Saturday, May 06, 2006

A simple airline stub reveals all

British journalist, Steve Boggan, picked up a BA stub, mindful of a conversation I had had with a computer security expert two months earlier, from a waste bin on the Heathrow Express to Paddington station, London.
The expert had told Boggan how that tiny stub would give access to all its former owner’s personal details. The owner’s name was right there on the stub, along with the flight and seat number.
With just those scant details Boggan was easily able to access the former owner’s personal information, including his passport number, date of birth and nationality.
It also had potential to provide the building blocks for stealing his identity, ruining his future travel plans - and even allow me to fake his passport.
Boggan also said it “would also serve as the perfect tool for demonstrating the chaotic collection, storage and security of personal information gathered as a result of America's near-fanatical desire to collect data on travellers flying to the US - and raise serious questions about the sort of problems we can expect when ID cards are introduced in Britain in 2008.”
Stub in hand, Boggan logged onto the BA website “bought a ticket in name on the stub and then, using the frequent flyer number on his boarding pass stub, without typing in a password, were given full access to all his personal details - including his passport number, the date it expired, his nationality (he is Dutch, living in the UK) and his date of birth. The system even allowed us to change the information.”
“Using this information and surfing publicly available databases, we were able - within 15 minutes - to find out where the former owner lived, who lived there with him, where he worked, which universities he had attended and even how much his house was worth when he bought it two years ago.’

Boggan makes an interesting case against the US system called CAPPS, which screens travelers intending to enter the States. “"If you are an American who has volunteered lots of details proving that you are who you say you are, that you have a stable home, live in a community, aren't a criminal, [Capps II] will flag you up as green and you will be automatically allowed on to your flight…"
You can pick up the whole story from the Guardian: Q. What could a boarding pass tell an identity fraudster about you? A. Way too much

4 comments:

Anonymous said...

I've said it once and I'll say it a million times.

Unless you live in a powerless cave on a mountain with no neighbours, you are subject to people invading your privacy both legally and illegally.

There is no escape from these ratbags that scam identities!

Anonymous said...

I'm liking the embedded chip idea more and more :)

However, that could have its own reprecussions of an increased amount of kidnapping.

I wonder what percentage of identity fraud comes from the internet alone?

Reality-Based Educator said...

From now on, I am tying a mini-shredder around my neck and shredding every piece of paper with any of personal information on it that I intend to throw out.

This is scary stuff.

Anonymous said...

GOOD GOD! We're doomed!