Benjamin Webb wrote:
I completely agree that this is a sticky issue. I'm just suggesting that some thought needs to go into it and I'm also suggesting what other groups are doing who publish geneological information in a public forum.
-- Robert Scott Horning
I understand the need for being cautious about security and I think that your comment that the subject is something that needs to be thought hard about is exactly right. However, there's one thing that I have been wondering about. You have raised the point that identity theft could be carried out, using the mother's maiden name. As, Rodovid grows and the number of people with the same increases, it will be difficult to link a person whose identity you are trying to steal with someone on the database. To do this would mean having other data such as age, place of birth and so on, which would probably be as difficult to obtain as the maiden name.
Of course you are publishing such information like:
http://en.rodovid.org/wk/Person%3A1114
That is the kind of information that you are collecting, so having that basic information like age, place of birth, and where you likely are living would be available, which with a little bit of extra work is all you need to steal somebody's identity.
I went through the process myself when I lost my identification papers and had to re-establish my identity from scratch. It was a slightly difficult task, but it shocked me at how easy it really was. All I started with was a college class schedule that I happened to have that included my name and my Social Security number on that form. From that I obtained a birth certificate, marriage certificate, a driver's license, a home mortgage, access to my bank account, and even a United States Passport. My entire identity right now is based on that one scrap of paper, which I've seen hundreds of those schedules floating around the college campus where I went to school, any one of which I could have done the same thing with had I really cared to impersonate somebody else rather than simply try to establish my own identity. BTW, I didn't even need to show my ID at the time to obtain the class schedule... just my name.
Part of this is really because governments don't want to do the hard part of trying to establish identity from sources that are hard or impossible to forge, such as blood type, DNA, fingerprints, etc. The whole process of establishing an identity is something that can cause problems, and unfortunately public information such as a mother's maiden name, government ID numbers, and places of birth are treated as _passwords_ to establish that information. I think it is pure BS, but unfortunately the way that our society is currently set up.
Any computer security expert would tell you a hundred different ways to set up a good password for an account like your Wikimedia user account. Using your government ID number as a password would rank right near the bottom of a suggested idea, and strongly discouraged. Why should your edit privileges on Wikipedia be harder to access and offer more security than your bank account? That is definitely a messed up proposition there and I hope it will change in the future. Until then, publication of this sort of information for people who are alive is going to be a problem.