Tuesday, September 27, 2005
Updated FOIA Guide
Thanks to SECRECY NEWS from the FAS Project on Government Secrecy which included this notice in a recent newsletter:
“The House Committee on Government Reform has published a new edition
of its popular 'Citizen's Guide on Using the Freedom of Information
Act and the Privacy Act of 1974 to Request Government Records.'
The Guide, first published in 1977, 'is one of the most widely read
congressional committee reports in history,' the new edition says.
A copy of the updated Guide, House Report 109-226, September 20,
2005, is available here.”
“The House Committee on Government Reform has published a new edition
of its popular 'Citizen's Guide on Using the Freedom of Information
Act and the Privacy Act of 1974 to Request Government Records.'
The Guide, first published in 1977, 'is one of the most widely read
congressional committee reports in history,' the new edition says.
A copy of the updated Guide, House Report 109-226, September 20,
2005, is available here.”
# posted by AmandaWelsh @ 10:37 AM 
Monday, June 13, 2005
REAL ID Passes
Thoughtful folks have long realized that the driver’s license was the closest thing we have in the U.S. to a national ID card. A bill signed on May 11, takes this bit of common sense observation one step closer to planned, cold reality.
The Real ID Act defines new rules for each state to verify an applicants identity before issuing a driver’s license and requires states to share the identity information they collect with other states.
The bill goes fully into effect by 2008, so look for changes in the coming years.
The Real ID Act defines new rules for each state to verify an applicants identity before issuing a driver’s license and requires states to share the identity information they collect with other states.
The bill goes fully into effect by 2008, so look for changes in the coming years.
# posted by AmandaWelsh @ 3:25 PM
Saturday, April 30, 2005
Why you should worry about more than an audit from the IRS
While our attention over the past few months has been focused information breaches at companies like ChoicePoint, LexisNexis, DSW Shoe Warehouse, and Polo Ralph Lauren, the GAO has just issued a report which suggests there is still more to worry about.
The IRS, collector of everyone’s tax return as well as information on money laundering and financial crimes, has failed its computer security review once again. In a report dated April 15th, the GAO identified 60 security flaws in IRS computer security which among other things could allow outsiders to review and modify individual tax returns. Some of these flaws were first noted in the 2002 review and have still not been fixed.
Other noteworthy problems include lack of separation between tax returns and financial crimes data that allows police officers reviewing money laundering info to access personal tax returns and wide dissemination of user names and passwords making theft of this information too easy.
Clearly since we have no choice about giving tax information to the government, they have a serious responsibility to protect us from harm as a result of doing so. (It’s not like we can pay taxes to some other government in the same way that we might now be thinking about shopping for shoes someplace other than DSW.)
The House Judiciary Committee is considering whether they should do anything. If you want to offer encouragement, here’s an online form to write them… Given the IRS’s past record on correcting problems, it *might* be worth their taking a look, don’t you think?
The IRS, collector of everyone’s tax return as well as information on money laundering and financial crimes, has failed its computer security review once again. In a report dated April 15th, the GAO identified 60 security flaws in IRS computer security which among other things could allow outsiders to review and modify individual tax returns. Some of these flaws were first noted in the 2002 review and have still not been fixed.
Other noteworthy problems include lack of separation between tax returns and financial crimes data that allows police officers reviewing money laundering info to access personal tax returns and wide dissemination of user names and passwords making theft of this information too easy.
Clearly since we have no choice about giving tax information to the government, they have a serious responsibility to protect us from harm as a result of doing so. (It’s not like we can pay taxes to some other government in the same way that we might now be thinking about shopping for shoes someplace other than DSW.)
The House Judiciary Committee is considering whether they should do anything. If you want to offer encouragement, here’s an online form to write them… Given the IRS’s past record on correcting problems, it *might* be worth their taking a look, don’t you think?
# posted by AmandaWelsh @ 3:45 PM
Tuesday, March 29, 2005
Even Governors Get Governed
In case you’re curious just how much of your personal life is revealed in government records, here is a peek at a public record with Jeb Bush’s social security number.
As I mention in the book, property records are the big ones to watch out for. But they only scratch the surface of what someone can get on you...
As I mention in the book, property records are the big ones to watch out for. But they only scratch the surface of what someone can get on you...
# posted by AmandaWelsh @ 1:15 PM
Wednesday, March 16, 2005
Shh! It’s Secret.
Last year, the federal government made a decision to classify something 16 million times. That’s 2 million times more than the year before and 7 million times more than in 2001. Citing testimony to Congress by an official of the Information Security Oversight Office, Steven Aftergood who runs the Federation of American Scientists Project on Government Secrecy reports there has been a 75% increase in classification activity since 2001.
While some of this may be entirely justifiable given the state of the world, as James Madison said, `A popular government, without popular information, or the means of acquiring it, is but a prologue to a farce or tragedy or perhaps both.'
UPDATE 3/17/05: Steven Aftergood posted a terrific piece in Slate today which offers additional insight into the extent of the Government's push for secrecy - restricting access even to information that was once freely available. Aftergood catalogues examples of how completely unclassified information, like the DOD telephone directory, is now barred to the public.
While some of this may be entirely justifiable given the state of the world, as James Madison said, `A popular government, without popular information, or the means of acquiring it, is but a prologue to a farce or tragedy or perhaps both.'
UPDATE 3/17/05: Steven Aftergood posted a terrific piece in Slate today which offers additional insight into the extent of the Government's push for secrecy - restricting access even to information that was once freely available. Aftergood catalogues examples of how completely unclassified information, like the DOD telephone directory, is now barred to the public.
# posted by AmandaWelsh @ 9:05 PM
Tuesday, February 15, 2005
IRS Form Fraud Alert
This scandal has been around for a few months but it doesn’t seem to go away and it’s probably going to heat up again in the next few months…so I’m gonna report it here. Thieves are using modified IRS forms to trick people into disclosing personal information which they then use to commit identity fraud. It’s a great scam. The IRS sends us forms each year. And the forms never seem to make any sense. Why pay all that much attention to one more or get concerned if it is a little off base?
The most commonly cited scam is using the IRS Form W-8BEN, the Certificate of Foreign Status of Beneficial Owner for United States Tax Withholding. This is what a real one looks like. It’s used by foreigners living outside the U.S. to declare responsibility for taxes on income from U.S. sources. On the real W-8BEN, the IRS only asks for your name, address and in some cases, Social Security Number. Fake ones have been altered to also ask for date of birth, passport number, bank name and account number, email address and much more.
Warning flags should go up if you receive any government form that requests any information beyond your name, address and Social Security Number, that doesn’t include a Privacy Act notice (for federal forms), or that directs you to fax, phone or email the form somewhere. Forms accompanied by letters which include threats of penalties or higher tax rates if you don’t respond quickly should also be examined closely.
If you receive any correspondence that makes you even slightly suspicious, get out the phone book and look in the blue pages for the number of the appropriate agency. (Fake forms have fake numbers…don’t call them.) Call the agency to verify the request. You can also visit the IRS website and doublecheck any tax forms you might get.
The most commonly cited scam is using the IRS Form W-8BEN, the Certificate of Foreign Status of Beneficial Owner for United States Tax Withholding. This is what a real one looks like. It’s used by foreigners living outside the U.S. to declare responsibility for taxes on income from U.S. sources. On the real W-8BEN, the IRS only asks for your name, address and in some cases, Social Security Number. Fake ones have been altered to also ask for date of birth, passport number, bank name and account number, email address and much more.
Warning flags should go up if you receive any government form that requests any information beyond your name, address and Social Security Number, that doesn’t include a Privacy Act notice (for federal forms), or that directs you to fax, phone or email the form somewhere. Forms accompanied by letters which include threats of penalties or higher tax rates if you don’t respond quickly should also be examined closely.
If you receive any correspondence that makes you even slightly suspicious, get out the phone book and look in the blue pages for the number of the appropriate agency. (Fake forms have fake numbers…don’t call them.) Call the agency to verify the request. You can also visit the IRS website and doublecheck any tax forms you might get.
# posted by AmandaWelsh @ 2:56 PM
Victims of Ignorance
Just because someone doesn’t choose to be online, that doesn’t mean their data isn’t.
Case in point: The California Department of Social Services suffered a security breach on October 20, 2004 when someone hacked into a database containing names, social security numbers and other personal data on people who provide and receive in-home care.
Since then, the Department has tried to use a website to inform those whose information had been compromised. Unfortunately, the site only gotten about 1,000 hits – a far smaller number than the 1.4 million folks who may have been affected.
The Department has now launched a snail mail campaign to reach out to these tech-challenged souls. But as a public service, please help your neighbors get to the following URL: http://www.cdss.ca.gov/ihss/
.
Case in point: The California Department of Social Services suffered a security breach on October 20, 2004 when someone hacked into a database containing names, social security numbers and other personal data on people who provide and receive in-home care.
Since then, the Department has tried to use a website to inform those whose information had been compromised. Unfortunately, the site only gotten about 1,000 hits – a far smaller number than the 1.4 million folks who may have been affected.
The Department has now launched a snail mail campaign to reach out to these tech-challenged souls. But as a public service, please help your neighbors get to the following URL: http://www.cdss.ca.gov/ihss/
.
# posted by AmandaWelsh @ 2:54 PM
Monday, February 07, 2005
Paycheck stubs no longer ID Theft ticket in California
Right now, carrying your paycheck in your wallet until you get to the bank puts you at risk for identity theft. It is one of the few items with your social security number that you actually have a reason to have in your wallet. And stolen wallets are the source of information used for ID theft in about 15% of all cases.
And until recently, putting your precious Social Security Number on the stub was a requirement by law. Not any more in California. Balancing the need for accurate earnings reporting with the danger of id theft, the governor has recently signed a bill that requires employers to block out all but the last four digits of SSN’s on paystubs. Expect this to take effect by January 1, 2008.
Migrant and seasonal workers, even in California, are still covered by a federal law which requires the full number.
And until recently, putting your precious Social Security Number on the stub was a requirement by law. Not any more in California. Balancing the need for accurate earnings reporting with the danger of id theft, the governor has recently signed a bill that requires employers to block out all but the last four digits of SSN’s on paystubs. Expect this to take effect by January 1, 2008.
Migrant and seasonal workers, even in California, are still covered by a federal law which requires the full number.
# posted by AmandaWelsh @ 11:44 AM
