Security theatre – Privacy and verifying identity when companies call you

I’ve noticed recently that my health insurance company’s privacy policy has changed so that when they call you, they need to check personal details to verify your identity before discussing your account. Sounds like a good idea – make sure they always verify your details, so they don’t give out personal details which might lead to identity theft.

But hang on, they call you, and ask you to give them your name, date of birth, address, phone number, policy details? Sounds like a great identity theft scam to me.

Now, I do actually know that the times i have been called by my health insurance company it actually has been them. But really, if i wanted to scam some identities surely it wouldn’t be hard to pick a common company (whether health insurance or some other service provider), blindly ring numbers (without sending your caller id) and pretend to be checking some account details.

The other side to this is that, often when they do ring, I’m out at in a public space. A public place is not somewhere i’d like to recite my personally identifying details for anyone to hear, just like i won’t use an submit personal info over an unencrypted link, especially not when using a free public wifi access point.

It is reassuring that companies are taking identity theft more seriously, but blindly implementing measures without thinking them through? Seems like security theatre is expanding it’s audience.

Obtaining Queensland Police Reports

If you’re in a motor vehicle accident and wish to obtain a copy of the Queensland Police investigation documents (for example, if you are fucked over by the police) there seem to be two ways to go about getting a copy:

If you speak to police officers, it seems that the official method for access to your report is via CITEC. This costs (as at 2010-01-20) $70.70, and only actually provides you with a copy of the textual body of the report. Any attached documents, photos, scanned notes, drawings, or even statements which have been attached, rather than included are not part of the CITEC report, nor or they held by CITEC at all. The “Other Documents” mentioned in the CITEC Confirm application won’t get you these either – apparently it is for things like blood alcohol reading documents and other such things. As mentioned before, the police don’t actually transfer anything but the textual document to CITEC.

The other way, which I found out after I’d gotten a CITEC report and wondered where the hell all the information was, is to request a copy of all documents via the Queensland Government’s Right To Information (RTI) Act. This is a recent replacement of the Freedom of Information Act, and seems to work in a similar manner. A RTI request costs (as at 2010-01-20) $38 (unless the documents only contain personal information about you – probably not the case if it is a motor vehicle accident), and you can request copies of all relevant documents, not just textual information which is sent to CITEC.

I’m still waiting on my RTI request, but at this point I would say don’t even bother with a CITEC confirm report and go straight to a RTI request. It is much cheaper, and the CITEC confirm report is woefully inadequate in this sort of case.