Wednesday, September 24, 2003
****Archived News********
California Bans Spam. All Of It.
Permlink | Top
California Governor Gray Davis has signed a law that criminalizes the sending of commercial email to people who have not explicitly requested it. There are no exceptions to this law, no loopholes to exploit. If it is an email sent in bulk, advertises any product and the recipient did not request it, a crime has been committed.
Civil action can be undertaken by the state, by e-mail providers that have to handle spam and by the recipient. Backers of the new law say that giving individuals the right to file lawsuits against offenders will ensure that the law is enforced, even if the government itself decides not to enforce it.
If proven to have spammed a Californian resident, a spammer breaking this new law will face fines up to $1,000 for each unsolicited message sent and up to $1 million for each email campaign. The bill also puts the burden on the sender of the emails to determine if a person is a California resident, something which is not easy to do.
It is unclear whether Governor Davis is just pandering for support in the upcoming recall vote and whether or not this law will survive legal challenges by direct marketing lobbyists.
The new law is a little scary, as it probably effects me as well. I send emails in bulk and they do have one advertisement. However, I'm glad to see this law go into effect. If you have not requested mailings about new products or have not done business with the company, then that company has no damned right to email an advertisement to you.
****************************** END ***
California Bans Spam. All Of It.
Permlink | Top
California Governor Gray Davis has signed a law that criminalizes the sending of commercial email to people who have not explicitly requested it. There are no exceptions to this law, no loopholes to exploit. If it is an email sent in bulk, advertises any product and the recipient did not request it, a crime has been committed.
Civil action can be undertaken by the state, by e-mail providers that have to handle spam and by the recipient. Backers of the new law say that giving individuals the right to file lawsuits against offenders will ensure that the law is enforced, even if the government itself decides not to enforce it.
If proven to have spammed a Californian resident, a spammer breaking this new law will face fines up to $1,000 for each unsolicited message sent and up to $1 million for each email campaign. The bill also puts the burden on the sender of the emails to determine if a person is a California resident, something which is not easy to do.
It is unclear whether Governor Davis is just pandering for support in the upcoming recall vote and whether or not this law will survive legal challenges by direct marketing lobbyists.
The new law is a little scary, as it probably effects me as well. I send emails in bulk and they do have one advertisement. However, I'm glad to see this law go into effect. If you have not requested mailings about new products or have not done business with the company, then that company has no damned right to email an advertisement to you.
****************************** END ***
California Bans Spam. All Of It.
Permlink | Top
California Governor Gray Davis has signed a law that criminalizes the sending of commercial email to people who have not explicitly requested it. There are no exceptions to this law, no loopholes to exploit. If it is an email sent in bulk, advertises any product and the recipient did not request it, a crime has been committed.
Civil action can be undertaken by the state, by e-mail providers that have to handle spam and by the recipient. Backers of the new law say that giving individuals the right to file lawsuits against offenders will ensure that the law is enforced, even if the government itself decides not to enforce it.
If proven to have spammed a Californian resident, a spammer breaking this new law will face fines up to $1,000 for each unsolicited message sent and up to $1 million for each email campaign. The bill also puts the burden on the sender of the emails to determine if a person is a California resident, something which is not easy to do.
It is unclear whether Governor Davis is just pandering for support in the upcoming recall vote and whether or not this law will survive legal challenges by direct marketing lobbyists.
The new law is a little scary, as it probably effects me as well. I send emails in bulk and they do have one advertisement. However, I'm glad to see this law go into effect. If you have not requested mailings about new products or have not done business with the company, then that company has no damned right to email an advertisement to you.
Permlink | Top
California Governor Gray Davis has signed a law that criminalizes the sending of commercial email to people who have not explicitly requested it. There are no exceptions to this law, no loopholes to exploit. If it is an email sent in bulk, advertises any product and the recipient did not request it, a crime has been committed.
Civil action can be undertaken by the state, by e-mail providers that have to handle spam and by the recipient. Backers of the new law say that giving individuals the right to file lawsuits against offenders will ensure that the law is enforced, even if the government itself decides not to enforce it.
If proven to have spammed a Californian resident, a spammer breaking this new law will face fines up to $1,000 for each unsolicited message sent and up to $1 million for each email campaign. The bill also puts the burden on the sender of the emails to determine if a person is a California resident, something which is not easy to do.
It is unclear whether Governor Davis is just pandering for support in the upcoming recall vote and whether or not this law will survive legal challenges by direct marketing lobbyists.
The new law is a little scary, as it probably effects me as well. I send emails in bulk and they do have one advertisement. However, I'm glad to see this law go into effect. If you have not requested mailings about new products or have not done business with the company, then that company has no damned right to email an advertisement to you.
TECH NEWS
http://www.ccnmag.com/index.php?sec=mag&id=235
Conncted - Protecting Yourself from Identity Theft
Part 1
by: Ed Lamaster
Identity theft is one of those things nobody likes to talk about, particularly if you've been a victim. Joel (not his real name) is one of those people. We met last year when I was searching out contract Web site designers for a project I was working on. He is a quiet, caring man who's the sole breadwinner of a family that's been trying to get through the "dot-com" downturn. What impresses you right off the bat about Joel is that he's a man of principle - deeply committed to his faith, family and doing the right thing. Like most of us, he never knew how much information about him was easily available.
We had set up this meeting about a week in advance, and Joel did not know much about me other than the fact that I needed an initial Web site design for my security company. I also didn't know much about him at this point. Joel had pointed me to samples of his work on the Internet. His work was visually appealing and well-organized, but contained hints about his personal life. It was by collecting these hints and analyzing them that a more complete picture began to emerge about Joel.
At first, all I found was a link to another business and an image gallery. I went to the image gallery first. The titles of some images gave me clues about the possible names of his children and wife, including a reference to a woman with a different last name than Joel's. I didn't know who she was, but decided to print off a copy and hold on to it for further research.
I then turned to the Web site of the business that was linked to Joel's Web site. There I found some indications that this might be the Web site of a relative, or at least a close friend. The artwork there was similar to the artwork on Joel's Web site. I looked through the HTML code for additional clues. Both of the Web sites I looked at were designed with the same tools, and some metatags (hidden words in web pages that help search engines index them) were the same.
Any good web investigation will take you to a search engine. I put into the search box the names that I had found on the two Web sites and some other information that might help me find out more about Joel, his business, and perhaps even some information about him personally.
What came up next was fascinating. Using just the information that took me five minutes to find, Google returned several pages of possible matches, including one match that appeared to be a family newsletter and another match on genealogical information that could be his family tree. In fact, there was more information than I would normally find quite this quickly. Within 10 minutes, I was able to determine who Joel's father and mother were, where they lived, who his siblings were, where they were born, etc. I even knew who was playing in what sports, what babies were expected, and a lot more.
One of the most interesting pieces of information was the birthplaces of the siblings. As many were born in Utah, I figured I had a better-than-average chance of guessing his family's religion as well.
At Joel's office, we went through the usual business greetings, etc. As Joel gave me his sales presentation, I looked for additional clues about him. He wore a ring on his left ring finger. He dressed professionally.
When I do business with people, I'm very interested in "who" they are. Believe me when I say that I've learned that people are not always who they appear to be, particularly when sales are involved. Joel also wanted to make certain that I was for real, and so I figured it would be time to spring on Joel what I knew about him in 10 minutes of Web searching.
Of course, this is when I wish I had a camera with me. I told Joel about his wife and two children, his parents, where he was born, who his siblings were, where he lived, and yes, even his religion. The look of shock was incredible as I explained the easy steps anyone could have taken to gather this publicly available information. Joel knew I was for real, and I even hit an unexpected nerve.
I asked him the question I had been itching to know the answer to: Had he ever had his identity stolen? Joel lowered his head and sheepishly said that he had, and that it had been the worst experience of his life. In fact, he was continuing to battle with creditors over charges he had not made, and his credit was a disaster. Because the crime had not occurred in the county where he lives, there had been confusion about who would take a police report, how to file it, how it would be shared with creditors, etc.
By the way, Joel became a believer that day and now works with me, wanting to help others better secure their lives and businesses against those who would steal from random, innocent people in order to help themselves. Next month I'll tell you about another case, and what you can do to protect yourself.
In the meantime, I'd like to hear about your stories of identity theft. Tell me how you found out about it, how it impacted your life, and what you did to regain your life. You can e-mail me at: ed@connectedshow.com.
Ed Lamaster is the CEO of SystemIntegrity, LLC, a Sacramento-based information security company. He is also a weekly guest on the Poppoff Show, Saturday mornings on AM1380-KTKZ. You can contact him by email at elamast@systemintegrity.com or toll-free at 866-SAFE-BIZ.
Website: http://www.systemintegrity.com/
Copyright 2003 by SystemIntegrity, LLC. All rights reserved.
Ed Lamaster
Ed Lamaster is the CEO of SystemIntegrity, LLC, a Sacramento-based information security company. He is also a weekly guest on the Poppoff Show, Saturday mornings on AM1380-KTKZ. You can contact him by email at elamast@systemintegrity.com or toll-free at 866-SAFE-BIZ. Website: http://www.systemintegrity.com/
See more stories by this writer
Part 2
http://www.ccnmag.com/index.php?sec=mag&id=246
Protecting Yourself From Identity Theft
by: Ed Lamaster
You may remember from last month's column that Joel's troubles with identity theft began when someone began opening credit accounts around town. The thief purchased Joel's social security number from an acquaintance and started using it on credit applications to buy tires and other items. In these days of "instant credit," a match was made on the social security number and a similar-enough name - enough in this case to get the thief four new tires.
It was this credit application that started an interesting chain of events. You see, when you open a credit account, the information that you give on the application is nearly always sold to a credit bureau. In Joel's case, the information that was used to obtain the "match," the SSN and the similar name, was enough to get the thief's own address put on Joel's credit report. Now whenever the thief wanted to open another account, there was a match in the records for the address as well. Good luck trying to straighten out your credit report when the thief's address is listed on your report.
You might think that this could never happen. After all, didn't the thief have a different driver's license number? Wouldn't someone at the credit bureau notice that these were not the same person?
Last year I opened an account with a local store to take advantage of a "no interest for a year" promotion that was being offered for appliances. The experience let me in on some of the inner workings of credit bureaus. After filling out the short application and handing it to the customer service person, I was asked to speak with someone on the phone who asked me about my former addresses. I thought it was an interesting question because I have lived at the same address for over a dozen years. A few questions later I found out that a car had been purchased by someone in a city several hours away, with a very different last name, and that it was being reported as delinquent on my credit report.
How could someone else's car, under a different name, in a different city, end up on my report? The person on the other end of the phone was evasive, but with a little persuasion told me that a credit union was reporting this car loan under my name. I was livid. Fortunately, I was able to get my refrigerator ordered anyway, but I was determined to find out how this happened.
I called the credit union the next business day and spoke with one of their customer service people who acted like she had heard it all before, thought I was lying, thought I had cosigned on someone else's loan, etc., but said she would pass on my information to her supervisor. I made a couple more calls before getting someone who could actually help me - typical for customer service in most places nowadays. When I finally did get someone who was more than a glorified answering machine, I found out that the credit union had mistakenly reported this loan, and that the credit bureau simply took the information and added it to my report.
Credit unions, in my opinion, do very little to ensure that the information they put in your computer file is accurate. They are like your local gossip, acquiring every bit of information they can, and doing little to verify the accuracy. If there's a problem in the information they have, you must go back to the creditors who are reporting the information and get them to change it - something that is not a revenue-producing activity, and therefore not a high priority. The only thing the credit bureaus will do for you is mark accounts as "disputed," but they'll never remove anything that a creditor thinks you owe. After all, the credit bureaus primarily work for creditors, not you.
Joel went through months of problems before the credit bureau would remove the thief's address from his credit report, and just recently, he found out that the thief's address had once again reappeared. In this case it was due to a lawyer's office that was acting as a collections agent re-reporting the thief's address. Now Joel has to go back to the lawyer's office with the police report and explain the whole story again so that it could be removed from his credit report.
Joel's case became very complicated because his name and the name of the thief were similar. The thief had no difficulty assuming Joel's identity; he merely found a way to buy Joel's personal information from a guy who found it elsewhere. Are there some things that Joel's case can help us with to avoid identity theft?
Avoiding Identity Theft -- Practical Steps
1) Joel's Social Security number was used to impersonate him. Be careful when you give out this number, and never carry your social security number in your wallet with your driver's license or other information that could be used to impersonate you.
2) Family information, such as that found on Joel's Web site (see last month's article), could be used to trick credit officers into believing that the person they are talking to on the phone is actually you. How else could they know about all the family relationships and activities?
3) Time is of the essence in getting credit information straightened out. Get a copy of your credit report from the three major credit bureaus and look for accounts, addresses, and activity that don't make sense. The sooner you know someone is using your information to open bogus accounts, the sooner you can put a stop to it. Contest anything you feel is inappropriate.
4) Identity thieves will often open checking accounts in your name using fake or stolen credentials. One friend of mine had a vehicle broken into, and a briefcase with personal information stolen. It was only weeks later that a string of bad checks started to come in. Make sure that you file a police report immediately, and note what items were stolen that could be used by identity thieves. The sooner you do this, the better your chances are of having the thief caught.
5) Close dormant credit accounts you are no longer using. They not only are another opportunity for a thief, but they also can be used against you in credit decisions when you have too much "available credit."
6) Do not leave outgoing mail with checks inside in your mailbox. The most common way to get people's personal information is still the "low-tech" way - stealing mail.
7) Use your bank ATM card at the ATM; resist using it as a credit card. If someone steals the card, or the information off of it, and cleans out your bank account, guess how many checks you're going to bounce and how much more difficult it will be to repair the damage.
8) Never tie a home equity line of credit to an ATM debit card as overdraft protection.
9) Destroy credit card receipts and any paper with personal information that could be used to assume your identity. Use crosscut shredders to destroy those papers.
10) Use common sense when giving out information. The weakest link in security is people, and most will divulge all kinds of information if they think they're being helpful.
Could your information be found easily, and then later sold to thieves? To find out, I decided to do a check on a famous radio personality and writer, Mary Jane Popp. Using only a phone number, I decided to see just how much information I could find out about her, and see how easy it would be to assume her identity. I'll share that information in my next column.
In the meantime, I'd like to hear about your stories of identity theft. Tell me how you found out about it, how it impacted your life, and what you did to regain your life. You can e-mail me at: ed@connectedshow.com.
Ed Lamaster is the CEO of SystemIntegrity, LLC, a Sacramento-based information security company. He is also a weekly guest on the Poppoff Show, Saturday mornings on AM1380-KTKZ. You can contact him by e-mail at elamast@systemintegrity.com or toll-free at 866-SAFE-BIZ.
