Shostack + Friends Blog Archive


Choicepoint Roundup, March 10

  • Harry Weber of the Associated Press is looking to talk to Choicepoint employees. Email him at
    He’s been covering the story since it broke.

  • The readers of Chief Security Officer Online have spoken, and not one opposes more disclosure laws. (As of noon, Thursday.)
  • Bruce Schneier asks why Choicepoint seems to be saying “Please Regulate Me?” (I opined this in “Choicepoint’s Orientation.”)
  • Sound Assurance claims that the $2m spent buying people credit monitoring would have been better spent on prevention. I’m not sure I buy this argument. Firstly, where to spend that money to prevent this sort of fraud? Secondly, how much to spend? It’s easy to say “$2m” with hindsight. (Gordon and Loeb would say less than 37% of that, but that’s another post.)
  • I’ve posted “Financial Privacy Regulations, 5 Years Behind?” excerpting an American Banker story. If anyone asks what a new law should include, prompt implementation would be a fine start.
  • Correlation Central compares the Harvard MBA and Choicepoint incident responses.
  • BoingBoing picks up the Deborah Pierce story. Since Deborah is running CFP this year, expect more press on her file.
  • Without Warranty has some good advice on how to invest:

    The next time you see a big headline pronouncing the latest corporate scandal, look closely at whether it’s just juicy gossip or whether it affects the core of the business before deciding to buy or sell.

    For example, Choicepoint was hacked and has lots of user info stolen. Choicepoint still had the information and thus it’s business remained unaffected… Choicepoint was up 11% the other day because it’s still making money and people are quickly forgetting last weeks headline.

    It’s solid advice, but I don’t agree that the business remained unaffected. Choicepoint is on their way to getting their industry heavily regulated.

  • Speaking of which, PIPEDA and Canadian Privacy posts tomorrow’s Senate Banking Committee’s Hearing schedule (official copy). Interestingly, for Choicepoint, it’s Mr. Don McGuffey, Vice President. Was Derek too busy, or are they not letting him out in public anymore?
  • Oops! Yesterday’s Two Minutes hate should have been brought to you by TKIDBlog, with Truth In Advertising. And today’s is brought to you by ActonUp, pointing out the big lie of Lexis Nexis claiming “No Financial Information Compromised” (Just social security numbers. I feel better too.)

My 25 prior Choicepoint posts are rounded up here.

3 comments on "Choicepoint Roundup, March 10"

  • Chris Walsh says:

    Bruce is right that ChoicePoint is begging to be regulated. I do not see why this is at all surprising, in fact I have used the “Regulate me, please!” line in more than one email about this, since to me it is so obvious a move.
    As I said in a 2/18 comment at FC:

    This thing breaks the right way, and they’ll be clamoring for the opportunity to “self-regulate” in order to better “serve the public”. That the temptation to permit this should be strenuously resisted by government need hardly be stated. Show these firms that it’s either regulation via legislation, via executive branch administrative oversight, or via the courts, and they’ll be begging for choices 1 and 2.

  • Chris says:

    I found your blog via the link to my site as a result of a post I did a while back about ChoicePoint. I ran across this today:
    and figured this blog would be interested in it.

  • I have name Choicepoint in my new book on Subliminal Persuasion. The following link takes you to a diagram where I introduce the implications of customer surveillence.

Comments are closed.