One of my friends posted this story from Natural News, a site known for sensationalist stories. This story fell within my area of expertise so I found it more annoying than most sensational articles posted on that site. According to the article:
(NaturalNews) We have already established that Healthcare.gov is not a functioning database application that allows people to shop for competing health plans. It is actually a government-run Trojan Horse that suckers people into creating accounts where they hand over:
• Name and address
• Email address and password
• Social security number
• Private bank account details
• Employer details and other informationDuring the enrollment process, your computer also hands over your IP address which is then tied to your social security number.
This time the emphasis isn’t mine. With the exception of your Social Security number and employment history all of these things are handed over to any site you buy products from. With that information your Social Security number can be found for $0.25 through services like Tracers Information (I was Kevin Mitnik bring up a volunteer’s Social Security number using this site in the Social Engineering Village at Defcon 21). And, more to the point, this is all information that the federal government already has. In fact the federal government is the organization that gave you the damn Social Security number in the first place.
The article then goes on to claim that all of that information is transmitted to the National Security Agency (NSA). Why would the NSA have to get Healthcare.gov to send it that information? Thanks to Edward Snowden we know that the NSA is spying on people directly through direct access to Internet Service Providers (ISP) and companies that offer online services (Google, Microsoft, Apple, etc.). As a federal agency the NSA also has access to your driver license records (name and address), Social Security information, and bank information (financial institution regulations are glorious, aren’t they). A simple peek at your bank account will almost certainly reveal who you’re working for (and who you have worked for). The NSA doesn’t need a healthcare website to get all of this information, it has setup a pervasive surveillance apparatus to get all of this information already.
The reason these types of articles piss me off is because they drum up unnecessary fear of technology. In order to overcome tyranny fear must first be alleviated. Or, to put it another way, the only way to fight gods is to first prove that they’re not gods. So stop with the fear mongering and sensationalism. It’s annoying because I then have to explain all of this shit to my less technically minded friends.
“During the enrollment process, your computer also hands over your IP address which is then tied to your social security number.”
So if I change my IP address, they’ll think I’m an entirely different person? Exxxxcellent…. all is proceeding according to plan.
yeah tying an IP address to a person is nigh impossible when I can literally press a button and get a new one. that and my DNS server of choice keeps no records of traffic so tying the miasma of IPs to me would take a lot of log checking.