[Dataloss] Exposing personal data to meth-heads

Dennis Opacki dopacki at adotout.com
Tue Aug 21 17:56:57 UTC 2007


I had a humbling experience this weekend that got me thinking about  
data security; I purchased a box of Sudafed at a Seattle pharmacy. Of  
course, given its connection to methamphetamine abuse, this  
"dangerous drug" is no longer available to casual shoppers. Instead,  
I selected from the pharmacy shelf, a card that resembled the box I  
wanted to purchase. I presented this card to the pharmacist.

She asked to see my state driver's license and reached for a thick  
logbook sitting on the counter. The logbook contained roughly 100  
pages of identical tables. Each page had close to 20 rows. The  
pharmacist proceeded to copy my name, address, driver's license  
number and license expiration date into a fresh row on the partially  
populated page. She then asked me to sign to record. Examining the  
log, I found a cautionary message detailing the penalties I could  
expect upon entering false data, but not a word about how my data  
would be handled and protected, or to whom they will be disclosed.

What struck me as particularly dangerous about this process is recent  
media attention of a correlation between methamphetamine abuse and  
identity theft[1]. Here is a logbook full of juicy personal data, and  
the authorities insist that people, whom they suspect are drug  
abusers, view a dozen or so identity records when purchasing the raw  
materials for their next batch. How hard would it be for an  
individual to memorize the record above, or simply run out the door  
with the entire logbook? Whom does this process serve?

-Dennis

[1] http://www.msnbc.msn.com/id/4460349/


More information about the Dataloss mailing list