> It’s used not just by cops but also by debt collectors and private companies carrying out background checks. Private investigators use it to track cheating spouses.
Honestly that this database exists at all is a serious problem in itself.
For authentification you just show your ID card that contains both your name, date of birth, and your official address. If you move you have to notify authorities and get an official sticker on your ID card showing the new address. By law, everyone is required to own either an ID card or a passport to be able to identify yourself in front of police or a court.
Of course various governemnt agencies have their own identification numbers for you, for example you have a tax id that you will have to share with your bank, and another id for social security that you will have to share with your employer, etc. But those are just for reporting to various government databases and are never a form of authentification. You first prove who you are with your ID card, then you exchange id numbers for relevant systems.
(our IDs also have numbers, but you can get a new ID card as often as you want and nobody outside the government can do anything useful with it. We had some bad experiences with government databases, so it's now a number of unconnected smaller databases)
It depends on the degree of verification you need. You can just post a scan or a photo of your ID, you can send a small wire transfer because banks have to verify the account owner, there is an OpenID provider that offers authentication tied to the real world identity, a courier can come to your home to verify the ID or any combination of the methods.
Usually in the same way it's done everywhere else: name, date of birth, registered/current address, sometimes an additional pin/security question/etc, depending on who you're calling.
If it's official business you might be required to send an actual letter, though I doubt they ever check your signature unless you're suing them.
If it's online and state business (portal for unemployment stuff, state employee pension details, etc.), you usually have to provide your name and address first, which they then check against your registered address. They'll then send you a letter with a one-time password you can use to register your account.
Edit: Modern E-Business companies often require you to "verify" your identify by ways of Postident (you present your ID to a post office) or IDnow (you present your ID to a random guy via webcam who asks you to move it around so he can see all holograms, data, etc.) and can compare it to your picture in the webcam.
This is considered to be enough for financial transactions according to our current money laundering laws, so it's about the most though version you can go through.
Also companies don't treat your ID number as lavishly as in the US where you have them printing them gratuitously into easily stealable documents.
There are three ways to authenticate myself, none of which is knowing that magic number. Many institutions choose to do it simpler and more convenient, which is then their problem if anything untoward happens.
(BTW: None of the authentication mechanisms are available to minors, which fits in well with another aspect of the law: If an adult or a legal person enters into an agreement with a minor and something goes wrong, that's not the minor's problem.)
Norway has a public number as well. It is used in part as identity, and for taxes and all that stuff. As far as identifacation goes:
1. Picture ID. For me, it is my passport or immigration card, and some folks have their pictures on their bank card as well, which works for ID.
2. For online transactions of various sorts and sometimes doing things at the bank, I have a little device that gives me numbers. This is issued from the bank, but is a national system. I use it along with my ID number and a password of my own choosing. This is done for things like purchases, banking, government websites that store my information (medical stuff, for example), the secure mailbox (government documents and things like that), and a doctor-patient thing.
3. Sometimes, a service will sent a SMS code as well as or instead of some of the above.
I think things like income and tax information are public here and I think your address is as well (I can't remember). There is also quite a bit more trust in the government as well.
Anyhow, around here businesses request your consent to copy/scan/store your gov issued id card. So I guess defrauding them is about as hard as getting into a club with a fake id. (But there wasn't really a need for that, as few years ago enterprising individuals paid a homeless guy for his id card and managed to buy more than a hundred thousand SIM cards with it, so there are other issues when it comes to security.)
You just need one "bad apple" or some technical hiccups and suddenly the personal data of almost all of your citizens can reach other governments' hands. After an event like this one (https://en.wikipedia.org/wiki/Office_of_Personnel_Management...) advocating for extensive data collection by a government entity is poor folly.
The problem here is not which type of organisation holds the data; it's the fact that individual humans are involved in using it.
Same reason you'd worry more about a 200-pound drunk guy than you would a toddler, if they both came at you with an axe.
The bigger problem is that the TLO is an adversary database -- it is a record of information about the enemy, i.e. the debtor, the citizen. Automated licence plate readers are standardized on repo cars now. Of course, they are collecting location data about all cars. Police are also widely deploying ALPR. You don't really have location privacy in America any more, even if you don't have cell phone.
my favorite example: a US person setting up their own personal account on the US Social Security Administration's website must provide sufficient authentication information.
and where Social Security get this authentication information about each person? Equifax!
 see https://www.ssa.gov/hlp/mySSA/df-idverification.html
Government is/will be the first/last institution that can defend you and your identity.
Vote the people you trust.
History teaches us that governments have to be treated according to different rules. Private companies didn't murder 100,000,000+ of their own customers in the last century alone. It took governments to do that.
In healthcare hospital staff typically works around this by using "Mr twelve" - 1212121212 - which is syntactically correct with the correct checksum, but not identifying an individual.
“I’m not clear why you think it’s my identity that was stolen, rather than your money.”
It's not identity theft, it's financial fraud.
It's not stealing music, it's copying music.
It's not buying ebooks, it's leasing them.
It's crazy how easily we (and journalists above all) accept semantic distortions of reality, and forget what's actually going on.
Infringement of or on the person.
If someone "steals" your identity, and then shows up at the bank and withdraws your money, the bank will be on the hook for that loss, not you.
There are superficial barriers and hoops in place which make the chances of you not getting your money back non-zero. Not to mention, it will at the very minimum inconvenience you and waste your time.
Credit cards are less problematic in this area, but when it's a bank account / debit card, there tend to be fairly agressive deadlines for identifying the fraudulent activity and contesting it as well as arbitrary processes, forms, and reviews unique to each the bank.
In the interim you don't have the funds - for many people living paycheck to paycheck this can be a catastrophic situation.
I recently had to go through this process with a debit card someone on the other side of the country had fraudulently charged $500 to. Due to my being in the midst of leaving for a long bout of travel, it was a nightmare to get the protest documented on time, and my bank suddenly required all sorts of exceptional identifying documents they never require in the course of regular business, requiring me to jump through a number of additional hoops like accessing my safe deposit box to retrieve my passport - when I wasn't even in the same state at the time. It all just added more delays to the process.
As far as I could tell, the bank was treating me as the potential criminal. They were operating under the assumption that I, the victim, am actually the perpetrator attempting to commit fraud. Through this lens, the process being frustrating and inconvenient to the customer appears advantageous, as it all increases the odds of them failing/giving up.
Someone using your card isn't the main problem with "identity" theft. That's a minor issue. If it's more than a few hundred bucks you'll notice immediately.
Someone getting a loan or a social security card benefits or health insurance or tax refund or committing a felony in your name is the major issue, which can run your life with you not even knowing for possibly years.
In other news, it seems the NYTimes has managed to use the phrase "regulatory capture" three whole times so far in 2018! Woo hoo! We'll be addressing this in no time at all. Right after rolling back copyright extension. And tech innovating better fora support for constructive public discussion. RSN. Maybe next week? :/ Sigh.
 https://www.nytimes.com/search?endDate=20181031&query=%22reg... But yes, it is possible to push on these things. History is contingent. And no one ever promised bootstrapping a civilization was quick or easy or monotonic.
I just realized that upon reading your comment.
From the old world, the word infringement was used. People do or have a thing they are not supposed to, basically.
No theft occurred because no loss of property happened. Thus, the other word.
I would wonder about examples of infringement back when information was much less fluid. Identities are one such example.
This could be infringment of the person, again setting modern language and examples aside.
Money was moved from the bank via fraudulent behavior.
it is amazing that people still fall for that.
* a history of their past addresses?
* the types and dates of medical treatment or surgery?
* their grades in high school?
* the number of times the person has reported a crime to police?
* the cars they have owned?
* the items they have purchased from a drug store?
* their favorite type of restaurant?
Studio time is expensive. Puffy, 50cent, Jay-Z all used drug profits to kickstart their music careers.
> When I was talking Instagram, last thing you wanted was your picture snapped.
And it’s not only identity theft. It’s making burglary easier if someone knows when I’m on vacation. It’s making kidnapping easier if someone knows where my kids go to school. It’s easier to lure me into some scam if someone knows What I am into...
>"Barnett says she and Asher worked together to ensure there was no abuse of TLO. Onsite visits would be made to clients, who would undergo a strict vetting process. Only those who passed muster were given a login, Walters says. “We were very selective.”
>"It’s used not just by cops but also by debt collectors and private companies carrying out background checks. Private investigators use it to track cheating spouses."
So giving access to debt collectors and PIs investigating cheating spouses is selective? I'm guessing the selection criteria is simply whether the customer has the $1,500 a month.
The other interesting part I thought was the levels of data weaponization going on:
>"Just as the crooks turned the turbo-powered TLO software on its head, cops used the Nests against their owners. In June last year, Postal Service investigator Berkland obtained a warrant ordering Google to hand over all the data related to those cameras. The company complied, shipping surveillance footage back, along with personal details of its owners."
Both sides in this piece seem to be thugs. TLO just appears to be a gatekeeper, they get to decide which thugs are the "good guys."
David Burnham published The Rise of the Computer State (ISBN-10: 0394514378) in 1983. In the "Data Bases" chapter, he writes about how transactional data (when you swipe a credit card, when you pay a bill) that used to exist on paper only was then starting to be stored in databases by different companies which, with the rise of cheap and fast networking, could then be quickly and easily combined in previously unfeasible ways. He specifically calls out credit reporting agencies TRW and Equifax, and warns that "the astounding power of these records is not appreciated by the public, the courts or Congress."
It's a fantastic book, and I highly recommend it.
This was best article I could find talking about that: https://abc7.com/news/repo-industry-collecting-data-on-you/3...
Given the current legal climate, the potential upsides are incredibly numerous and downsides few (for now at least). Which ones actually exist in practice will naturally vary based on information I don't have access to. A few that immediately come to mind:
* Direct compensation. Give us your data (which you already have to collect for security purposes) and we'll give you money.
* Access to a marketplace. Turn over your data, and you'll gain the privilege of purchasing other data that we have (or some variant on this).
* Access to generalized queries instead of raw data. Turn over your data, and we'll give you a discount or perhaps not even charge you for answers to various questions about the world that you might have.
The possible uses of (and thus temptation for) such data access are incredibly vast. I distinctly remember this being one of the business scenarios presented by a cubesat startup a few years ago. Consider:
* Information about your clients. What other interests do they appear to have, based on the other places they go? How much expendable income do you estimate them to have, based on the part of town they commute to for work every day? In light of such information, which new products should you consider stocking? What should you get rid of? What political stances on your part would be likely to please or offend them?
* Information about your competitors. Does the family that owns a particular vehicle also shop at your direct competitor? Do people who visit your competitor's storefronts spend more or less time there?
* Information about where to do business. Assume that you obtain a list of people (or cars, or other database entry) that utilize you or a competing business. Assume that you then query the routes these people typically travel to determine commonalities. Now you can make a very well educated guess about what future retail locations are most likely to be successful.
* Information critical to business strategy. Is your competitor struggling, or is their business booming? How full are their parking lots compared to yours? How is their supply chain doing - how frequently are deliveries being made to their stores? If your competitor is a middleman, who are their clients? That is to say, where are their vehicles regularly stopping off? If they're an online distributor, how many shipments do you estimate they're sending out each day?
This list could go on just about endlessly, so I'm going to get back to pretending to be productive now.
Scheduled a required on site visit, where an very unfriendly Russian woman came into my apartment and checked that the following was in place 1) My computer had a password 2) I had a locking file cabinet 3) my office door locked 4) I had a business license 5) Paper shredder worked 6) dedicated office with no bed (I setup a mock office in my guest room and slide my guest bed into my master room moments before she arrived) also she didn’t catch that neither the lock on my file cabinet nor my office pocket door actually locked)
TLDR: Nearly anyone without a criminal record owns a computer, a business license and a bedroom can get an account.
We sat in the living room and signed some papers and that was it. I signed in and was amazed, TLO data is very accurate and up to date. It’ll even show people on various government watch lists, registered sex offenders, etc. The only thing it’s bad at were email addresses, at least for my target audience they were almost always wrong. Phone numbers have confidence percentages next to them. I would get very surprised calls when cold calling people like that. Some people run very profitable enterprises in that manner.
There are also FB groups of PI and ‘skip tracers’ and you can fairly easily befriend and ask to pull records for you for a price as to not have to sign up for TLO. Although this is expressly against their TOS.
Because when you have this "tool" that is used by anything from postal workers to private investigators to bring up info on millions of citizens then obviously it's a matter of time before it ends up in the wrong hands.
If networked dash cams and home security cameras become common there should be crowd sourced public tracking of every LEO, politician, etc.
So the power a person/institution has should be be inversely proportional to the amount of privacy they enjoy. We can start by only voting in politicians that wear personal cameras a la 'The Circle'. (Some police already do this while on duty.)
Of course the irony is it would take a kind of power to make this happen.
(Forgive the Content ID jamming.)
Not that I'll ever stop trying, but still. It's hard to compete with this level of power/surveillance/etc.
Municipalities are even requiring companies to do this.
Also, isn't it interesting how dark papantir went after all these things came to light. Notice you never see techs commuting on Bart or Caltrain any longer with palantir bags or shirts on any more.
In my experience if you’re in the US they have nearly every past address, licenses, license plates, social, credit history, name and phone number (landline and cell) that you’ve ever used and a list of mostly incorrect email addresses. You’re whole family tree living and deceased and all their data. All sorted by date and searchable off any one or more piece of data. It’s fairly frightening.
Plus a bunch of low confident guesses of data that ‘might’ be yours. And pictures of some people if they’re on certain lists iirc.
Step 1: hi TLO, what information do you have on me? Step 2: right, delete all of it.
What processes and assurances are enough? (Formal methods, I'm looking at you).
In fact, they're so worried about government abuse there that another bill seeking to severely limit retention of license plate reader data passed both the house and senate before being vetoed by the governor over "public safety concerns".
Article about it: https://arstechnica.com/tech-policy/2015/03/virginia-passes-...
Bill details: http://lis.virginia.gov/cgi-bin/legp604.exe?151+sum+SB965
Best quote ever:
> Senator: "I wasn't a criminal suspect, so why are they taking pictures of me?"