When freedom is just a word…

Growing up in the 60’s, in my wildest dreams, I couldn’t have imagined what lay in store. Life was  so much  simpler back then. As a society we were much more innocent and trusting, at least that is how I remember it. My father made many deals in those days, on a simple hand-shake.    I grew up believing that a man is only as good as his word.

Unfortunately, life has become so complicated and it astounds me to the extent our privacy and our freedoms have disappeared. I wouldn’t have noticed, except we’ve been house hunting. Being prospective first-time homeowners, we have opted to rent, primarily because the home purchasing avenue is so time consuming and arduous. Contemplating the process is overwhelming.

Today, I contacted a couple of rental companies in the area. Wow! I was shocked to learn the amount of information they “require” of me to rent a home. Not only do they request my social security number (an unauthorized use), they want my bank account number, the balance, as well as the usual reference requirements. Frankly, this scared the hell out of me.

As someone who has been dealing with a complicated identity theft issue for the past 15-years, rendering me unable to obtain a bank account. Everyone knows what the problem is, they acknowledge that everything is properly documented, yet every person who has been contacted, regarding the identity theft have refused to act.

To add insult to injury these rental agents want to charge me ($30  for each occupant)  to trust them with my entire financial  future, putting my family at potential risk of further identity theft. These agents in most cases aren’t bonded, they are generally paid between $8.00 and $12.00, creating a built-in incentive for fraud, embezzlement and illegal financial gains.

I guess I’ll be living in my little shoebox house for a bit longer. I might trust a bank with my financial details, but bankers are held to a certain level of public trust, they are under higher scrutany than a housing rental company employee earning the same as a McDonald’s employee. Perhaps, if more people protected their privacy a little more and were not so willing to comply with every request for sensitive, personal data, companies wouldn’t be so quick to request our personal  financial records.

Too many businesses are requesting sensitive personal details that they have no legitimate need for. The information is on computers (some get stolen), in file boxes, in the backroom or a storage unit — boxes get lost and stolen all the time. Not every business shreds these files (which may or may not be required by law).

If you think identity theft can’t happen to you, think again. As IT consultants, we’ve seen an astounding amount of identity theft and much worse.

Experts recommend…

  • Keep your computer updated. Do regular updates.
  • If your computer gets infected with a virus, do not use it. Unplug your Internet connection and call a technician.
  • Take steps to guard your privacy.
  • Don’t be afraid to ask “why” your sensitive information is required. There may be other means of complying with the request.

Learn more…

Watch Eagle Eye

I’m married to a sci-fi fanatic. We have more sci-fi movies that I ever knew existed and while I don’t mind having them around, I don’t always appreciate the efforts Shawn goes through to get me to watch them.

Admittedly there are quite a few out there that I do enjoy with enthusiasm but that is not always the case. So, when Shawn insisted I watch Eagle Eye, I tried to watch it. For some reason I just couldn’t get into it. When Shawn mentioned the movie to me several times, I knew it was important to him that I watch it. I made a couple more attempts and tonight I finally managed to make it all the way through.

Starring Shia LaBeouf and Michelle Monoghan, Eagle Eye is part thriller, part sci-fi and part adventure. The story feels a little disjointed in the beginning. It’s hard to follow and leaves you wondering what is going on. About half an hour into the movie the plot thickens, mysteries start to reveal themselves. Surprisingly, I found myself riveted to the show, hanging on every word at one point.

Robert Horton writing for Amazon says:

The "cell phone thriller" is becoming a genre unto itself, and Eagle Eye should be considered a key example of the form. Frankly preposterous but compulsively watch able, this movie puts Shia LaBeouf in a mess of trouble instigated by a mysterious telephone voice. If he doesn’t follow orders, dire things will happen–although when he does follow orders, the consequences are pretty dire, anyway. Also being blackmailed is a single mom (Michelle Monaghan) receiving similar phone calls…

The movie is rated PG-13, which in my opinion is about right. My son watched part of it with me, though the violence wasn’t graphic, a lot of cars blew up and many people died in car accidents, the wrecks were shown but the people we not.

The mother (Rachel) quickly gains our sympathy and our support through her love and concern for her young son. The young gentleman (Jerry) takes a little while to warm up to. He plays a sort of lovable loser who just can’t seem to settle down, preferring instead to drift around from place to place.

If you are a computer enthusiast and enjoy your cell phone, this is a movie that will give you something to think about for a long time. You’ll never look at either quite the same again. I know I won’t.

U.S. Tax Returns, Identity Theft and H&R Block

by: Shawn K. Hall and Annette M. Hall
Updated: April 1, 2011

What you don’t know could hurt you

You simply can’t be too careful these days, so you do your best to protect your personal data.

  • You purchased a crosscut shredder and never put anything with your name, address, phone number or social security number in the trash until it’s been through chewy.
  • You update your computer software regularly.
  • Regularly run virus and spyware protection software on your computer.
  • You don’t sign the back of your credit cards but instead you write “See ID.”
  • You have a credit report ran at least once a year as recommended by credit experts.

So, you’re safe right?

Despite your best efforts to protect your family members from identity theft, the entire situation could be well out of your hands and the situation is sure to get worse before it gets better.

55 Million Americans at Risk for ID Theft

According to a USA Today report made last week, last year was the worst ever for computer security breaches. At least 130 security breaches put more than 55 million Americans at risk for ID theft last year.

The Arizona Daily Star reports: “Big companies suffered significant data losses last month that could have a big impact on individuals. Last week, the time-share unit of Marriott broke the news to 206,000 employees and customers that key personal data, such as Social Security numbers and credit card numbers, went missing after backup computer tapes disappeared from an Orlando office.”

These stories are just the tip of the iceberg. In the past couple of years the situation has spiraled out of control. Only a handful of states even have mandatory notification laws requiring companies who have suffered a lost of data to notify their customers. This means that if your local dentists office has their computer stolen, with all of your medical and personal records on it, you may or may not be told of the breach.

According a story in The Journal News: In March 2005, ChoicePoint, a Georgia-based information broker, revealed that the personal data of hundreds of thousands of Americans in all 50 states had been compromised. The revelation came only because a California law required customer notification of data theft.

We can expect the situation to continue to worsen due not only to computer theft and dishonest employee’s but also, due to the increased amount of personal information being outsourced to foreign countries like India.

Your Personal Tax Return

According to Kansas City Business Journal – H&R Block has about 25 percent of its work force in Kansas City and about 1,000 employees in India. Block claims that its work force in India is better educated than its work force in the United States. Block’s India operation scores better than its equivalent U.S. operations on measures of efficiency and customer satisfaction, Ernst said, and the company’s workers in India do their jobs for about one-fifth the amount its U.S. workers get paid.

In another USA Today article published in February of 2004, we learn “tax experts say Indian chartered accountants – the subcontinent’s version of certified public accountants (CPAs) – will prepare 150,000 to 200,000 returns this year (2004), up from about 20,000 in 2003.”

Folks, when you have someone prepare your tax return, you are putting a great deal of faith in that individual or company. They will have access to not only your income and expenses but your address, social security number, phone number and even your children’s names and date of birth.

Speaking Social Security Numbers, the following letter went out last week from H&R Block, Kansas headquarters to select clients. Apparently, someone made a huge mistake. So far this blunder has somehow been kept out of the news. The company is claiming there is nothing to worry about but… well I’ll let you be the judge.

Dear Customer,
Recently we mailed you a free copy of our TaxCut software. We believe that this complimentary software will meet your 2006 tax preparation needs, based on our prior experience with you as an H&R Block client. We hope that you will try TaxCut and find it to be a great solution for filing your next tax return.

However, since we sent you this CD, we have become aware of a mail production situation that has affected a small percentage of recipients, including you. Due to human error in developing the mailing list, the digits of your social security number (SSN) were used as part of your mailing label’s source code, a string of more than 40 numbers and characters. Fortunately, these digits were embedded in the middle of the string, and they were not formatted in any manner that would identify them as an SSN.

Nevertheless, we sincerely apologize for this inadvertent error, which is completely inconsistent with out strict policies to protect our clients’ privacy. Our internal policies limit the use of client SSNs for purposes other than tax preparation. Furthermore, our internal procedures require that mailing source codes are formulated in a manner that excludes use of any sensitive or confidential information. Please know that we have conducted a thorough internal review of this matter, and are taking actions to ensure this does not re-occur.

Again, please understand that the digits of your SSN were embedded in the middle of a lengthy source code, and they were not formatted in a manner that identifies them as an SSN. As a result, we believe that exposure of your SSN digits was limited to you alone, since you are the only person who would recognize their significance. Nonetheless, we suggest that you destroy the wrapper and mailing label of the free TaxCut CD we sent you. If you would like more information about this incident, please visit www.taxcut.com/answers, a special Website that contains additional details and an e-mail link for contacting us with your questions.

On behalf of more than 100,000 associates of H&R Block, allow me to apologize for this unfortunate situation. Through 50 tax seasons, H&R Block has earned a reputation as a valued, trustworthy ally to our clients, and we sincerely hope that you will find the free TaxCut CD and our information packed taxcut.com Website to be helpful tools for the 2006 tax filing season.


Tom Allanson
Senior Vice President & General Manager
H&R Block Digital Tax Solutions
4400 Main Street Kansas City, MO 64111

I wonder if anyone is going to inform Mr. Allanson that this “lengthy” source code is only 40 digits, and an SSN is nine digits. All it would take is one person to figure out where their own SSN was placed within this “lengthy” string and then they can abuse the data for every other string they see (perhaps that is why many of the disks were never received?) Coincidence? I think not.

I also wonder if Mr. Allanson is aware that Social Security Numbers meet certain numerical pattern methods that would facilitate extrapolating the SSN even if the attacker did not know where the number began within this “lengthy” string.

But I guess I expect too much from the guy selected to write the corporate spin.

It’s a moot point.

Of course it’s bad press to be caught exposing this information about your customers to anyone who wants to look at your mail. It’s bad form to have this information available in plain sight. That’s a given. And we should be outraged. But in the long run, this is small potatoes from a company that is known to offshore this same information to locations in India where the information is collected and processed by foreigners with no relationship with our government. They can’t even be punished if they choose to collect and abuse the information for themselves.

That’s a horrible thought, isn’t it? All of your business, residential, major expenses and income details being sent to someone who is paid far less than what a 16 year old in the US would make flipping burgers. What is tying these people to the ethical standards we hold our own citizens to? Oh, don’t forget that the institutions “training” these staff have repeatedly been called for assisting or enabling students to cheat their way through college exams. Sure, that’s ethical.

But it’s not like they’d actually exploit or sell this information, is it? Well, actually, yes. It is. If a call center worker in India can collect and sell details on a thousand bank accounts, where the information would be far more limited than what a tax consulting agency would provide, no lack of potential for abuse exists.

That’s okay. You can excuse yourself from the whole situation by just not using H&R Block, TaxCut and other services that offshore your data, right? Not exactly.

The problem is grossly exacerbated by the fact that US Government-related organizations, like the RNC, have elected to offshore their data as well, including everything from donations to affiliation. And the government (as you can see with the Truth in Taxation hearings) doesn’t believe it needs to answer to We The People. That makes it even harder to enforce data collection and sharing laws imposed on corporations like H&R Block.

I guess it still boils down to the same simple solution from generations ago. Our nations founders believed that the further away from you the authority was placed, the less it could provide any local value. If you’re willing to let anyone – H&R Block, TaxCut, the RNC, or even Uncle Sam, collect information about you, our finances or your habits, you are giving them the opportunity to exploit you. And they will.