NRA Member teaches Million Mom March a lesson about responsibility and locking things up

NRA Member teaches Million Mom March a lesson about taking responsibility for locking things up

(C) 2000. Permission is granted to print, copy, and distribute hard (non-electronic) copies of this page freely and without royalties of any kind, provided that it is not altered in any manner. This leaflet does not claim to have expert or professional information on identity theft, but there's a bit of common sense: look for the lock icon on your browser before submitting private information! Represents my personal opinion, not the NRA's.

The Million Mom March chapter application was placed on a secure Web page on July 31, 2000-- possibly due to the following letter.

Subject: Possible identity theft exposure on Million Mom March Web site
Date: Sun, 30 Jul 2000 12:32:55 -0400
From: "William A. Levinson" [e-mail given] [NRA Life Member]
To: chapters@millionmommarch.com CC: StopGunVio@aol.com

You'll be getting a certified letter from me about this, but I'm telling you by E-mail so you can correct it as rapidly as possible.
Your chapter application form at http://www.millionmommarch.com/html/chapters/chapterappl.html asks for the chapter organizer's date of birth, Social Security number, and driver's license number. The lock icon for encrypted transmission does NOT appear on my browser (Netscape 4.7) when I look at this form. Per the San Mateo Sheriff's Office at http://www.smcsheriff.com/id-theft.htm, "Identity theft is when someone uses your name and your identifing data such as; Date of Birth Social Security Number Drivers License Number Other personal information like your mothers maiden name to illegally use your idenity To defraud, extort or commit various types of financial crimes."

And your Web page requests three out of four of these (all but mother's maiden name) over an insecure connection.
I do not want innocent people, even if they're on the other side of the gun control issue, to get hurt by identity thieves or credit card thieves because the Million Mom March compromised their personal and financial information. The following is NOT expert or professional security advice, and I urge you to consult a computer security professional, but these items come to mind immediately.

· Fix your security exposures before requesting this kind of information in the future or, even better, don't request it at all.
· Secure (or delete) this information if it's on your computers.
· Warn people who have already transmitted this form to put fraud alerts on their credit reports (see the San Mateo Sheriff's link for the three credit bureaus).
· Encrypt your connection for ordering Million Mom March T-shirts if you haven't already done this (to prevent interception of credit card numbers). The lock icon doesn't show up on that page, either.

Regards, Bill Levinson
----------------------------------------------
See https://secure.millionmommarch.com/html/chapters/chapterappl.html, MODIFIED ON JULY 31 08:14 LOCAL TIME.
I'm on the side that your leaders in the Bell Campaign / Million Mom March accuses of leaving guns unlocked around children, the side that your side says needs to be licensed and registered. But the Million Mom March left your personal information unlocked, and it took one of "our kind" to get them to fix the problem. This leaflet may seem uncharitable for pointing it out-- but we are entitled to make our case.

Note: The San Mateo sheriff's office page has contact information for the three major credit bureaus (Transunion, Equifax, Experian). If you already submitted your personal information or credit card number without encryption (or even if you didn't, and you just want to make it harder for identity thieves and credit card thieves to victimize you), you may want to put a fraud alert on your credit report. I did so myself simply as a general security precaution. Again, this is not expert or professional crime-prevention advice.