SCDOR Data Breach
Saturday mornings as a kid in the 70’s were the best. I’d wake up early, pour myself a giant bowl of Count Chocula and sit down in front of the TV to watch Super Friends. In case you missed it, Super Friends was a cartoon about a team of superheroes (Batman, Superman, etc.) who banded together to fight evil as The Justice League.
An oft-repeated scenario was this one: Super Villain X captures Aquaman. He then pretends to be Aquaman in order to wreak havoc and maybe learn the Justice League’s secret handshake. Just when you think all is lost, the real Aquaman escapes to confront fake Aquaman. The twin Aquamen grapple until someone, say Green Arrow, has to decide which one to shoot. His fingers tense on the bowstring as his aim swings from one Aquaman to the other. At the last possible second, one finally says something that only the Real Aquaman would know (“I’m allergic to anchovies!”). Green Arrow then aims and looses his arrow upon the masquerading Super Villain X, who disintegrates bloodlessly into gales of shrieking laughter, no doubt to return.
Great ending, right? But one that depends on Super Villain X not knowing that Aquaman is allergic to anchovies. What would have happened if Super Villain X knew EVERYTHING about Aquaman? Who does Green Arrow target then? Neither? Or, maybe, both (just to be on the safe side)?
Which takes us to the recent SCDOR data breach. What information did DOR have stored about you (or your firm)? Unencrypted social security numbers, EIN numbers, most likely your personal identifying information, and possibly your bank account routing and credit card numbers. All now potentially stolen.
Well, that’s bad enough. But let’s go deeper. What else about you is in government databases? I wrote in a prior article about the National Data Center that the federal government is building in Utah to collect and store private emails, cell phone calls, Google searches, etc. There is currently a dispute about whether such information is being gathered about us “regular Americans.” The government says no but some of its former employees say yes.
Which brings up some scenarios much more chilling than anything on Super Friends. Here’s one: what if some really bad guys break into a government database and find out EVERYTHING about you? Enough to essentially become you (at least virtually) while doing some really bad things? [As a lawyer handling check fraud and credit reporting cases, I’ve seen innocent people arrested and average Americans show up on terrorist watch lists. Such things do happen].
Scary. But here’s something scarier: what happens when the definition of terror “threat” itself starts to blur? Recently, a Senate subcommittee issued a report criticizing the law enforcement “Fusion Centers” established by the Department of Homeland Security. The Senate found that, instead of collecting information on terror threats, these centers had collected a wealth of information on (to name a few) environmental activists, Tea Party groups, an ti-death penalty and anti-war activists, pro-choice groups, pro-life groups, and Ron Paul supporters. One report by a Missouri Fusion Center reportedly described approximately half of the American political spectrum as “extremist.” So, apparently, a whole lot of us (and maybe all of us) are worthy of having our information collected and our activities monitored.
The current National Defense Authorization Act, which is the annual military funding bill, provides for indefinite military arrest and detention without trial of terror suspects, including American citizens on American soil. But that’s just for people who are really “threats,” right?
And unless you have something to hide you have nothing to fear, as the saying goes. That is, unless someone uses your information to make you look like a threat. Or, unless what you’re doing gets redefined as a threat. So, who gets targeted when all the lines blur? No one? Or, maybe everyone (just to be on the safe side).
God, I miss the 70’s. By the way, Aquaman: worst superhero costume ever.