North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Ameritrade warns 200,000 clients of lost data

  • From: Douglas Otis
  • Date: Tue Apr 19 16:19:57 2005

On Tue, 2005-04-19 at 15:44 -0400, Alex Rubenstein wrote:

> I think that these conpanies (lexis nexis, ameritrade, whoever) should be 
> held *criminally* liable for things like this.
> 
> How long until something like the social security administration has an 
> announcement like this? Or, Experian? Transunion? D&B?

This problem is made more intractable by not being able to reassign
identifiers, such as your social security number, or your drivers
license.

If the Federal government were to provide a national ID that was 15
digits randomly assigned, and would associate with a name for
confirmation.  Once the number/name is shown to be abused, allow the
individual to obtain a different number.  The Feds would return MATCH,
ABUSED, or INVALID on an ID query.  Even guessing a valid number would
be right once every 3 million guesses.  Also checking against the name
would make this rather difficult to abuse.  Offering an ABUSED ID would
be grounds to summon the authorities. 

By allowing the individual to report their number as being abused and
having it reassigned, would make catching criminals that use purloined
data far easier.

-Doug