Live from Austin!

Some time ago I read about someone who gets lots of review copies of books set to her for free, because she writes good reviews of them on Amazon.com. I thought at the time that that was pretty cool. It made me wonder just how much I’d have to review to get free stuff, and whether my reviews would all have to be breathless Joel-Siegel-style enthusiasm.

I got my answer. Amazon and Disney sent me an advance copy of the new remastered DVD release of Bambi to review. Yes, Bambi. I can only assume they didn’t pick me based on what I’ve reviewed in the past. Either that, or they noticed I’d been browsing for books and movies about skunks, which would be worryingly efficient of them.

Anyhow, I watched the movie and reviewed it. Hey, why not? Ignoring the plot, the animation is beautiful, and I’m a sucker for anything with a cute animated skunk in it.

So when my RSS aggregator picked up on a review on filmcritic.com, I decided to take a look, just to see if my conclusions were the same as other reviewers. Let’s just say that the guy who wrote that review clearly hasn’t watched the movie since he allegedly saw it as a kid; not even the first five minutes. How can I tell? Well, Bambi is male. He’s referred to repeatedly as the new young Prince of the Forest right at the start of the movie. Bit of a giveaway, that.

I know it’s crazy, but I kinda feel that movie reviewers ought to watch at least part of the movie. I can understand book reviewers not finding time to read the entire book in every case, but come on, how much effort is it to watch “Bambi”?

Meanwhile, I could get to like this Amazon reviews thing. Maybe next time they can send me something from the other end of the tastefulness scale. There’s a new unrated edition of Orgazmo about to be released…

Yet again, a business has been cavalier with tens of thousands of people’s personal data . If your W-2 was processed by PayMaxx in the last few years, any number of people might have read it. There could be thousands of identity thefts as a result.

Yet it’s not really PayMaxx who will be at fault if identity theft occurs. The real problem is that too many businesses use Social Security Numbers (SSNs) for authentication.

SSNs aren’t unique, they aren’t secret, and they were never intended to be used as universal identifiers, let alone authentication tokens. However, the relative obscurity of SSNs has led many businesses to misuse them to verify identity, even though they are completely unsuitable for the purpose.

The simple and obvious solution would be for the US government to legislate prohibiting use of SSNs for any purpose other than identifying taxpayers and social security recipients to the federal government. The legislation would be set to take effect some time at least 12 months in the future, to give companies plenty of time to issue new identity numbers to their customers.

It seems obvious to me that that will never happen, however. Too many corporations with a vested interest in cross-referencing their databases with everyone else’s, and no motivation to spend money on real security.

But I contend that we don’t need to wait for government to act. As I’ve already mentioned, SSNs aren’t actually secret. It’s apparently pretty easy for any random company to get a database of SSNs, and it seems clear that hackers can obtain such databases too. So let’s try a thought experiment…

Suppose a secretive band of hackers obtains a large database of SSNs, ideally the SSNs of the majority of people in the USA. They take out prominent ads in the major national newspapers, announcing that as of January 2007, the database of SSNs will be made available to anyone who wants it, via the Internet.

Companies misusing SSNs would have a simple choice: either stop doing so, or face massive fraud against them in 2007. Shareholders wouldn’t give them much choice.

On January 2007, the database of SSNs is published anonymously to the Internet.

Of course, the perpetrators of this civic act would need to be careful to remain anonymous, lest they suffer a hailstorm of lawsuits, possibly even spurious claims of ‘terrorism’. But in the end, we would live in a better world–one where SSNs were clearly only useful for identification.