Risks of Data Reuse

We learned the news in March: Contrary to decades of denials, the U.S. Census Bureau used individual records to round up Japanese-Americans during World War II.

The Census Bureau normally is prohibited by law from revealing data that could be linked to specific individuals; the law exists to encourage people to answer census questions accurately and without fear. And while the Second War Powers Act of 1942 temporarily suspended that protection in order to locate Japanese-Americans, the Census Bureau had maintained that it only provided general information about neighborhoods.

New research proves they were lying.

The whole incident serves as a poignant illustration of one of the thorniest problems of the information age: data collected for one purpose and then used for another, or "data reuse."

When we think about our personal data, what bothers us most is generally not the initial collection and use, but the secondary uses. I personally appreciate it when Amazon.com suggests books that might interest me, based on books I have already bought. I like it that my airline knows what type of seat and meal I prefer, and my hotel chain keeps records of my room preferences. I don't mind that my automatic road-toll collection tag is tied to my credit card, and that I get billed automatically. I even like the detailed summary of my purchases that my credit card company sends me at the end of every year. What I don't want, though, is any of these companies selling that data to brokers, or for law enforcement to be allowed to paw through those records without a warrant.

There are two bothersome issues about data reuse. First, we lose control of our data. In all of the examples above, there is an implied agreement between the data collector and me: It gets the data in order to provide me with some sort of service. Once the data collector sells it to a broker, though, it's out of my hands. It might show up on some telemarketer's screen, or in a detailed report to a potential employer, or as part of a data-mining system to evaluate my personal terrorism risk. It becomes part of my data shadow, which always follows me around but I can never see.

This, of course, affects our willingness to give up personal data in the first place. The reason U.S. census data was declared off-limits for other uses was to placate Americans' fears and assure them that they could answer questions truthfully. How accurate would you be in filling out your census forms if you knew the FBI would be mining the data, looking for terrorists? How would it affect your supermarket purchases if you knew people were examining them and making judgments about your lifestyle? I know many people who engage in data poisoning: deliberately lying on forms in order to propagate erroneous data. I'm sure many of them would stop that practice if they could be sure that the data was only used for the purpose for which it was collected.

The second issue about data reuse is error rates. All data has errors, and different uses can tolerate different amounts of error. The sorts of marketing databases you can buy on the web, for example, are notoriously error-filled. That's OK; if the database of ultra-affluent Americans of a particular ethnicity you just bought has a 10 percent error rate, you can factor that cost into your marketing campaign. But that same database, with that same error rate, might be useless for law enforcement purposes.

Understanding error rates and how they propagate is vital when evaluating any system that reuses data, especially for law enforcement purposes. A few years ago, the Transportation Security Administration's follow-on watch list system, Secure Flight, was going to use commercial data to give people a terrorism risk score and determine how much they were going to be questioned or searched at the airport. People rightly rebelled against the thought of being judged in secret, but there was much less discussion about whether the commercial data from credit bureaus was accurate enough for this application.

An even more egregious example of error-rate problems occurred in 2000, when the Florida Division of Elections contracted with Database Technologies (since merged with ChoicePoint) to remove convicted felons from the voting rolls. The databases used were filled with errors and the matching procedures were sloppy, which resulted in thousands of disenfranchised voters -- mostly black -- and almost certainly changed a presidential election result.

Of course, there are beneficial uses of secondary data. Take, for example, personal medical data. It's personal and intimate, yet valuable to society in aggregate. Think of what we could do with a database of everyone's health information: massive studies examining the long-term effects of different drugs and treatment options, different environmental factors, different lifestyle choices. There's an enormous amount of important research potential hidden in that data, and it's worth figuring out how to get at it without compromising individual privacy.

This is largely a matter of legislation. Technology alone can never protect our rights. There are just too many reasons not to trust it, and too many ways to subvert it. Data privacy ultimately stems from our laws, and strong legal protections are fundamental to protecting our information against abuse. But at the same time, technology is still vital.

Both the Japanese internment and the Florida voting-roll purge demonstrate that laws can change ... and sometimes change quickly. We need to build systems with privacy-enhancing technologies that limit data collection wherever possible. Data that is never collected cannot be reused. Data that is collected anonymously, or deleted immediately after it is used, is much harder to reuse. It's easy to build systems that collect data on everything -- it's what computers naturally do -- but it's far better to take the time to understand what data is needed and why, and only collect that.

History will record what we, here in the early decades of the information age, did to foster freedom, liberty and democracy. Did we build information technologies that protected people's freedoms even during times when society tried to subvert them? Or did we build technologies that could easily be modified to watch and control? It's bad civic hygiene to build an infrastructure that can be used to facilitate a police state.

This article originally appeared on Wired.com

Posted on June 28, 2007 at 8:34 AM • 46 Comments

Comments

paulJune 28, 2007 9:22 AM

Isn't it one of the basic tenets of the various european data protection regimes that subjects must consent to any use of personal data for a purpose other than the one for which it was collected? I know that sounds quaint in the US, where secondary purposes are the primary purpose for most data collection.

One thing that this essay doesn't really mention is the collection and retention of data in forms that can't readily be linked to other pieces associated with the same individual (or to individual identities directly). Has Moore's law made that a dead end?

Peter DarbyJune 28, 2007 9:37 AM

But, if anything, the lesson from the Japanese-Americans debacle is that governments can and will override that if they believe it is in "the public interest"... by which they mean the government's interest.

GarfieldJune 28, 2007 9:41 AM

Bruce, you write: "Once the data collector sells it to a broker, though, it's out of my hands. " But the data is out of your hands even BEFORE it is sold to a broker. Because you can't control what this company is doing with your data. (See the Japanese example, and if somebody is interested, Edwin Black's book "IBM and the Holocaust")

To collect data anonymously won't help in a lot of cases because in order to do all the convenient things you like and write about, there has to be a traceable connection between you and the data.
You have to decide: convenience or losing control of data. There is no intermediate position...

NealJune 28, 2007 10:08 AM

On a related note, I've been reading a lot lately about ISPs selling subscriber web surfing data to businesses and marketers. That irks me, because there's no telling what they're getting or how (in)accurate it is or how it will be used by the many it gets resold to.

Something curious happened to me just this past week which made me stop and go "hmmmm." My auto insurance will be up for renewal in August and, though relatively inexpensive, I drive rarely and was considering selling my aging vehicle and getting driver's (non-owner's) insurance to both save money and ensure my continued insurability. To that end I did numerous Internet searches and visited a lot of insurance sites to read up on it. I never filled out any forms or revealed any personal information though.

Less than one week later I recieve an "important" letter in the mail from my insurance company. Inside is a letter and a dividend check telling me that they did so well this past year that they are refunding a portion of premium (~10%). My first thought was "cool, how timely" and then a few days later after another article on ISPs selling data I thought "hmmm, wonder if it was a coincidence after all?"

Perhaps it was, or perhaps AT&T or Google or some tracking firm with a series of web bugs let it be known I was looking at insurance online and my company saw that and kicked back a little incentive for me to stay...

FPJune 28, 2007 10:28 AM

@paul: "consent to any use of personal data"

Consent is insufficient. It would be a useful discriminator if we as a consumer had a choice. But for the most part, we don't. When you buy a book on the internet or apply for a credit card, you do not have a choice to decline consent for sharing your data with brokers. You do not have the choice to deny the collection of information about you in your credit history.

Sure, we can all go through life paying cash only at local stores, but that option is becoming more impractical every day.

When you buy or download software, you don't have much choice to decline the parts of their license agreement that affect the privacy of your registration data.

Consent is good, but there needs to be a well-defined (by law) baseline for privacy that can not be overruled just by clicking a button.

Most people have no issue with the government checking airline passenger lists of known terrorists (let's ignore that system's flaws for a moment), but many get uneasy when the government then wants to keep all that information for an undetermined time for unspecified reasons. As a case in point, the US has just unilaterally extended PNR (passenger name record) retainment from 3 to 15 years with unlimited data sharing between government agencies. And there is no guarantee that the scope creep will stop there.

A point that Bruce makes implicitly is that the laws that protect data today can be changed, and data collected for a specific purpose today can be used for entirely different purposes tomorrow. Laws protecting data have a somewhat retroactive effect.

Dave PageJune 28, 2007 10:30 AM

"Data Reuse" is a misnomer. It implies that the data is being used again for the same purpose as originally intended.

"Data Misappropriation" is a more correct and useful term.

derfJune 28, 2007 10:52 AM

Unfortunately, these companies holding your private data never really intend to keep it private in the first place. They use it to provide a service to you and a secondary line of cash for themselves when they sell or rent it to others. Why wouldn't a government heading down the Orwellian road buy a copy and use it against its citizens?

pudgeJune 28, 2007 10:53 AM

I do not, and will not, fill out the census with any more data than is required to fulfill the Constitutional requirement of the census: how many people live here, whether they are of voting age, whether they are citizens. I can't think of anything else offhand.

Anything else requires due process be followed, which means we're going to court.

I did that in 2000 -- filled out the minimal info -- and never heard back from them. I was kinda disappointed. ;-)

HarrisonJune 28, 2007 10:55 AM

["...This is largely a matter of legislation. Technology alone can never protect our rights. There are just too many reasons not to trust it, and too many ways to subvert it. Data privacy ultimately stems from our laws..."]

______

So... politicians mystically applying ink to paper {"legislation"} is our salvation (??)

.... a quite naive view of our politicians and current events. Originating legislation is but a small part of genuine rule-of-law; unfortunately we've now lost most of the other vital 'system' components.

A proper correction to the above quote would read:

{ " Legislators alone can never protect our rights. There are just too many reasons not to trust them, and too many ways for them to subvert our rights. Data privacy ultimately stems from our own cooperative efforts as free individuals. " }


AdamJune 28, 2007 11:11 AM

Regarding the "disenfranchised" voters that you say swung the election, the election was only "close" if you purposefully discount the absentee military ballots as Gore tried to do.

Almost all of your posts are excellent though, even with the bias. Thanks.

MikeAJune 28, 2007 11:28 AM

...History will record what we, here in the early decades of the information age, did...

Actually, that's not so likely. If the current trend toward imperial executive in the U.S. and Russia (among others), and ineffective opposition by the rest of the world continues, "History" will only record the miraculous rise of the perfect all-knowing state from the chaos of the mistaken doctrine that its foolish adherents called "democracy" (if its mentioned at all)

Cablinasian DwarfJune 28, 2007 11:37 AM

Legislation hasn't been able to reign in pollution, civil wars, abuses of minors, .... We attempt to codify our ethics into laws, but we do not have an ethical global legislative system, nor is there a universal judicial organization free of corruption to back it up.

Pat CahalanJune 28, 2007 11:53 AM

A personal story that is germane to this topic, sorry, it's a big long:

Five years ago, I had reason to sign up for cellular service. I was going to change jobs, and my company-provided cell phone would obviously not be going along with me.

I did a consumer-savvy survey of my future workplace and the city in which I live to determine the service with the best coverage in the areas I was likely to frequent, and chose Cingular as my provider.

Strolling into the Cingular store, I picked out a nice (cheap) feature-limited phone, walked up to the cash register, and was handed a service agreement form that included a field for "Social Security Number". I politely informed the sales representative that I had no desire to provide my social security number either to the store or to the cellular service provider. The sales clerk (looking at me as if I had grown an extra head), told me that they required my social security number to run a credit check. I reiterated my desire to keep my SSN out of their corporate database, and asked if there was an alternative. "Sure," he said, and continued doubtfully, "but you'll have to give a $200 deposit to get service." Not a problem, said I, provided I get the money back. The agreement said that the $200 would be held for 1 year, at which point the money (with standard at-that-time savings account interest) would be returned to me. Quite agreeable, I filled out the necessary paperwork, handed over my $200 deposit plus the amount for the phone, and walked out a happy man. 1 year later, as promised, I received a check for the $200 + interest, and I thought myself a satisfied customer.

Fast forward.

Recently, my phone (the second one I'd had since becoming a Cingular customer) started dying on me, so I decided to get a new phone. Coincidentally, Cingular mailed me one of those "We'll give you a free phone if you sign on for another year" mailers, so I went and got a new phone. I was giving up my pager at work to cut down on the bat-utility belt nature of my daily garb, and decided to log into the Cingular (now AT&T) website and find out what my SMS address was so that I could replace my pager number in the various notification systems with my cell... I just needed to know the domain.

Surprise! AT&T/Cingular's web site requires you to enter your cell phone number and the last four digits of your social security number in order to log into their site. How confounding, I thought, since I have never provided my SSN to this institution, I'll have to go to the trouble of navigating a phone tree to find a simple answer to my question. Knowing phone trees, I typed in my phone number and the last four digits of my SSN hoping it would give me a "Whoops, we don't have your SSN, call [this number] for web site activation, bypassing my need to call the more general 800 number and navigate my way to a human.

It logged me in.

I have never provided Cingular my SSN, nor AT&T, so they didn't magically acquire this data upon some seamless corporate merger. I don't know when Cingular went out and got my SSN, nor where they acquired it from (I'm presuming some data broker like ChoicePoint), but needless to say I am most thoroughly and entirely vexed by this situation.

Apparently, even shelling out money (albeit temporarily) for the privilege of staying out of a corporate database is a fruitless affair.

Kyle WilsonJune 28, 2007 12:03 PM

I don't think that legislation will have any impact on those who inject bad data into the system. There are plenty of questions that I'd be reluctant to provide honest answers to given that at some future date they might be misused (legally or otherwise). Legal protection can be bypassed by criminals (both in and out of government) and by new legislation. If the information isn't in the system (or is inaccurate in an innocuous way) then it cannot be misused regardless.

Jimbo FratelliJune 28, 2007 12:16 PM

[[The Census Bureau normally is prohibited by law from revealing data that could be linked to specific individuals; the law exists to encourage people to answer census questions accurately and without fear.]]

Funny, that law actually encourages me to lie on the census forms. Fnord.

EamJune 28, 2007 12:38 PM

@Pat Calahan:

Have you tried typing in a random 4 digit number instead of your actual SSN digits?

I'd be interested to know what the result of that is.

AllAboutMoneyJune 28, 2007 12:39 PM

The US is currently an "opt-out" society (and in some cases, you don't even get the choice to opt-out).

The reason for this is purely and simply all about money (capitalism at its best). Like anything else, as long as someone is willing to pay money for it (information), it (information) will have value, and someone else will collect as much of it (information) as they can to sell.

The situations Bruce describes regarding use (reuse, missapropriation, etc.) of information will change only when the US becomes an "opt-in" society (in all aspects).

That is, each individual has complete control over their information, who has it, what they have and what they can do with it, where it is stored, when it can be used and when it expires, etc.

bzelbobJune 28, 2007 12:41 PM

In curious sort of cosmic irony, Japan seems to have reinstated border security changes which will now require all foreigners entering the country to have photos taken (which I'm reasonably sure was happening covertly before) AND have to give fingerprints as well.

http://nettv.gov-online.go.jp/prg/prg1203.html

I have traveled to Japan twice in the last couple of years and really enjoyed it. Apparently this was in place until 2000 when it was suspended, but of course 9/11 changed everything. So, presto!, it's back.

I sure hope the Japanese are better at keeping my data safe than we are.

AoiJune 28, 2007 1:48 PM

Countries like France prohibit by law gathering specific information (nationality, religion, etc.) during a census. Might help to that in the U.S., but probably wouldn't matter because data aggregators have mastered pulling discrete sources of info and creating complete profiles. I'd like to think legislation could solve the problem, but that doesn't seem likely. As Cicero said: "inter arma enim reges silent".

Chris SJune 28, 2007 4:32 PM

I really bad example of data re-use...

http://news.bbc.co.uk/1/hi/uk/6642465.stm

A credit card database from a site that acted as a clearing house for child abuse images was recovered by police. When they received the data on UK cardholders, the UK police proceeded to then investigate the cardholders -- without first checking to see if some of the card numbers were stolen and used fraudulently at this site.

This interview with one of the victims of poor data re-use...

http://ore-exposed.obu-investigators.com/...

...note that over 30 suicides have resulted from this operation.

Further details at...

http://en.wikipedia.org/wiki/Operation_Ore

tinfoil_hat@mnJune 28, 2007 4:37 PM

One of the SANS instructors recently recommended "No Place to Hide" by Robert O'Harrow, Jr. I'm sure many have read it and that I'm just behind in my reading. I just started it yesterday and already I'm a bit surprised the general populace is so clueless about the extent of information brokering going on, and the level of detail certain companies have on each of us individually. I knew companies were harvesting data, but I didn't quite grasp just how much "they" knew. Combine that with the PATRIOT Act, and other legislation, and the government can probably predict exactly where most of us will be, what we're doing there, and who we're there with...

Excuse me while i fold my new tinfoil hat and convert to cash-only transactions...

Bill PJune 28, 2007 6:22 PM

Institutions must recognize that there are acceptable levels of invalid data when harvesting personal information. A few percent isn't a big deal, but at what level does the corruption render the data useless? GIGO! In other words, the more garbage we feed in the more garbage comes out. We need to start a revolution by feeding the systems as much trash as possible. Quantity is also important, the deeper the pile, the slower the process.
Swap store discount cards with friends and neighbors, especially those at a distance. Open credit accounts, charge a hundred bucks, then pay it off and close it. Open an AT&T internet account and do multiple searches on carbon, sulfur and sodium nitrate. Send friends and neighbors messages of random garbage. Find other interesting words to search for.
If you have an opportunity to take a survey, use your imagination! I always like to use the local non-emergency FBI or police telephone number. Be creative!
Last year I had a lot of fun. Somehow, the Republican party decided to mail me surveys and questionaires. I felt it my duty to respond, as would any good Democrat. Actually, I would have done the same to the Democrat party as I trust neither with my information.
If enough of us can find ways to corrupt their data, this may stop.

LRayZorJune 29, 2007 6:34 AM

@Pat
Are you sure they didn't pull a switcheroo on you? The system could have looked at it's database and said, "ah we don't have this person's SSN, what ever he types in, we'll store it and use it as the password"?

C GomezJune 29, 2007 8:29 AM

@Bruce:

Points well made.

Another major part of this is the willingness of Americans to hand over such data.

Look, these corporations are offering you a service. If you don't like what they are asking for, you are free to stop taking that service.

"Impossible!" you say? Not really. The only reason some things cost what they do is there is cheap money available to borrow to buy them. It costs information to get access to that money. If all of society stopped giving up that information and decided they just simply can't afford to pay what is being asked for, one of two things would happen:

1) The companies providing these services (mortgage brokers, auto lenders, credit lenders) would stop asking for it.

2) Price would have to come down.

The convenience Americans are willing to pay for in terms of cost and data about themselves is the danger we pose to ourselves. Laws are nice, but laws can't protect us from our willingness to sell our souls (our personal data) for convenience.

Instead, we pray that laws crafted in a slow methodical process will protect us from our own fast-paced desire for cheap goods and convenience.

The best example is how much feigned outrage there is over Walmart, yet droves of people still shop there.

Pat CahalanJune 29, 2007 11:29 AM

@ LRayZor

> Are you sure they didn't pull a switcharoo on you?

Good lord I hope not. Once you log into the Cingular web site, you get oodles of information about your account; if they silently allowed the first person to log into an account without knowing a password, that would not only be a huge privacy concern, it would be monstrously bad security :)

FredJune 29, 2007 2:01 PM

@ Pat Cahalan
It is virtually certain that they have the last four digits, companies like Choicepoint are happy to sell that information. But it is less certain that they have the whole number.

Which brings me to something I wonder about-- if it is bad to use SSN, why isn't it worse to use the last four digits? Surely that is even easier to guess?

FredJune 29, 2007 2:02 PM

@ Pat Cahalan
It is virtually certain that they have the last four digits, companies like Choicepoint are happy to sell that information. But it is less certain that they have the whole number.

Which brings me to something I wonder about-- if it is bad to use SSN, why isn't it worse to use the last four digits? Surely that is even easier to guess?

Annoyed_CustomerJune 29, 2007 2:31 PM

What I find really egregious is my bank, Bank of America, selling my data to this "pre-screening" company that sends out credit card offers for a number of different companies. To opt out permantly I had to mail in a signed form, putting the burden on my end. They were hit with lawsuit I believe in 1999, but still were selling data because I only made account year or two ago:

https://www.bankprivacycase.com/

And the rewards of the class action? All vouchers for BoA services. What a joke, they make money off selling my data and all I get in return is hassle.

http://consumerist.com/consumer/...

D. E.June 29, 2007 4:22 PM

Well, I for one am with Ann Coulter on this, I guess. Good for the US government! Japanese-Americans in Hawaii acting as agents for Imperial Japan provided critical intelligence as to ship arrivals and departures, i.e., fleet movements, to Japan before the attack on Pearl Harbor. It was war. It was before my birth, but it must all have been damned scary, and reasonably so. Immigrants from a nation which attacks us should recognize that scrutiny will come their way. We didn't put them in gas chambers or tattoo them or physically hurt them. Mass detainment was in hindsight too drastic, but that is the nature of a fight to survive against an alliance of hell-bent aggressors with designs on world domination. Hitler and Tojo only did that for ten or twelve years. Islam has been trying for what? Thirteen centuries? I'd authorize using available data and listening to a few selected phonecalls if I had to make that decision.

maria e ramosJune 30, 2007 4:05 PM

My concern is , I recommended alot of people to your bank.Also many of them said this bank was no good. My son's checks were $1000. plus every 2 weeks and was charged $30.00 or so to cash his check. Only because, it was from an out of town firm. Or they would hold his check for a week, then he could use his funds thereafter. I just want all people to be compensated for the damages and to be paid back all my overdraft I paid on this accounts.

X the UnknownJune 30, 2007 6:17 PM

@FP: "... the laws that protect data today can be changed, and data collected for a specific purpose today can be used for entirely different purposes tomorrow. "

Thus, we need a "more-robust law": a Constitutional Amendment explicitly protecting personal data, and limiting the ability of both government and non-government agencies to collect, retain, and disseminate this information. Of course, striking the "right" balance of protection -vs- utility is the hard part...

X the UnknownJune 30, 2007 6:22 PM

Frank Herbert, in some of his science-fiction stories, posited an official "anti-government" government agency: BuSab (Bureau of Sabotage), the purpose of which was to disrupt organizations which were becoming "too efficient". The premise was that narrowly-focused agenda persued "too efficiently" was almost always "bad" for long-term human living conditions...

A politically unrealistic "solution", of course, but a very amusing conceit.

X the UnknownJune 30, 2007 6:37 PM

@Pat Calahan

Another possibility is that they looked up the name they have associated with your cell-phone number, against their (commercially-purchased) database of 4-digit SSN's, and found a match. "Good Enough" says the login program "let's record it, while we're at it..."

lorenzoJuly 1, 2007 7:44 AM

Applying the same mechanism they want us to accept for DRMd music.

It would be fun to see a request for DRM data on the first place. You want to download my personal information? Ok, but you can't do it more than 3 times. And you can't copy it. And you can't give it to somebody else unless I give you the licence to do so.
And maybe I'm going to make you pay for that licence. After all, you're making money on *my* personal data, why not asking something in exchange for it? :)

obviously it won't work but it would be fun to see all the big companies struggle to get alof of DRM technologies..

(same comment sent to wired)

Joakim BaunachJuly 1, 2007 10:13 PM

@ bzelbob: I've traveled 3 times to Japan in the last 6 months and didn't have fingerprints nor picture taken... Where did you find that information? On an old Japanese non-updated web-page?

/// Joakim Baunach

jucsJuly 2, 2007 4:01 AM

Another classical example (classical at least in my home country of Germany) is that of Jews willingly submitting/revealing their religion to the county/city bureaucracy in the decades before 1938 - never anticipating the type of re-use that bit of data would experience by Nazi officials.

wmJuly 2, 2007 6:47 AM

@Joakim: "I've traveled 3 times to Japan in the last 6 months and didn't have fingerprints nor picture taken"

I had a look on the web when I read the original comment, and found a couple of news pages from last year saying that they'd just passed a law requiring fingerprints to be taken from visitors starting around November this year.

(The delay presumably being to give them time to put the infrastructure in place.)

JeffHJuly 2, 2007 7:32 AM

@ D.E "Mass detainment was in hindsight too drastic, but that is the nature of a fight to survive against an alliance of hell-bent aggressors with designs on world domination. ... Islam has been trying for what? Thirteen centuries?"

Shows how much you know about Islam (and way to go taking this off-topic into the current US political climate), and drawing the comparison between a religion and a country, WW2 Japan, is farcical. Stereotyping and hysterical outbursts like this is why the US is in the racist state it is today.

First off, Islam is a religion, not a specific group of people, so to blanket accuse the entire religion and all worshippers is on a par with labelling all Christians as pro-life because the Pope happens to be.

Secondly, the actions of specific groups are indeed those of terrorists, but that doesn't mean the majority support it and nor should that assumption be made. Christian anti-abortionists blow up clinics; does this mean we should round up/harass/detain/give greater scrutiny to all Christians?

As for thirteen centuries of world domination, as you put it, try looking up Zionism or the Crusades. All religions have had a bent of 'convert or else' at one point or other, and indeed Islam is unique in that it actively states that the preferred method is peaceful. Neither Judaism nor Christianity make that statement about non-believers.

For the record, I'm a Christian, but I do know my history and my religions. Perhaps if more did so, there'd be a better chance of some mutual understanding.

NickiJuly 14, 2007 12:57 PM

Im writing in regard to Bank of America case.I origiaally opened my account in Gulfport Fl. Since Ive spent about 5 years here in N.Carolina so I transfered my banking to the same bank but in Kinston N.C. Boy I really started getting lots of mail. I live with my sister and that is the only person I know.{plus her family}I recieved gimmic mail some of it was in Bank of America envelopes. I didn't know or rather put 2&2 together when one of the telemarketers mentioned that my bank endorses the product because it came in their envelope. The problem I have now is I owe a magazine co. over $ 800. Im on disability and the only monies I get is from the Government. Truthfully I could say Icould probably handle $17.00 per mo. ,they started pulling out close to $70. per month.They have me on tape andI was on pain meds at the time and I could sure tell it.I'm sure they could too. When I got the first notice of acceptance I called to cancell. NO GO. That number was a Watts line in Canada, the poor lady said she was getting swamped by all the calls to NORTHERN READERS in McHenry, IL. to cancell. I called my bank as the States Attys. office suggested.I got my bank card changed at their suggestion. Now I get direct billing statements from said company. There goes the credit line. Thanks for listning. N.Perfetto

EliasJuly 16, 2007 9:35 AM

@Pat,

If Cingular paid you interest on the deposit, they would want to report the interest paid to you so it didn't show as income on their books. They probably filed a 1099 with the IRS. For that they would need a SSN.

I would not have thought of this standing at the Cingular counter but thinking about it now, any business transaction that includes interest would surely require a SSN. And even just getting your money back at all might require a SSN.

Any tax experts out there who can comment or advise?

EliasJuly 16, 2007 9:51 AM

@tinfoil hat,

Companies may have lots of information but do they draw accurate conclusions?

Usually I just find it amusing when it's clear they've misinterpreted the data such as sending baby food coupons because I ocaissionally buy disposable diapers or a Google ad based on a mis-typed query.

But there are two dangers to data recycling and I'm not sure which is worse -- getting it right or getting it wrong. I guess it depends on the context.

Chris BurnsJanuary 8, 2010 12:18 PM

RE: Risks of Data Reuse

It seems as though the Timeshare Owners Lists are re-used more than any other data files. Unauthorized use of List Owner's data should not be tolerated.

Chris

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..