Shostack + Friends Blog Archive


Choice Point Screening

Stamford Police said Jevene Wright, 29, created a fictitious company called “Choice Point Screening” and submitted false invoices for background checks that were submitted to Noble Americas Corporation, an energy retailer firm located in Stamford. (Patrick Barnard, “The Stamford (CT) Patch“) I don’t want to minimize the issue here. Assuming the allegations are correct, the […]


Dear ChoicePoint: Lying like a cheap rug undercuts all that

ChoicePoint was supposed to take steps to protect consumer data. But the FTC alleged that in April 2008 the company switched off an internal electronic monitoring system designed to watch customer accounts for signs of unauthorized or suspicious activity. According to the FTC, that safety system remained inactive for four months, during which time unauthorized […]


University of Miami: Good for the body, bad for the soul?

The University of Miami has chosen to notify 41,000 out of 2.1 million patients whose personal information was exposed when thieves stole backup tapes. The other 2.1 million people, apparently, should be reassured, that their personal medical data was stolen, but the University feels it would be hard to read, and well, there’s no financial […]


ChoicePoint's data quality

In a comment, Tom Lyons asked: I have two clients who are asking me to investigate matters with Choice Point as it relates to inaccurate employment records provide to prospective employers. I am seeking persons who have similar experiences to determine a “pattern and practice” on the part of Choice Point. I don’t know Mr. […]


Choicepoint’s Error Rate

Choicepoint regularly claims a very low rate of errors in their reports. In the Consumer Affairs story, “Choicepoint gets a Makeover,” Choicepoint President Doug “Curling claims his company has a less than 1/10th of 1 percent error rate.” Now WATE in Knoxville, TN, reports that “Anderson Co. man finds credit report error:” At his insurance […]


"Free the Grapes" Externalizes Risk

Or so “Shipcompliant” would have us believe, with a blog post entitled “Free the Grapes! Updates Wine Industry Code for Direct Shipping Practices.” The new addition to the Code is step 4, which specifies that wineries should verify the age of the purchaser of the wine at the time of transaction for all off-site transactions […]


Choicepoint reports $50M more expenses, some due to breach

The Atlanta Business Chronicle reports that “ChoicePoint tumbles to third-quarter loss:” ChoicePoint Inc. went into the red in the third quarter, hurt by about $50 million in charges related to asset impairment, stock expenses and legal fees from a data breach in 2005. Choicepoints losses are a severe outlier. As I said in March, 2005, […]


Fines, Settlements in Privacy Invasions

Topping the list, Vodaphone has been fined $100M (€76M) for failing to protect 106 mobile accounts. “Greek Scandal Sees Vodaphone fined” at the BBC, via Flying Penguin. On this side of the Atlantic, Choicepoint, Experian and Reed-Elsevier are looking to pay $25 million to settle claims that they invaded the privacy of 200 million drivers […]


Worse Than Choicepoint: The FTC?

So part of Choicepoint’s settlement with the FTC was a $5m fund to compensate their victims. Now, there were 167,000 victims, of whom 800+ had their identities abused by fraudsters. None have gotten any money: Jessica Rich, assistant director of the FTC’s division of privacy and identity theft, said in a statement released to AP […]


Choicepoint, while we're correcting errors

A few weeks back, I corrected an error in a post about Choicepoint. Choicepoint also corrected an error, see “Job seeker loses opportunity after inaccurate background check” for details: “Well, first they said, ‘Something was wrong with your background check,’” she said. “I said, ‘What is wrong with it? What is wrong with my background […]


Choicepoint Correction

In response to “Choicepoint Spins off Three Businesses,” Choicepoint spokesperson Matt Furman sent the following: It is factually incorrect to describe ChoicePoint or its subsidiary, Bode Technology Group, as attempting to “amass a DNA database.” Bode’s clients are almost entirely government laboratories that are trying to solve crimes and identify victims as well as felony […]


Choicepoint Spins off 3 Businesses

From their press release: ALPHARETTA, Ga., July 10 /PRNewswire-FirstCall/ — ChoicePoint (NYSE: CPS – News) today announced its intent to divest various businesses resulting from its company-wide strategic review. The previously disclosed review process resulted in the company adopting a new strategic focus on helping customers manage economic or physical risks, as well as the […]


What Choicepoint Learned

Another new measure: ChoicePoint this month created a security advisory committee comprised of DiBattiste, the company’s CIO, head of internal audit, the chief business officer, chief marketing officer, chief administrative officer and general counsel. The group meets regularly “to ensure we’re hitting every aspect of security and privacy,” says DiBattiste. “One of the lessons we […]


The FBI's Use of Data Brokers

Although the federal government and local law enforcement agencies nationwide use private data brokers, the FBI said that practices used by these companies to gather private phone records without warrants or subpoenas is illegal, according to an Associated Press article on A senior FBI lawyer, Elaine N. Lammert, told lawmakers the bureau was still […]


How Damaging is a Breach?

Pete Lindstrom is looking at an important set of questions: How likely is it that a given breach will result in harm to a person? What’s the baseline risk? Data is nonexistent on these questions, which means we get to throw around our pet theories. For example, we know of 800 ID thefts from the […]


Two Minutes Hate: Choicepoint

This is: the snooping into your phone bill is just the snout of the pig of a strange, lucrative link-up between the Administration’s Homeland Security spy network and private companies operating beyond the reach of the laws meant to protect us from our government. You can call it the privatization of the FBI — though […]


Breach Notification, the New Normal, and a New Metaphor

Ever wonder if banks are required to tell customers when their systems are hacked? You may be shocked to learn that they are not. Wow. Fifteen months since Choicepoint, and that’s being written? There’s a new set of expectations out there, and it hasn’t taken long to set. Thank you, Choicepoint. The quote leads an […]


DHS Spokesman Brian J. Doyle Arrested

The deputy press secretary for the Department of Homeland Security was arrested last night on charges that he used the Internet to seduce an undercover Florida sheriff’s detective who he thought was a 14-year-old girl, the Polk County Sheriff’s Office said. Brian J. Doyle, 55, was arrested at his Silver Spring home at 7:45 p.m. […]


Google to Acquire Choicepoint

Mountain View, CA., April 1 /PRNewswire/ — Google today announced plans to acquire Alpharetta, GA based Choicepoint. Choicepoint, 2005 winner of the “Lifetime Acheivement” Big Brother award, is a data warehouser which collects information on everyone it possibly can, and re-sells it widely. “Google’s mission is to “organize the world’s information and make it universally […] Sent 'Race-Customized' Valentines

How are’s Valentine’s Day e-mails targeted? Very simply: one version of their e-mail targets black singles, another targets East Indian lonely hearts, and other versions target the Asian and Hispanic loveless. (Our multi-cultural bots were lucky enough to get one of each). There’s nothing wrong with that on the surface. But we wondered how […]


Thank You, Choicepoint

It’s been a year since Choicepoint fumbled their disclosure that Nigerian con man Olatunji Oluwatosin had bought personal information about 160,000 Americans. Bob Sullivan broke the story in “Database giant gives access to fake firms,” and managed to presage much of what’s happened in the opening paragraphs of his story: Last week, the company notified […]


Choicepoint to Pay $15M Fine

Atlanta-based data aggregator ChoicePoint today agreed to pay $15 million to settle charges that it violated federal consumer protection laws when it allowed criminals to purchase sensitive financial and personal data on at least 163,000 Americans. The settlement addresses a pair of lawsuits filed against ChoicePoint by the Federal Trade Commission and represents the largest […]


Insurance Claims and Privacy

One of the biggest issues I have with the gossip industry is how behavior that seems normal and expected is entered into databases and is used to judge us in unexpected ways. As the Tampe Tribune reports in “Insurers’ Road Service Could Prove Costly:” TAMPA – Andrea Davis can’t understand what two flat tires and […]


Costs of Breaches

The Ponemon Institute continues to analyze the cost of breaches. Their latest work is distributed by PGP, Inc. The work that they’re doing is quite challenging and useful, but is unlikely to be a complete accounting of the costs. For example, what’s the real cost of the brand damage done to Choicepoint? Along with several […]


Choicepoint's Custom Products

I appreciate all the notes you’ve been sending me telling me about “FBI, Pentagon pay for access to trove of public records.” I’d love to have something insightful to add to this, but I don’t. Ryan Singel has a bit more: The article, which relies on heavily redacted documents acquired through an open government request, […]


How Much Goodwill is 17,000 Letters Worth?

The Seattle Post Intelligencer reports that “ChoicePoint warns consumers about fraud:” ChoicePoint Inc., the company that disclosed earlier this year that thieves had accessed its massive database of consumer information, said Tuesday in a regulatory filing it has sent out another 17,000 notices to people telling them they may be victims of fraud. The story […]


Choicepoint Roundup

Well, I’ve tried going cold turkey, but wasn’t getting positive reinforcement, so I stopped. Let’s start from the positive, shall we? Chris Hoofnagle of EPIC is quoted in a positive light in “ChoicePoint says it’s securing public’s personal data better” in the Atlanta Journal Constitution. Now that that’s out of the way. Science Daily tells […]


IT Harvest IT Security Summit

I should also mention that I had a good time at the Detroit IT Security Summit. I thought there was an interesting and broad selection of panelists, including some technical people and some senior managers. I didn’t get to talk to as many folks as I might have liked, but that’s always the case.


CounterTerrorism and Bureaucracy

In “Bureaucracy Kills,” Daveed Gartenstein-Ross writes (quoting CNN): FEMA halted tractor trailers hauling water to a supply staging area in Alexandria, Louisiana[.] The New York Times quoted William Vines, former mayor of Fort Smith, Arkansas, as saying, “FEMA would not let the trucks unload. . . . The drivers were stuck for several days on […]


Small Bits: Silver Linings, Presidential Game Theory, Disclosure, War

Privacy Law lists the 16 states that now have notification laws. Thanks, Choicepoint! At Balkin, ‘JB’ has a long discussion of why 2nd term Presidents all seem to be scandal ridden…since the 22nd Amendment took away what game theorists call ‘the long uncertain shadow of the future.’ I nearly said something about ‘experimental confirmation’ here, […]


Russia's Information Market

Bruce Schneier mysteriously titles a post “Russia’a Black-Market Data Trade.” But its not clear to me that this is black-market at all. Does Russia have a data protection law? Quoting from The Globe and Mail: At the Gorbushka kiosk, sales are so brisk that the vendor excuses himself to help other customers while the foreigner […]


Choicepoint Roundup

At MSNBC, Bob Sullivan covers the loss of confidence in ecommerce that leaks are causing: The survey also found nearly all Americans think identity theft and spyware are serious problems, but only 28 percent think the government is doing enough to address the issues. About 70 percent said new laws are necessary to protect consumer […]


Well Said!

“IRS announces plans to be the butt of three consecutive days of “Daily Show” jokes.” So headlines John Paczkowski’s post at Good Morning Silicon Valley.


Choicepoint Roundup, June 30

We open with two articles from “ChoicePoint overhaul falls behind,” (June 24) and “ChoicePoint overhaul completed, company says” (June 30). From the latter: “In fact, we’ve gone beyond our announced commitments to make substantial changes in the past 90 days,” ChoicePoint spokesman Dan McGinn said in an e-mail late Tuesday. The Alpharetta, Ga.-based data […]


UK ID Cards, Choicepoint, and Privacy

Usually, government ministers wait until a new program has been rolled out before they start reneging on their promised of how it will work. But in the brave new world of UK ID cards, they’re being honest. As the Independent reports in “Ministers plan to sell your ID card details to raise cash“: Personal details […]


Choicepoint, Two Minutes Hate

This was going to be a roundup, but heck, There’s a backlog of hate, and I must post. Under the headline, “Who let Jeb Bush and ChoicePoint into the UK?” ‘Brother Rail Gun of Desirable Mindfulness’ points to a BBC story, “Hundreds wiped off vote register.” An oldy-but-I-Hadn’t-linked, Adrift at Sea comments in “Bleeding Edge […]


CardSystems and Choicepoint

Choicepoint, please call your trademark attorneys. You’re in danger of becoming a generic term for “massive security breach,” and a band-aid isn’t going to fix that. That was the lead (and about all I’d written) of a long post on Choicepoint and some bank breach. I think it was the New Jersey case. The point […]


Markets in Social Security Numbers

Social security numbers used to be just for social security. But the government is the only actor in the marketplace who can produce something, and also mandate demand for it. In the case of SSNs, they’ve created a large demand by declaring that Uncle Sam gets to decide who you may hire. (The gossip-mongers credit […]


Duke, 9,000 partial SSNs, Hacker. (With Commentary.)

In Hacker hits Duke system, the (Charlotte? Raleigh [thanks, Neil!]) News and Observer reports on a breach at Duke University School of Medicine. The school’s “Security Incident at Duke” page states: On Thursday, May 26, 2005 a security breach allowed an unauthorized user to gain access to data stored on several web sites at Duke […]


Breach Disclosure Laws

The National Conference of State Legislatures has a “2005 Breach of Information Legislation” summary page: Summary: Legislation was introduced in at least 34 states as of May 18, 2005. Legislation enacted in at least six states in 2005: Arkansas, Georgia, Indiana, Montana, North Dakota and Washington. Thank you, masked man Choicepoint. (Via The HIPAA blog.)


Choicepoint Roundup

Household Watch has a story: When Ms. Marshall got a $6,000 home-improvement loan from a credit union in April 2003, she had to pay relatively high interest because of a weak credit score. The credit check had showed a court ruling ordering her to pay overdue rent to a former landlord in a Washington, D.C., […]


Choicepoint vs CIA

The New York Times has a long article on the successors to Air America, “C.I.A. Expanding Terror Battle Under Guise of Charter Flights.” The bit that really caught my attention was: On closer examination, however, it becomes clear that those companies appear to have no premises, only post office boxes or addresses in care of […]


New Books

Two new books that may be of interest are blogger Wendy McElroy’s “National Identification Systems, Essays in Opposition” and Choicepoint CISO Richard Baich’s “Winning as a CISO.” I was going to add clever text juxtaposing the texts, but really. hmmm, I really must make this post longer, or the blog looks really bad.     […]


Choicepoint, Axciom Highly Accurate

100% of the eleven participants in the study discovered errors in background check reports provided by ChoicePoint. The majority of participants found errors in even the most basic biographical information: name, social security number, address and phone number (in 67% of Acxiom reports, 73% of ChoicePoint reports). Moreover, over 40% of participants did not receive […]


Real ID Roundup

The fair and balanced Real ID Sucks blog (“A clearinghouse of stories about how the states will be required to spend $250 million to create standardized, machine-readable driver’s licenses, to make it easier for hackers, thieves and credit bureaus to track your every move.”) points to a San Jose Mercury News editorial, “Real ID Act […]



Knight Errant has a long post, “Tipping My Tinfoil Hat,” in which he makes mention of Choicepoint. And Consumer Affairs has a long article “USA PATRIOT Act Rewards ChoicePoint.” The IntegraSys corporation’s ID Verification software, for example, cross-checks and references 23 billion data records, including everything from credit report headers to “warm address lists” that […]


Choicepoint, May 12 has an article “Lawyers See Data ‘Fear Factor’ Rising:” The suits, which have been consolidated in federal court in Los Angeles and are requesting class action status, seek monetary, statutory and punitive damages, including compensation for the anxiety of waiting and wondering. They also aim to represent consumers regardless of whether their data were […]


Corporate Welfare from TSA

USA Today reports “U.S. asks for more data on travelers” The federal government plans to begin collecting the full names and birth dates of air travelers this summer in its latest effort to screen passengers for possible links to terrorism. In a few weeks, the Transportation Security Administration will notify airlines, travel agents and online […]


The Coming Privacy Law

Perspectives from the gossip industry are presented by Information Week, in “Execs Testify In Favor Of National Data-Security Law:” In prepared testimony for a hearing by the House Committee on Financial Services, executives from Bank of America, ChoicePoint, and LexisNexis supported legislation patterned after California’s law requiring companies to notify customers about security breaches. ChoicePoint […]


Choicepoint Analyses

Today’s Wall Street Journal has an good summary article, “For Big Vendor of Personal Data, A Theft Lays Bare the Downside” (Thanks, Nick!. Also, the Pittsburgh Post-Gazette has picked up the story, and made it available): The vulnerability of the company’s data and its difficulty in tracking the breach point to a paradox. ChoicePoint and […]


Perspectives on "Identity Theft"

WYFF-TV, “The Carolina Channel,” interviews two fraudsters who made money impersonating others. If you have any doubt these people are scum, one impersonated his own brother, and stole $71,000. In another, on Dave Farber’s list, victim Tom Goltz writes: Speaking as a victim of identity theft, there is absolutely nothing that an individual can do […]


Small Bits of Chaos all Starting with Names

Mike Solomon, of PithHelmet fame, comments on RSS spam, and promises to do something about it. (Incidentally, I’ve been wondering about NetNewswire’s cookie behavior when you load pages, but some rummaging in it’s files didn’t seem to turn up cookies, and I needed to go blog earn money.) Alan Chapell (whose blog is looking much […]


Way To Debate!

Since Choicepoint demonstrated that screening is hard, they’ve been repeating the phrase “We look forward to a national debate.” But at yesterday’s annual meeting, they once again failed to engage in that debate. The LA Times has an AP story “No Answers for ChoicePoint Shareholders” (Bugmenot, because no other paper has picked up the story, […]


Choicepoint Annual Meeting

But today, the chairman and chief executive of Alpharetta-based ChoicePoint is likely to get a feel for his standing on a smaller stage: whether he is held in esteem by ChoicePoint shareholders. … Lauren Waits, who oversaw ChoicePoint’s charitable giving program before leaving earlier this year, describes her former boss as a visionary who also […]


National Legislative Roundup

In “Proposed Legislation Limiting PI Access to Data“, Private Investigator News and Information provides the National Council of Investigation and Security Services’s roundup of legislation that would affect the private investigator business. Naturally, the private investigators are up in arms; their job is about to be made a lot harder over something that wasn’t their […]


Choicepoint: April 24

The Privacy Law Site posted on the Schumer-Nelson Comprehensive Privacy bill on April 13, but I just found it. The author summarizes the bill. Richard Clarke has a column in the New York Times, “You’ve Been Sold,” in which he outlines some reasonable parts of a new law. [Added shortly after first posting.] The Seattle […]


Choicepoint Earnings

ChoicePoint Inc. (NYSE: CPS), today reported first quarter total revenue growth of 19 percent compared to 2004. First quarter total revenue for 2005 was $259.3 million. … These expenses included approximately $2.0 million for communications to, and credit reports and credit monitoring services for, individuals receiving notice of the fraudulent data access and approximately $3.4 […]


Choicepoint, April 20

Presto Vivace reports that: During the April NCC AIIM meeting, a member of the audience asked how the IRS’ Free-File could avoid becoming another ChoicePoint, clearly a reference to recent security breaches. Everyone in the room immediately understood the reference; no explanation was needed. CBS Marketwatch reports “For now, little way to halt firms’ leaks […]


Choicepoint, April 15

Inside Bay Area claims “Protecting consumers’ personal information may not be possible.” Former Congressman Bob Barr, writing for Findlaw, disagrees in an insightful article. Robert Gelman suggests that government only buy from vendors who voluntarily follow fair information practices in the second half of his DMNews editorial, “ . . And Into the Fire” Businessweek […]


Congratulations, Choicepoint!

You’ve won the Big Brother award for Lifetime achievement! It was a tough battle for top place this year, and while Choicepoint was the people’s fave, we all know that those privacy elitists don’t really care about the little people. Other winners included California’s Brittan Elementary. The Department of Education got worst government department, despite […]


Choicepoint, April 14

Following yesterday’s Congressional testimony, there’s analysis by Thomas Greene in The Register, also in Internet News. The Atlanta Journal Constitution reports that Choicepoint VP Doug Curling, and LexisNexis President Kurt Stanford both seemed to come out as accepting of extending fair information practices to their businesses. The testimony prompted editorials in USA Today, and the […]


Rational Response?

Sitting at a coffeeshop today, I listened to the fellow behind me try to get Dell and Equifax to agree to fix his credit. It seems that his father passed away recently, in debt to Dell over a computer. That debt is now on his credit report, despite his not being a co-signer for the […]


Choicepoint Roundup, April 13

Internet News has one of many reports on the latest breaches, this one titled “Feinstein Tightens ID Theft Proposal” Bob Sullivan at MSNBC reports on background checks: But experts say the nationwide tallies are often full of holes, and contain as few as 70 percent of all felony conviction records, leading in turn to a […]


Choicepoint's "Privacy" Officer

Declan has some choice words about Choicepoint’s new Credentialling, Compliance and privacy officer, in “Sidelining Homeland Security’s privacy chief:” DiBattiste sounded like she was replying to a pesky reporter when she wrote back [To TSA Privacy Officer Nuala O’Conner Kelly]: “TSA Public Affairs has no information in response to your request.” How fitting, then, that […]


59 breaches at Lexis-Nexis

[T]he company said just 2% of those informed by the company in March of the security breach had accepted its offer of free credit monitoring and none had reported identity theft. All the others will also be offered the services it said. (From CNN, or see the statement here.) So, let’s review. A slew of […]


Choicepoint, April 9-12

The Daily Caveat tells us that “Choicepoint Changes Access to Personal Data, and Research News has more. No word on what level of audits Choicepoint will be doing. It sounds like there will be a pulldown menu or checkboxes for “allowable uses,” perhaps causing people to think for a bit, then get used to selecting […]


Choicepoint, April 8

Choicepoint has been nominated for a lifetime Big Brother award. Best of luck, folks! Prophet or Madman points to an article at Knowledge@Wharton about the issues raised by the case. Robert Gellman has a column in DMnews “Out of the Frying Pan.” Choicepoint has announced their earnings call and webcast, on April 21. (Is ‘before […]


Choicepoint, April 3-7

Diebold, Choicepoint Partner to Offer Innovative Voting Technology was an April Fools item I forgot to blog: Alpharetta, GA – Diebold Election Systems and Choicepoint, Inc., today announced a joint venture that could revolutionize the voting market. The concept is simple: combine Diebold’s demonstrated expertise in voting systems with Choicepoint’s superior data-mining techniques to produce […]


Choicepoint, April 2

The Atlanta Journal Constitution has an editorial “ChoicePoint’s offer not enough :” The better solution would be to prohibit companies such as ChoicePoint from warehousing personal information in the first place, since security has proved so problematic. Computerized collections of consumers’ Social Security numbers, credit information, driving histories, medical and court records may make commerce […]


Choicepoint Acquires Emergent Chaos

Alpharetta, Georgia, April 1 /PRNewsWire/ Alpharetta-based information broker Choicepoint today announced its intent to acquire the blog “EmergentChaos,” citing market synergies, cost reductions, and new revenue opportunities. Financial terms of the deal were not disclosed, but Choicepoint CEO Derek Smith said “We knew just which buttons to push.” Emergent Chaos is a weblog, or “blog,” […]


Choicepoint, March 29-31

Alacrablog discusses a Morgan Stanley research report: Certainly manageable numbers, but I think the report underplays both the potential growth in these markets prior to these incidents and the rising costs due to increasing regulation of the data brokers. There’s also an interesting post rounding up the SIA Anti-Money Laundering conference. The Atlanta Business Journal […]


Choicepoint, March 27-28

EPIC has obtained documents which… … reveal that Choicepoint proposed the sale of detailed personal information to the Bureau for law enforcement purposes. The documents show an extraordinary range of data sources, including e-mail registration, cookies, spyware, employment screening reports, motor vehicle records, drug screening results, professional licensing, Social Security Numbers, wireless phones records, and […]


Choicepoint, March 24/25

The Federal Reserve has joined the FDIC in ordering banks to notify customers of breaches. Forbes reports that Choicepoint director Thomas Coughlin has resigned his day job at Wal-Mart: “A senior board member of Wal-Mart Stores Inc. resigned Friday following an internal investigation related to personal reimbursements, billing and company gift cards.” [Choicepoint CEO] Derek […]


Choicepoint, March 22/23

The Daily Caveat rounds up the five shareholder lawsuits against Choicepoint. The Atlanta Business Journal has an article on Choicepoint’s executive compensation. Kim Zetter at Wired has a 3 page story on Choicepoint’s Checks Under Fire. CNN reports that only 11% of id theft occurs online. Well, actually, there might be some methodological problems. It’s […]


Choicepoint, March 21

Businessweek has an editorial, saying strong regulation is unlikely, but credit freezes, mandatory disclosure, and liability for breaches should come. (I’d argue that liability for inaccuracy, creating a duty to the subjects of a database should also be considered a floor for a new law.) EPIC has written to the FTC, critiquing their testimony. (Via […]


Choicepoint, March 20

Susan Kuchinskas writes “No Security in SSNs?” for Internetnews. Credit bureaus and information brokers will doubtless lobby Congress, saying changes to the rules will hurt their business. But Solove said their voices might not carry as much weight as they used to. “They had their chance. They weakened the legislation, and, as a result, more […]


Choicepoint, March 19

Not In Chicago Anymore comments on Handling of Credit Related Information, and some of the possible repercussions of new law. Ryan Singel at Secondary Screening points out in “Popcorn, popcorn” that (Choicepoint Vice President) McGuffey testified under oath that he told (CPS President) Doug Curling about the investigation in November, which would mean that Curling […]


Choicepoint, March 18

ChoicePoint’s data bonanza lures thieves , in the Atlanta Journal Constitution. The Q Speaks asks what have we wrought in “ID theft writ large” In another example of what we have wrought, “the Fairfax County’s School Board awarded a contract Thursday night to ChoicePoint, Inc., for testing student athletes and bus drivers for drug and […]


Choicepoint, March 17

Choicepoint’s 10K warns of danger to profits. (AJC) The full filing is about a megabyte; Yahoo has excerpts. Kip Esquire at A Stitch in Haste offers practical advice to Choicepoint on how to make an apology sound sincere in Linkfest — Special “While You Were Out” Edition. Daniel Munz transcribes more of the Senate hearings, […]


Choicepoint, March 16

The House Energy and Commerce committee held hearings. Thanks to Ryan Singel for letting me know they were webcast. Payments News points to the written testimonies of Choicepoint and LexisNexis “Let me begin by offering an apology on behalf of our company and my own personal apology to those consumers whose information may have been […]


Choicepoint, March 15

The LA Times has more on what happened, and Choicepoint’s controls. A great many people feel that this is a compelling story. I enjoyed reading the spouter inn. Finally, today’s Two Minutes Hate comes to you from Futurismic. I’ve been covering Choicepoint issues since the scandal broke.


Choicepoint Roundup, March 14

Omari Norman takes issue with the term identity theft. It’s a good point. Paul Syverson has pointed out that correct terms are “fraud,” “misrepresentation” and “libel,” but those don’t seem to have caught on. This ABC News story about how Americans think there’s too much government secrecy doesn’t relate directly to Choicepoint, except the government […]


Privacy and Background Checks

In a comment, Axinar writes: Is it reasonable for an employer to know whether or not a potential employee has a history of violence or theft? Well, probably. And with our liability situation the way it is, generally any company with deep pockets is virtually REQUIRED to run background checks because if an employee “goes […]


What to do, What to do?

Over at Open Society Paradox, Dennis Bailey challenges me: Emergent Chaos documents some problems but ends with a personal slam against ChoicePoint’s CEO. [Ed Note: Technically, we call that the “middle,” not the end.] What would Emergent Chaos have us do? Should we follow the Fair Information Practices and allow 300 million citizens to be […]


Why Choicepoint Resonates

It’s now a full month since Bob Sullivan of MSNBC broke the Choicepoint story. I’d like to think back, and ask, why does this story have legs? Why are reporters still covering it? There are a couple of important trends which combine to make this a perfect storm, attractive to editors and readers. (It’s useful […]


Choicepoint Roundup, March 13

Axiomlounge talks about public records, outsourcing, and the public records laws that cause all of this. Joseph Menn has a great story at the LA Times called “Did Choicepoint End Run Backfire?” Menn asks questions about the effect of Choicepoint’s choices in avoiding regulation. Public Domain Progress notes is not archival quality. Speaking of which, […]


Choicepoint Roundup, March 12

Ryan Singel has interesting analysis of the FTC’s Congressional testimony. Ellen Simon of the AP has a story about her Choicepoint and Lexis Nexis files. Hint: They’re imperfect, but that won’t stop them from screwing up your life. Others (nothing to see here, Scott C Smith) touch on the same theme. The Daily Caveat points […]


Hank Asher

Dennis Bailey at The Open Society Paradox objects to my characterization of Hank Asher, and says: Rather than debate the merits of the program, they have to make this a personal attack on the man. Well, let’s talk about the programs. DBT, the first company Asher founded, was deeply involved in disenfranchising Florida voters. MATRIX […]


Choicepoint Roundup, March 11

Today is the “Legislative truckroll” edition. The Motley Fool says: Barring a miracle — or a busload of lobbyists and two truckloads of money (yeah, same difference) — regulation looks to be inevitable at this point. ChoicePoint’s breach alone might not have tipped the scales, but if many other businesses are being ransacked as well, […]


New American Privacy Law: What Could It Say?

With recent events (Choicepoint, Bank Of America, PayMaxx, and Lexis Nexis) leading to a new privacy law for the United States, what should it say? How can we tell a good law from a bad one? Some disclaimers: I’m not entirely in favor of a new law. There’s a lot of potential for harm when […]


Choicepoint Roundup, March 10

Harry Weber of the Associated Press is looking to talk to Choicepoint employees. Email him at He’s been covering the story since it broke. The readers of Chief Security Officer Online have spoken, and not one opposes more disclosure laws. (As of noon, Thursday.) Bruce Schneier asks why Choicepoint seems to be saying “Please […]


Financial Privacy Regulations, 5 Years Behind?

The American Banker has a long story about how some regulations from GLB are now five years behind schedule: Ironically, both bankers and consumer advocates panned the agencies when they proposed guidelines on identity theft prevention in August 2003. The 25-page guidelines were based on Section 501 of the Gramm-Leach-Bliley Act of 1999, which required […]


More on Watch Lists

To follow up to my post on Terror Suspects and Firearms, I’d like to take a moment to rail against the Kafka-esque implementation of “watch lists” in the United States. For the FBI, or other investigative or intelligence agencies, to have lists of “interesting people” makes perfect sense. You’ll always have people who you suspect […]


Choicepoint Roundup, March 9

Tara Wheatland has a long post Un-Spinning the ChoicePoint Scandal. (Via Personal Democracy Forum.) Local TV station WXIA Atlanta says ChoicePoint Management Under Fire Not actually Choicepoint, but DSW Shoes and Seisint, makers of the massively overhyped MATRIX database for law enforcement have both announced breaches. I wonder when the attackers are going to start […]


Choicepoint Roundup, March 8

Today’s roundup takes a different turn with more about privacy-invasive infrastructures. Also, previous scammer gets 5½ years, and Choicepoint appoints a new officer to deal with compliance and credentials. Deep in the Heart of … France discusses the move to hosted applications, and ties in Choicepoint as an example of the new security issues, like […]


Choicepoint Roundup, March 7

Saturday’s New York Times reports (thanks Alex for the pointer): Lt. Ronnie Williams, project director of the Southern California Identity Theft Task Force, which is investigating the ChoicePoint case, said that the breach was brought to his agency’s attention in late October, and that on Nov. 23, the agency asked the company to delay notifying […]


Choicepoint Roundup, March 6

The Atlanta Journal Constitution contains the first MSM discussion I’ve seen of Derek Smith losing his job over this. Evan Hendricks of Privacy Times has a good article in the Washington Post, discussing who owns data, how we’ve gotten here. Axel, of comments “that ChoicePoint does NOT state in that Form 8-K that they […]


Choicepoint Roundup, March 5

My big question for the day: When Choicepoint announced a re-screening of their small business customers, that segment was 5% of their $900m revenue. Today’s announcement of closing that segment is $15-20m, or about 2%. So it seems that the exceptions that they list in their 8K account for 60% of their small business sales. […]


Choicepoint Roundup, March 4

The focus of today’s roundup is “an object lesson in how not to manage a crisis.” Call Choicepoint CEO Derek Smith at home, 770 667 5775, and tell him what you think. Remember, Atlanta is on Eastern Standard Time. On to the roundup: Not Bad For a Cubicle points out that “This is the first […]


It's Not About Not Feeling Pain

On Monday, I had the opportunity to see Ed Tufte teach. Much of his analysis revolves around failures to think clearly. Things like poor presentation of data, or selection of data to not include enough context. He said he was in Houston last week, giving a class to the people who were responsible for the […]


Choicepoint Roundup, March 3

Chris Walsh provides this AP story about prior frauds. In light of Choicepoint CISO Baich saying “That’s such a negative impression that suggests we failed to provide adequate protection,” these stories are going to have legs. Reporters will chase down the inadequate protection. And Choicepoint has yet to say they’re sorry. Blog or Die comments […]


Astrologers and National ID Cards

I often hear folks who believe in astrology saying things like “That’s just the scorpio in her.” Or, “All Leos act that way.” I rarely hear them say “That’s so unlike a scorpio.” Underlying this is a mind-set which searches for ‘evidence in favor’ of a proposition. This search is a fundamental, and common, misunderstanding […]


Choicepoint Roundup, March 2

A Canadian blogger, PIPEDA, points to Scott Bradner’s column at Network World, as well as an LA Times story (at Yahoo News) on an earlier breach. It’s a good thing California gave us 1386, or this would have been swept under the rug, too. Stephan Brands at Identity Corner points to a column at DM […]


Choicepoint Roundup (1 March)

KnobBoy, demonstrating that the new media can do research, points out that Choicepoint execs didn’t trade like that before. In an AP Interview, Choicepoint CEO “Smith said he believes his company is as much a victim in the episode as the roughly 145,000 Americans whose personal information may have been viewed by criminals.” The Los […]


Emergent Chaos Choicepoint Posts

I have added a Choicepoint category, which is great if you want to see all my posts on Choicepoint on one long page, and I am no longer updating this roundup. I’ve been posting a lot on Choicepoint. I’ve done a number of roundup posts listing things I find interesting around the web, and a […]


Choicepoint Roundup ($16,600,000 edition)

Having already posted a Feb 28th roundup a day early, I was forced to think about a new title for today’s edition, and what better than the $16.6 million dollars that ChoicePoint CEO Derek Smith and President Douglas Curling have made selling 472,000 shares of CPS since the day before the first arrest in the […]


Choicepoint Roundup (Feb 28)

I accidentally published this too early, but given the nature of trackbacks, and other such privacy-invasive technologies, its too late. You know my secret. I accumulate and then (try to) post in the morning. Midnight Special asks “Where’s the accountability” and talks about government outsourcing and incentives in a well written post. Why Now has […]


Publishing a List of SSNs Will Not Fix Anything

Pete Lindstrom suggests: My proposal: List SSNs publicly. The Social Security Agency can notify all of its intent to publish all SSNs at some point in the future – enough time for organizations to absorb and react to this news. The net result is to eliminate the notion that perhaps SSNs are “secure enough” for […]


Choicepoint Roundup for Today (27 Feb)

Choicepoint doesn’t make an appearance in the June, 2003 Congressional testimony of Leonard Bennett, (or PDF), but the testimony is on how hard it is to get your credit files corrected with those companies that follow the Fair Credit Reporting Act. Given that Choicepoint believes that they don’t even have to do that, it will […]


Choicepoint's Orientation

As Choicepoint’s little error threatens to grow into a full-blown scandal, with Attorneys-General posturing, Congressional hearings, and daily press coverage in every state of the Union, it may be worth stepping back, and asking, “Why is this happening?” It’s not just the size of the exposure, both Bank of America and PayMaxx are larger. It […]


Choicepoint Won't Benefit from Bank of America Leak

I wasn’t going to blog on BofA‘s little kerfuffle. But then Ian went and blogged about it, and I think he gets it partially right and partially very wrong. His actual conclusion is spot on: In order to share the information, and raise the knowledge of what’s important and what’s not, we may have to […]


Choicepoint Roundup for Today (Feb 26)

Chris Walsh has a really good comment on yesterday’s roundup. HCS asks, was Choicepoint going to be the data provider for the new national ID card? Ed Bott finds that birds of a feather flock together: A company that falsely claimed that ICSA labs had certified their tool has an SSL certificate issued by everyone’s […]


Two Minutes Hate

So everyone seems to be accepting at face value the claim that Choicepoint was scammed by Olatunji Oluwatosin and colleagues not yet named. But let’s step back, and ask, was there a scam? Why did these folks need to cheat? Was it habit, or necessity? What was really needed to get a Choicepoint account of […]


Choicepoint Roundup for Today

The Associated Press has a story “Burned by ChoicePoint breach, potential ID theft victims face a lifetime of vigilance” (actually, we all face a lifetime of vigilance, as these companies make buckets of money by gossiping about us.). The money quote: Many victims are dumbfounded by the dearth of federal and state laws aimed at […]


Today's Choicepoint Roundup

The Privacy Rights Clearninghouse has an extensive sheet on what to do if you’re a victim of Choicepoint’s failure to secure data. SoftReset calls for banning the use of SSNs for non-government purposes. I take a slightly more moderate view: Anyone using the SSN is already subject to GLB liability. Random Thoughts on Politics comments […]


When The Future Has No Shadow

I remember when I was in college, discussing what we’d do if we discovered we had a terminal disease. Being college students, there were lots of ways to maximize short-term fun before the disease ate you. The game theory folks talk about “the long shadow of the future,” the idea that cooperation can be rewarded […]


Today's Choicepoint Roundup

Google is running an ad when you search on Choicepoint: “ChoicePoint letter says your identity stolen? Learn your rights.” On clicking through, its just a form, asking someone to contact you. Renaissancemen has a good roundup, including the fact that only 5% or perpetrators are arrested, and a pointer to Kevin Drum arguing for […]


More on Choicepoint

Enter ChoicePoint’s two-building campus in Alpharetta, and you get the feeling you are being watched. starts a new story at the Atlanta Journal-Constitution. (Use Bugmenot to login.) It’s sort of ironic. Choicepoint is focused on identifying people, rather than identifying behavior that leads to trouble. They figure once you have an account, they want you […]


Two More on Choicepoint

See Taosecurity, on IDS and Choicepoint, and this choice excerpt from Reuters, relayed by Dave Evans at Corante’s Online Dating: U.S. investigators notified the company of the breach in October, but ChoicePoint did not send out the consumer warnings until last week. It’s fascinating that the company didn’t detect the breach, and that they seem […]


More on Choicepoint

The Atlanta Journal Constitution (use Bugmenot) reports: “We know that there is a national number that is much larger than that,” said Lt. Paul Denny of the [Los Angeles County] sheriff’s department. “We’ve used the number 400,000, but we’re speculating at this point.” Executives at ChoicePoint, which maintains one of the largest databases of personal […]


How Many Choicepoint Victims Are at Risk?

Choicepoint is a large credit bureau who denies being one. Yesterday, MSNBC reported that “more than 30,000 Californians” had been notified of problems. Now, no one opts-in to Choicepoint. No one can opt-out. They maintain files on you without your knowledge or permission. Now we know that at least 30,000 people were put at risk […]