How Secure Is Your Child’s Social Security Number?

E-Crime Expert brings you today an interesting Information Security web show on how Children are the most vulnerable for identity and financial information theft.

Concise Courses organized a web show titled: “How Secure Is Your Child’s Social Security Number?” with three expert speakers on the subject: Michelle Dennedy, Bo Holland and Andrew Serwin. Michelle serves as Chief Privacy Officer at McAfee and founded the iDennedy Project. Bo founded AllClear ID, and Andrew has handled child security matters before the Federal Trade Commission in information security and COPPA.

You can watch the recorded Information Security web show video including a short presentation of the special guests here.

Michelle mentioned that historically child identity theft was never considered to be a problem, however, statistics today show that 11% of kids have their Social Security Number stolen and used to obtain illegal credit. Think about that! In a classroom of 11, one child will have their identity being used to secure mortgages, purchase cars etc. When asked about victim impact for the child and parents, Michelle mentioned that of course it can be very traumatic – not least because, for example, access to education funds can be withheld and the cost to “clean” the credit can be very expensive.

One of the many excellent points that Bo mentioned was that victims keep getting younger because the likelihood of parents checking their child’s credit is minimal, especially if their children are under the age of ten.

Andrew spoke on various equally interesting topics and identified social media as particularly problematic since children can very easily volunteer personal information such as birth date, address and other details that can be used for fraudulent activity.

If you have question please contact us at: dan@e-crimeexpert.com

Majority of Internet sites leaks users data

Because E-Crime Expert wrote extensively about online, Internet privacy, also how users data can be retrived and which are the most important privacy risks, today E-Crime Expert is featuring a good Article on how majority of Internet sites are leaking users data.

“Online privacy leakes worsen”

“A new study from a Stanford University researcher has found that a lot of  the little bits and pieces of supposedly anonymous data being deposited by your web browser are actually being gathered and reassembled by dozens of companies and sold. And stopping that from happening takes more than a little bit of effort, helped by a growing movement for “do not track” legislation.

More companies know more about you than previously thought and stopping them from secretly building profiles of you is a lot harder than just pressing a button, researcher Jonathan Mayer says.

He adds:

“Click the local Home Depot ad and your email address gets handed to a dozen companies monitoring you. Your web browsing, past, present, and future, is now associated with your identity… Keep tabs on your favorite teams with Bleacher Report and you pass your full name to a dozen again. This isn’t a 1984-esque scaremongering hypothetical. This is what’s happening today.”

Mayer, of Stanford’s Computer Security Laboratory, says more than half of the sites surveyed share your information with other sites. As an example, he notes that  even when you’re on a typical commercial news site there will be multiple companies collecting information as a matter of course: including the site itself, a video delivery service, advertising networks and social networks.

Previously, privacy advocates suggested that opting out of so-called behavioral advertising was a means of avoiding having your online usage patterns tracked. But Mayer says that stopping targeted advertising doesn’t stop the data collection.

Consumers Union regulatory counsel Ioana Rusu says companies can not only find out who you are and where you’ve been, but also alter offers that you see based on nothing other than the websites you’ve visited — something that can paint a grossly distorted picture of someone. She cited the example of a credit card company that presented different offers to users based on their online profile.

“These decisions are not made based on actual credit reports, but on the users’ browsing patterns,” she says.

Federal Trade Commission Chairman Jon Leibowitz, speaking at the same privacy forum, says the potential impact to consumer privacy with today’s technology goes far beyond targeting you for advertising. “Your tracked information doesn’t have to stop there; it could be traded throughout an invisible lattice of companies, snowballing into an exhaustive profile of you (that is) available to those making critical decisions about your career, finances, health, and reputation.”

Note: Credits and copyright for this article go to Reuteurs.

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.

Facebook changes and the Federal Trade Commission

As expected after so many reactions from Privacy advocates to privacy bloggers (including myself in a blog post here), Facebook new changes (Timeline, Ticker) were brought to the attention of officials including the Federal Trade Commission, as the Washington Post Blog announced.

A significant help came from the Australian blogger Nik Cubrilovic who wrote on September 25, 2011 (read here) about a discovery he made while looking into Facebook’s code. This discovery points out how Facebook actually tracks users browsing and visited webpages by using cookies, even after they logged out of the network. Those “super cookies” have the ability to carry on after the user logged out of Facebook. If you remember, E-Crime Expert also posted a blog which exposed how cookies monitor and track users: Cookie monitoring?! No way…just a “coincidence”

Of course Facebook got in touch with Nik Cubrilovic and answered his concerns that: “the company has cookies that persist after logout in order to identify outside parties who may be trying to log in to a user’s account” (Cubrilovic’s Blog).

Facebook said there were a couple of bugs in their system that kept unique user information, but those bugs did not store users’ private information and that they already fixed this technical issue.

Besides these issues described above and identified by Nik Cubrilovic, Facebook practices “frictionless sharing,” that permits apps to post user activity to the network in real-time without requiring permission from account holders for every update (the new Facebook Timeline feature). Some of these apps are already using the new Facebook platform and are posting real-time feeds regarding other users’ information (wall updates, pictures, quotes, videos, music, etc) on Facebook. This brings with it some risks for cyber stalking, enforcement/prosecution or employment because with the new Facebook features, the information is much more easily followed by any interested party or entity, being displayed in a chronological order and categorized under individual users rather than being delivered in bulk.

Civil rights advocacy groups such as the Electronic Privacy Information Center (EPIC) and the American Civil Liberties Union including another 10 groups brought all these issues to the Federal Trade Commission’s (FTC) attention. They ask FTC to investigate the new Facebook changes in order to establish if those new changes are violating consumers’ privacy by encouraging users to share more information, because:  “For users who wish to maintain something approaching their old privacy settings, Facebook has offered solutions that are confusing, impractical, and unfair.”

To conclude, those new Facebook changes (Timeline, etc.) are going to be aired to users during this weekend. Soon, after this, regular users will heavily test new changes and other privacy groups and advocates will be able to have better feedback on whether these changes have the impact described in this post.

Regarding my personal feedback so far, anyone with access to a user’s Timeline (which may have low privacy settings), could find in all the information about that particular user in chronological order which is neatly organized in one useful package for cyber criminals to copy in an instant. That could become a one stop-shop for identity theft or cyber stalkers. It can also bring risks when applying for a job (easy for a prospective employer to “scan” one’s social life) or when monitored by public authorities (i.e. when one posts pictures when driving with 200 km/h, repeatedly).

Until then, when using new Facebook privacy features it is important to stop posting everything on Facebook, think twice before doing so, research and review what these things are because as E-Crime Expert always stresses an informed user, makes an informed decision.

Also, I am looking forward to the FTC reaction and response on these alleged privacy vulnerabilities.

Any questions can be submitted to: dan@e-crimeexpert.com

Additional information can be found at: www.e-crimeexppert.com

What do you think about these changes? Have you received them? What do you expect to be the FTC’s reaction?

Hit the “subscribe” button in order to be notified when new videos and Articles are posted on this blog.