security
Chris Drake
christopher at pobox.com
Wed Oct 25 00:02:10 UTC 2006
DH> On 23-Oct-06, at 11:15 AM, Chris Drake wrote:
>> DH> compromised. No personal data is moved in the connection
>> between the
>> DH> user and the RP.
>>
>> ... except when using the Simple Registration Extension
DH> the example I presented was logging into a blog providing only my URL
Well, if your vanity url includes your name - eg - DickHardt.com, or
your real name is your OpenID nickname, that, under Penal Code Section
530.5, *is* "Personal data":-
The Government sees fit to slap anyone in Jail and levy massive fines
for stealing this stuff - and we can't even agree to bother encrypting
it?
(a) Every person who willfully obtains personal identifying
information, as defined in subdivision (b), of another person,
and uses that information for any unlawful purpose, including to
obtain, or attempt to obtain, credit, goods, services, or medical
information in the name of the other person without the consent
of that person, is guilty of a public offense, and upon
conviction therefor, shall be punished either by imprisonment in
a county jail not to exceed one year, a fine not to exceed one
thousand dollars ($1,000), or both that imprisonment and fine, or
by imprisonment in the state prison, a fine not to exceed ten
thousand dollars ($10,000), or both that imprisonment and fine.
(b) "Personal identifying information," as used in this section,
means the name, address, telephone number, health insurance
identification number, taxpayer identification number, school
identification number, state or federal driver's license number,
or identification number, social security number, place of
employment, employee identification number, mother's maiden name,
demand deposit account number, savings account number, checking
account number, PIN (personal identification number) or password,
alien registration number, government passport number, date of
birth, unique biometric data including fingerprint, facial scan
identifiers, voice print, retina or iris image, or other unique
physical representation, unique electronic data including
identification number, address, or routing code,
telecommunication identifying information or access device,
information contained in a birth or death certificate, or credit
card number of an individual person.
(c) In any case in which a person willfully obtains personal
identifying information of another person, uses that information
to commit a crime in addition to a violation of subdivision (a),
and is convicted of that crime, the court records shall reflect
that the person whose identity was falsely used to commit the
crime did not commit the crime.
(d) Every person who, with the intent to defraud, acquires,
transfers, or retains possession of the personal identifying
information, as defined in subdivision (b), of another person is
guilty of a public offense, and upon conviction therefor, shall
be punished by imprisonment in a county jail not to exceed one
year, or a fine not to exceed one thousand dollars ($1,000), or
by both that imprisonment and fine.
(e) Every person who, with the intent to defraud, acquires,
transfers, or retains possession of the personal identifying
information, as defined in subdivision (b), of another person who
is deployed to a location outside of the state is guilty of a
public offense, and upon conviction therefor, shall be punished
by imprisonment in a county jail not to exceed one year, or a
fine not to exceed one thousand five hundred dollars ($1,500), or
by both that imprisonment and fine.
(f) For purposes of this section, "deployed" means that the person
has been ordered to serve temporary military duty during a period
when a presidential executive order specifies that the United
States is engaged in combat or homeland defense and he or she is
either a member of the armed forces, or is a member of the armed
forces reserve or the National Guard, who has been called to
active duty or active service. It does not include temporary duty
for the sole purpose of training or processing or a permanent
change of station.
Kind Regards,
Chris Drake
More information about the general
mailing list