Experts say that the first thing hackers do when they break into a database containing personal information, such as those of ChoicePoint and Acxiom, is look up themselves and their friends.
Besides proving that hackers are a hopelessly self-absorbed lot, this tendency also illustrates that they are not always as smart as we might think. This irresistible act of narcissism often leads to their eventual captureinvestigators simply follow the digital trail back to its source.
As it turns out, I'm no different. The first thing I did when I learned I would be writing this month's case study on LexisNexis, the data aggregator from which hackers stole personal information on more than 300,000 people earlier this year, was look to see what kind of data they had gathered on me. For $8, I purchased my "Person Report" through a newly initiated program called the LexisNexis Consumer Access Program.
What I received in the mail four weeks later was more than I'd bargained for (that is, if you consider paying $8 to see information about yourself a bargain).
Along with a complete file on myselfwhich included names and aliases, current and all prior addresses, date and place of birth, party affiliation, mortgage information, criminal record (clean, thank you very much), weapons permits, and a creepy and wildly inaccurate section toward the end entitled "Possible Associates"I was given similar information on my parents, my wife, her parents, my siblings, my siblings' spouses, my siblings' spouses' parents, and my neighbors.
Needless to say, I couldn't put the thing down, despite a sense that what I was doing was vaguely voyeuristic.
It was all I could do not to wish my next-door neighbor a happy birthday the next day, for fear of having to divulge my source. But I comforted myself with the fact that every detail included in the 30-page report was considered "public information," or information that, had I the time and inclination, I could obtain for myself through exhaustive searches of the Internet, as well as public records filed in town halls across the country.
Of course, no one ever does that. Which is why the business of collecting, sorting, analyzing and selling personal data, both public and nonpublic, is worth billions. Throughout this, CIO Insight's fourth annual Special Issue on Security and Privacy, we explore every aspect of personal dataissues that range from the legislative to the technological to the philosophical. Who owns it? What is it worth? How can we protect it? Questions like these have immense importance in the information economy. We hope we have provided some answers.