June 21st, 2006, 07:29 AM
A legal/moral/ethical question
Hi, I have a curious question for all of you. I will try and make a long story short.
2 Years ago my Great Grandmother died at 91 ( God rest her soul) anyway today I was on Ancestry.com ( they have a free promo deal) and I saw her death certificate. It has her FULL social security number on it! That got me to thinking someone could use that to create a fake identity. So I figured I would apply for a credit card with it. ( I havent done it yet)
A) Apply for the card with her name and social security number with my address
B) Apply for the card with MY name and address with her social security number
C) Try and get her social security number removed
D) Apply for the card then go straight to the cops and tell them what I did so I dont get in trouble.
I think its technically illegal but all im doing is exposing a potential security flaw. I wont even use the card if I get it, I will take it straight to the cops.
I realize this might sound stupid but I really just want to see if they will actually issue the card. Would they really prosecute me for this even though I mean no harm?
June 21st, 2006, 07:40 AM
Don't most hackers, when caught and facing trial, say they were "just exposing a security flaw"?
It's identity theft, plain and simple. I have no doubt that if you applied for a credit card with her name and ss#, it would be issued. I went thru the same thing with an elderly aunt, both before and after her death. It was a mess, but that's beside the point really - I would not suggest any of your list except trying to have her ss# removed.
Outside of a dog, a book is man's best friend. Inside of a dog it's too dark to read.
June 21st, 2006, 01:42 PM
I would go with deb on this contact the site and explain to them that it would be best if they didn't show the social security when showing the cert. If you do any thing else you are looking for trouble especially now days in the states.
\"America is the only country that went from barbarism to decadence without civilization in between.\"
\"The reason we are so pleased to find other people\'s secrets is that it distracts public attention from our own.\"
June 21st, 2006, 02:00 PM
Get the ss# removed.......
Seems to be alot of this kinda info out there in the US ...for anyone to use
The US need some kind of law to stop this type of information being posted on a web site...or being given out so freely.....
Heres some other recent posts on how personal info so freely flows..
Dont you think your homeland security should be cracking down on this
How people treat you is their karma- how you react is yours-Wayne Dyer
June 21st, 2006, 02:14 PM
Don't do what's illegal -- however, ask them to get the SS# removed when they show those certificates. If that doesn't work, go to a lawyer or to authorities.
June 21st, 2006, 02:34 PM
I concur with most here. While information security may still be in its infancy, applying for a credit card with information that is not your own boils down to simple fraud whose laws are well established. By going through with this just to "prove a flaw" will only make the prosecution's case against you stronger. Vigilante's are still not embraced by the legal community.
On a positive note, I believe that Ancestry.com may be in violation of something here, and by notifying them of their mistake they may be much obliged. If they blow you off, talk to a lawyer.
/* You are not expected to understand this. */
June 21st, 2006, 02:53 PM
Cases A, B, and D can get you up to 30 years in a federal prison and fines up to $1 million, which are the maximum punishments provided for knowingly providing false credit information (which is what you would be doing in all three cases).
There's nothing illegal about what Ancestry.com is doing, btw. The information comes from the Social Security Death Index, which contains information on most deaths after 1962 (you can search the index for free at Rootsweb), or from the Death Master File.
If you died and the death was reported to the SSA, you're in that list. I don't think you can ask for records to be removed from it (the Constitution only covers the living... )
June 21st, 2006, 03:05 PM
Negative : that's fair, but how easy should it be to get full access to a person's credentials?
June 21st, 2006, 03:16 PM
Trevoke: all the information that can be obtained through the Master Death Record is public information anyway. The SSN is not, but that shouldn't matter for the deceased (their credit has been "cut off" - if Texan would try to get a credit card with her credentials, a bunch of red flags will go off as every entity dealing with credit (banks, employers...) uses that list). That's all theoretical, of course... you never know in this country
June 21st, 2006, 03:46 PM
Negative : that's kinda the point : you never know! It's the state of security in this country which is a problem.
If you get a credit card with this information, you can order one thing, get it dropped off on a PO box which you open with the same info, pick it up, disappear, do the same with another dead person's info.