Tag Archives: Security

A Trip to the Doctor

Or, more accurately, the local urgent care clinic.

I had to make a trip there today to get looked at for the latest crud that I’ve been battling for the last week.

My check-in was a good example of how you have to be assertive to protect your security and privacy these days. Sometimes, very uncomfortably so.

While I was doing the usual check-in paperwork, the admissions clerk asked me, “Can I get your driver’s license to scan please?”

I asked, “why do you need that?”

She replied, “Because the copy we have is expired.”

I looked puzzled and she rotated her monitor for me to see the black and white scanned copy of my old, expired license.

It’s been years since I’ve been here, but I don’t remember them ever telling me they were taking a scan of my driver’s license on check-in. Probably one time when I was sick I wasn’t paying enough attention to ask my usual “Why do you need it, what are you going to do with it” questions.

I explained to her that I wasn’t comfortable with her taking a scan. I was happy, I said, to show it to them, but not to retain a copy.

She then said that the point was to protect my identity. I said, I understand but holding that information is itself a threat to my identity. I said, when this clinic’s information is stolen like Anthem’s was it will be harder to steal my identity since they won’t have my drivers’ license.

She said she understood and we moved on in the check-in process.

Later, I was chatting about identity theft to try and lighten things after having to say “no”. While we were talking she told me how she was herself the victim of identity theft. Someone stole mail out of her mailbox and was able to steal her identity. She said it was finally cleared up but it took years and included a knock at the door at 3AM from a sheriff looking to serve a warrant on her meant for the identity thief.

It was a good exercise in real world security and privacy protection. It underscores how you have to be active and sometimes push back, even to the point of seeming like you’re being difficult. It underscores too how you have to always be paying attention since I can’t recall how they got my old driver’s license into the system in the first place. And it also shows that identity theft is very real, very prevalent, very hard to untangle, and has nasty consequences. Finally, it reminds me that we can’t just focus on the digital side of things. Physical mail theft and phone scams are old but still delivering; so they’re still active threats.

It really reinforces the fact that I think real-time identity theft monitoring and monthly checking of accounts and records are critical for all of us.

It really is dangerous out there. It really is hard to do the right thing, even when you know what it is.

At least some of us have job security.

Ten Years After Bill Gates’ Trustworthy Computing Memo

Ten years ago yesterday, Bill Gates sent out his Trustworthy Computing memo that marked a significant change in the culture at Microsoft and put security, privacy and reliability at the center of the company as ideals.

I was at Microsoft as part of the Microsoft Security Response Center when that came out. And until I left Microsoft in December 2010, I was involved in security and privacy. So I have a former insider’s long-term view of what that was all like.

As my former colleagues are marking the occasion I’m sharing my own thoughts on what it meant then and what it means for the future.

Here are my comments in Robert X. Cringly’s article “PC security: We’ve come a long way, baby“. And a longer write-up by me over at Betanews “10 years after Bill Gates’ Trustworthy Computing memo: What it meant for Microsoft and why every tech company needs one“.

It was something to be a part of, but the world is different today. Part of my take on it is how this is still relevant in this different world.