Personal Info Is Ripe for the Taking

With lots of private information out there and lots of hackers plying their trade, it's safe to say that there will be more cases like Paris Hilton's.

Youre not Paris Hilton. But you could easily have her problems. Youre not ChoicePoint. But your company could easily have its problems.

As technology becomes more seamless and more ubiquitous, more and more people are exposed to its virtues as well as its problems. And that means that political intervention—or interference—might not be far behind. Paris Hiltons enough of a gadabout that her problems are more late-night comedy fodder than a source for Capitol Hills outrage. But just wait until a Congressman or Senators private information gets released.

Its bound to happen.

"The Paris Hilton issue, the ChoicePoint issue, are issues that are intrinsically linked to the fact that people arent aware of how technology works," said Larry Ponemon, who runs the Ponemon Institute in Tucson, Ariz., a think tank and consultancy that looks at privacy and security issues for large companies.

Its unlikely that anyone was targeting Hilton. Instead, Ponemon said, its more likely that hackers were trolling for information and got lucky. "Its kind of pay dirt for them," he said.

He goes on to make the broader point that many cute little devices such as Hiltons Sidekick all collect information about users.

And break-ins probably happen more frequently than T-Mobile or anyone else cares to admit. "Does it happen? Yeah," Ponemon said. "Its usually a random event." A T-Mobile spokesperson didnt want to go into the details of how Hiltons information might have been hacked. Instead, the company is trying to use her woes to remind customers that the Sidekick—like most cell phones—comes with a privacy lock.

iPods keep information about your musical tastes and can now take photos—another source of embarrassment for Hilton. TiVo devices record information about your TV habits. Thats stored with the company and used to sell advertising. And, of course, laptop computers—becoming more powerful all the time—now carry financial and other information that used to be housed on stay-at-home desktop computers.

"Any device can be a computer," Ponemon said. "Were about to see that whole issue expand."

T-Mobile—reluctantly—agrees. "Its not going to go away," the company spokesperson said.

Part of the problem, Ponemon said, is that security is often trumped by the understandable desire to make something easy to use. More secure software often costs more money and can be difficult to implement and deploy. And, of course, customers dont always protect information the way they should with encryption or passwords. Urged to protect themselves, they often dont. Or they do so without much thought. What do you want to bet Hiltons password—if she had one—was "Tinkerbell," her dogs name?

Besides, hackers are relentless. Theyll take any opening and use it as fully as they can to their advantage. Sometimes this is technical—the sport of finding a soft spot in a piece of code. Sometimes its social—basic lying and cheating. That, in essence, is what happened to ChoicePoint. The company was tricked into giving information to flimflam artists who had pretended to be legitimate businesses. So far, ChoicePoint has said it released information about 145,000 customers, most living in California. The scam artists managed to steal the identities of only a small portion of those whose names were released. The number of folks affected by the fraud could drop, said ChoicePoint spokesperson Chuck Jones, because the company believes many of the information requests it received were duplicates.

For many of those in ChoicePoints database, the realization of just what information is kept about them is going to be a shock, Ponemon said, even if they arent victims of identity theft. The speed at which different databases—credit information and employee history, or a criminal record for instance—can be collated is new. And scary.

Its not clear if ChoicePoints problems will end up becoming fodder for privacy advocates. Certainly the company is trying to head off that possibility with an aggressive public relations campaign and lots of customer hand-holding. But with lots of information out there and lots of hackers plying their trade—using technology or good old-fashioned lying and deceit—its safe to say there will be more cases like Hiltons and ChoicePoint.

"We as a society want to believe were protected," Ponemon said. "But sometimes this information gets into the wrong hands." Technology and Politics columnist Chris Nolan spent years chronicling the excesses of the dot-com era with incisive analysis leavened with a dash of humor. Before that, she covered politics and technology in D.C. You can read her musings on politics and technology every day in her Politics from Left to Right Weblog.


Check out eWEEK.coms for the latest news, views and analysis of technologys impact on government and politics.