[Foundation-l] Rodovid.org, family tree wiki, wishes to become a wiki project

Sat Apr 1 19:14:39 UTC 2006

Benjamin Webb wrote:

>>I completely agree that this is a sticky issue.  I'm just suggesting
>>that some thought needs to go into it and I'm also suggesting what other
>>groups are doing who publish geneological information in a public forum.
>>
>>--
>>Robert Scott Horning
>>
>
>I understand the need for being cautious about security and I think that
>your comment that the subject is something that needs to be thought hard
>about is exactly right. However, there's one thing that I have been
>wondering about. You have raised the point that identity theft could be
>carried out, using the mother's maiden name. As, Rodovid grows and the
>number of people with the same increases, it will be difficult to link a
>person whose identity you are trying to steal with someone on the database.
>To do this would mean having other data such as age, place of birth and so
>on, which would probably be as difficult to obtain as  the maiden name.
>  
>
Of course you are publishing such information like:

http://en.rodovid.org/wk/Person%3A1114

That is the kind of information that you are collecting, so having that 
basic information like age, place of birth, and where you likely are 
living would be available, which with a little bit of extra work is all 
you need to steal somebody's identity.

I went through the process myself when I lost my identification papers 
and had to re-establish my identity from scratch.  It was a slightly 
difficult task, but it shocked me at how easy it really was.  All I 
started with was a college class schedule that I happened to have that 
included my name and my Social Security number on that form.  From that 
I obtained a birth certificate, marriage certificate, a driver's 
license, a home mortgage, access to my bank account, and even a United 
States Passport.  My entire identity right now is based on that one 
scrap of paper, which I've seen hundreds of those schedules floating 
around the college campus where I went to school, any one of which I 
could have done the same thing with had I really cared to impersonate 
somebody else rather than simply try to establish my own identity.  BTW, 
I didn't even need to show my ID at the time to obtain the class 
schedule... just my name.

Part of this is really because governments don't want to do the hard 
part of trying to establish identity from sources that are hard or 
impossible to forge, such as blood type, DNA, fingerprints, etc.  The 
whole process of establishing an identity is something that can cause 
problems, and unfortunately public information such as a mother's maiden 
name, government ID numbers, and places of birth are treated as 
_passwords_ to establish that information.  I think it is pure BS, but 
unfortunately the way that our society is currently set up.

Any computer security expert would tell you a hundred different ways to 
set up a good password for an account like your Wikimedia user account. 
 Using your government ID number as a password would rank right near the 
bottom of a suggested idea, and strongly discouraged.  Why should your 
edit privileges on Wikipedia be harder to access and offer more security 
than your bank account?  That is definitely a messed up proposition 
there and I hope it will change in the future.  Until then, publication 
of this sort of information for people who are alive is going to be a 
problem.

-- 
Robert Scott Horning