orders, delivering packages, sending postal mail and e-mail, removing repetitive information from customer lists, analyzing data, providing marketing assistance, providing search results and links (including paid listings and links), processing credit card payments, and providing customer service. They have access to personal information needed to perform their functions, but may not use it for other purposes.
• Promotional Offers: Sometimes we send offers to selected groups of Amazon.com customers on behalf of other businesses. When we do this, we do not give that business your name and address. If you do not want to receive such offers, please adjust your Customer Communication Preferences.
• Business Transfers: As we continue to develop our business, we might sell or buy stores, subsidiaries, or business units. In such transactions, customer information generally is one of the transferred business assets but remains subject to the promises made in any pre-existing Privacy Notice (unless, of course, the customer consents otherwise). Also, in the unlikely event that Amazon.com, Inc., or substantially all of its assets are acquired, customer information will of course be one of the transferred assets.
• Protection of Amazon.com and Others: We release account and other personal information when we believe release is appropriate to comply with the law; enforce or apply our Conditions of Use and other agreements; or protect the rights, property, or safety of Amazon.com, our users, or others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction. Obviously, however, this does not include selling, renting, sharing, or otherwise disclosing personally identifiable information from customers for commercial purposes in violation of the commitments set forth in this Privacy Notice.
• With Your Consent: Other than as set out above, you will receive notice when information about you might go to third parties, and you will have an opportunity to choose not to share the information.
They do a great job of explaining in non-cryptic, simple language what their objectives are and what their customers can expect. The clear kicker is in the first line of the policy when they say: "Information about our customers is an important part of our business, and we are not in the business of selling it to others." That is the kernel of what you need to hear.
A bad guy:
By comparison, here is the privacy policy of a company that doesn't do such a good job (that is, they're shady):
"[Insert company name here] does not sell, trade, or otherwise disclose customer lists or information to unaffiliated third parties without your permission."
This is taken from an actual company but also is the general language for the guys who end up selling your stuff. Basically, they say they won't do it without your permission, but your permission is given if you don't check a tiny box at the end of their user agreement. That is, in most cases, your permission is tacit or unspoken and assumed. This company is not explicitly stating they are not interested in selling your information.
Subscribe to:
Posts (Atom)