People must be told if a firm lost their data

Plugged In

February 15, 2007|By Mike Himowitz | Mike Himowitz,Sun Columnist

One morning 15 years ago, a friend here at work left his wallet in the car when he pulled into his parking spot. When he returned, the wallet was gone, and with it his driver's license, credit cards, Social Security number - and his peace of mind.

The thieves were smart - they never used Charlie's credit cards directly. But they were the only proof many merchants needed to open charge accounts in Charlie's name. The crooks bought thousands of dollars in merchandise that Charlie learned about only when bills came due.

This was long before "identity theft" became a buzzword. But I can still remember Charlie's tales of woe, in particular the frustration he felt when he couldn't get credit bureaus to listen to his problem and freeze new credit applications in his name.

Fifteen years later, things aren't much better. Banks, credit card companies, merchants, hospitals, charities, and government agencies collect reams of data about all of us.

And unlike Charlie, we don't have to be personally careless to suffer the consequences. The people who keep our data are careless enough.

Over the last week, for example, we learned that two respected institutions, Johns Hopkins University and St. Mary's Hospital, lost track of sensitive computerized data involving more than a quarter of a million people.

No one knows if the data actually wound up in the hands of criminals - it may well have been dumped in the trash. But there is a lesson here: The warnings we hear about electronic identity theft are often misdirected.

We worry about thieves who lurk in the Web's electronic passageways, intercepting our credit-card numbers when we shop on line. We worry about spyware that invades our computers and steals our personal information.

How often does that high-tech stuff really happen? Not all that often - compared with leaks and lapses in the institutions we trust.

Worried about a computer virus stealing your identity? That visit to the emergency room may be far more dangerous.

So is the restaurant you visited Saturday night - the one where the waiter swiped your credit card into his own little reader and sold the number to the crankhead down the street, who wholesaled it to a guy in an Internet cafe, who sold it to a gang of cyberthieves in Romania, who are happily charging stuff to your card and 10,000 other accounts filched in restaurants around the world.

There are two things you can do, short of turning into a hermit.

First, check your credit-card and bank statements carefully and report irregularities. Be meticulous. Look for small purchases, $20 or less, from stores you don't recognize. A scammer can make big bucks charging odd sums like $17.68 to a couple of thousand cards - especially when many victims don't notice it - and the cops won't bother to investigate thefts that small from customers who do complain.

Second, insist on better consumer protection. Unlike most states, Maryland has no law requiring companies or institutions to inform you when personal information about you has been lost or stolen. Ditto for laws that would require credit agencies to honor your request for a freeze on your credit reports - one of the best ways to fight identity thieves.

There's no excuse for this state of affairs. Don't buy the arguments of the banking and credit card interests who have torpedoed these bills in the past. They want to do business as usual and don't care if you or I, as individuals, suffer the consequences. As far as I'm concerned, that puts them in league with the scoundrels who want to steal your identity. Call you legislator today.

Now, on a less serious note ...

In my day job as medical and science editor, I'm bombarded with e-mails about miracle diets, horrible diseases, obscure treatments for disgusting conditions, breakthroughs in tummy tucks, and tomes with titles like Seven Ways to Make Stomach Stapling Work for You.

Most of these messages are from real businesses, PR agencies or medical professionals who just want some publicity. Our spam filters do a remarkably good job of removing the true junk mail - but some questionable stuff still gets through.

With the clever use of asterisks or other punctuation schemes to fool spam blockers, these messages usually pitch phony Viagra, sex toys or magic enhancement potions.

But a message that came in recently with "er*ct*le dysfunction" in the header and a subtitle that read, "Lifestyle Changes Could Improve Male Sexu*l Function," did catch my attention.

That's because its source wasn't or some other purveyor of erotic delights - but the Johns Hopkins Bloomberg School of Public Health.

"Men aged 70 and older were much more likely to report having er*ct*le dysfunction, compared to only 5 percent in men between the ages of 20 and 40," Bloomberg's researchers reported. "Nearly half of all men in the study with diabetes also had er*ct*le dysfunction. And, almost 90 percent of all men with er*ct*le dysfunction had at least one risk factor for cardiovascular disease. ... "

Was this some kind of spoof? A cheap attempt to get harried editors like me to actually look at the contents?

According to the folks at Hopkins, it's just a sign of the times - the only way they could get news of an important epidemiological study through digital defenses carefully tuned to catch those naughty s*x words.

"The first time it happened was last December," said Hopkins spokesman Dennis O'Shea. "It was a release from the school of medicine, on erectile dysfunction, and we got a huge number of bouncebacks. We started looking at them and realized they had to do with spam filters."

O'Shea's minions decided to try the tactic that successful spammers use to get their messages through. "This time," he said, "we basically made those words incomprehensible and figured the smarter reporters would know what do with it."

And how did it work? "We didn't get many bouncebacks," he said.

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.