As I was getting ready to speak at last week's Toorcon 2003 information security conference in San Diego, I finally figured out that privacy was never intended for you and me. The system doesn't care about us at all.
The system doesn't care because the Post Office does nothing to protect our mail. Have you ever met a Postal Inspector? Neither have I. The system doesn't care because our government blithely gives away personal data on millions of citizens. For $3,200 and a couple pages of signatures, I could right now be running for Governor of California, but really harvesting the name, address, date of birth, and Social Security number of every registered voter in the state to be used for identity theft. Government does not protect our privacy, but is actively working to undermine it. Nor are we protected by the people with whom we entrust our money. For ONE DOLLAR I can get quickly this same information on anyone I like along with where they bank and their savings balance. This is supposed to be against the law, of course. We have laws and rules and regulations that supposedly protect our privacy, but they don't work. If we were to test them they would fail, so we don't test and they fail anyway...
...In the middle of this, we find the trinity of banks, government, and credit bureaus who betray us on our behalf. The banks and their bank-like sister companies are the airliners in our big economic sky. They use a modified version of the Big Sky Theory that says as long as theft is kept to five percent or less, it is tolerable. That's what insurance is for. They play the odds to achieve this, which is where the credit bureaus come in. They are the oddsmakers. This system works for us, too, because it enables us to get a mortgage without ever meeting a banker, it increases liquidity and makes easy credit available for nearly all of us. But the system works against us if we are among the five percent who are victims because our time, our reputations, and a certain amount of our money will never be recovered.
See my earlier postings on this topic. He's absolutely right and it's nothing new. It's been this way for years. The main difference today is that soon identity theft will be fully automated; organized crime will churn through thousands of identities an hour, processing transactions on each one.
Nothing will happen until, just by chance, they steal the identity of a US Senator. Then there will be a maelstrom of stupid laws. Ahh, isn't democracy wonderful?