[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fwd: YOUR personal information in Lexis database

To: med-privacy@essential.org
Subject: Re: Fwd: YOUR personal information in Lexis database
From: Stanton McCandlish <mech@eff.org>
Date: Thu, 19 Sep 1996 19:14:29 -0700 (PDT)

  Re: Devlin's note...
  
  What's more, the SSN *is* still in there. I've done some checking. Even 
  Lexis/Nexis admits this. P-Trak just doesn't give you SSNs when you dig up a 
  name. However, it does let you input an SSN, and then will tell you the 
  name that (supposedly) belongs to the SSN. Obviosly, the SSNs are still 
  there, and are still tied to name records.
  
  Now, about the CD-ROM version:
  
  What this also means is that anyone with rudimentary cracking skills, 
  like enough smarts to use a hex editor, if it's even that hard, can get 
  at the SSNs in the database, unless there's some robust crypto involved.
  Even assuming a proprietary format, it probably wouldn't be difficult for 
  any database designer to figure out the spec of the records, and write a 
  new interface to the database, designed to do nothing but give you SSNs 
  in response to name input.
  
  What it also also means is that if a CD-ROM with the SSNs in full view 
  was ever published by Lexis/Nexis, it is still out there, in the hands of 
  whoever bought it, all discussion of hacking the versions with hidden SSNs. 
  
  Lexis/Nexis' reassurances ring very hollow the more one thinks about all 
  of this.
  
  And this doesn't even touch the question of the impropriety, the 
  downright sleaze, of creating a database so that cops, without any kind 
  of warrant or subpoena, not to mention the shifty and often rather 
  dangerous types who infest the skip tracer, process server, bounty hunter 
  and PI fields, can "look you up".
  
  L/N also completely avoids the issue of their repurposing of public 
  records, which were intially created on paper in disparate govt. offices 
  for purposes of ascertaining particular facts about a particular 
  individual by going down to the office and looking it up in filing cabinet.
  Now it's all combined on a disk, for convenient searches and extraction 
  for any purpose you have in mind, with blistering speed, and by the thousand.
  
  L/N furthermore neglects to mention the credit agency and other private 
  sector alleged sources of much of this data, harping on the public-sector 
  sources.
  
  -- 
  <HTML><A HREF="http://www.eff.org/~mech/">    Stanton McCandlish
  </A><HR><A HREF="mailto:mech@eff.org">        mech@eff.org
  </A><P><A HREF="http://www.eff.org/">         Electronic Frontier Foundation
  </A><P><A HREF="http://www.eff.org/A">        Online Activist    </A></HTML>

Follow-Ups:
- Re: Fwd: YOUR personal information in Lexis database
  - From: gbliles@cais.cais.com (Gayle Liles)

Prev by Date: Fwd: YOUR personal information in Lexis database
Next by Date: Lexis-Nexis is not a med-privacy issue
Prev by thread: Fwd: YOUR personal information in Lexis database
Next by thread: Re: Fwd: YOUR personal information in Lexis database
Index(es):
- Date
- Thread