Wednesday, 3 May 2006

Identity theft from a discarded boarding pass

This week the Guardian (U.K.) newspaper picked up a story I first reported five years ago, describing how they were able to obtain an unsuspecting traveller’s airline profile and personal data, using only the information on a discarded airline boarding pass stub.

Exactly four years ago, I filed my first report from the annual Computers, Freedom, and Privacy conference on the possibility that identity thieves, stalkers, terrorists, or other criminals could access travellers’ reservation records — including, in many cases, personal information, home addresses, passport numbers, etc. — from information obtained from a discarded or “shoulder surfed” boarding pass or itinerary header. The Guardian used a slightly different methodology than the one I described in my earlier report. But they were successful without the need for any insider or industry-specific knowledge.

Aptly, I read the Guardian report while sitting at this year’s CFP conference waiting for the start of the plenary session on the possibility of a Federal data privacy law (which we don’t yet have in the USA) for personal information held by private and commercial entities — including, not least, travel and reservation companies.

Neither the discussion, nor enactment of such a law, can come too soon.

Link | Posted by Edward on Wednesday, 3 May 2006, 06:31 ( 6:31 AM)
Post a comment

Save personal info as cookie?

Bio | Blog | Blogroll | Books | Contact | Disclosures | Events | FAQs & Explainers | Home | Newsletter | Privacy | Resisters.Info | Search | Sitemap | The Amazing Race | The Identity Project | Travel Privacy & Human Rights | Twitter

"Don't believe anything just because you read it on the Internet. Anyone can say anything on the Internet, and they do. The Internet is the most effective medium in history for the rapid global propagation of rumor, myth, and false information." (From The Practical Nomad Guide to the Online Travel Marketplace, 2001)
RSS 2.0 feed of this blog
RSS 2.0 feed of this blog
RSS 1.0 feed of this blog
Powered by
Movable Type Open Source
Movable Type Open Source 5.2.13

Pegasus Mail
Pegasus Mail by David Harris