Reading (For Dummies)

ACS Education Amusement

I spent some time on the phone with ACS today, and got some amusing information on my account. I feel like I'm *obligated* to share.

My address was updated to a place that I have never lived before sometime in last few months. Odd. I finally found out how to reach their Skiptrace department ( 1-800-508-1543 is the direct line, no hold times, oh so much fun ). My address was updated automagically when my name showed up as being forwarded to another address by the US Postal Service. Reasonable enough, except that I never had my address forwarded there.

I asked what the source ("old") address of the mail forward was, and more particularly if it had matched their address on file at the time, but the skiptrace folks became evasive. I have a strong suspicion that there was no verification (even if there was, anybody can get anybody else' address forwarded at the post office fairly painlessly).

I attempted to explain how this is a security flaw to the skiptrace folk, which didn't work. I wonder what would happen if someone were to call up the department, find out a skiptrace worker's full name, and have that person's address forwarded someplace else? I suppose it would only work if the employee had their loans serviced by ACS (which might actually be likely?). But it would certainly get the point across...

Election Information Sharing Redux

Judge Popeo Responds:

Dear Reid:

Thanks for you note and interest in learning more about me. Without trying to be unresponsive or evasive, the rules of judicial conduct and also the rules of judicial campaign ethics do not allow me to express my personal opinion on matters which may come before me as a Supreme Court Justice. As a sitting judge at the City/Family Court level, I have not decided any matters in your area of concern ... so there are no decisions I can refer you to for further background. I can tell you that as a practicing attorney for 21 years before becoming a judge 6 years ago, I did sucessfully represent plaintiffs in matters involving defamation and invasion of privacy (New York Civil Rights Law Section 51) which resulted in monetary awards against persons and publications who invaded my clients' right to privacy. It is an area of law that I find very interesting and I look forward to the opportunity to hear cases of this nature if I am successful in my campaign.

Best wishes,

Jerry Popeo

It's interesting to note that I have received four more flyers from candidates since applying for my absentee ballot. I received them all before I received my actual ballot (which finally arrived yesterday). It's more interesting to note that every flyer I received is from a republican candidate. I am registered as a New York state Green...

Voting Privacy

If you haven't figured it out by now, I'm kind of a crusty curmudgeon when it comes to privacy. I've supplied a fake SSN numerous times on housing applications, given fake names and bogus SSNs to my utility companies (those that will accept fakes, anyway...it's amusing that SDG&E in San Diego does not check for valid name/SSN match [illegal immigrants?] and yet Niagara Mohawk in Canada does), and even purchased my co-op membership under a name other than mine. I've found it a bit disturbing, then, that several weeks after filing for an absentee ballot in Onondaga County, New York, I am now receiving advertising from political candidates on the roster at my absentee address.

Could it be that Onondaga County sold or even gave my temporary postal address to political candidates? This seems so backwards. I've been trying to rationalize how how Judge Popeo obtained my current address. Nothing aside from getting it from the absentee ballot system makes sense. If he obtained it from the County board of elections in this manner, is that right? Is it our election board's right to sell or even give this information away? I certainly saw nothing indicating that my signature was authorizing the retelling of my private information to a third party.

Maybe going to Toorcon a few weeks ago was a bad idea...

In any case, I decided to write Judge Popeo a letter:

Dear Judge Popeo -

I recently received a flyer from you in my mailbox, and wanted to ask you some questions concerning your stance on personal information privacy.

I am a concerned citizen of New York State and I take privacy matters seriously. In the information age, information sharing seems to be a matter of fact between the government, the private sector, and NGOs alike.

I am interested in knowing your interpretation in any cases concerning information privacy (and sharing) in contracts between individuals and corporations, as well as any opinions on government (city, county, and state) use of their citizen's information -- who should be allowed to access the data, when, and in what manner.

It is difficult for an ordinary citizen such as myself to track down information on how you have ruled on cases of a particular nature, so any insight you could shed vis-a-vis where to look would be greatly appreciated.

Very respectfully,
Reid Wightman

I cannot wait to see what response I receive, if any.

ACS Sucks Redux

ACS is a really miserable student loan company that happens to be responsible for my student loan. They're hilarious. The last issue I had with them was in 2003, when they reported me delinquent in student loan repayment for 6 months (I was a graduate student at the time). It took me many months, several hundred dollars, and a lawyer to straighten things out.

When I moved to California, I updated my address in their records. I never received a notification with them. I logged in to the website again, and found that the address was completely wrong, pointing to a house just outside of Hoboken, NJ. I called to update the address (and dispute that I owe payment...I have paper from them saying that I am prepaid through the end of the year, they tacked on late fees and said I owed them payments since August as of now...helpful that the address they have for me is wrong so I could not receive the notices).

I inquired how my address was updated, and was told by Latoya, "The information is verified from a database by our security department." I asked if I could talk to the security department, she said, "No, but they verify the information so it's okay." I insisted that I had never been contacted to verify the incorrect information, that I never lived anywhere near the address, etc. "Well, the information is in a database, so it's okay." I'm not sure that Latoya understands English, or understands the issue at hand (identity theft?).

This afternoon, I walk to the Navy Federal Credit Union to consolidate my loan.

On Hastert

A play on The Comedian (Bill Hicks), with apologies of Jesse Helms:

"Boy Mark Foley is another great one, isn't he? Just another little fevered ego tainting our collective unconscious. Cuz y'know, anyone that far to the right has a very deep and dark secret. You do know that, right? I'm an armchair fuckin' psychologist, but...You know when Mark Foley dies, he's gonna commit suicide, first of all, in a washtub out back underneath a pecan tree. He's gonna slash his wrists and he's gonna write in blood, 'I've been a very bad boy.'"

"But you know they're gonna find the skins of young children drying in his attic. Swarms of horseflies going in and out of the eaves and on CNN over and over his wife going, 'I always wondered about Mark's collection of little shoes...'"

"Anyone that far to the right is hiding a deep, dark secret."

I'm finding the whole Hastert thing fascinating. And it brought to my attention one of the fighting dems. I wonder if the Power of the Internet could get John Laesch the David spot in David vs. Goliath? If you have a few bucks to kick around, why not give it a shot?

On another note, ever notice that the Democrats' official page is hosted at a .org, and the republicans is hosted at a .com? Funny.

Like a Moth to the Moon

Every couple of years I have a day where I 'wake up', or gain a higher level of understanding of the stakes to what it is that I'm up to at the present. This weekend was one such time.

San Diego Convention Center: Home of Toorcon 2006

This weekend, I went to Toorcon, a little itty bitty west coast computer security conference that annually holds a lot of the talks from DefCon, but without the oppressive crowds, the Vegas lights, nor the latchers-on. I'd say it's about my speed.

There are a lot of kooks in the computer security field, and they're the first to admit that they're kooks. My kind of people. I came to remember a time when I was having fun breaking systems, instead of doing the impossible task of trying to fix them.

Not a kook: Cory Doctorow delivering the keynote

I became interested in computer security after I rooted myself -- I wrote a simple helpdesk software that took email, used procmail and a perl script to stuff it into a database, and then used a web interface to read it and allowed users to "take" emails for themselves, out of the untaken email list. I worked for CIT at the time, and the tool was to be used by our whole group to track helpdesk email.

Something strange happened while testing. I was forward-copying all of the normal helpdesk email from my mail account to my script, just for testing. One of the emails only got partially entered. Like, the data just got cut off. Oddly, it happened at a semicolon. Curious, did that actually work? I sent an email with "hi;drop table foo;" as the body, and sent it. My database disappeared. "Wow, this is fucking cool!" A few weeks later, I started working for the Center for Systems Assurance at the university, amazed at my newfound powers of examination.

Since then, I've been working on the seemingly impossible task of making toaster ovens out of computers, so that users can't send any data they're not supposed not, and worse so that really clever evil users can't send any data they're not supposed to. It's an impossible task, or at least an intractable one. Nobody is patient enough to make a toaster oven for our users (which is what we really need, if we want to limit them to using toaster oven functions). I'm remembering why I want to go back to grad school -- it's a lot more fun to break the toaster than it is to make it. Modus tolens over modus ponens, which is great because that's what the scientific method is all about.