ID Theft Risk Scores?

A bunch of widely read people are blogging about “MyIDscore.com Offers Free ID Theft Risk Score.” That’s Brian Krebs at the Washington Post. See also Jim Harper, “My ID Score.”

First, there’s little explanation of how it’s working.

I got a 240 when I didn’t give them my SSN, and my score dropped to 40 when I submitted my SSN. [Editor’s note: Huh? Giving out your SSN lowers your risk of ID theft? That seems an odd message.]

Everybody talks about identity fraud, but nobody does anything about it. This does something about it – specifically, it will help stop the worrying on the part of people who don’t need to. And it will give people who should worry a few things to do to get their situation under control. The more that can be done to demystify identity fraud, the better – and the less likely there will be unwise legislation and regulation that ultimately harm the interests of consumers.

In “What is My ID Score?” there’s some explanation:

My ID Score is a statistical score that’s based on technology currently used by leading communications, financial services, retail companies, healthcare providers, government agencies, and consumers to assess your risk of identity theft. These companies use ID Analytics’ scoring technology to ensure that fraudsters do not apply for goods and services in an innocent consumer’s name

So I think this is not really your ID theft risk, but the perception that their software has. To put it another way, it’s the trouble someone is likely to experience when they try to open a new account in the name you’re giving MyIdScore.com

When you put someone’s information in, they ask you a bunch of questions about them, like “which of these phone numbers have you used?” It’s not clear how well that works when the attackers can access the same databases through their breaches.

(This didn’t post when I wrote it, so its old news, new analysis.)

To The Moon

One of the really fascinating things about listening to the streaming audio of the first moon landing is how much time was spent debugging the spacecraft, resetting this and that.

As the memory fades away, Charlie Stross wrote about the difficulties in going back to the moon:

Not only does the cost of putting a payload into orbit increase with the cube of the payload weight — this rule holds true in the opposite direction, too. Stick a LEM on the moon and bring the contents back? Easy. Increase the mass that the LEM brings back? Very expensive — the price goes up as the sixth power of the weight you’re returning from the lunar surface (because you have to loft the heavier LEM into Earth orbit to begin with).

Identity Theft

Remember Identity Theft isn’t getting your credit card stolen, that’s fraud. Having the records that define who you are to an entire country and determine whether you can get a relatively high paying job get stolen. That’s identity theft…

Chris, I’m sorry

I hate the overuse of URL shortners like tinyurl. I like to be able to see what a link is before I click on it. I don’t like that these companies get to be yet another point of surveillance. (To be fair, tinyurl doesn’t seem to be taking advantage of that. I have cookies from tr.im and su.pr, but not TinyURL.) And so I edited your comment to replace a tinyurl with a full url, and commented that I “corrected it.”

I shouldn’t have done that, I should have just commented about it.

(If this blog was a Kindle, I’d undo it.)

The Arrest of Gates

A couple of good articles are John McWhorter’s “Gates is Right–and We’re Not Post-Racial Until He’s Wrong,” and Lowry Heussler’s “Nightmare on Ware Street.” The full police report is at “Gates police report.”

I think PHB’s comment on Michael Froomkin’s post is quite interesting:

You are all missing a rather significant fact, this is the Cambridge Police force, an organization that has a most peculiar relationship to the community it polices.

Houses in Cambridge cost a fortune, so it is not a city where cops live. So the city is a rich, liberal town policed by a conservative working class police force commuting in from other towns. You do not have to be black to have the Cambridge police act boorishly.


I am trying to avoid talking about the subject with my Cambridge friends as they all want to give their own litany of complaints.

When my apartment in Cambridge was burgled in 1999, the responding officer didn’t even want to get out of his car. When he finally did, he didn’t want to bother to physically examine anything, the one item that I pointed out had a grimy fingerprint was shattered and returned in pieces, and his report failed to document either that the front door was ripped from its hinges, or that a stack of currency from four countries had gone missing.

Sorry, PHB was trying to avoid that. I suspect that both the race and class cards played into this. There’s a strong echo of that in Crowley’s statements reported widely:

“I know what I did was right,” Crowley said in an interview with Boston-based WEEI Sportsradio Network. “I don’t have anything to apologize for.”

There’s one other element of this, which is that the police are separated from communities by a foolish and unwinnable war on drugs. Our last three Presidents have smoked pot, the last two snorted coke. But as long as the police are charged with impossible duties, they will be separated from whatever community may exist.

Please keep the comments civil and respectful of Gates, the officer and one another.

Today’s Privacy Loss – English Soldiers’ Details Published

Demonstrating that no one’s data is safe, the names, pay records, and other personal information of 90,000 English soldiers was placed on the Internet. These soldiers, who served with king Henry V at Agincourt now have their information listed at www.medievalsoldier.org, exposing them to the chance of identity theft after nearly 500 years. They soldiers served from the years 1369-1453. There is no word as to whether they will get credit card protection yet.

For epistemological anarchism

So Dave Mortman and Alex Hutton have a talk submitted to Security BSides entitled “Challenging the Epistemological Anarchist to Escape our Dark Age.” Now, it would certainly be nice if we could all use the same words to mean the same things. It would make communication so much easier! It would let us build the semantic web.

Now, don’t get me wrong. I hate cutesy and confusing names for attacks as much as Alex and Dave. But let’s think about the solution for a minute. If we’re going to challenge anarchy, we do it from a position of authority. We ask some group of the great and the