The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.

Search this blog

Recent Posts

On Twitter

About this page and the author

The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.

For full contact information and a brief bio, please see David's profile.

Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.

David Fraser's Facebook profile

Privacy Calendar

Archives

Links

Subscribe with Bloglines

RSS Atom Feed

RSS FEED for this site

Subscribe to this Blog as a Yahoo! Group/Mailing List
Powered by groups.yahoo.com

Subscribe with Bloglines
Add to Technorati Favorites!

Blogs I Follow

Small Print

The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.

This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.

Friday, July 15, 2005

Privacy, national security and the Karl Rove affair 

My friends and family are probably getting pretty tired of hearing that just about everything has a privacy angle. Sorry, it's everywhere.

The latest political story out of Washington, DC has a privacy angle with a national security twist, according to David Lazarus of the San Francisco Chronicle:

Privacy is easy to breach

"The fracas over whether Karl Rove, one of President Bush's most trusted advisers, publicly outed an undercover CIA operative highlights the ease with which personal information on virtually anyone can be obtained.

It also points to the need for privacy laws -- and, in this case, national-security laws -- recognizing the harm that can be done with only a few computer keystrokes.

That harm, as a slew of recent security breaches makes clear, can include identity theft, credit card fraud and other invasions of one's personal-data space.

It can also represent a graver danger if the work you do is of interest to terrorists and other enemies of this country.

I found out how significant this threat can be when I attempted to identify the CIA agent in question for myself, based solely on what Rove is known to have told a journalist.

The results were troubling, to say the least.

...

It's not my place to say whether Rove crossed that line in his discussion with Cooper. But I can say what I was able to do with the information Rove reportedly supplied.

First of all, I knew from published reports that the full name of the author of the critical op-ed piece was Joseph C. Wilson IV. A Google search quickly told me that he was born in 1949.

So I went to ZabaSearch.com, which readers of this space know is a powerful online people-search tool that rapidly combs through public records - - for free.

My first nationwide search for a Joseph C. Wilson born in 1949 turned up too many matches, so I narrowed the search by guessing that he likely lives in Washington, D.C.

Bingo. Now I had his home address. But I didn't know his wife's name.

So I went to the Web site of LexisNexis, a prominent data broker, and did a public-records search for Joseph Wilson in Washington, D.C., subsequently narrowing the search with Wilson's street address. Bingo again.

"Spouse name: Wilson, Valerie E."

For non-subscribers, LexisNexis is available online on a pay-per-search basis. It's also accessible via acquaintances at universities, law schools and a wide variety of private companies.

I did another LexisNexis search for Valerie E. Wilson in Washington, D.C. This confirmed she lives at the same address as Joseph C. Wilson. It also took me the next step.

"Former name: Plame, Valerie E."

I now had the identity of a covert CIA agent (who was using her maiden name as part of her cover as an energy-industry analyst working for a firm called Brewster Jennings & Associates, now known to be a CIA front company).

It took me less than a half-hour to identify her.

I then went back to Google and got a map of Plame's neighborhood and directions to her home. Google also allowed me to study a high-resolution satellite photo of Plame's house.

I could see that the property appears to be in a quiet residential community and looks approachable from all sides. It also offers ready access by car to major thoroughfares.

And I now possess all this information simply because I know (from Karl Rove, via Matt Cooper) that Joseph Wilson's wife "apparently works at the agency on WMD issues."

Little effort required

Rove's questionable judgment aside, this episode underlines how little effort is required in this info-rich age to identify and locate virtually anyone. You don't even need that person's name.

This should alarm anyone who relies on a measure of secrecy for his or her well being, as well as all others who value their privacy.

It also should serve as a wake-up call for legislators that existing privacy and national-security laws haven't kept pace with dazzling improvements in information technology.

The intent of current laws might be to keep certain info under wraps. The reality is that nearly all data are exposed and accessible, there for the taking by anyone with a computer and a small measure of resourcefulness.

With little effort, I pinpointed a working CIA agent. I did so only to make a point.

Can we be sure that the intentions of the next person to commence such a search will be as benign? "

Labels: , , ,

Links to this post:

Create a Link

This page is powered by Blogger. Isn't yours? Creative Commons License
The Canadian Privacy Law Blog is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License. lawyer blogs