DEBRIS.COMgood for a laugh, or possibly an aneurysm

According to WorkingForCharge:

Last month, the Pentagon announced that since 2002 it has secretly been compiling a database containing the personal information of tens of millions of Americans as young as 16 years of age. The database includes information such as Social Security numbers, height, weight, ethnicity, grade-point averages, e-mail addresses and phone numbers.

The custody and maintenance of this database has been contracted out to a private firm named BeNow. BeNow has no privacy policy posted to its website, nor a privacy or security officer listed on its management team.

The Defense Department now proposes a wide range of “routine uses” for this database, including disclosure of records contained in the database for functions wholly unrelated to recruitment. Although individuals can opt-out of recruitment solicitations, there is no way to opt-out of this enormous database as a whole.

Compilation of this database is not only a spooky invasion of our families’ privacy, it’s also a violation of the law. The Federal Privacy Act requires that government agencies accept public comment before new records systems are created — a requirement that was blatantly ignored in this case.

So, how long until this database gets compromised?

All it will take is a stolen laptop, or a misplaced backup tape, or a dishonest employee, or a couple of identity thieves posing as real customers, and the next thing you know there will be another headline about a few million names and addresses and social security numbers being made available to the highest bidder.

This sentence should make you nervous: “The custody and maintenance of this database has been contracted out to a private firm…” Love it or hate it, the military seems to be pretty good at maintaining security and keeping secrets. Sure, there are exceptions… but on the whole I have a lot less confidence in the ability of BeNow, a self-described “marketing services” company, to secure its assets.

There’s some great information on the Privacy Act of 1974, and the BeNow database, at the Electronic Privacy Information Clearinghouse site.