31 million colombians face (more) sharing of their data

I’ve been watching with increasing preocupation how personal information and privacy which are already a big problem in Colombia are only becoming worse by the day. As it turns out, a new computerized database sharing system promises to make this problem even bigger. If you’re feeling paranoid today, don’t keep reading 🙂

Privacy International (PI) is a human rights group formed in 1990 as a watchdog on surveillance and privacy invasions by governments and corporations. According to their international survey of privacy laws and developments in 2003:

In April 2003, the press revealed that a US company, ChoicePoint, had allegedly collected personal data from Colombia government agencies or private companies and sold them to US government agencies and law enforcement. ChoicePoint currently offers to sell the following information about Colombian people: « national registry files of all adult Colombians, including date and place of birth, gender, parentage, physical description, marital status, registration data, registration and passport numbers, as well as registered profession.

I remember being shocked when I read the news at the time, almost immediately calling my parents to discuss the implications. I’ve been living in Canada for so long that it hadn’t occurred to me that one could get used to the small, daily invasions of privacy one has to accept in everyday life there. The truth is you have to carry personal ID all the time and it’s expected you leave it at the door of most public and private buildings. Most recently (particularly since the new governement has taken place, and in the name of the fight against terrorism), it’s becoming common to be asked for your fingerprints when exchanging currency, and complete ID, address and phone number to buy shoes.

From another article on the web, I found out this:

Gracias a esta base de datos la compañía estadounidense tiene el registro adicional de de todas las compras realizadas en Colombia, el nombre de las empresas, su dueño, la descripción del negocio en inglés y español, la dirección , el teléfono, etc.

Of course we know that it’s just a matter of time until every piece of information you provide is stored on computers and databases and linked together – or do we ? Not much different than here in Canada, where collecting customer’s data is business as usual. Nevermind the errors those files contain.

It wasn’t until today that I connected some dots between the 2003 incident and the theft of data of 145,000 people they handled – resulting in 750 individual cases of identity theft.

In 2003 I spent two weeks giving some security talks and courses on OpenPGP and cryptography usage for personal and business use and I was amazed to realize that so many security measures are mostly technological or introduced by law up here, vs. physical and social-engineering there.

For example, you would almost never see armed guards in an ATM here in Canada, but it’s not unusual in Colombia. However, criminals here just rip the thing away with a tractor or scan customers cards while employed! Here’s some interesting security tips for ATM usage.

Well, the day has come when the data is going to be cleaned for even easier abuse (^H^H^H^H^Haccess), as the Departamente Administrativo de Seguridad (DAS) fears that private information will be leaked if it’s integrated to the Ministerio de Defensa’s new systems. Fears ? I’d say « has announced ».

From the article, I translate freely:

The Minister of National Defence, Jorge Alberto Uribe Echavarría, told EL TIEMPO […] « there’s nothing to worry about. The information won’t end up in individual’s hands. That’s not the plan ».

The debate happens precisely when the Ministry of Defensa is agreing on data exchange terms with the Registraduría under which the entity would provide it with magnetic media containing identification data of all colombians – probably monthly.[…]

Duh! I feel much safer knowing it’s not the plan!

Let’s hope they don’t use UPS, that recenly lost backup tapes with 1.3 million records of Bank of America’s customers.