Security News > 2002 > December > New Jersey lottery Web site may contain security risks, experts warn
http://www.nandotimes.com/technology/story/694805p-5149285c.html By JOHN P. McALPIN, Associated Press TRENTON, N.J. (December 30, 2002 2:41 p.m. EST) - New Jersey Lottery players who sign up for a VIP service offering discounts, bonus games and daily e-mails of winning numbers are risking more than the price of a ticket, Internet security experts warn. The lottery's VIP Club requires people to give a name, postal address and e-mail address. Also requested are their birth date and mother's maiden name, key personal details that have security experts worried about identity theft. "No matter how hard I think about it, it's tough to come up with an excuse for why that information should be required," said Lauren Weinstein, founder and moderator of the Privacy Forum online group. "The people who design these forms don't even think of this stuff. It doesn't occur to them that the combination of both birth date and mother's maiden name is something you should never disclose," Weinstein said. "They've asked all the key questions there except 'What's your Social Security number?'" About 77,000 lottery customers have enrolled in the service, up and running for about a year. Linda Melone, the lottery's deputy director of marketing, said the information isn't collected for direct-marketing programs and won't be disclosed to outside agencies. Jaimee Gilmartin, a spokeswoman for the lottery, defended the requests, saying birth dates verify that players are over 18 and maiden names are often used as password protectors. The lottery has never had a case of identity theft or other security breaches, she said. "The New Jersey lottery is constantly evaluating and re-evaluating our procedures to ensure we provide the highest level of security for our players," Gilmartin said. Texas and Indiana have similar services that request birth dates. Texas also asks for a maiden name, but Indiana does not. Consumers should make sure such sites offer clear privacy warnings and hold the government to the letter of the law, said Robert Ellis Smith, publisher of "Privacy Journal" newsletter. However, often customers just click past such statements, which are often written by lawyers and difficult to understand, he said. Potential security concerns about the Internet were cause for concern for some players interviewed. "It's too easy for someone to steal your identity, especially if you have to give your mother's maiden name," said Rich Froman, 39, who bought two Pick 3 tickets and one Pick 6 ticket at an Atlantic County convenience store recently. "That's one of the most private pieces of information you have. To get updated lottery results? That's a joke." Most players, however, are like Louann Elwood, 29, who didn't know about the VIP program even though she's a regular player and goes to the Web site sometimes. Elwood said she had no problem giving the information. "I'm addicted to the lottery," Elwood said while buying $10 worth of Pick 4, Pick 5 and Pick 6 tickets. - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
News URL
http://www.nandotimes.com/technology/story/694805p-5149285c.html