Shostack + Friends Blog Archive


Choicepoint, April 2

  • The Atlanta Journal Constitution has an editorial “ChoicePoint’s offer not enough

    The better solution would be to prohibit companies such as ChoicePoint from warehousing personal information in the first place, since security has proved so problematic. Computerized collections of consumers’ Social Security numbers, credit information, driving histories, medical and court records may make commerce more efficient, but they also present appealing targets to crooks.

    ChoicePoint’s offer, made Wednesday in the California General Assembly, was not accompanied by specifics on how it would work or whether consumers would be charged for access. But consumers should not have to depend on voluntary action by the company. Rules should be written into law modeling federal regulations that already cover the major credit reporting companies: Equifax, Experian and TransUnion.

    It’s not at all clear that the current rules don’t cover Choicepoint, as EPIC points out.

  • Also in the Atlanta Journal Constitution, “ID thief receives 15 years in prison.” I think this is a new case, and involves the use of Choicepoint to make sure the ID thieves only targeted the rich. (The poor, afterall, are tough and chewy.)

    A College Park [Georgia] man was sentenced to more than 15 years in prison Friday for his role in an identity theft scam in which he used data from ChoicePoint, the Alpharetta consumer information firm, to help target victims, prosecutors said.

    Robert Stewart, 33, received a 190-month prison term in federal District Court based on a guilty plea entered earlier. According to testimony, he worked with nine others to defraud banks and other companies of about $1.3 million, using stolen identities to cash counterfeit checks.

    The U.S. attorney’s office, in a news release, said Stewart stole identities through jobs he held at various companies in the Atlanta area, including at a company screening job applicants for the Transportation Security Administration.

  • Finally, I’ve posted some commentary on “Information Security Magazine on Choicepoint.” The post is too long and tangential to include in the category archive.

For more on Choicepoint, see the Choicepoint [link to no longer works] category.