[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fwd: YOUR personal information in Lexis database

  it looks like demanding to have one's personal info. removed 
  from their database will only have a symbolic effect -- 
  since it's unlikely that Lexix/Nexis is going to go back through 
  all of their records & the CD-ROMs they've already sold to delete 
  information.  The whole idea is pretty disturbing -- shouldn't a 
  private company have to get permission to publish & distribute 
  personal information on private citizens??? (well, obviously they 
  DON'T have to).  Even if you consider bounty hunters, collection 
  agents etc to be semi-official, what about individuals looking 
  getting access to this information for their own, less than 
  scrupulous purposes, such as stalkers, ex-husbands of battered 
  women, etc? There are plenty of people out there with "legitimate" 
  personal safety reasons for not wanting to be found!  What 
  Lexis/Nexis needs is to get slapped with a good lawsuit once the 
  inevitable happens & someone gets hurt/killed because of 
  information the Company made available!
  >Date:	Thu, 19 Sep 1996 22:28:35 -0400 (EDT)
  >From:	Stanton McCandlish <mech@eff.org>
  >Sender:	med-privacy@essential.org
  >To:	Multiple recipients of list <med-privacy@essential.org>
  >Subject:	Re: Fwd: YOUR personal information in Lexis database
  >Re: Devlin's note...
  >What's more, the SSN *is* still in there. I've done some checking. 
  >Lexis/Nexis admits this. P-Trak just doesn't give you SSNs when 
  you dig up
  > a 
  >name. However, it does let you input an SSN, and then will tell 
  you the 
  >name that (supposedly) belongs to the SSN. Obviosly, the SSNs are 
  >there, and are still tied to name records.
  >Now, about the CD-ROM version:
  >What this also means is that anyone with rudimentary cracking 
  >like enough smarts to use a hex editor, if it's even that hard, 
  can get 
  >at the SSNs in the database, unless there's some robust crypto 
  >Even assuming a proprietary format, it probably wouldn't be 
  difficult for 
  >any database designer to figure out the spec of the records, and 
  write a 
  >new interface to the database, designed to do nothing but give you 
  >in response to name input.
  >What it also also means is that if a CD-ROM with the SSNs in full view 
  >was ever published by Lexis/Nexis, it is still out there, in the hands of 
  >whoever bought it, all discussion of hacking the versions with hidden
  > SSNs. 
  >Lexis/Nexis' reassurances ring very hollow the more one thinks about all 
  >of this.
  >And this doesn't even touch the question of the impropriety, the 
  >downright sleaze, of creating a database so that cops, without any kind 
  >of warrant or subpoena, not to mention the shifty and often rather 
  >dangerous types who infest the skip tracer, process server, bounty hunter 
  >and PI fields, can "look you up".
  >L/N also completely avoids the issue of their repurposing of public 
  >records, which were intially created on paper in disparate govt. offices 
  >for purposes of ascertaining particular facts about a particular 
  >individual by going down to the office and looking it up in filing cabinet.
  >Now it's all combined on a disk, for convenient searches and extraction 
  >for any purpose you have in mind, with blistering speed, and by the
  > thousand.
  >L/N furthermore neglects to mention the credit agency and other private 
  >sector alleged sources of much of this data, harping on the public-sector 
  ><HTML><A HREF="http://www.eff.org/~mech/">    Stanton McCandlish
  ></A><HR><A HREF="mailto:mech@eff.org">        mech@eff.org
  ></A><P><A HREF="http://www.eff.org/">         Electronic Frontier
  > Foundation
  ></A><P><A HREF="http://www.eff.org/A">        Online Activist   
  > </A></HTML>