Michael Gracie

To get people thinking about the related issues, Marshall Kirkpatrick has put together a list of questions well worth asking, and discussing. It is indeed timely.

Online social networking is already on fire, but there is a price to be paid as well - mashups galore are making it ever easier to get the data you want, as well as enable people to acquire data on you. I find it amusing that users scream when their Facebook accounts are disabled because they tried to mine some of the data within, but in the Scoble case and many others just face the facts - all those people you think are your friends aren’t really your friends. The majority of the people on that “friends list” won’t ever ask you out for a drink, help you move, or read your business plan, and they certainly don’t want you taking their email address to another site so that service can spam them with invitations to join the next best thing. I’m no particular fan of Facebook, but I can’t help but give them a thumbs up here. The myriad of user privacy settings they offer are there for a reason, to prevent pseudo-friends from taking users’ data while they are attempting to grab their own.

It’s a quandary for many internet users. The fact that some join and befriend in the first place makes them particularly vulnerable. It won’t be long before the type of intrusion exemplified by Robert Scoble/Facebook is going on undetected - its centralization makes it low hanging fruit. Meanwhile we’ve moved beyond the average person’s grasp of privacy - it no longer exists - the best one can hope is that the information available about them isn’t ultimately damaging.

No fire truck is going to arrive to help you if it is.

UPDATE: If the risk of all that social networking data floating around isn’t bad enough already, you can always worry about your ISP doing the mining.

UPDATE 2: Regarding the Scoble/Facebook drama, Paul Buchheit wonders: Why aren’t Gmail, Yahoo! Mail, and Hotmail blocking Facebook? Another good question, and with TOS excerpts to boot!

Interesting concept - Union Square Ventures proposes that while material goods have decreasing marginal utility, the value of data increases for each new byte added.

It’s a stretch that presumes the human user has potentially infinite interests. And to capitalize indefinitely on the data store, the human user would also need infinite desires, wouldn’t they? Neither is the case (at least after adulthood), and I suspect that beyond a point (closer to the y-axis that most think) the data is nothing but noise. While the marginal cost of the data storage is immeasurably close to zero, the computational costs (including CPU cycles and smart people creating new algorithms) to extract revenue from each additional bit should continue to rise.

And socialization leverages existing data stores, but only to a point - afterwards there are likely diminishing returns as well.

I received a note this morning suggesting that while the actual effect the “teaser freezer” program may have on the foreclosure problem is still up in the air, at least now there’s some data coming out to work with. The numbers are preliminary, and highlights are as follows:

• There are 80 million homes, and approximately 49.6 million mortgages. The average mortgage size is roughly $202,000.
• Roughly 63% of mortgages are fixed “prime” loans, and 14.5% are adjustable rate “prime” loans. “Below prime,” 6.3% are fixed rate, 6.8% are adjustable rate, and around 9.3% are FHA/VA loans.
• Of the roughly 6.5 million “below prime” loans, over half have some kind of teaser rate. Of that amount, roughly 1.8 million are adjustable rate loans with resets beginning in 2008 and 2009. 2/3’s of that amount may qualify for help - the remainder, or around 600k, will have to fend for themselves.
• Help is equally divided between rate freezes and streamlined refinancing assistance, and data suggests that around half of the refis may qualify for some FHA or VA loan.
• Of mortgagees, roughly 2.6 million are delinquent today - how many of them have missed only one payment in the last year and/or are adjustable rate borrowers with resets within the Hope Now “window” is unclear. And there are just under one million borrowers in some level of foreclosure as we speak.

ADDITIONAL NOTE: I’ve never made hay about the subprime borrowers, seeing them simply as the high yield tranche that always rears its head when money is easy to come by. As the data above suggests, they are only a small part of the overall mortgage picture, and credit risk was already built in. It’s the 7.2 million prime ARMs, many beginning their resets the first of next year, that people should be worried about.

UPDATE: More “facts” - compliments of the White House. I’d rather see facts coming from the GAO than the Office of the Press Secretary.

Bruce Schneier comments on data theft disclosure law, stating emphatically that the Data Accountability and Theft Act is too “watered down” to do much good.

I guess my intuition engine is still running.

The Data Accountability and Trust Act could be going to a House vote soon.

Somehow, someway, I smell “CAN-SPAM 2,” only much more serious. The legislation provides for consumer notice in the event of a breach, but only if there is “reasonable risk of identity theft to the individual to whom the personal information relates, fraud or other lawful conduct.”

First, who the hell determines what a “reasonable risk” is? The FTC, after a breach? Second, consumers would be allowed access to their data, and a chance to correct inaccurate information. Isn’t that issue covered by the Fair Credit Reporting Act already?

The problem with notice is the speed in which it is executed. If data brokers had statutory liability for each breach, say tied to actual damages their breach caused, plus mitigation costs, they would spend a lot more money on internal security procedures, and be a lot more likely to notify affected consumers with speed and efficiency.

Right now, it sounds like they are being given incentives to cooperated with some governmental body, which thereby covers their own butts. And not much more.
Read more »

Its on the laptop, and unencrypted, and now it has been stolen.

In much the same flavor, I say keeping unencrypted data on a laptop is downright stupid. And as long as IT departments, including but not limited to senior management, allows their employees to carry extremely sensitive (and liability prone) data around in their backpacks, this will continue to be a ridiculous issue.

Jon Oltsik of Enterprise Strategy Group reported on the state of security as large organizations, and the news is not good. You know the stories of data thefts at Choicepoint, Bank of America, and Siesint - large amounts of personal data stolen, and not necessarily via an IT hack. It seems they are the tip of the iceberg.
Read more »

Spamroll was officially taken out of not-so-secret, partially working, but still password protected development on Monday, March 7, 2005 at roughly 5pm MST.

Over the next few weeks, entries will be added to the archive for previously incomplete posts, including many which date back several months, while the site was under development. Meanwhile, new entries and data will be added daily, while any remaining kinks are ironed out.

Hope the site helps with your spam and phishing issues. Enjoy!

Regards,

The Management

An interesting note was posted by Russell Beattie, entitled Mobile Security Thoughts. Getting some scoop on the Paris Hilton “My Phone Was Hacked Craze,” I think everyone will get the hint about mobile security after the read.

Unfortunately, CNN, in the tradition of mass media skewing the picture in a wide ranging attempt to scare the daylights out of everyone, posted their own version of how to protect yourself in: You and Paris Hilton can prevent identity theft. Sort of. - Feb. 22, 2005.

Sorry folks, but it isn’t going to work on its own.

While quoting some obscure security expert, CNN notes you should do things like shred your receipts before throwing them away. Hey, maybe we should stuff them in old mattresses until they fade!

The last check of my credit receipts showed a bunch of XXXX’s where the credit card number should be. And AMEX is happy to send me a new card every year, with a new account number, each time I “lose” it to kitchen scissors.

Yes, there are simpler (and some more complicated) ways you can protect your address book, your credit information, and your identity as a whole. And it doesn’t take a genius, as thieves are usually (I say USUALLY) pretty dumb to begin with.
Read more »