In June, I wrote an article about how using social networking sites (like Facebook) can make you more vulnerable to identity theft.  On Saturday, I was delighted to read that the government of New South Wales, Australia has proposed legislation to combat this growing problem.

If this legislation passes, police in New South Wales will have the ability to arrest and charge online fraudsters without having to wait for them to steal money.  Under this proposed legislation, it will be illegal to use or trade any information that identifies a person, (such as name, driver's license number, social insurance/securtiy numbers, PIN numbers, etc.) for the purposes of committing a secondary crime.

If you live in Alberta, Canada, you may be in for a rather troubling letter from Alberta Health Services.  The agency recently acknowledged that a virus which infected their systems may have stolen thousands of personal health records.

Alberta Health Services examined all their logs and compiled a list of 11,582 people whose medical records may have been stolen between May 14 and May 29. Those people are going to get a horrible letter in the mail, informing them that their personal health records may not be so personal anymore.

Phonebusters, Canada's Anti-Fraud Call Centre, has long been one of my favourite organizations.  Their entire purpose is to raise awareness of and protect people from scams.  You know those horrible lottery scams?  It is doubtful that as many people would know about those if not for the people at Phonebusters.

I also like Phonebusters because they keep the best statistics on identity theft in Canada.  While they will never claim that all cases of identity theft are reported to Phonebusters (studies indicate that only 0.5% of cases of identity theft are actually reported to the centre), we need some way to measure a problem if we hope to solve the problem.

Yesterday, I wrote an article about how Canadians can reduce their risk of falling victim to an identity theft by only giving their Social Insurance Number to those organizations that absolutely require it, and that are mandated to receive it.  In that article, I promised to do a little bit more research into Social Security Numbers so that I could give American readers the same advice I gave to Canadian readers.

I managed to find a couple of great sources and learned a whole lot about how Americans can protect their Social Security Numbers.  In the course of learning about this, I was happy to discover that American and Canadian laws are surprisingly similar when it comes to protecting these very important pieces of identification.

Yesterday, I wrote about two researchers at Carnegie Mellon University who uncovered a way to predict an individual's Social Security Number based upon his or her State and date of birth. This discovery casts down upon how secure Social Security Numbers are and has tremendous implications for the study and prevention of identity theft.  This news likely does not make you very secure, but how would you feel if your Social Security Number were printed and sold with wallets?

Social Security Numbers were all the rage in the late 1930s.  Ushered in as part of Franklin Delano Roosevelt's famed 'New Deal', by the end of 1937, over 37,000,000 had been handed out.  In 1938, a wallet manufacturer from New York (E.H. Ferree) decided that they would sell more wallets if they showed customers how a Social Security card would look in them.  So, they printed up sample cards and started inserting them with wallets.  Sounds like a good idea, isn't it?

Earlier today, our security guru, Nima Sharifimehr, made some very valuable comments about the security of Social Security Numbers. Nima's comments inspired me to post this - a guide to who can and who cannot ask for your Social Insurance Number. Unfortunately, this article will only cover our Canadian readers, but I'm going to do some research and try to write the same article, only from an American perspective.

Information in this posting is taken primarily from Service Canada's wonderful information about Social Insurance Numbers. Service Canada is quite adamant about the fact that Social Insurance Numbers are most commonly used by your employer, for taxation purposes, and by financial institutions which pay you income on money you have deposited.

Alessandro Acquisti and Ralph Gross, researchers at Carnegie Mellon University, published a report with serious ramifications for United States law enforcement. This report, entitled "Predicting Social Security Numbers from Public Data" demonstrated that, if given a person's State and Date of Birth, they could often correctly guess that person's Social Security Number.

In their paper, Acquisti and Gross showed that their computer could properly guess 8.5% of social security numbers. And, their computer program guessed the first five digits of a social security number a surprising 44% of the time.  (Social Security Numbers have nine digits)

So, there was this security guard/cyber-criminal named Jesse McGraw who worked at a place called the Carrell Clinic in Dallas, Texas. Mr. McGraw loved hacking and he loved spy movies. Everything would have likely been okay, but he decided to combine his two loves...

Mr. McGraw decided it would be cool to film himself installing a botnet client on hospital computers.  Then, he decided it would be be even cooler to set that video to the Mission Impossible theme and put it up on Youtube.  There were two problems - first, he didn't do a very good job of disguising himself.  And second, he bragged about his exploits on forums and in his blog.