[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Fwd: YOUR personal information in Lexis database
it looks like demanding to have one's personal info. removed
from their database will only have a symbolic effect --
since it's unlikely that Lexix/Nexis is going to go back through
all of their records & the CD-ROMs they've already sold to delete
information. The whole idea is pretty disturbing -- shouldn't a
private company have to get permission to publish & distribute
personal information on private citizens??? (well, obviously they
DON'T have to). Even if you consider bounty hunters, collection
agents etc to be semi-official, what about individuals looking
getting access to this information for their own, less than
scrupulous purposes, such as stalkers, ex-husbands of battered
women, etc? There are plenty of people out there with "legitimate"
personal safety reasons for not wanting to be found! What
Lexis/Nexis needs is to get slapped with a good lawsuit once the
inevitable happens & someone gets hurt/killed because of
information the Company made available!
>Date: Thu, 19 Sep 1996 22:28:35 -0400 (EDT)
>From: Stanton McCandlish <mech@eff.org>
>Sender: med-privacy@essential.org
>To: Multiple recipients of list <med-privacy@essential.org>
>Subject: Re: Fwd: YOUR personal information in Lexis database
>
>Re: Devlin's note...
>
>What's more, the SSN *is* still in there. I've done some checking.
Even
>Lexis/Nexis admits this. P-Trak just doesn't give you SSNs when
you dig up
> a
>name. However, it does let you input an SSN, and then will tell
you the
>name that (supposedly) belongs to the SSN. Obviosly, the SSNs are
still
>there, and are still tied to name records.
>
>Now, about the CD-ROM version:
>
>What this also means is that anyone with rudimentary cracking
skills,
>like enough smarts to use a hex editor, if it's even that hard,
can get
>at the SSNs in the database, unless there's some robust crypto
involved.
>Even assuming a proprietary format, it probably wouldn't be
difficult for
>any database designer to figure out the spec of the records, and
write a
>new interface to the database, designed to do nothing but give you
SSNs
>in response to name input.
>
>What it also also means is that if a CD-ROM with the SSNs in full view
>was ever published by Lexis/Nexis, it is still out there, in the hands of
>whoever bought it, all discussion of hacking the versions with hidden
> SSNs.
>
>Lexis/Nexis' reassurances ring very hollow the more one thinks about all
>of this.
>
>And this doesn't even touch the question of the impropriety, the
>downright sleaze, of creating a database so that cops, without any kind
>of warrant or subpoena, not to mention the shifty and often rather
>dangerous types who infest the skip tracer, process server, bounty hunter
>and PI fields, can "look you up".
>
>L/N also completely avoids the issue of their repurposing of public
>records, which were intially created on paper in disparate govt. offices
>for purposes of ascertaining particular facts about a particular
>individual by going down to the office and looking it up in filing cabinet.
>Now it's all combined on a disk, for convenient searches and extraction
>for any purpose you have in mind, with blistering speed, and by the
> thousand.
>
>L/N furthermore neglects to mention the credit agency and other private
>sector alleged sources of much of this data, harping on the public-sector
>sources.
>
>--
><HTML><A HREF="http://www.eff.org/~mech/"> Stanton McCandlish
></A><HR><A HREF="mailto:mech@eff.org"> mech@eff.org
></A><P><A HREF="http://www.eff.org/"> Electronic Frontier
> Foundation
></A><P><A HREF="http://www.eff.org/A"> Online Activist
> </A></HTML>