By Martin H. Bosworth
August 10, 2006
Millions of Americans use online resume boards to get new jobs and make new connections, posting their resumes for thousands of employers to view.
One unforeseen side effect of this practice is that it leaves job hunters wide open to potential data fraud, as virtually all resumes contain personally identifying information, with some unsuspecting job seekers even posting their Social Security numbers online.
Now online job hunters can rest a little easier, because there's an "angel" watching out for them, and ready to warn them if they've posted too much sensitive data to be safe.
Carnegie Mellon University professor Latanya Sweeney has developed a program called "Identity Angel," a sort of specialized search engine that trolls online job boards and other sources to look for what she calls the "Holy Trinity" of personally identifying information -- a person's name, address, and Social Security number.
Although the first two are all too easy to find on the Web, finding all three is the gold standard for anyone who wants to commit fraud or steal someone's identity.
If the Identity Angel program finds all three, and can locate the person's e-mail address, they will receive an automated message warning them that their identity may potentially be in danger.
Sweeney, an acclaimed computer scientist and privacy expert and director of the Laboratory for International Data Privacy at Carnegie Mellon, developed the tool as a method of warning people as to how easy it was to obtain a credit card using someone else's identity.
As far back as 1996, Sweeney was developing systems to extract personally-identifying data from text documents.
In a 2005 presentation to the American Association for Artificial Intelligence (AAAI) on the uses of AI in homeland security systems, Sweeney outlined how she developed a new system designed to target information in "rosters," online lists of information that were not easily searchable by keyword or phrase, such as a Google Web search.
According to Sweeney, when job seekers who had the Holy Trinity combination of personal data and a viable e-mail address were contacted, every single one removed their information shortly thereafter.
"Imagine a benevolent program that e-mails people for whom information, freely available on the Web can be combined sufficiently to impersonate them in financial transactions," Sweeney wrote. "This is the ambitious goal of 'Identity Angel.'"
The program has been active since July 23rd, and has already captured thousands of records containing the three necessary components for fraud.
Sweeney told National Public Radio that many of the initial responses to the original "Identity Angel" e-mail complained that it was endangering them, or that it was a fraud. She noted that the e-mail was retooled to explain their purpose more clearly.
Testifying before the Department of Homeland Security's Privacy and Integrity Advisory Committee in June 2005, Sweeney advocated the belief that tools like Identity Angel would enable people to secure their identities while not sacrificing their privacy rights.
"Following the events of September 11, there is a common false belief that in order for America to be safe, the public must give up its privacy. This is not necessary, "Sweeney said.