You can run,
but you can’t hide

Editor’s note: This is the second installment of an article on privacy by Bill Hudgins. The first installment ran in the March/April issue of Land Line.

If Tom T. Hauler feels like he’s on everyone’s radar while out on the road, he won’t feel much better at home. The cynical observation about personal privacy these days is, it’s gone, get over it.

There’s an old saying, “Yes, I’m paranoid, but am I paranoid enough?” Most of us probably are not. If we were, we’d walk around with portable shredders.

Instead we toss credit card offers and receipts, phone bills, bank statements, ATM receipts, personal letters and other documents intact into the trash, where dumpster divers can find them. Or we leave them lying around home or work, open to prying eyes.

Why should we worry?
Identity theft is one of the fastest-growing crimes in America today. With just a few pieces of information, a crook — or a business partner, spouse or significant other — can assume enough of your identity to ruin your financial life.

Tom has heard plenty of stories about a soon-to-depart spouse or business partner using such information to run up bills and clean out bank accounts. He even knows a few people who have been victims of the fast-growing crime of identity theft.

Or let’s say your spouse or business partner wants to check up on you. It doesn’t take a private investigator to figure out something’s amiss when you say you were in Louisville on May 25, but your credit card statement says you bought dinner in Boise. That check-in call to dispatch or home — “I’m in Colorado” — looks fishy when the area code on Caller ID comes up with Arkansas’ 501.

Tom likes TV crime shows and knows you can hit “redial” to find out the last number called on a phone. The “*69” feature tells the number of the last incoming call, Caller ID devices record dozens of incoming calls, and cell phones record numbers of outgoing and incoming calls.

Here’s one trick he missed: Did your 10-year-old sneak down and watch TV last night after you turned off the news? If your remote has a “last channel viewed” feature, you can probably find out, even if he or she changed the channel before turning off the set.

The family PC
Covering one’s tracks on a computer is almost impossible. Features designed to improve convenience, such as lists of recently used documents and applications, are also tattletales. Through cookies, histories and caches, Web browsers track where we’ve been and what we’ve seen.

Think you’re anonymous on the Web? Log onto http://snoop.cdt.org/ and follow the prompts. When I did so, it told me what kind of computer I was using, the last page I visited, my host computer and its IP address, and various other details. It also reminded me that most every server keeps a record of who’s been there, what pages they visited and when.

Web search applications can ferret out postings to bulletin boards and elsewhere — which could be embarrassing.

”Delete” isn’t forever — it just tells the computer that the space formerly occupied by a file is available again. Tom appreciated this fact when his PC crashed last year and a technician was able to retrieve a lot of his business records. He has since learned to back up his files regularly.

But companies that restore used computers donated to charities speak of retrieving all sorts of files — including pornography — that the previous owners thought were clean. There are also applications that can be hidden on a server or on your hard drive, recording every keystroke you make and reporting them, even things you deleted. And, as government and corporate scandals have proved, e-mail leaves a trail through your PC and the servers it passes through.

Like a growing number of drivers, Tom uses CabCard, an in-cab e-mail service offered jointly by Comdata and QualComm. He uses it to communicate with the fleet he’s leased to and, when necessary, with his family and a couple of fellow drivers. According to CabCard, personal messages do not pass through fleet servers and thus are not available to a snoopy dispatcher or anyone else at the fleet.

Hackers are another threat to your privacy. They’re looking for personal information such as financial records and passwords to online accounts. Broadband “always-on” Internet connections are fast, but may be more vulnerable to hackers than dial-up connections. A firewall can help block unauthorized access. The next generation of protection likely will use biometrics — unique human characteristics such as fingerprints — to secure access to data.

Wi-Fi
The “next big thing” in Web surfing will be wireless Internet connections — called Wi-Fi — which are already available not only at home and in businesses but also in public places such as airports. The downside is that hackers can intercept — or steal — information as it zips through the air unless users’ computers are protected. Not many are.

Cloning your cell phone number
Just as computers can be hacked, so can cell phones, which is known as “cloning.” According to the Federal Communications Commission, every cell phone is supposed to have a unique factory-set electronic serial number (ESN) and telephone number (MIN). A cloned cell phone is one that has been reprogrammed to transmit the ESN and MIN belonging to another, legitimate cell phone. The cloner illegally monitors radio wave transmissions from the cell phones of legitimate subscribers to get valid ESN/MIN combinations.

After cloning, both the legitimate and the fraudulent cell phones have the same ESN/MIN combination, and cellular systems cannot immediately distinguish the cloned cell phone from the legitimate one. The legitimate phone user then gets billed for the cloned phone’s calls and is none the wiser until the bill comes in.

Public records
One of the hallmarks of our open society is that a lot of information about us is on the public record.

It’s important to remember this isn’t something new spawned by the Internet. Many of these records were already available in city halls, county courthouses and federal archives. It was just harder for someone in Maine, say, to obtain information on someone in Michigan before the Internet era.

Some federal records are routinely open to the public, such as court proceedings and bankruptcy filings. Others require more effort to obtain. The federal Freedom of Information Act (FOIA) enables any citizen to request a huge array of records from many U.S. government agencies and departments for no other reason than simple curiosity.

FOIA grew out of the Watergate era’s illegal government domestic intelligence activities, and it has been instrumental in bringing to light countless instances of government misdeeds and slipups.

Ever wonder if the FBI has a file on you? Point a browser at http://foia.fbi.gov and learn how to find out. Want to see what the FBI had on Elvis? The file — hundreds of pages long — is available to the public. I know — I used to have a copy.

All states have some kind of open-records law that spells out what’s available to the public eye and under what circumstances. Depending on the state, these may include arrest records, court proceedings, property records, salaries of public officials, restaurant inspections (after reading some of these, you may never dine out again) and even customer records of publicly owned utilities.

Similarly, all levels of government operate under privacy acts that describe how they must handle information they collect. Typically these laws allow agencies to share some information with other government agencies under certain conditions. But they may permit agencies to sell information to raise revenue — be sure to read the fine print before you sign and ask questions if you aren’t sure your data will be protected.

At one time, information from driver’s license records was available to the public. That changed in 1994 with the passage of the U.S. Drivers Privacy Protection Act (DPPA). According to the Electronic Privacy Information Center, the DPPA forbids state DMVs to divulge a driver’s name, address, Social Security number, driver identification number, photograph, height, weight, gender, age, certain medical or disability information and, in some states, fingerprints. However, your driving record, including violations, license status and accidents, are available to the public.

Nothing’s sacred at the office
At home, Tom keeps his business records pretty secure — he bought a fireproof safe for the most important records and locks his filing cabinet. After his computer crashed, his tech helped him set up passwords to protect access and installed a firewall to fend off hackers.

He doesn’t hire any other drivers, so doesn’t worry about keeping records on them.

If you run several trucks and drivers, you need to train your “support staff” — be it your spouse or an employee — to log off, lock up and otherwise secure sensitive material whenever they’re away from the desk.

Keys to the kingdom
The chief key to the kingdom is your Social Security Number (SSN), which has become a kind of default national ID number. When the Social Security system started in 1935, the number was designed to help the government monitor earnings and benefits. Now it’s used by all sorts of government agencies and private businesses for record keeping, such as reporting earnings to the IRS.

It’s also commonly requested for everything from getting a card at the video store to signing up for customer loyalty programs. There’s no law that prohibits them from asking for it — but there’s no law saying you have to give it to them. Here’s what the Social Security Administration says about it in SSA Publication No. 05-10002 May 2001:

Giving your number is voluntary even when you are asked for the number directly. If requested, you should ask:

• Why your number is needed;
• How your number will be used;
• What happens if you refuse; and
• What law requires you to give your number.

The answers to these questions can help you decide if you want to give your Social Security number.

Some states even routinely use SSNs as driver’s license numbers. However, you can — and should — ask the DMV to issue you another number. Be warned they will still ask for your SSN as a way to verify your identity, and it’s possible that refusing to give it means they will refuse to issue you a license. Of course, your driver’s license is also highly prized by identity thieves, because it’s a widely accepted form of ID. Guard it well.

Conclusion
This is just an overview of some of the most common ways we divulge information about ourselves every day. Reams have been written about computer privacy alone. The Web site resources listed are highly recommended for further reading and detailed instructions on protecting your privacy.

Last fall, the U.S. Congress approved legislation that significantly expanded surveillance authority for law enforcement agencies — the USA PATRIOT (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism) Act of 2002.

A key part of the act is its “Total Information Awareness” program. TIA proposes a vast integration of many kinds and sources of information so they can be sifted by software to detect subtle patterns of activity that may indicate terrorist activity.

Proponents say such a system might have fingered the 9/11 terrorists while they were preparing their terrible deeds. Its critics say the new powers go too far in reversing curbs placed on domestic intelligence gathering that came to light in the Watergate era. Time will tell whether the government’s new powers will be abused in the hunt for suspected terrorists — and how it will affect you.

— by Bill Hudgins, Land Line exclusive

Bill Hudgins, former editor-in-chief of Road King Magazine, has covered the trucking industry for more than nine years. He is now an editor for Hammock Publishing in Nashville, TN

THINK
‘ STEALTH ’

If you want to reduce your visibility, you have to adopt a “stealth” attitude. This requires discipline — you have to treat every bit of personal information and every personal document like it was a $100 bill in a windstorm. Here are some steps to take:

• Keep important documents such as Social Security cards, passports, insurance policies and financial statements and records in a secure place.
• Get a post office box, and don’t mail anything from a home mailbox.
• Never carry your Social Security card. If it’s lost or stolen, notify the Social Security Administration immediately.
• Use as few credit cards as possible. Examine statements closely to see whether there are any unauthorized purchases.
• If you shop online, get a credit card with a low limit and online protections just for that purpose. This will make it easier to monitor activity in the account and limit possible fraud.
• Do not carry passwords for ATM cards in your wallet or write them on the cards. Passwords should be hard to guess — don’t use your birthday, street address, SSN, phone number or other code that someone could figure out.
• Shred offers for credit cards, insurance and other financial services and subscriptions.
• Don’t leave personal papers in your home, vehicle or office where they can be seen or taken.
• Don’t have your SSN or driver’s license number printed on your checks.
• Check your credit report once a year; the cost is minimal or even free under some circumstances. You can ask the three major credit reporting agencies to put a fraud alert on your record - this means you will be contacted whenever there’s a request for a new account in your name. The three major credit bureaus are: Experian (formerly TRW), 1-888-397-3742, www.experian.com; Equifax, 1-800-685-1111, www.equifax.com; and Trans Union, 1-800-888-4213, www.transunion.com.
• Banks, financial institutions, utilities and some other businesses are required to notify you annually about their privacy policies and offer you the chance to refuse permission to share personal information with others. The notice will include either a form or a toll-free number. Do it.
• If you call toll-free or 900-numbers to respond to an ad for goods or services, assume they will record your phone and match it with the address. This information will likely be sold to others. Ask about their privacy policy and tell them not to sell your information; it may not help with an unscrupulous company, but should with honest businesses.
• Give as little personal information as possible whenever you register or sign up for something online. Use different e-mail accounts for different purposes; if you don’t want someone like a boss or spouse to find out where you’ve been online, it’s a good idea to use pseudonyms when posting to discussion groups and other sites.
• Many spam e-mailers offer to remove you from their lists if you reply. Do not do it. Your reply gives them a valid e-mail address they can sell. Instead, use your ISP’s anti-spam service to block the mailer.

Other helpful sites for learning more about protecting your privacy include The Electronic Privacy Information Center (www.epic.org), Cnet.com, The Privacy Foundation (www.privacyfoundation.org) and the Privacy Rights Clearinghouse (www.privacyrights.org)