Tuesday, October 27, 2015

US Army and Selective Service records from Vietnam era may expose veterans to PII disclosure to others

Our own military may be inadvertently exposing PII of people exposed to the Vietnam era draft, as I discovered recently by happenstance. 

Last week, when reviewing the film “Truth” on my Movies blog (Oct. 24), about the reporting on George W. Bush’s apparent behavior in the 1970s with avoiding exposure to conscripted service in Vietnam, I decided to post a page from my own complete DD-214, military records, to make a point.
Then, I noticed that several of the pages, having teletyped military orders showing my movement to Fort Jackson, SC, to start Basic Training back in 1968, listed the names of other draftees, with not only their RA, US, ER or NG service numbers in use at the time, but also their social security numbers.  Before 1970, the Army would drop using separate RA service numbers and use only social security numbers for identification. 

The upshot now is that if anyone uses a photocopy of his records in a blog or video, there is a risk that he or she could expose the SSN’s of other people who went into the service at the same time. Many of these people, like me, would still be alive today. 

After catching this, I changed the picture to be one of a page that doesn’t have any numbers or names, like above.  Of course, it’s very unlikely that a hacker (perhaps working for China, Russia or North Korea) would really try to lift SSN’s off a JPG of military or Selective Service records, but I suppose it is possible.

DD214's (proof of active military service) are often used to establish eligibility for certain benefits, such as with VA loans for homes.  So there is a potential for hacking and leaks. 
In fact, back in 1996, when doing research on my first “Do Ask, Do Tell” book, I got some of my own Selective Service records from the Selective Service System (link) and found the names (and I believe SSN’s) of some other people exposed to the draft at the same time, from the late 1960s.  I made a DVD in 2003, which I have never ripped to post on YouTube, where I used a photo of these records, so I suppose if I want to post it, I’ll need to block any other names and numbers out with Apple Final Cut somehow.
Also, back in 1996, when working on the DADT book, I got my paper patient records from, NIH dating to 1962.  They did have the names, but not the SSN's, of other patients on the ward on which I lived.  

Friday, October 02, 2015

Most retailers in US not ready in time for EMV credit card standards

On Oct. 1, 2015, most retailers in the U.S. were supposed to be compliant with EMV, “Eurocard Mastercard Visa” chip technology standards, that make card skimming and fraud much less likely.
Gradually, consumers will receive new cards in the mail.  I don’t have many of mine yet. But many retailers are still not prepared for the transition, which can make them more liable in case of fraud.
There is an FSQ on how this all works here
The liability shift is well explained on a site call Payments Leader here

Non-profits, which sometimes take cards at events like film festivals, could have a particular problem with all this.