The other day I signed an online petition to Congress lobbying for a National Do-Not-Mail Registry. Much like the national Do Not Call Registry, the creation of this new registry would allow Americans to opt-out of getting the copious amounts of junk mail we all deal with these days.
Here is why I think that a Do-Not-Mail Registry is a good idea:
Environmental Reasons - over the past week I have received not one but two new, competing yellow pages books. I don't use the yellow pages, I prefer this lesser known invention called "the Internet", so the books went directly into the recycling bins. Daily we are inundated with credit card offers, coupon books and catalogues all of which end up the same way. Think of all the trees that are cut down, the energy that is wasted in printing, shipping and recycling of these products that no one really wants. CO2 emissions galore.
Business Reasons - think of all the wasted money that businesses spend trying to reach an audience like my wife and I, who are completely non-receptive to their message. If there was a simple way for them to screen against a list of folks who would just chuck away their message, they could save a great deal of money. It's not how many messages you send out - it's how many people actually hear you.
Privacy Reasons - I really dislike the idea of people trading my personal information back and forth without my having the right to say "no". 'Nuff said.
Laziness - OK, so call me lazy, but I really don't like dealing with all this sorting and recycling. Every day when I come home there is a pile of junk mail to sort through and toss. These days at least 95% of mail that we get falls under the category of junk mail. By sending me all this crap against my wishes, the senders are making me do a chore that I really dislike. I have better things to do with my time.
When I think about it, other than my magazines and Netflix movies that come through the mail there is really very little mail that I get these days that does not fall under the category of junk. Yes, there is the occasional online purchase delivery, the occasional financial statement or notice from the government that I get (jury summons, voter information), but pretty much everything else is junk. Pretty much everything that I care to receive I get through e-mail. If you think about it, the USPS these days is largely an organization devoted to the dissemination of real world physical... SPAM... it's time to stop this unceasing flow of unwanted crap.
Sign the petition and join the call.
Showing posts with label privacy. Show all posts
Showing posts with label privacy. Show all posts
Monday, August 11, 2008
Thursday, February 21, 2008
Too Much Security: Is There Such a Thing?
I just logged onto my 401K account, in preparation for some big changes that I will be blogging about in the next few days (all good stuff). When I logged onto the site I was told that the log-in process will be changing and I was asked to pick a new user name and password. So far so good, but here comes the hassle. The user name must contain at least 6 characters at least one of which is a number and one of which is a letter. The password must contain 8 characters, using the same rules.
None of my standard passwords meet all of these criteria, and here you go. Another password I must now remember. Of course the upshot of all of these complicated passwords is less, not more security. For example, my company requires employees to create 8 character complicated passwords that change every three months. As a result, I can never remember my password (or don't trust myself to remember it) and so I wrote down the password and taped it to the wall of my office. Wouldn't it be more secure to let me select a password I could actually remember?
I don't know about you, but I have accounts with about 10 financial institutions (between 401k's, bank accounts, brokerage accounts, IRAs, 529s and so forth). I also have multiple user names and log-ins for other services. With each of them perpurting to becoming more secure and imposing tighter restrictions on password selection, the overall result is less security as I am forced to leave a paper record of log-ins that others can follow.
None of my standard passwords meet all of these criteria, and here you go. Another password I must now remember. Of course the upshot of all of these complicated passwords is less, not more security. For example, my company requires employees to create 8 character complicated passwords that change every three months. As a result, I can never remember my password (or don't trust myself to remember it) and so I wrote down the password and taped it to the wall of my office. Wouldn't it be more secure to let me select a password I could actually remember?
I don't know about you, but I have accounts with about 10 financial institutions (between 401k's, bank accounts, brokerage accounts, IRAs, 529s and so forth). I also have multiple user names and log-ins for other services. With each of them perpurting to becoming more secure and imposing tighter restrictions on password selection, the overall result is less security as I am forced to leave a paper record of log-ins that others can follow.
Saturday, August 18, 2007
American Express Security
My American Express Blue card is about to expire at the end of the month. This is my favorite card and I use it for practically everything (wherever they accept American Express), since it offers the best cash back rewards of the three cards that we hold.
Yesterday my wife received her new card in the mail, and since I did not receive mine I called American Express to find out what the reason might be. Well, according to the American Express representative the card was mailed to a different address. Since we have been living in our current house for the past four years, alarm bells in my head went off immediately. Could this be the beginning of a nasty identity theft case?
The first thing I did was to ask the representative what address my new card was sent to. He responded that due to security concerns he was not allowed to disclose that information to me. However, he said he could send me a new card immediately to the correct address. I then proceeded to point out the idiocy of his position - he would not give me the current address the card was sent to because he was, quote "not able to positively identify me", but if I wanted to get a new card all I needed to do was simply give him an address at which to send me one!
I realize that the representative was just following company policy, but what kind of moronic policy is that? If you have concerns about my identity, why would you let me make transactions with the card, or worse, send me a new card to a random address I give you?
I tried a different tactic. I asked him if he could tell me when the address was changed. He said yes, and gave me a date in 2003. The date he gave was the date we moved to our current address. The one at which we have been receiving our statements all these years, and at which my wife just received her new card. I put two and two together, and asked him if he could confirm that the address they had mailed the card to is our old address. He confirmed that this was the case. So it appears that my new card was sent to an address from which I moved 4 years ago.
At this point I had only one question left: if somebody changes the address on his account, does American Express send some sort of notification of the address change transaction to the old address? His answer was: "no".
OK, identity thieves of the world. It appears that American Express is really trying to help you out. By corporate policy it seems that everyone who has the account number can call and change the address on the account, and the company will not even bother to inform the card owner of the change. In addition, if the card owner calls to find out where his information is being sent, the company will not share this information because of... security concerns.
Riddle me this: how can the same company produce a great product like the Blue card, while simultaneously producing the most screwed up and idiotic security policy ever devised. Seriously, American Express, buy a clue.
Yesterday my wife received her new card in the mail, and since I did not receive mine I called American Express to find out what the reason might be. Well, according to the American Express representative the card was mailed to a different address. Since we have been living in our current house for the past four years, alarm bells in my head went off immediately. Could this be the beginning of a nasty identity theft case?
The first thing I did was to ask the representative what address my new card was sent to. He responded that due to security concerns he was not allowed to disclose that information to me. However, he said he could send me a new card immediately to the correct address. I then proceeded to point out the idiocy of his position - he would not give me the current address the card was sent to because he was, quote "not able to positively identify me", but if I wanted to get a new card all I needed to do was simply give him an address at which to send me one!
I realize that the representative was just following company policy, but what kind of moronic policy is that? If you have concerns about my identity, why would you let me make transactions with the card, or worse, send me a new card to a random address I give you?
I tried a different tactic. I asked him if he could tell me when the address was changed. He said yes, and gave me a date in 2003. The date he gave was the date we moved to our current address. The one at which we have been receiving our statements all these years, and at which my wife just received her new card. I put two and two together, and asked him if he could confirm that the address they had mailed the card to is our old address. He confirmed that this was the case. So it appears that my new card was sent to an address from which I moved 4 years ago.
At this point I had only one question left: if somebody changes the address on his account, does American Express send some sort of notification of the address change transaction to the old address? His answer was: "no".
OK, identity thieves of the world. It appears that American Express is really trying to help you out. By corporate policy it seems that everyone who has the account number can call and change the address on the account, and the company will not even bother to inform the card owner of the change. In addition, if the card owner calls to find out where his information is being sent, the company will not share this information because of... security concerns.
Riddle me this: how can the same company produce a great product like the Blue card, while simultaneously producing the most screwed up and idiotic security policy ever devised. Seriously, American Express, buy a clue.
Tuesday, May 22, 2007
Identity Theft and You
A friend at work yesterday told me that he recently applied for Family Leave after the birth of his child. Soon thereafter he was contacted by the California Employment Development Department and was told that someone had already used his social security number and name to apply for family leave. My friend was baffled, and asked me what he should do.
This is probably nothing more than some sort of bureaucratic mistake, but just to be on the safe side, I advised my friend to get a free copy of his credit report to make sure that no funny business was involved. My friend's credit report did not show any suspicious activity, so I am guessing that my original hunch was correct.
If you are concerned that your personal information may have been compromised or that your identity has been stolen, visit the FTC website for detailed information on how to address the problem. In any case, it is always a good idea to keep vigilant and watch for possible signs of identity theft. The FTC lists the following warning signs for identity theft:
This is probably nothing more than some sort of bureaucratic mistake, but just to be on the safe side, I advised my friend to get a free copy of his credit report to make sure that no funny business was involved. My friend's credit report did not show any suspicious activity, so I am guessing that my original hunch was correct.
If you are concerned that your personal information may have been compromised or that your identity has been stolen, visit the FTC website for detailed information on how to address the problem. In any case, it is always a good idea to keep vigilant and watch for possible signs of identity theft. The FTC lists the following warning signs for identity theft:
- Accounts you didn't open and debts on your accounts that you can't explain.
- Fraudulent or inaccurate information on your credit reports, including accounts and personal information, like your Social Security number, address(es), name or initials, and employers.
- Failing to receive bills or other mail. Follow up with creditors if your bills don't arrive on time. A missing bill could mean an identity thief has taken over your account and changed your billing address to cover his tracks.
- Receiving credit cards that you didn't apply for.
Being denied credit, or being offered less favorable credit terms, like a high interest rate, for no apparent reason. - Getting calls or letters from debt collectors or businesses about merchandise or services you didn't buy.
If your identity has been stolen or misused, follow this link for information on how to address the problem.
By the way, if you remember my post from a couple of months ago about my own personal information being stolen from my Alma Mater, as of a couple of weeks ago, there were still no suspicious acitivities on my credit report. At this point I am guessing I am probably off the hook, but I will continue to monitor the situation.
Subscribe to:
Posts (Atom)