Bill Introduced to Congress Would Allow ID Theft Restitution

verybadradio writes with an article at News.com about a bill introduced into Congress that would allow citizens who have been victimized by identity theft to seek repayment for the money and time spent repairing their credit history. The bill was introduced by Democrat Patrick Leahy of Vermont and Republican Arlen Specter of Pennsylvania. "Last year, 8.4 million Americans were victims of identity theft, and many were left with a bad credit report, which takes months or years to repair, the lawmakers said ... The bill would also eliminate a requirement that the loss resulting from damage to a victim's computer must exceed $5,000 for prosecution; make it a felony to use spyware or keyloggers to damage 10 or more computers; and expand the definition of cybercrime to include extortion schemes that threaten to damage or access confidential information on a computer."

Wow...

[DragonPup]

...a cyber-crime bill that seems to be actually useful. Did we step into Bizarro America?

Re:

[EMeta]

Only if it passes...

Re:

[jackpot777]

Are you expecting Donatelli Group to tell Bush to veto?

Re:

[Volante3192]

That didn't work for SCHIP.

OT: SCHIP

[Kadin2048]

That didn't work for SCHIP.

Yes, I have to admit that outbreak of common sense on the part of the Executive Branch was unexpected, to say the least.

Re:

[Necreia]

These issues have been plaguing Credit companies with costs to make customers 'happy'. It's been a financial hit on those that have... shall I say: Strong pull in government. Now, those same people can just attack the assailant instead of trying to get things corrected through their credit institution. The law, I'd assume, is to actually support/help the credit companies-- meaning that it being a benefit to the consumer is a side effect. Don't worry. We didn't go and be all sensible towards the general

Oh Not This Again

[mpapet]

These issues have been plaguing Credit companies

1. Your premise is wrong. The banks DO NOT assume the costs of fraud. Merchants absorb all of the cost of fraud and pay the bank a penalty too. The costs are shifted to consumers through higher prices. Bottom line: The Association banks benefit greatly from fraud.

2. The bill in question is the wrong way to address the issue. The card associations have a solution to the problem except they won't implement it because it cuts into their fraud revenue and the costs are much higher per-card than dumb plastic/mag-stripe. The standard is called EMV. It solves 98% of fraud issues. Today. The other 2% I'll blame on bad coding.

Re:Oh Not This Again

[dgatwood]

Credit card number theft is almost an insignificant issue. I've had unknown charges occur on my credit card, and in one of those cases, the card company contacted me. The other one only required a simple phone call. I'm not sure how they got the numbers---one of those cards had only been used once at CostCo---but it happens. Either way, it didn't cost me a dime.

This is about identity theft---stealing enough information to obtain credit cards of your own in someone else's name, then racking up thousands of dollars of debt. EMV doesn't solve any fraud issues because most identity theft is either A. caused by somebody giving out information too willingly to someone who really doesn't need it, or B. caused by somebody who should have been trustworthy not taking care of the data that they retain. EMV won't help either of those situations. (For people who aren't aware, EMV is a smart card system for credit cards. AFAIK, EMV also won't really solve card number theft, since internet purchases have to be made the old-fashioned way unless you just happen to be willing to buy a reader for your computer....)

The only thing that will really solve identity theft is making credit card companies and credit agencies fully responsible for every penny of losses due to identity theft. This law is exactly backwards and should not be passed. The reality is, we wouldn't have identity theft problems if those companies were held liable for losses. You would apply for a credit card, and they would make phone calls to your last known telephone number, give you some code number, and ask you to call a 1-800 number and enter that code in order to complete the request. The fact that they don't do even the most basic checks to verify the validity of a CC request is proof positive that they are content to let merchants and individuals bear the brunt of their own incompetence.

I've never had my identity stolen, but if it happened to me, the first thing I'd do is hire a lawyer to sue every reporting agency that the CC company contacted for credit history information. If the reporting agency were responsible, they would have contacted me and asked for authorization before releasing that information. As far as I'm concerned, a credit reporting agency should not have the right to retain data on me nor to release that data to anyone without my explicit permission. That means checking signatures against known signatures on file, contacting me at known prior addresses/phone numbers, etc. Then, I would follow that by suing the credit card company for similarly failing to properly research the request. When it was all over, my credit history would still be screwed, but at least I'd have gotten enough money out of the dirty scumbags that I wouldn't have to care.

Whoaa there Pardner...

[mpapet]

The grandparent wrongly assumes that banks assume the costs of fraud. To which I replied with some educational facts about transaction fraud.

Re:

[dgatwood]

Ah. I misunderstood where you were coming from. My bad.

Agree 100%

[Joce640k]

Re: Identity theft

People need to be notified whenever an application is made for a drivers license, bank loan, etc. Until the rightful owner of the SSN responds (eg. via telephone with a PIN), the application cannot proceed.

If people are dumb enough to carry their PIN in their wallet then they should be liable for all losses.

Re: credit cards:

I'd like to see:

a) No storage of credit card numbers by *anybody* other than the card issuer (ie. online merchants like must not store your card numbers anywhere, you n

Re:

[Em Adespoton]

a) No storage of credit card numbers by *anybody* other than the card issuer (ie. online merchants like must not store your card numbers anywhere, you need to type it in for each transaction).

This wouldn't work. If only you have the card number, there's no audit trail.

However, having actually designed an automated online credit card payment system, I can tell you what DOES work:

Only keep the first and last 4 digits of the credit card number, and blank out the rest. Also keep the transaction ID.
The authori

Re:

[unitron]

a) No storage of credit card numbers by *anybody* other than the card issuer (ie. online merchants like must not store your card numbers anywhere, you need to type it in for each transaction).

How about instead of telling fuzzysandals.com "Here's my credit card number. Tell MasterCard's computer to give you 40 of my dollars.", you connect to MasterCard.com and tell them "Give 40 bucks to fuzzysandals.com on my behalf. Here's their transaction serial number for my order." ?

Re:

[dgatwood]

In other words, basically PayPal (minus a truckload of fees).

Re:

[unitron]

In other words, basically PayPal (minus a truckload of fees).

Well, sort of, but not really.

For example, if I could remember the PayPal password I haven't used in a few years and wanted to transfer funds to you, I'd be telling PayPal to present my Visa or MasterCard card number to Visa or MasterCard and get some of my money from them and then pass it on to you.

What I'm suggesting is a system where I don't share my Visa or MasterCard card number with anybody but Visa or MasterCard. When I want to transfer some of my money to a merchant, I contact Visa or MasterCard

Re:

[TooMuchToDo]

Disposable credit card numbers (generated either via an application or the credit card issuer website) are the assbackwards implementation of this system.

They don't even check

[CaptainZapp]

For torn up and re-glued "pre-approved" credit card applications as this case [cockeyed.com] very nicely illustrates.

They can probably save 37cents per applicant by shipping it off to some cheap off-shore country.

I agree with you. They should be held 100% responsible for their negligence, just like the rest of us.

Re:

[hedwards]

These issues have been plaguing Credit companies

1. Your premise is wrong. The banks DO NOT assume the costs of fraud. Merchants absorb all of the cost of fraud and pay the bank a penalty too. The costs are shifted to consumers through higher prices. Bottom line: The Association banks benefit greatly from fraud.

That is absolutely correct, when I had an unauthorized charge on one of my cards, I had to call up the merchant and have them credit me back on my own. The bank didn't handle any of it. Fortunately, it was a credit card rather than a check, otherwise I might never have seen any money back.

The only thing though is that it goes back further, my mother ended up getting stung for a bad check she accepted twenty years ago, it was at that point already common practice to force the merchants to pay for any fraud

Re:

[Red Flayer]

1. Your premise is wrong. The banks DO NOT assume the costs of fraud.

Your interpretation of his post is wrong. He DID NOT write that banks assume the costs of fraud.

He wrote that the credit companies pay a lot to make customers 'happy'. In essence, the cost of fixing credit report problems has become prohibitive to the credit companies, so they have begun lobbying for change. I don't agree with him, but that seems to be his point, so please don't refute something other than what he said.

2. The bill in

Re:

[suv4x4]

2. The bill in question is the wrong way to address the issue. The card associations have a solution to the problem except they won't implement it because it cuts into their fraud revenue and the costs are much higher per-card than dumb plastic/mag-stripe. The standard is called EMV. It solves 98% of fraud issues. Today. The other 2% I'll blame on bad coding.

For e-commerce it's even simpler. In our country (Bulgaria) 10 years ago we suffered from too many teen hacker wannabes for whom the greatest fun in th

Re:

[canuck57]

2. The bill in question is the wrong way to address the issue. The card associations have a solution to the problem except they won't implement it because it cuts into their fraud revenue and the costs are much higher per-card than dumb plastic/mag-stripe. The standard is called EMV. It solves 98% of fraud issues. Today. The other 2% I'll blame on bad coding.

Then let the law pass. It will MOTIVATE the twigs at the top to get off their lethargic butts and put a stop to it. What you are saying is that th

Re:

[innerweb]

You all can mod the parent post troll, but think about this first (okay, his language and terms are very crude!).

How many places could continue working, or harvesting without these illegal/undocumented workers. They are not only from Mexico, but from Asia, Europe (esp eastern), Africa and other places. Most, if not all have broken the laws in their own countries, and many have broken the law to come here. Many break the law again by accepting a stolen SSN, or living illegally (overcrowded housing, hazar

Re:

[the_humeister]

Indeed. I was wondering why everyone here looked like a gray-skinned version of Superman and Lois Lane with very square features.

Re:Wow...

[pburdine]

The problem with this is that it only addresses 1 of the 5 known forms of identity theft. Financial Identity theft is estimated to be less than 26% of all ID theft crimes. For reference the other 4 are: 1) Drivers License - Someone can get using your DL # and you may have moving violations or points on your record that you don't know about it. This can happen in other states and it will take years to get back to you since the DMV's don't communicate all that well. Try fighting that. 2) Medical - Someone has procedures performed or gets checkups in your name. How would you like it if your insurance rates shot up because someone tested positive for HIV on your medical history. How about they change what you are allergic to and next time you go in they give something and you have an allergic reaction. Or maybe change your blood type. This can kill you and no one will know. 3) Character - Do you have outstanding arrest warrants in you name for crimes someone else committed? This can keep you from getting employed or you can lose your security clearance through no fault of your own. 4) Social Security - Has your SSN number been stolen and used by other people and reported to the IRS for tax reasons? You could be liable for a very large tax bill on income you didn't receive. The IRS doesn't care since most of the time they can force people to pay even though it wasn't them. Unfortunately congress doesn't seem to pay attention to the rest of these. Until they address all of them, we are all in trouble. --Peter

Re:

[IndustrialComplex]

Well, Senator Arlen Specter (R-PA) always seemed to be the 'Bizzaro' version of ex-Senator Rick Santorum (R-PA).

While I haven't agreed with all his votes, he has generally been one of the more small 'c' conservatives in the Republican party. I'm surprised he actually gathered as much strength given that he has often been at odds with the party leadership.

I was genuinely upset/worried when he was fighting cancer (Hodgkin's Disease). He is one of the few politicians I actually liked. Glad to see he is st

Hmm

[orclevegam]

It all sounds good except this line makes me a bit nervous:

and expand the definition of cybercrime to include extortion schemes that threaten to damage or access confidential information on a computer.

Would threatening to expose a security flaw in a server or website unless it was patched open you up to prosecution under cybercrime laws then? I know that's already fairly shaky ground from a legal standpoint, but would this make it even worse?

Re:Hmm

[Nom du Keyboard]

It all sounds good except this line makes me a bit nervous:

and expand the definition of cybercrime to include extortion schemes that threaten to damage or access confidential information on a computer.

Would threatening to expose a security flaw in a server or website unless it was patched open you up to prosecution under cybercrime laws then? I know that's already fairly shaky ground from a legal standpoint, but would this make it even worse?

Would this apply to the RIAA and MediaSentry/SafeNet breaking into private individuals computers?

Re:

[faloi]

I dunno... I'd think you'd have to be in a position to personally benefit (one way or the other) from exposing the flaw. For example, telling a company that if they don't pay you money, you'll expose this flaw would definitely land you in legal hot water. Threatening to expose it via telling the company about it, waiting a reasonable time, then publishing it if the company doesn't respond probably wouldn't run afoul of the new law. I would guess that using the flaw yourself to benefit (like through stea

Extortion.

[Erris]

Would threatening to expose a security flaw in a server or website unless it was patched open you up to prosecution under cybercrime laws then?

If you ask for money in return for keeping your mouth shut, you are already an extortionist. At the same time, it's hard to see them using the bill [senate.gov] to come after an honest disclosure, where you simply published details. Must find bill to know.

Re:

[sjames]

You need to re-parse the sentence. It says nothing about exposing a flaw, only about threatening to use a flaw.

Obvious

[Nom du Keyboard]

Why does such an obvious idea take so long to be realized?

New laws really necessary?

[RandoX]

So are you telling me that no other laws actually forbid any of these things already? What's wrong with those laws?

Re:

[bwthomas]

Nothing is wrong with those laws; they're good laws that are obviously needed. But they only criminalize the identity theft. What they don't do is give the victims of identity theft recourse to recover damages from the responsible party, or any party for that matter.

In other words, they attempt to establish a framework by which a person victimized can recover damages from the person who has stolen their personal information and used it illegally, which is something beyond sentencing the convicted person.

Re:

[jhantin]

#include <not_lawyer.h>

The bank was the fraud victim, you're collateral damage. Er, um, no pun intended...

After the fraud uses your personal information to take money from a third party creditor, said creditor unfairly trashes your reputation, since that's the easiest recourse they have. Actual damages inflicted by the creditor in what looks to me like a defamation case might well be difficult to demonstrate, but not impossible: that nasty little clause in your credit card agreements that makes

Illegal, but not as recoupable

[phorm]

Forbid yes, get your cash back, no. Although technically you could sue them in claims court, perhaps this will make the process a bit smoother for the victim(s).

Personally, I'd like to see something that not only makes the identity-thieves culpable, but the companies that have allowed such identity theft to occur due to improper handling of sensitive private information...

Usually

[evanbd]

My usual reaction to identity theft laws is "Aren't existing fraud laws sufficient?"

At least at first glance, however, this bill seems to be doing more, and doing it in a useful manner -- not solely a "well, let's make it more illegal!" type of bill.

Re:Usually

[vertinox]

My usual reaction to identity theft laws is "Aren't existing fraud laws sufficient?"

No. But its not the identity thieves the laws should target (because its hard to track them down) but the credit companies and the companies that accept fraudulent credit.

Simply letting someone ruin another persons life with a birthday and a social security number is a horrid method for identification. It really needs to stop and there should be recourse for identity theft victims to go after credit companies who allowed such a transaction to happen.

Of course these credit companies are the ones trying to make a buck by offering "protection" services when they are the ones who let these transactions happen with little background checking.

Re:

[StikyPad]

I'm not sure how you intend to punish a party who was defrauded (i.e., the business which issued the credit). If I gave you 2 forms of ID, some recent pay stubs, and a VoE (counterfeit, stolen from a mailbox, and forged, respectively), and you gave me a loan, how would you be at fault? Unless you are claiming that the company was derelict in validating the identity of the applicant, in which case, what qualifies as a good faith effort?

Re:

[nuzak]

> Unless you are claiming that the company was derelict in validating the identity of the applicant, in which case, what qualifies as a good faith effort?

I dunno, but accepting pre-approved applications that have been taped together after being torn up, with the card sent to a different address than the offer, with a different phone number like a cell phone, and requiring no proof of identity whatsoever doesn't really fill me with feelings of good faith.

What do the associate banks care? They profit from

Re:

[evanbd]

It's not just at a national level, and it's not just the current administration. Much as I dislike them, I don't think the current administration is all that much worse than previous ones in this regard, and a lot of the fault rests with Congress, not the Executive branch.

I recently served on a grand jury handling general local level stuff. A typical indictment for ID theft would include fraud, atm card fraud (a special law! I'm sure making it super-extra-illegal helped), identity theft (yep, specifica

why can't we get what the RIAA gets?

[User 956]

a bill introduced into Congress that would allow citizens who have been victimized by identity theft to seek repayment for the money and time spent repairing their credit history.

If they set the damage levels anything near what the RIAA got in their last downloading lawsuit, that would put the brakes on ID theft right quick.

Re:

[neil-ngc]

We shouldn't. Really, the correct response to unreasonable copensation on a pro-rich people law is to fix the bad law, not right equally unreasonable payouts into a pro-average joe law. A law that makes it easier for victims to fix things up and get compensation for their losses and time is reasonable. Even some modest punitive damages are reasonable. But stupid sized compensations like those under the DMCA just give the green light to write more laws with stupid compensation levels, and you may not lik

Re:

[orclevegam]

If they set the damage levels anything near what the RIAA got in their last downloading lawsuit, that would put the brakes on ID theft right quick.

Oh yes, because those Chinese, Russians, and others located outside the US are so mortally afraid of being sued for a hojillion dollars. The one good thing this law is doing is allowing the victim to recoup some of the loss, and maybe might act as incentive for the credit card companies to actually do something to reduce identity theft. The problem till now is it was always the victims eating the costs of identity theft, not the credit card and credit reporting agencies.

Re:

[arivanov]

Can't quite see your point.

They cannot apply for a mortgage or loan in an American's name while in China.

Russian or Chinese steal your DATA, not your identity. This DATA may be used to steal your identity later on. In order to do so, the criminal has to be in the same country as the victim. Otherwise he cannot draw benefits or apply for a loan. As a result, the person committing the actual felony of identity theft is usually a national or permanent resident.

Re:

[arivanov]

I have noted the SPAM, but I have yet to see how they can do any of that without your (or other person in-country) cooperation. The most common use for this ruse is using stolen data or credentials to transfer all the money to the account in control of the person who has fallen for the "investment" ruse and from there push it out of the country. Considering that most consumers are currently way into the red ink and have very little in the way of cash in their accounts you cannot really make a killing by plu

Re:

[sumdumass]

What makes you think that? Most people, just like the defendant in the last RIAA case will never have the money to pay it. At most they will make payments but lets face it, unless your skilled in an area in need of qualified employees, your not really going to be getting good paying jobs with a theft related felony on your record.

And if you could get a job paying the bills, how much extra do you think you might have or worse yet, how long would you keep the job if they kept putting you back in jail for not

Re:

[mpapet]

What puts the brakes on ID theft is implementing EMV. Most of the laws like this one simply protect the card association bank fraud revenues.

The cost of a fraudulent transaction is shifted to the merchant -plus- penalties. The association banks generate good (but not too much) fraud and "credit protection services" revenue. That's how they can afford gigantic advertising budgets. http://www.mind-advertising.com/us/visa_us.htm [mind-advertising.com]

The EMV standard practically eliminates fraud and is in use in many industrializ

Where have I heard "damage computers" before...

[HTH NE1]

make it a felony to use spyware or keyloggers to damage 10 or more computers;

Expect an exception amendment to the bill on behalf of the RIAA, MPAA, BSA, etc. from Senator Orrin Hatch to try granting themselves immunity again.

Re:

[Dachannien]

Also, expect Berman and Coble to take care of business (literally) in the House if the Mafiaa can't ramrod it through in the Senate.

Why ten?

[kilo_foxtrot84]

What's the rationale behind having ten computers be the felony limit? Why not seven, or five?

Re:Why ten?

[pintpusher]

It should be 10 computers, as in one more than 1 computer.

Re:

[BadMrMojo]

Thieves who have to count out victims on their fingers are assumed to be a bit slower and, therefore, much less dangerous.

(Ok, so it was a poor attempt after the binary reply above but that's a tough act to follow.)

Re:

[sumdumass]

I don't know if there is a rational behind 10 specifically, but these crimes are generally left to the states to prosecute. This is a big power grab for the feds to be able to step in and say we will prosecute them. Generally there has to be a high dollar amount (as to effect interstate commerce even if it was completely within a state) or be across state lines and still of a certain dollar amount.

It would depend on the states themselves, but this is probably already a felony. The big difference in this law

This is a step in the right direction

[CaptainPatent]

I'm sure there's a heavy following on /. for online MMORPGs where goods can be purchased from an online store for real money. There has always been a huge amount of credit card fraud occurring because there is no physical location ever divulged in order to gain access to these goods. Everything is strictly online. The problem is many people would run up a debt on a stolen credit card of (literally) $4990 and move on to the next card. With this bill, people like that would be prosecutable.

I think this is a

The nature of the identity theft crime...

[Bill the Cat]

...cries out for an approach similar to the combating of piracy back in the 1700 and 1800's, eg) issues of letters of marque, allowing private citizens to capture or do damage to the criminals.

Re:

[kilo_foxtrot84]

...until the system is abused. Actually, a quick check shows that the US Congress is empowered by the Constitution to issue letters of marque to private citizens. I wonder if they're issued all that often now...

Re:

[firecowboy]

Blackwater USA

Now if only...

[InvisblePinkUnicorn]

Now if only the penalties for stealing a person's identity, money, and ruining their credit history for years could match the penalty for having a certain flowering plant in your pocket, maybe the court system wouldn't be such a joke.

Re:

[InvisblePinkUnicorn]

That's nice. I'm sure all the people currently in jail for years for minor possession will be glad to know that their filled-to-capacity prison will not be getting as many people like themselves. I bet they were getting sick of it by now.

Bill Number

[andphi]

Does anyone know the name or number of the bill in question?

The nearest match I can find on thomas.gov: http://www.thomas.gov/cgi-bin/bdquery/z?d110:s.01178 [thomas.gov]: seems to date back to February, whereas the News.com story implies that the Bill was introduced on Oct 16.

Bill Number (110) S.2168

[megaditto]

Leahy did release the PR blurb on it, but the full text is kept secret of course (Dems want to get paid too)

Track the bill here: http://www.govtrack.us/congress/bill.xpd?bill=s110-2168 [govtrack.us]

Rejected...

[InvisblePinkUnicorn]

The article continues: "The USPTO immediately rejected Mr. Leahy's proposal as obvious."

Years too late

[angryrobot]

I was the victim of identity theft about 6 years ago. It took me literally 2 years to clear my name. That's 2 years of making long distance phone calls, tracking down the right people, emailing, photocopying birth certificates and licenses, making police reports, etc, etc. All the while I was looked at with suspicion and I basically had to prove my innocence!

Whose fault was it that my identity was stolen? That would be the credit bureaus and the credit card companies that allowed it to happen, not me. It is their system that is at fault for allowing people to steal identities so easily. So why am I responsible to clean up their mess? If I have marks on my credit report, I should be able to tell the bureaus and that should be the end of it. I think restitution is the least they can do.

Re:Years too late

[jav1231]

Agreed. I can't for the life of me understand why when ID theft is identified your credit score isn't immediately returned to the state it was in on the date the theft is pinpointed. THAT should be in this bill.

Re:

[gillbates]

I can't help but wonder if a notarized letter stating something to the effect of, " Failure on your part to accurately verify the identity of the participant in a financial transaction does not incur a liability on my part. However unfortunate your loss, it was not caused by me, and I will not be held liable for it. Subsequent attempts to contact me on this matter will be ignored. " would work.

I'm pretty sure you could turn it into a form letter, and send it to any debtors you didn't recognize.

Re:

[Tacvek]

I can't help but wonder if a notarized letter stating something to the effect of, " Failure on your part to accurately verify the identity of the participant in a financial transaction does not incur a liability on my part. However unfortunate your loss, it was not caused by me, and I will not be held liable for it. Subsequent attempts to contact me on this matter will be ignored. " would work.

I'm pretty sure you could turn it into a form letter, and send it to any debtors you didn't recognize.

That might have some impact, but remember that unless you can convince the credit reporting agencies that those debts should be removed from your credit history as they were not really your liability, you will still be impacted. And the credit reporting agencies will be very reluctant to remove items for that reason, or otherwise people will attempt to remove from their records cases in which they really did default on a loan, by claiming it was identity theft.

Re:

[nuzak]

> I'm pretty sure you could turn it into a form letter, and send it to any debtors you didn't recognize.

And they could send you a picture of their hairy scrotum, with "fuck off, we'll ruin your credit if we feel like it" in 72-point letters, and you would still have no legal recourse. The law does not care about you, and politicians only pretend to in an election year.

Re:

[vertinox]

Whose fault was it that my identity was stolen?

I haven't ever been a victim of identify theft, but I wouldn't be surprised if one day I would even though I guard all my personal information like a rabid pit pull and shred all my mail.

The simple fact that most credit companies only need a birthday and a social security number is what drives me mad, because I'm asked by everyone for both in casual situations.

I bought a new cell phone the other day and it required me giving my Social over to the sales person e

Re:

[QuantumRiff]

The whole thing I can't understand is why its your fault, and not the company that doesn't verify your identity? IE, why is it MY responsibility to prove that YOU screwed up? Why isn't it Your responsibility to ensure that your customer is, in fact, your customer?

Even More Sadly

[mpapet]

This bill continues to shift the burden back to the parties with the least interest in the whole mess, the victims and the criminal.

As your example clearly points out, a credit reporting agency customer is one that pays for the data, not the individuals that comprise their product.

I am continually amazed as to why more Americans utterly fail to comprehend why it's okay for the various companies (some with deep ties back to the banking industry) to sell the data to begin with. That's my data to sell, not yo

Re:

[mosch]

So basically, you're justifying a system that abuses innocent people every day because it makes it slightly more convenient for a third party who wants to turn a profit.

Fucking prick.

This is about time

[Seismologist]

We'll see if this goes trough. I can assume the this credit rating amendment process, CRAP to be short, will likely die a quick death in congress. I mean, why should "you", of all people, be able to easily challenge the accuracy of "your" personal information that three corporations maintain on you without your consent to begin with really. I'm sure, in America at least, that if you arbitrarily started compiling information on addresses, and names of your neighbors for example and where they shopped etc.,

This is the WRONG approach

[erroneus]

The real problem is that, as very well predicted, the use of social security numbers for anything other than social security will lead to all sorts of problems. The fact that a person's identity is essentially just this number and that the credit game has become an entrenched part of commerce and culture, they [the people behind the illegal use of social security numbers -- yes, it's illegal -- law was written to prevent this and everyone, including and especially the IRS has ignored it] have created a situation for which "they" should be held liable. Instead, they create the mess and we are somehow responsible for cleaning up the messes. And now with bills like this, the idea that "we" are responsible for when THEIR credit and identity systems are abused and used against us... that "we" can somehow prevent it from happening and it's our responsibility.

The abuse of SSNs and the credit system at large needs to be dismantled or severely reformed in such a way that the creators of the problem are liable for the problems it causes. As it stands, they can buy and sell "your information" because it's not your data... it's theirs... they collected it! But when it's abused and affects your life, YOU are responsible. How is that appropriate? NO. This bill is VERY wrong. The bill should assign liability to the parties responsible for creating the mess. This is just further effort to assign the liability of the SSN and credit industry to people who may not even be willing participants!

Re:

[Hoplite3]

I agree very much that the SSN as an identifier is silly.

The bill that needs to happen would be one that makes the credit agency (Visa, the mortgage company, etc) who gave credit to the identity thief liable for their actions. This bill puts more liability on the thief, but does little to encourage Visa et al. to use a secure method of identification. Public key exists and is reasonably secure. If the credit card companies could be arsed to use it, we could be free of identity theft.

Re:

[erroneus]

I guess now that I think about it, I wonder if a solution wouldn't be to punish the credit card company for identity theft. That gives them two options. Either take better precautions against it, or stop utilizing that information at all.

That's what I was driving at and that would be the simple and logical solution. But there are many who TRULY believe that business interests are more important than individual interests. They have their simple, easy and convenient method... they bought it and worked over

Re:

[berzerke]

...The only things I would consider buying on credit are the more traditional things like houses and real estate. For just about everything else, I'm very reluctant and so are a growing number of enlightened people.

Unfortunately, this style leaves you screwed when you do want to use credit. With little or no history, all you'll get is a "no" or higher than deserved rates when you do need credit.

Why do credit bureaus even exist?

[svendsen]

Why do these bureaus exist? They aren't a govt agency, they have no over site, their scoring methods are unknown (I would love to see if race played a factor in them..talk about a law suit), you have to pay them to freeze your account (not the 90 day one), pay to unfreeze them, and every business now feels entitled to use them when seeing if they want to provide you service you are going to pay for (cable company does not need my SSN and pull a credit report), and if they fuck up...guess what...you have to

Re:

[svendsen]

I didnt know about the oversite...

However your link to the how they calculate your credit score is the generic here is what they say. I was referring to the actually formula they use to determine the score (actually both since not all 3 of the credit bureaus use the same scoring system).

So tell me where can I find the exact formula that shows how my credit score is determined? You can't. The formula needs to be public. Cause without the ability to actually SEE the formula we have no idea how they

Re:

[svendsen]

I did read the whole link...and googled fair Isaac and guess? Ready for it? You can not find the mathematical formula they use. It is a trade secret they have never released. I don;t care about the break down percentages I want (and the public DESERVES) to know the formula AND any modifications to the formula the credit that a credit bureau has done to it. Else no matter what they say to us (35% is from XYZ, 30% is from BCA) we really have no idea.

Re:

[svendsen]

Sorry you are full of it. I read your link over and over just to be sure. It gives breakdown of categories and percentages that is it. A formula would be X= Y +Z / (A * B). Which even when googling does not show.

For example Payment history category (35% of the total score) has seven sub categories to it. What are the weights of each one? How do they get the number for each one. How do the 7 sub categories come together to give you that 35%? I don;t see a single FORMULA on that page.

Are you no

Leahy-Specter bloviating

[michaelmalak]

We don't need more laws, just enforcement. Identity theft almost always crosses state lines, which means the FBI has to be involved, and they don't care about cases less than $25,000 or so.

If there is to be a new law, it should be that the credit reporting agencies should pony up into a fund for the FBI so that they can enforce existing laws. It's the credit reporting agencies that are slandering us consumers based on false information, but they get off scot-free due to laws protecting them.

Re:

[michaelmalak]

Perhaps I'm misinformed, but I thought that's what we pay taxes for.

Sadly, yes that's generally what taxes are for. User fees are better at keeping taxes down than just paying for everything out of a general fund. The credit reporting agencies get special protection by the Fair Credit Reporting Act from lawsuits by consumers over false information, and they should pay for the privilege.

Wouldn't it be nice

[Evets]

Wouldn't it be nice if they came up with a law that ordered the credit reporting agency's to correct an identity theft victim's credit report data in a timely manner? Or maybe mandated a level of service beyond "send us a certified letter and we'll get back to you within 4 weeks and whatever we say then is final - but don't make the letter any longer than 65 words or we won't read it"

Can we sue the credit reporting agencies?

[140Mandak262Jamuna]

For slander or defamation?

Basically, someone impersonates me. Some bank/merchant/credit card company extends credit without verification. The impersonator defaults. They report me as the deadbeat. That is the scenario. The creditor who mistakenly reported me should be liable for slander. The credit reporting agencies should be considered accessory after the fact. So the real culprits are the people who extend credit without verification and people who report me as a deadbeat without justification. Normally if they have to face full consequences of their action, they will clean up their act and we would not need any special laws for identity theft.

But congress in its infinite stupidity holds the impersonator the responsible for my ruined reputation. The impersonator is liable for lying, cheating, committing forgery and is responsible for all the damage caused to the credulous creditor. And if they call me a deadbeat without proper verification whoever reported me as the deadbeat is responsible for the damage caused to my good name.

As usual it is a credit reporting agency liability protection act being sold to the public as an anti-ID theft law.

Re:Can we sue the credit reporting agencies?

[jfengel]

I believe they don't want to push it too hard because easy credit is an important driver in the economy. They give you easy credit, you buy houses and cars and stuff on credit cards, and lots of people get jobs selling you those things.

There's the fact that they make it too easy for people to buy stuff without realizing that they have to pay it back, but it's kind of a separate issue. If they erred on the side of security, the economy would slow drastically. You'd need an economist (which I am not) to run all the numbers, but basically the assertion is that the amount of fraud does less damage to the economy than the good done by easy credit.

What we really need is to make it easy to get credit if you qualify and not if you don't, which means forcing the credit providers to come up with a better mechanism for verifying identity than they're currently using (which is essentially none at all). There are difficulties there with civil liberties, as well as the fact that if you put more faith in a better authentication mechanism you suffer even more when it's broken (and there are no unbreakable authentication mechanisms).

Plus, there's the fact that the credit providers are personally profiting from the current rules. Which means it would be up to government to mandate a better scheme, which (a) they would do badly, like those idiotic RFID passports, and (b) would certainly set records for new forms of civil liberties violations.

Re:

[Creepy Crawler]

If the creditors cared about slowing fraud, they'd make every credit app require signing by a notary public.

What exactly are notary publics there for, if not document security? There here for a reason. Use em!

Re:

[Creepy Crawler]

To your knowledge, has anybody tried to sue the Big 4 (was 3..) for defamation of name in identity theft cases?

Re:

[sjames]

In support of you're idea, a the defense of reasonable belief just doesn't hold much water in an era where every 3rd commercial is for anti-identity theft services and we have weekly news reports about personal data being stolen. Dogs, fish, and toddlers have been issued credit cards. Clearly credit cards are routinely issued without due care. Equally frequently, banks and merchants report adverse credit information to the various credit agencies that proves false.

To me, that says that none of that inform

Re:

[Bios_Hakr]

You could, however, sue the agency that reported you to the CRA. If someone takes your name and opens a Sears card without paying, then Sears reports that *you* didn't pay your bill. That's clearly false.

Restitution from ... who?

[OldHawk777]

AFT: Bill to Allow ID Theft Restitution, could be vetoed by our master POTUS.

A bill introduced into Congress (has it passed?) that would allow citizens who have been victimized by identity theft to seek repayment for the money and time spent repairing their credit history.

The real question can we seek restitution from the financial/business institutions that so irresponsibly allowed the identity theft?

Partners in the ID theft crime ... Government, Military, Banks, Credit companies, auto, and large/expensive

Does that mean the Sony rootkit ...

[Opportunist]

...would then be the equivalent of "organized crime"? It's spyware, it reduces the machine's security and it was (and most likely still is) installed on way more than 10 machines.

Would this law make Sony a criminal organisation?

(for the cynics here: Would this make Sony officially a criminal organisation?)

FICA contributions

[GPS Pilot]

If a person uses a stolen Social Security number to get a job, I would like to see all FICA contributions made by the employee and employer to remain credited to the identity theft victim, even after the fraud is discovered.

That the victim will someday receive larger Social Security checks would be some consolation.

[Yes, this measure would have a negative impact on the illegal immigrant population, because few other groups have any reason to use stolen Social Security numbers when applying for a job.]

About time the Dems finally did something

[r_jensen11]

This seems to be something no political party can deny. Why the hell did it take so long for an act like this to get created and passed?

Too lenient

[leandrod]

make it a felony to use spyware or keyloggers to damage 10 or more computers

Why so lenient? It should be a crime to put spyware into any computer unless it is your own or under your responsibility, and other users know about it; and keyloggers in any computers at all unless you have a court order to do so.

What?

[jandersen]

Do you mean to imply that these things are NOT crimes already? Seems strange, to say the least.

Never mind, though. I have stopped using credit cards years ago, and I am thinking about not having a debit card either and instead buy one of these prepaid 'credit cards' for when I want to buy something online; the disadvantages of using plastic cards are many, and the genuine advantages seem smaller and smaller every day. When you use a card, you have to pay a fee - or the shop does, which amounts to the same t

Re:

[kalirion]

If I had my identity stolen, I'd just want 10 minutes alone in a locked room with the bastard. I'm pretty sure I could give him hospital bills equaling my losses in time and money. He might've ruined my credit, but I'd ruin his ability to walk.

Are you so sure you won't turn out to be the one with the hospital bills. Might want to add a clause requiring him/her to be tied up.

Re:

[markbt73]

I was thinking more like a period of indentured servitude. You pretend to be me and get caught, then I OWN you. Literally.

Re:

[scharkalvin]

Make identity theft a capital crime.
Steal someone's life, lose your own.

Re:

[gurps_npc]

Look, you fool, I did not REQUIRE the victim to change his name, it is their option. Nor do I require it to be radically different. Just change the spelling of the last name and you can solve it.

You might be more attached to your name than your credit history, but can't you realize that SOMEONE might want to change their name to get out of this mess? And you won't let them do it easily? Not everyone is as silly as you.

2. No, I don't think only poor people steal. I do think that only poor people enga

Re:

[gurps_npc]

The majority of identity theft is committed by illegal aliens attempting to get a job. They are not rich.