Wednesday, May 11, 2011

Debt collectors use social media for skip tracing; is this legal per FDCPA?

“Atlanta Business Litigation lawyers” has an interesting article on the use of social media (including Facebook) by debt collectors for skip tracing to find debtors.

The complete article, by Stokes Lazarus and Carmichael LLP, is here

The Federal Trade Commission recently held a hearing on the use of social media in debt collection soon. There was a concern that social media could easily misidentify debtors.

The FDCPA was written long before social media, public search engines and blogs, all accessible at home, existed. 

Thursday, May 05, 2011

USPS security breach reported, would not affect ordinary customers or NCOA users

A United States Postal Service subsite “ribs.usps.gov” was apparently hacked before early April 2007 and infected with scripting code associated with the “Blackhole Exploit Kit”, which could take a visitor to an embedded site distributing malware or spyware. The USPS service affected was the Rapid Information Bulletin Board service. It’s unlikely that any users were really “harmed”.

There is a detailed technical explanation at ZScaler, “leader in Cloud Security”, (website url) here

I also discussed this story (giving other bibliographic references) on my “Internet Safety” blog today in conjunction of reports of malware purporting to offer contraband pictures of Osama bin Laden.

The story is significant because use of the USPS “national change of address” system in conjunction with products like Move Forward could be used to design a national strategy to combat identity impersonation, as I have explained on this blog before (esp. Sept. 25, 2006).  But such a system would reside largely on IBM-style mainframes, kept off the public Internet and much harder to compromise (with typical mainframe security like RACF or Top Secret, etc.)   Of course, people are still raising similar questions today about other systems not normally accessible to the Internet, such as with the power grid.