Government To Fix Identity Theft? 219
Cobb writes "With nearly 50 million identities compromised in the last 6 months, the powers that be are gearing up to fix the problem. 'Prosecutors and privacy experts say that what America needs is a coordinated national strategy. While 15 states require companies to tell consumers if their data has been compromised, there's still no national law.' A new study joins a host of other statistics -- some private, some government-sponsored -- attempting to quantify the size of the ID theft problem. There is no universal agreement on the size of the problem, on the way to count the victims, or even on how to define identity theft."
On the other hand... (Score:5, Funny)
Databases are a pain to maintain.
Let me be the first moron to say . . . (Score:5, Funny)
~~~
Re:Let me be the first moron to say . . . (Score:2, Funny)
Re:Let me be the first moron to say . . . (Score:3, Funny)
Re:Let me be the first moron to say . . . (Score:3, Interesting)
Well, no.
"It's not identity "theft", it's identity fraud."
40 million banking customers have had privledged personal information about them compromised in a
manner that would suggest that "identity fraud" perpetrated against them is likely at a future time.
There are also persons walking around with completely fraudulent identity papers - birth certificate, social security number, drivers license, employment history, credit cards and credit history,
Well, we all know... (Score:2, Insightful)
The so called solution turns out to become much worse than the original problem.
Re:Well, we all know... (Score:2)
I wonder who they will try to pin this problem on? We already invaded Iraq... maybe China? I bet an invasion there would solve the identity theft problem.
Re:Well, we all know... (Score:2)
Re:Well, we all know... (Score:5, Insightful)
Yeah..this is something I fear. I was reading in the local paper recently...that this could really crush SMALL businesses, that may do simple things like directly charging customers' checking accounts. Basically, this notification could really open so many up to lawsuits, and in our present ligitious society these days...well, I think that is a given.
Personally, I wish they'd go in the direction of outlawing, the wholesale trading and selling of personally identifiable information...especially the Social Security number...
I wish they's make it illegal to use it as an identifier in any public database not directly associated with SS taxable income.
If they didn't have the one person unique identifier out there in so many of these databases...that link so much information together over disparate databases, the theft perhaps wouldn't be as painful or dangerous to the individual.
I wish they'd make the selling of this data illegal..companies like Acxiom [acxiom.com] scare me really...they have info on most anyone in the US, and when I'd left there years ago, their computer security to the 'net wasn't secure enough to ease my concerns. And they're not the only ones...just one of the big ones.
Re:Well, we all know... (Score:2)
But then they couldn't keep a credit history for you and beat you over the head with it when you refuse to pay some incompetent bozo who bollixed up the last job he did for you. Get used to it: We now have government of the business, by the business, and for the business. And
Re:Well, we all know... (Score:3, Insightful)
"The so called solution turns out to become much worse than the original problem."
Yeah..this is something I fear.
I would think doubly so, since this is the same government that wants a national ID card. You know, to make personal information even more centralized and easy to access. In an ironic way the concept of a national ID card as a homeland security measure might make a person's identity easier to steal, resulting in less security.
I wish they's make it illegal to use it as an identifier in an
Outlawing SSN? (Score:2)
Banning SSN and other identifiers sounds good on paper, until people think through some of the implications. Right now we have dozens of separate systems that are not linked. Patients in one system may or not be a patient in another. If a doctor prescribes a drug in one system, the other system may not know this.
Because of these disconnects, the problem of not being able to clearly identify p
Re:Outlawing SSN? (Score:3, Interesting)
What SSN is good for is a unique number that the person knows that is also common other places. So if I'm 123-45-6789 in one medical database, odds are I'm the same number in another one. When I need to check to see if Person X is really Person Y with a deadly drug allergy in a related database, it's good to have a number that everyone's pretty sure a
Re:Well, we all know... (Score:3, Funny)
Yeah... yeah! Who's with me?!?!?
A thought ... (Score:5, Insightful)
Re:A thought ... (Score:4, Funny)
Re:A thought ... (Score:4, Interesting)
No, the dog is totally irresponsible with credit.
Anyway, it happened cause I was too cheap to pay extra to have the data phone line (pre-broadband) unlisted. Solution - list the data line in the dog's name. Side effect - ads and credit card offers mailed to to dog.
Re:A thought ... (Score:2)
Re:A thought ... (Score:3, Insightful)
Or not send 10,000 credit offers to my house. I think someone should initiate a class action lawsuit against the US Postal Service for giving mass mailing discounts to these credit card companies making it possible for them to send out so many mailings. If they had to pay $.37 to get a letter delivered like I do we might not have quite as many mailings and less identity theft.
Re:A thought ... (Score:2)
not to mention cheaper postage!
Re:A thought ... (Score:2)
meant to say that if the bulk mailers paid the same rate we do, it should help lower the postage for everyone
Re:A thought ... (Score:2)
A class action lawsuit against an arm of the Federal Government. Get real.
If they had to pay $.37 to get a letter delivered like I do we might not have quite as many mailings and less identity theft.
And then, they wouldn't be mailing *anything* and the USPS would make even *less* money than it alr
Re:A thought ... (Score:2)
Yeah, well, it's a nice idea.
And then, they wouldn't be mailing *anything* and the USPS would make even *less* money than it already does forcing it to either raise prices even more than they already have (either will cause the USPS to go out of business).
Ummm... yeah. You say that like it's a bad thing. First, the whole USPS doesn't make any money thing is a myth. Congress swipes all the money they do make to pay other t
Re:A thought ... (Score:4, Informative)
Call this one number to opt out of all three bureaus: You can protect yourself from identity theft by taking your name off of the credit bureaus mailing lists. The credit bureaus are one of the biggest offender when it comes to selling your name and information to the credit card companies who in turn send you all those pre-approved applications. One call to the Opt Out Request Line (for Equifax, Trans Union, Experian and Consumer Credit Associates) is all it takes to permanently remove your name from all marketing lists that the credit agencies supply to direct marketers. You can also opt for a two-year period, renewing your request at any time in the future.
1-888-567-8688
"opt out" = crap (Score:2)
I'm sick of having to call various agencies to opt out of marketing TRASH. Why do we put up with it?
Oh, that's right.. marketers have more money than us, so they lobby the hell out of congresscritters.
Ugh.
Re:A thought ... (Score:2, Informative)
Re:A thought ... (Score:2)
Re:A thought ... (Score:2, Informative)
Actually, it sends opt-out info to 4 credit reporting bureaus.
And add me to 100 other what? Huh? We don't have 100 "other" credit bureaus. Do you even know what you're talking about?
I learned of this website from an article about preventing identity theft, published in our local newspaper. I was skeptical at how well the opt-out process would work, but it managed to surprise me.
Re:A thought ... (Score:3, Funny)
Re:A thought ... (Score:3, Funny)
Do you ever fill them out for him and send them back with a pawprint on the signature line? Put "home security specialist" as his job title and estimate how much you spend per annum on dog food as his salary.
Re:A thought ... (Score:2)
Government to outlaw crime! (Score:5, Funny)
Ronald Reagan was right, the most frightening words in the English language are "Hi, I'm from the government, and I'm here to help."
Re:Government to outlaw crime! (Score:3, Insightful)
Yep, that'll help. Except for all those criminals who don't obey the law.
Right. So why don't we just make everything legal, hm?
Ronald Reagan was right, the most frightening words in the English language are "Hi, I'm from the government, and I'm here to help."
In many cases the government can and should help. If people are stealing, then I want the government to use its powers to stop them.
Re:Government to outlaw crime! (Score:2)
What they'll probably do in order to "fix" the problem is mandate some incredibly stupid solution that will make all of our lives worse. Just you watch. Whenever the Senate starts debating anything that has a technical component to it, a shiver goes up my spine. The best we can hope is that they don't make it worse.
Re:Government to outlaw crime! (Score:3, Insightful)
Trust me, there's a big difference between the beauracratic drones from Federal agencies and your local beat cop. It's pretty obvious which type was being referenced.
Re:Government to outlaw crime! (Score:2)
Re:Government to outlaw crime! (Score:2)
Re:Government to outlaw crime! (Score:2)
Re:Government to outlaw crime! (Score:2)
If I'm taking that out of context, you should tell every quotation site on the web that they're doing the exact same thing. The quote is consistent with Reagan's beliefs about big government, so I don't know how it could be taken out of context.
I asked you how I was taking the quote out of context out of genuine curiousity, and you respond by calling me names? WTF
Re:Government to outlaw crime! (Score:5, Interesting)
For once it looks like "hackers" aren't going to be the scapegoat on this one. Although it may be too soon to tell.
Government repairing something? (Score:2, Informative)
I hope (Score:2, Insightful)
Perfect! (Score:2)
"Perfect!"
- immediate reaction, with accompanying drool spot on table, of every bureaucrat and lobbyist, at every level of government, upon hearing these words, as applied to every issue ever raised for debate.
Statistics (Score:2, Insightful)
Re:Statistics (Score:2)
Sir Humphrey: If local authorities don't send us the statistics that we ask for, then government figures will be a nonsense.
Jim: Why?
Sir Humphrey: They'll be incomplete.
Jim: But government figures are a nonsense anyway.
Bernard: I think Sir Humphrey wants to ensure they're a complete nonsense.
Sir Humphrey: Statistics, you can prove anything with statistics.
Jim: Even the truth.
Sir Humphrey: Ye...no.
[...later that episode...]
Jim: These figures are just guesse
Seems normal... (Score:2)
This seems pretty standard for anything involving politics. Nobody can agree on anything.
Here in Minnesota; we are on our first day of a state government shutdown because nobody could agree on a stinkin' budget.
Way to go guys!
Re:Seems normal... (Score:2)
Think of all the money you will save on taxes if this goes on long enough. After all, you wan't have had to pay anyone for their time off.
Re:Seems normal... (Score:2)
Continuing Resolution? (Score:2)
Wrong Approach (Score:4, Insightful)
It is silly that someone can committ such fraud just because they collect some numbers (SSN, phone, address, Credit Card, Driver's License, Passport). What we need is a system where simply possessing the numbers does not allow for fraud. The solution probably has something to do with biometrics. Of course, criminals will work against that too, but I just don't see how we can legislate ID theft into submission.
Re:Wrong Approach (Score:4, Informative)
Your biometrics are just a number, so once someone has that number then they can impersonate you. Ex: You want to do an online credit card purchase, so you scan your thumbprint. Great! You send it to someone else, and now they have your thumbprint.
This can be best prevented by using encryption and such, but then those things can be applied to existing methods so the biometric data didn't help.
Re:Wrong Approach (Score:4, Interesting)
Consider this. Fingerprint biometrics. Someone manages to steal a record of your 10 fingerprints, and is capable of reproducing them to fool a biometric sensor. You can no longer be assured that anyone using fingerprint identification is truely you, and what would you change your authentication credentials to after that, your footprint?
Vein biometrics (hand, as per previously recorded on Slashdot) change based on what you're doing, over time, with vascular problems, etc.
Fingerprints are unchangable, but you have a limited quantity (10) and after that, you have little recourse.
Voice prints may be able to be mimiced sufficiently with recorders, or worse, you could be denied access one day because you had a cold.
Biometrics may be used to help such a system, but they could never take the place of any aspect that may need to be changed at random, such as a password.
No kidding. (Score:2)
Yes, lets broadcast your passport information to everone in the vacinity via RFID, that will make things harder for the terrorists, and safer from iden
Biometrics Considered Harmful (Score:3, Insightful)
Even if one were to develop a much better biometric system, there are serious drawbacks. Any biometric key is really just a password that cannot be changed, even if the password has been compromised, or even if the whole system has been cracked wide open.
Suppose someone invents a "foolproof" retinal scanner system, which is deployed at every point-of-sale terminal in the US. All credit card transactions are verified with the retinal scann
Re:Biometrics Considered Harmful (Score:2)
Re:Wrong Approach (Score:2)
You've obviously never worked tech support and dealt with a horde of users who forget passwords and angrily demand an easy way (and easily spoofed) way to be told it.
Re:Wrong Approach (Score:2)
Re:Wrong Approach (Score:2)
Or on the merchant.
You provide the credit line, you eat the loss when it's a problem.
Just pisses me off (Score:5, Insightful)
The only way to fix the problem is not to have all these laws after the fact, but to stop the sharing at the source. For example, you sign-up at a bank for a new account. You cannot at that time ask for you information not to be shared. You must call up later and say:
1) I don't want my information shared to third-parties.
2) I don't want my information shared to afflilated companies.
3) I don't want any offers, etc.
If you miss one your screwed. Just think of all the things you've registered for where your information is flying around. It's absolutely unstoppable.
I'd love to do a credit freeze on my account, but in Texas you can only do that AFTER you prove to the credit companies that your a victim of identity-theft. That's like handing out a condom after rape.
The credit-bureaus snap back that without access to the sea of "metadata" people won't get all these advertisements for low-interest lows and crap like that. Makes me want to puke.
Maybe we can change out our SSN#s every so often, but otherwise I assume having your identity stolen will be common-place in 5 to 10 years.
Peace out!
Happy 4th.
Government To Fix Identity Theft? (Score:2)
Government To Fix Identity Theft?
Ha! Ha ha!
...
Oh! Ummm, if you're looking for the answer, it's no.
Obvious solutions to identity theft (Score:2)
Re:Obvious solutions to identity theft (Score:2)
The War on Identity Theft (Score:2)
Here we go... The War on Identity Theft!
I am really sure this WILL be as effective as the war on drugs.
Lets see:
1) First we will lose our right to any form of privacy at all. ( for our safety of course )
2) The subdermal chips are coming!
3) The usual arguments about "the number of the beast."
4) Wacky holdouts living in the woods in Montana
Re:The War on Identity Theft (Score:2)
50 million a bit misleading (Score:2)
It's about time, but it won't help. (Score:5, Informative)
Good! It's by no means the silver bullet in identity theft, but I really get sick of having companies ask for my SSN when it's none of their goddamned business! Even when I took Sun certifiation exams, the unique identifier that they wanted to use was my SSN! Exactly what business is it of a certification examination center to have my (or anyone's) SSN?
The problem, however, is one that government will never be able to fix - consumer stupidity. It's staggering that people are so shocked when they find out that their identity was stolen, yet they will look at you dumbfounded if you ask them:
* Do you shred all of your mail, bank statement, receipts, and so forth before throwing them away?
* Do you make sure to never purchase from e-mails that you didn't ask for?
* Do you make sure to purchase on-line through secure, HTTPS connections?
* Do you willingly give out information to people on the phone who claim to be from one business or another?
I'm sure that the government will do what it can (even if it further tramples on our individual rights one way or another) but until the general public stops their carelessness with personal information or materials that contain personal information, identity theft will keep going and going just like that damned rabbit.
Re:It's about time, but it won't help. (Score:2)
* Do you make sure you're not typing private information (such as SSN or bank account numbers) on the keyboard of your windows machine, the one in the den where you persist in running IE and Outlook and click on every damn banner, the one that runs 317 pieces of spyware, 89 trojans and 11 keyloggers and is so slow it takes 40 minutes to open AOL dialer, and oh by the way this frantic call on your phone answering machine is your credit card fraud department asking you if they should approv
Re:It's about time, but it won't help. (Score:2)
*Do you sit there and watch the waiter run your credit card at the resturaunt?
*When was the last time you ran a credit report?
I find it shocking how many companies I don't know have my credit information. I find it very, very shocking that my dogs freaking VET wants my SSN..
The first step is to identify the problem. (Score:5, Insightful)
Someone steals your credit card number and orders porn? That's no longer credit card fraud, that's identity theft.
Someone forges a check against your bank account for porn? That's no longer check fraud, that's identity theft.
Somebody ordering a pizza in your name, because they can't afford porn? That's no longer a phone prank, that's identity theft.
Nearly all economic crime can now be classified as identity theft. Nearly all is being so classified.
It's impossible to tell how much of a problem there is, at this point. We're all too distracted by watching the sky falling.
Re:The first step is to identify the problem. (Score:5, Funny)
So, you're saying the answer to identity theft is free porn?
Re:The first step is to identify the problem. (Score:3, Funny)
I think the answer to every problem involves free porn. I think we need a Cabinet level position, to advise the President. A Department of Porn, to use our tax dollars to produce top quality porn.
I mean, really, think about how much less spam we'd have if every American taxpayer were entitles to top quality, government produced porn.
Best idea I've heard (Score:5, Insightful)
The best idea yet is that unless the creditor can prove that you authorized any purchases made on your account, then they have to eat it. It is the creditor's job to make sure they know who to whom they are giving credit. It is then ultimately their responsibility to track down identity thieves. If their internal policies are so lax, that they don't know their customers from a hole in the ground, then they need to shape up. I think that this policy is the only way to get them to fix these problems, by hurting their bottom line.
Re:Best idea I've heard (Score:2)
It's about friggin time.
Re:Best idea I've heard (Score:2)
In related news (Score:2)
'Oil companies to fix Kyoto treaty'
'Microsoft to fix GPL'
Um, news at $time_of_news_at_local_location?
make the government responsible? (Score:2)
Yeah, they'd be great for keeping identities separate and secure.
encrypted keys (Score:3, Interesting)
Just trying to promote discussion. Please feel free to attack any loop holes in my argument. Or you can just call me an idiot.
Three words... (Score:2)
Government To Fix...
How About Instead of All These ID Problems (Score:2)
New Biometric Device From Fujitsu [whattofix.com]
Emulate California on Credit Approval Blocking (Score:2)
This ought to be made federal law. It wouldn't eliminate identity theft but it would drastically reduce much of the resulting fraud.
Definining it is the easy part (Score:2)
Identity Theft: when one party successfully represents themselves as a second party during a transaction with a third party, using documents and information that belong to the second party, and that have been obtained without the second party's knowledge or permission.
There ya go, that one's free. Now either figure out a way to stop it, or stop feeding it with all these "convenient" opportunities for faceless transactions between strange
Just like we completely eliminated spam, right? (Score:2)
Sure... just write a law that makes it illegal, that'll solve the problem.
Just like anything else that was outlawed.
* We have no more spam, since it was outlawed a short while ago.
* We have no illicit drugs, either, right?
* We temporarily "eradicated" alcohol. Remember that from your history classes?
* Hell, we've eliminated ALL illegal criminal activity by simply legislating them away.
* Et cetera, ad nauseam, ad absurdum.
Riiiighht...
It's only 'infringement', not 'theft' (Score:2)
Easy Solution: Limit Personal Information Sharing (Score:4, Insightful)
The next step is to limit sharing of personal information; this is something that some states have achieved.
Make sure that lists are opt-in. Businesses must ask personal permission at all times.
Higher penalties for stealing mail or other personal information that is used for wrong purposes.
Require online businesses to use secured connections for better protection.
Hold banks, credit card, loan agencies, etc. accountable for credit history fuckups.
Require timetables on identity theft resolutions; have businesses pay for it.
Fine companies for losing personal information.
If this does not work, let people buy cheap guns and shoot mother fuckers who commit or contribute to identity theft. Why should people sit in silence if credit card industry gets a fat profit that is growing from year to year? Make those fuckers responsible for their fuckups.
the answer is easy (Score:3, Insightful)
Apply the same privacy and security standards to financial institutions that HIPAA [hhs.gov] requires.
I went to work on a PC at a doctors office, it was the machine that contains patient records.
That machine was forbidden from being connected to the internet in ANY way what-so-ever and was forbidden from being connected to their inhouse LAN.
The STAND ALONE machine had a modem in it but it was only allowed to connect to a certain system through a single dial-up line.
No other use of the machine was permitted. It had no disc drives so it was not possible for employees to install stuff from home or to copy things from it.
The machine was pretty damn isolated from the outside world.
Of course that will never happen with financial institutes because they WANT these things to happen, that way the people will cry for more security. And they will get it, with Orwellian security like retina scans and sooner or later, DNA scans, like in the movie GATTACA [wikipedia.org]
Personally, I have no financial anything. I don't use banks at all in any form. I have no credit, I have no savings or checking accounts, I have no credit cards.
I live strictly by cash alone. Everything I own is paid for. I pay utility bills with green cash, in person at the local grocery store. I owe no one for anything.
You want to steal my identity? I don't give a shit, go ahead, I don't use it anyway..
Hah (Score:2)
"We're the government: we don't make promises, only threats."
GOVERNMENT to fix it? (Score:2)
It is not the job of government to solve all of our problems. More government is almost never the answer to any problem. The problem here is the credit system and lack of accountability on the part of businesses for identity fraud. The banking system doesn't suffer nearly as
The problem is us (Score:5, Interesting)
Let's say you go to an online merchant and made a purchase. The financial institution should then call you at the phone numbers of record, that you gave when you opened the account, to confirm that it is indeed you that is making the purchase. This would maybe slow us down, and horror of horrors may force us to actually think about whether or not we actually need whatever it is that we are purchasing.
We have been so trained to want things instantly that we are willing to give up part of our financial security for immediate "satisfaction".
Sorry for the rant, but it isn't just the companies that are to blame, and a solution that punishes the institutions without challenging our ways of thinking about the way we approach our finances is only going to change the problem's appearance, not fix it.
Re:The problem is us (Score:3, Insightful)
I never thought of it that way, but you are 100% correct. Of course the problem is their is nothing I can do, since this is jsut the way things work now. There is no switch that says "I will not be doing any credit like things in the next year" anywhere.
FTC is involved I see... (Score:3, Interesting)
NEWS: FTC chief's credit card info stolen (Score:2, Interesting)
http://www.tampabays10.com/weird/weird_article.asp x?storyi [tampabays10.com]
Give all Americans new SINs? (Score:2)
telling consumers is a scam (Score:2)
The problem is replay (Score:3, Interesting)
Identity theft is too easy for two reasons:
1. The best uniquely identifying piece of information (in the US) is the SSN. It is a perfect username. And yet, we keep using it as both the username AND the password. It is stupid. Just because I know a unique name for a person shouldn't mean I can open a line of credit for him/her.
2. Even if there were a separate "secret" password, it wouldn't be secret once used. Every time you prove to someone that YOU are you in the current system, you empower that person to prove that HE is you. Let me say that again, because it is important: every time you prove to someone that YOU are you in the current system, you empower that person to prove that HE is you. And, even if you trust that guy, the information you have given can be stolen or lost by him and used by someone else you don't trust.
Instead, we need to find a good way to make public-key encryption work for the masses. Public-key encryption can be used to safeguard one's identity because the authentication is not so easily replayed.
Imagine a dedicated piece of hardware, similar in form-factor to a credit-card-sized calculator, complete with LCD display and numeric keys. Have that card be able to generate key-pairs and easily display and transmit the public key. Then, set up a ubiqitous public key infrastructure that financial institutions and others can use to verify that the public key you give them is really yours.
The government can actually be of help here. Nearly everyone in the US has to go to the DMV and get a driver's license. There is actually quite a bit of identity verification that goes on there, certainly compared to what goes on at a credit-card bank. If the DMV also provided a free key-signing service, then people could bring their key cards in and get their public-keys signed as belonging to the actual person in question.
Then, when a company that wants to authenticate that you really are who you claim to be, they can sign a challenge and send it to you. Your key-card can verify that the challenge is legitimate, and respond by signing their challenge using the stored private key. This private key, btw, would never be accessible off the card or shown in the LCD display.
The neat part about this is that the credentials necessary to prove you are you are never anywhere but that key-card in your possession. It can't be stolen from the bank's computer system or replayed by a retail clerk. Even if it gets physically stolen, they would need your PIN number to use it.
Also, because this would be mandated and use open standards, no one bank or institution would need to shoulder the costs. Each individual would have to purchase a conforming card only once and be able to use it for all financial transactions.
If the government really wanted to fix it... (Score:2)
Though I strongly oppose the basis for the Real ID, I'm hoping that it's introduction will consolidate the
Re:My Solution (Score:2)
If thieves can't steal your identity when you don't have an SSN, then you might have a hard time using your identity.
Lame Solution (Score:2)
The problem is not the SS#'s exist, the problem is that everyone adopted it as their own unique identifier. If an SS# only linked you to your Social Security account, it's theft would little harm. Instead, it has become the key to allowing crooks to impersonate you.
No Gov't Mandate for Universal SSN's (Score:2)
There was no government requirement mandating that everyone get an SSN. The SSN serves to uniquely identify anyone who is eligible to receive Social Security benefits. I.e., anyone who has ever worked for an employer who followed the law and made SS contributions in his or her name.
Since it was so
Re:Fixing Identity Theft? (Score:2)
how does this fix anything. The data is been stolen already...
1. You can change your password or PIN or cancel the card or other service.
2. You can find accurate lists of which companies have consistently failed to protect consumer data and avoid giving personal information to them. This will provide companies with incentive to protect the data, which they don't currently have.
Re:Having just finished fighting this... (Score:2)