Jump to content
Sign in to follow this  
Marcheck

Background Checks & Identity Theft (please read)

Recommended Posts

Choice Point, the company which handles BSA's background checks, was "hacked" back in October, and the company is just now letting their customers know. Scouters should be aware of this, as their information may be used by the hackers for identlty theft purposes.

Share this post


Link to post
Share on other sites

I am not a lawyer, nor do I play one on TV and I didnt stay at a Holiday Inn Express last night, but why would BSA need liability insurance, wouldnt any damage be on Choice Point ?

 

(assuming BSA did due diligience and Choice Point showed evidence of it doing all the normal precautions to safeguard personal data)

Share this post


Link to post
Share on other sites

I work for a very large company that also uses Choicepoint (So I guess I'm doubly-exposed). The liability is not on us (or the BSA).

Share this post


Link to post
Share on other sites

I think we need to understand what the problem is, and what it isn't. ChoicePoint provides a variety of services to a variety of clients. Some of their services involve collection of financial and other personal information (for example, they provide credit reports), and to my understanding it was this information that was accessed by criminals who use it to steal peoples' identities. To my knowledge, the BSA does not use this service. What the BSA does use ChoicePoint for is criminal background checks, which if I correctly recall the BSA's statements when this program started, involves the compilation of PUBLIC information from state and federal sources. Of course, at least one piece of "non-public" information is used in that process, and that is the adult leader's social security number, which must be provided on the current version of the BSA's adult leader application. But it does not sound to me like the criminal background check process was the "target" of these criminals who were involved in identity theft.

 

That does not mean that I am a big fan of ChoicePoint or other similar companies. I think they have too much information on too many people and this episode is only a minor example of what can go wrong when that happens. I do not know whether there are other companies that the BSA could use to do the criminal background checks. If ChoicePoint provides the most value (meaning in this case, such things as speed and accuracy in providing the information) for whatever the BSA pays for the service, in relation to other companies, that is a reason for the BSA to continue to use them. But if the BSA has other options that would provide similar value for the money, and do not have the "baggage" of ChoicePoint, my personal preference would be that the BSA go with one of those other options.

Share this post


Link to post
Share on other sites

BSA collects my personal information and turns it over to a third party (ChoicePoint), which has been demonstrated is not secure. That's a liability exposure for BSA. As they say down at the Bar..."sue 'em all, let the Judge sort 'em out."

Share this post


Link to post
Share on other sites

Humphrey Bogart voice: "It's the stuff that 'conspiracy theories' are made of..."

I agree with NJ. I had thought that the background checks were being done the same way as those for gun purchases, through the FBI. But it's an interesting situation.

Hey, here's a thought, we could subcontract all of our national security stuff as well, you know, through Wackenhut or whoever. We'll save a lot of money and government will be even smaller. And you KNOW a business would NEVER be tempted to give assistance to terrorists for MONEY. Gotta run...just had a great idea for a novel...

Share this post


Link to post
Share on other sites

Actually, we already do contract out national security, to Wackenhut, among others. In fact, we have been contracting out our national security since at least the Revolution. After all, most of our military equipment is made on contract. Many services such as construction of ships, dockyards, forts, etc have been historically handled by contractors. Also, now we have companies being hired to provide security guards, assist in background checks, and even develope software to sift through data for evidence of terrorism. Even a good deal of the cryptology programming of the NSA or the image analysis programming of the NRO are done under contract.

 

Now what is really scarry is we are even contracting out some stuff overseas.

 

I can't remember what part it is, but there is some part on the JADAM bomb guidance kit that the last factory that could make it closed and moved to China during the Clinton adminstration. Now there isn't a sinlge factory in the US with the equipment to make the thing. (it is some sort of sub-component that is only a small part of the entire package, but yet is critical)

Share this post


Link to post
Share on other sites

What was it that Eisenhower said about the military-industrialist complex? Looks like we're there... At least we got the lowest price - I hope. And hey, that just makes it less likely that we'll claim a WMD threat and invade China. I hope.

Share this post


Link to post
Share on other sites

Of coarse the military industrial complex of WW II and its aftermath made the present system look tiny be comparison.

 

As for China, I would say we should be more worried about them deciding to become the hegemon in the Asia/Pacific area. After all, once you rely on someone else for even a part of your defences it becomes hard to confront them. Also, don't forget China has a considerable stock of nuclear weapons and has proven they work. They also have ballistic missiles and such, including some more accurate new ones that incorporate guidance technology that we gave them back in the mid 90s to supposedly help their satalite launch program (why we thought they wouldn't turn that around on us, I don't know, and why we thought China launching its own satelites is a good thing, again, I don't know).

 

The use of contractors and the like to provide vital national security services is unavoidable. To think that any other circumstance is even possible is niave and ignores history. On the other hand, there is a question of how much contracting is the right amount? I personally think in some cases we have gone too far, and in others not far enough.

Share this post


Link to post
Share on other sites

On the issue of "who gets sued" I think scoutldr is correct. (Before I give my hypothetical example, let me make clear, some of the events that follow have NOT happened as far as I know, it has not even been suggested that they have happened. This is just a hypothetical.)

 

1. I give personal information to the BSA with the understanding that it will be kept confidential and used for a particular purpose. (I said earlier that there was only one piece of confidential information on the adult leader app, the SSN, but that may not be the whole story. The fact is if you have that in combination with some of the other info on the adult leader app such as name, address, and date of birth, you can do damage to someone much easier than if you just had the SSN.)

2. The BSA hires a company to carry out that purpose.

3. The company gets ripped off and some bad guy/gal gets my information and uses it to injure me (and by the way, good luck proving all this unless the company admits it, since the sad truth is that the information on the adult leader app including your SSN is floating around all over the place anyway, regardless of how careful you are in giving it out. If someone showed up at my front door and told me my SSN, my date of birth, and even worse, facts that are used for verification such as my mother's maiden name, I'd have absolutely no way of knowing how he found out.)

4. Number 3 happened because the company acted negligently or worse. (Not to get too law-schoolish here, but if they just got ripped off after doing everything within reason and prudence to protect your information, you almost certainly have a losing case. In order for you to have a shot of winning, they at least have to have acted negligently, which again not to be too technical about it, is basically the same as "carelessly.")

 

Based on all these facts, I am not sure you even have a winnable lawsuit against the company. You did not give them the information, you did not have a contract with them, they never promised you anything, in fact you do not even necessarily know they exist. (Which is in contrast to the case of say, buying a brand-name product from a retailer. You never entered into a financial transaction with Goodyear, but when their tire malfunctions and you are injured, you can still sue them, along with the retailer, and if I had to explain why, the simplest explanation is that you do know Goodyear exists, and that is why you bought the tire.)

 

Anyway, in this hypothetical situation, I think your claim is against the BSA, and then the BSA has a claim against the company they hired. (In NJ you would file a complaint against the BSA and the BSA would then, in the same lawsuit, file a "crossclaim" against the company, and the procedure in most states is probably similar.)

 

But you'd ("you" in this case being a lawyer) would probably sue both the BSA, and in this case ChoicePoint (and if you didn't know who they were, "XYZ, Inc.") just to be on the safe side.

Share this post


Link to post
Share on other sites

There is some misinformation being circulated regarding this issue. Choicepoints database was not hacked in this situation. Choicepoint was victimized by frauds who opened what appeared to be legitimate client accounts and through that means requested data on individuals, much like BSA does when they do our background checks. I see no means by where National would be liable in this matter as they are a client of Choicepoint. The specific information the frauds inquired upon was relative to victims they were targeting, not groups who had made legitimate inquiries.

 

 

Share this post


Link to post
Share on other sites

As a govt employee, I am required to obtain and use a Government Travel Card (VISA) issued by the Bank of America. The account is in my name and misuse or nonpayment affects my personal credit rating, although I am forbidden to use it for personal purchases. Those account files were recently "lost" by BOA. I guess it's like riding a motorcycle...it's not a question of "IF" I get trashed, it's "WHEN". All these organizations passing your personal information all around the world, saying "trust us, it's secure." Baloney.

Share this post


Link to post
Share on other sites

Trust me:

 

Some ambulance-chasing attorney WILL try to get BSA National, the local Councils, and ChoicePoint in one huge class-action suit.

 

That's my cynicism in full bloom.

 

To what lionscout said:

 

- If ChoicePoint, as a provider, is not doing due diligence on the folks they are selling information to, shame on them, and let the lawsuits come.

 

- At the same time, BSA National's first (and really only) line of defense bloody well better be: "When we selected our vendor, we did due diligence to a fare-thee-well before we made our decision, and our most important factor in selection was best value."

 

Again, my cynicism: If BSA National selected the vendor on cost, Katey Bar The Door ... the class action will come.

 

Once again, my two cents, with a healthy dose of cynicism.

 

YIS.(This message has been edited by John-in-KC)(This message has been edited by John-in-KC)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...