State DMV's routinely sell such citizen data to data aggregators,
companies such as Lexis-Nexus and Experian. These companies in turn sell
the data to other companies (e.g. UPS) and ironically also to other state
DMVs. If you wish to have your personal data withheld from your state's
DMV data sold to the data aggregators you can probably do so. Most states
have statues or have made administrative rules that allow citizens to opt
out.
If you chose to opt out you may have trouble "verifying your identity" when
opening new credit accounts, renting a home etc. since lenders and landlords
frequently use data aggregators to "verify the identity" of their
prospective creditors or tenants.
Using the knowledge of some data to authenticate someone is an example of
relying on something known as a "shared secret". The rationale behind this
practice is that since purportedly only the subject would know the answers
to these questions, anyone knowing the correct answers must therefore be the
subject. The username/password is another form of the shared secret, an
egregiously broken form that is more than 50 years old. Identity experts
have been known to refer to the continuing use of the shared secrets for
identity verification as a "full employment program for database hackers".
Perhaps the foremost authority on the efficacy of the shared secret was
Eduard (sometimes erroneously also spelled Edward) Teach. Teach, better
known by his nom de guerre Blackbeard the Pirate, claimed that "Any two
people can keep a secret, provided that one of them is dead". Teach would
select a crewmember to row him ashore then order the crewmember to dig a
hole and place chest full of plunder into the hole. Teach would then shoot
the crewmember, toss his corpse into the hole and fill in the hole himself.
Even the term "Shared Secret" is an oxymoron, and truly shared secrets
shouldn't be used for authentication. But the use of shared secrets
soldiers on unabated, largely due to the lack of economically viable
alternatives at internet scale.
From:
DSN_KLR650@yahoogroups.com [mailto:
DSN_KLR650@yahoogroups.com]
Sent: Thursday, October 30, 2014 6:53 AM
To: List KLR
Subject: [DSN_KLR650] U.P.S HAS PERSONAL INFO (NKLR)
WARNING!!! (Seriously, must see QUIZ choice #2. A. & C. ) U.P.S. WEB PAGE.
U.P.S. HAS !!!! VERY PERSONAL INFO, ONLY THE GOVERNMENT SHOULD HAVE.
I was on the UPS Web sight, "REGISTERING", to track a package I just ordered
yest.
TO TEST MY ID, I HAD 2 CHOICES
#1. THREW FACEBOOK, AND COLLECT MY EMAIL (OK) AND ALL MY FRIENDS LIST.
OR CHOICE 2
#2 TAKE A QUIZ.
UPS ASKED 3 PERSONAL! MULTIPLE QUESTIONS,
A. WHAT STREET IN THE PAST, HAVE I HAD A PACKAGE DELIVERED TO?
(they should not know my old address, just by name, to many others with same
name)
B. WHAT VEHICLE IS REGISTERED TO THIS ADDRESS?
( THAT IS STATE OF MICHIGAN, INFO, WHO ELSE SHOULD HAVE MY TRUCK LISTED?
C. MONTH WAS (MY DAUGHTER'S NAME.) WAS BORN?
BESIDES ME, AND THE STATE GOVERNMENT,.....
WHO KNOWS WHAT CARS, TRUCKS ETC ARE REGISTERED, TO THIS ADDRESS?
NO-ONE, OR SO I THOUGHT. UPS AND ??????? DOES
----------
----------
----------
[Non-text portions of this message have been removed]