Follow Slashdot stories on Twitter


Forgot your password?
Privacy Data Storage Government Security The Almighty Buck The Courts United States News

ID Theft In US Continues Apace Despite Data Breach Laws 117

4roddas points out an article at Techworld about the continued scourge of identify theft in the US, which begins: "Over the past five years, 43 US states have adopted data breach notification laws, but has all of this legislation actually cut down on identity theft? Not according to researchers at Carnegie Mellon University who have published (PDF) a state-by-state analysis of data supplied by the US Federal Trade Commission (FTC). 'There doesn't seem to be any evidence that the laws actually reduce identity theft,' said Sasha Romanosky, a Ph.D student at Carnegie Mellon who is one of the paper's authors. Since 1999 the FTC has invited identity theft victims to log information about their cases on its Web site. The data are then made accessible to law enforcement, which uses the information to help analyze crime trends."
This discussion has been archived. No new comments can be posted.

ID Theft In US Continues Apace Despite Data Breach Laws

Comments Filter:
  • Plain and simple, the only thing that's going to really make a dent in identity theft is to make identities harder to steal, and that means requiring all the banks and credit card companies to jump through more identity verification hoops before they give someone your money or a line of credit in your name.

    Sure, requiring you to go to a licensed notary and have a credit card application notarized might not make it so easy to get credit, but it would also make it harder to get credit in your name.

    The banks and credit card companies could do this, but it's more profitable to let people steal your identity and then just jack up fees and interest rates to cover the losses.

    - Greg
    • by sydbarrett74 ( 74307 ) <> on Sunday June 08, 2008 @04:48PM (#23702363)
      Wonderful points. I would also add that if laws/regs forced the onus of losses on the financial institutions themselves (rather than allowing them to write losses off as a cost of business), said firms would rapidly implement better security mechanisms. As it stands, banks have little incentive to prevent these crimes, because the victims have the burden of proof and responsibility for cleaning up the resulting mess.
      • by QuantumRiff ( 120817 ) on Sunday June 08, 2008 @05:03PM (#23702485)
        Even more than that, I would love to see some laws that simply state the the credit companies have to prove it was you that took out the credit. (you know, innocent to proven guilty, one of the cornerstones of our democracy). Right now, you have to find out what is going on, and then prove to them that you didn't request/use the money. If they would just put the principle of innocent till proven guilty, the banks and credit companies would have to drastically change the way they give credit. (since they have to prove its you!).

        I also think much would change if everyone had a right to get their own information that is collected from them. I can get credit reports 1 time a freaking year. thats it. Not to mention all the other companies that collect information about me. Some use that information for things like employment screening. How the hell am I supposed to know that I didn't get a job, because some company I have never heard of claims I had a record. (maybe they mistyped my social security or name...). Employers are scared of lawsuits, and they never tell you why you weren't selected..

        • by SeaFox ( 739806 )
          You can get one credit report from each reporting firm per year, and they generally mirror each other. Since there are three firms what you do is get a report from a different firm every four months.
        • I can get credit reports 1 time a freaking year. thats it.

          Huh??? for $48 you can get all 3 reports any time of year you want... as many times as you care to pay $48. I do it 4 times a year if I'm financially active, opening closing accounts, buying a house, a car, etc. If not I do it 2 times a year just to check up on things.

          Sure a lower price would be nice (It was only $30 2 years ago). But hey... it's certainly not that expensive when you consider the alternative... ie: ignorance.
          • You don't see a problem with paying money to see that your information that a company has compiled on you is accurate?
            • No not really... in the same way I don't mind paying money to have my taxes prepared for me. It's a convenience. If I or you cared enough... we could keep all the records ourselves.

              Do you have all the records of every payment you ever made on all of your accounts? Do you keep a running spreadsheet of your balance to available credit on revolving credit lines with a time axis multiplier?

              Neither do the companies you want to do business with. They don't know you, why should they trust you to pay? Reputation an
      • by menace3society ( 768451 ) on Sunday June 08, 2008 @05:35PM (#23702655)
        I've been saying this for years. Identity theft, like intellectual property theft, doesn't actually occur. What happens is financial-services fraud, to take advantage of my name and fiscal responsibility to get cash. At no point does anything that properly belongs to me ever get taken, or even leveraged. What gets leveraged are things like Social Security Number (property of the US government) and Credit Rating/Credit Score (property of the various agencies that compile them). I don't get tricked into anything, the bank gets tricked.

        The problem is, if you call it 'fraud' then the defrauded entity is on the hook, and that entity gives and lends tons of money to politicians, lawyers, and judges. If you call it 'identity theft,' then it seems more reasonable to blame the person whose name was forged, but (and this is important so it's gonna be in all caps) THE PERSON WHOSE ID IS STOLEN IS NOT THE VICTIM. The bank is, and the whole process from start to finish ought to be the bank's problem.

        If we had more strict laws on consumer data protection, this shit wouldn't happen.
        • Re: (Score:3, Interesting)

          by hedwards ( 940851 )
          That's hardly accurate at all. The only thing I can agree with is that with proper data protection laws, this wouldn't happen so frequently.

          The reason why it's referred to as identity theft is that fraudsters will use a real identity to open multiple accounts with multiple institutions and leave the bill for the victim to pay. And yes, that's how banks want it to work, they usually draw things out for many months, refuse to admit that it was their fault for having a shoddy system to verify these things.

          • A side problem is to define what data protection is. As privacy is a grey area of constitution, definition will always be bent toward profit.
            Also note that there are law, as the one stated in the summary, which mandates to notify security breaches, but those are totally irrelevant, as corp could just hid the head in the sand and play the didn't know card.
            An while we are there, there are data protection law, but protecting data is only half of the problem. The other half are untrained interns, which gave
        • by kesuki ( 321456 ) on Sunday June 08, 2008 @06:27PM (#23703023) Journal
          "The problem is, if you call it 'fraud' then the defrauded entity is on the hook, and that entity gives and lends tons of money to politicians, lawyers, and judges."

          there is more sophisticated type of 'identity theft' that is much more complex, basically, all you need is a mark, a few social security numbers, a couple weeks and a home. every couple of weeks, you use the money you've stolen to acquire more properties, and for each 'fabricated' identity, you take out a new mortgage on a property, legally you can't take out 10 mortgages on one property, but if you work the system, you can get dozens though on the same property, seemingly from different individuals all who appear to be the only owner of that property. this crime scales all the way up to multi-million dollar skyscrapers, at least if you do it right. if you can manage to beat the system long enough you can run away with millions leaving a massive massive debt several millions of dollars greater all belonging to your 'mark;' who, according to all the paper work, did all the signing, even though there was massive massive fraud committed. and for once, banks actually call it fraud. the marks always wind up in prison, they thought they were doing a 'work at home business' helping their lover... they guy i heard about who managed to do all this, did it three times to three different women, but he was too greedy, and never pulled out with the millions he could have... the first thing that happens is they freeze all the assets, if they even suspect someone is doing this, so it's all a matter of pulling out before they know what you've done. it's crazy how easily this kind of identity theft can be done, once you know the whole mortgage system, and how to get a mark to sign all the paperwork, without them knowing what you're up to.

          it was on dateline, the guy who kept coming back to the same scam, he even wrote a 'fictional' book, all about how he did all his crimes, sadly the book itself was the most incriminating evidence against him in the crime, all the paper trails led to his 'women.' finding a woman who doesn't know much about running a business, and learning all the skills needed to pull off the crime are way too easy, banks really really want to believe what people are telling them. especially when the paperwork all goes through fine.
        • by sjames ( 1099 ) on Sunday June 08, 2008 @07:23PM (#23703425) Homepage Journal

          What will really fix things is to recognize that what we call 'identity theft' is nothing more than two frauds jammed together.

          The first is some scumbag defrauding the bank into giving them money in someone else's name. The second is when the bank tries to pass the buck by making a third party pay the debt back.

          The bank's crime is even worse. They commit extortion by threatening to libel (report an adverse credit event resulting in declined loans and higher interest rates) the 'victim of identity theft' unless they pay for the bad debt they didn't have anything to do with.

          I fail to see how the bank's behavior is any better than if I were mugged in the park and decided to "make it right" by mugging the next person I see.

        • ``THE PERSON WHOSE ID IS STOLEN IS NOT THE VICTIM. The bank is, and the whole process from start to finish ought to be the bank's problem.''

          So you are saying that the banks have a problem, and they have somehow found a way to make the people whose credentials were used pay for it? How does this work? How can we stop it?

          Because, the way I see it, it's like this: Alice has some account with the Bank. Then Eve comes along and uses Alice's credentials to perform transactions. These transactions benefit Eve, but
          • Yes, it's more like this:
            Alice has accounts at a Bank. One of the accounts involves credit, so the Bank reports to the Credit Agency. Eve steals Alice's SSN and opens a credit account with Discover. Eve doesn't pay off the account, Discover reports it to the Creditagency, and tries to collect from Alice. Alice tries to get a loan from the Bank for a new car, the Bank gets a report from the Creditagency and refuses the loan. Discover finds out it was the victim of fraud, but instead of pursuing the frau
      • by jimicus ( 737525 )

        I would also add that if laws/regs forced the onus of losses on the financial institutions themselves (rather than allowing them to write losses off as a cost of business), said firms would rapidly implement better security mechanisms.

        Such losses tend to be borne ultimately by the customers rather than the institution. The only way to negate that is to enforce fines so large that passing them onto the customer would actually wind up more expensive in terms of lost custom than simply obeying the law.

    • What about wire transfers and fake checks? Should we get every check we write notarized as well? It shouldn't be the bank's fault if somebody decides to click that e-mail link or wires money to help someone in Africa.
      • Fake checks? Put the burden on the banks and they'll come up with a system that does positive confirmation within a day or two; right now, checks can fail months after they've settled.
      • Are you living in the dark ages?
        • "Are you living in the dark ages?"

          Not sure what you mean? Most people I know use else do you mail in bill payments?

          I usually only write checks for rent, I've started paying most everything else online, but, not everyone has a computer hooked to the internet, not to mention so many people are scared to do transactions online dues to ID theft risks.

    • Re: (Score:2, Insightful)

      by homer_s ( 799572 )
      If someone "steals my identity" and gets credit, am I responsible for paying the loan or does the financial institution just eat it?

      My friend's husband had his SSN stolen and they were convinced that they'd have to repay. They showed me the IL attorney general's website which supported their conclusion.

      If that is true, then this problem will not go away. Make the financial institution eat the loss caused by their stupid reliance on a 9-digit number that is not even supposed to be secret.
      • by liquidpele ( 663430 ) on Sunday June 08, 2008 @05:27PM (#23702617) Journal
        1) If you file a police report and go through all the motions (contact credit companies, etc) you'll most likely win in court. If you don't do all that, it might look like you're just trying to get out of paying.

        2) Credit card companies are usually very good about not holding you liable. They've basically built it into their business model though, because if they try to force you to pay, you can just tell them to shove it and then all they can do is make your credit bad (which it already would be). Banks and Taxes can take your house though, they tend to be much harder to convince and you'll want to get a lawyer.
        • Re: (Score:3, Informative)

          by homer_s ( 799572 )
          Thanks - that is basically what I've heard.
          It is not just the banks though - people are using SSNs to collect other people's unemployment. Good luck trying to get your benefits when you need them most.
          • by liquidpele ( 663430 ) on Sunday June 08, 2008 @06:17PM (#23702979) Journal
            Heh. It goes beyond that. People can do all kinds of things with your SS#. Some will forge your birth certificate, then transfer your house to their real (or another fake) identity and then sell it while you're still living there. Basically the buyer is out a lot of $$ unless they got the title insurance (which is pretty standard when buying a house). The main point here is that there are things that are easy to do with another identity, and others where the risk of getting caught goes up a lot. Most thieves stick to getting credit cards and using them online, or using your SS# for a job so they don't have to pay taxes, and then not staying at that job for more than 8 months so that they're gone by the time the company files its taxes (usually illegal immigrants do that as they tend to move around from job to job more).
            • by homer_s ( 799572 )
              In India we are pretty backward when it comes to this. Unless you have a signed, notarized document, there is not contract or agreement.

              It is far from perfect though - forged signatures, corrupt notaries & bad titles increase the cost of doing business. But I'll take that any day over relying on a number that about a thousand people know by now.
    • by mh1997 ( 1065630 )

      Put the onus on financial institutions

      It already is - kind of - because you are not required to pay for the fraudulant actions, however, we all pay like you said in higher fees and interest rates.

      There doesn't seem to be any evidence that the laws actually reduce identity theft,' said Sasha Romanosky, a Ph.D student at Carnegie Mellon who is one of the paper's authors.

      I just can't believe a criminal would break the law! If we could just have stricter jay-walking laws then everyone would be in jail befor

    • Legal notaries can and will commit fraud for a suitable fee but I can get a notary stamp and do it myself cheaper. ;) []

      Put the onus on the financial institution monetarily and make it treble damages in addition to jury awarded punitive damages and legal fees. Make it so that it must go before a jury and not ever arbitration. I'd want punitive damages so high their investors suffer and I'd want those damages set aside in a fund to help identity theft victims have damages that don't warrant or won't benefit fro a lawsuit or have emergency needs.

    • Sure, requiring you to go to a licensed notary and have a credit card application notarized might not make it so easy to get credit, but it would also make it harder to get credit in your name.

      Even a notary might not be robust enough. Almost anybody with a relatively clean criminal record can be a notary in most states -- you pay like $50, tell the judge you want to be a notary, they pull a background check and if you have no felonies or major larcenies on your record -- well, there you go -- the judge will sign theo order making you a notary. You'll have to get your own seal, of course, and these usually are like around $100.

    • What about an ID card? I know, I'm from Europe (not UK).
    • I hate giving my PIN to vendors. I hate typing my PIN on random ATMs - and rarely do it. I hate typing my PIN into authorization keypads at stores, but what can I do?

      Every transaction should have its own unique PIN attached to the transaction's amount and recipient. Credit cards with chips could do this right now, RSA-password style, generated against the one-time password from the vendor's machine for the transaction, in a data package with the vendor's invoice signed by the vendor's transaction password t
      • Before Chip and PIN, if someone used your card the bank would try and blame you and usually fail (because you were assumed to be careful) now you use your PIN everywhere and it assumed it was your fault ... a win for the banks then ...

    • In other news: Information still wants to be free.

      Yes, yours too.
    • While I agree with your post, I think it could be summed up in another way; the only way identity theft is going to go away is when it is no longer a lucrative venture.
    • I have to completely agree. This problem is THEIR fault and THEIR problem. They lobbied and created this "credit system." The illegal institutionalized [ab]use of the social security number system is just a part of the whole corrupt system. These systems were created as a means to control the risk that financial institutions take when lending money or issuing credit (which is essentially the same thing). This system has been wildly successful and has proven to boost their ability to calculate risk more
    • by Zarf ( 5735 )
      Are you running for president (of the US)?
    • by Malc ( 1751 )
      You're right: being proactive and working against this upfront is better than reactively punishing people. I think one point you miss though is more robust and stringent privacy laws, rather than letting businesses/etc self-regulate.
    • I ran into a company online ( that was revealing full customer credit info, card numbers,k billing address - the whole package. It was just very shoddy web design performed by the lowest bidder.

      All that was required was to put in an order number and up popped everyone's info.

      I had to cancel the card I used, and then I spent 4 hours trying to get someone interested.

      Getting in touch with the site owner in SoCal took a couple of hours, including me explaining the issue repeatedly, and threatening d
  • by imus ( 1229508 ) on Sunday June 08, 2008 @04:40PM (#23702319)
    Search [] your files for social security and credit card numbers before hackers do.
    • by deadmongrel ( 621467 ) * <> on Sunday June 08, 2008 @05:02PM (#23702481) Homepage
      I have had my identity stolen twice and both time it was a data breach with a merchant I was dealing with. I find it appalling that it is so easy to get a credit or signup for a loan. How about more responsibility on the bank merchant part? The there credit bureaus should be held responsible for this mess. They are making profit using our data and we end up paying to clean it up or monitor it.

      • How do we even know it's you posting right now?

        All jokes aside, banks make tons of profit off of easy credit. When credit is easy for damn near anyone to get, people are (generally) going to run up large bills.

        A very good friend of mine had a credit card (I think a Visa) for almost 2 years and they never increased his limit about the initial $500. Why? Delinquent on payments? Nope, it was actually the exact opposite - he paid his bill at the end of every month and on time. He was actually told that he would have to start maintaining a balance (and therefore generate interest) if he wanted his limit to go up.

        So he cancelled the Visa card and got an American Express. They took note of his excellent credit record and handed him a card with a much higher limit. He never goes anywhere near it and still pays his bills on time.

        Fiscal responsibility is not profitable in the credit and banking industries. If everyone balanced their checkbooks and paid their bills on time, a load of banks and CC companies would go flat broke. That's why things like the minimum payment (which is calculated to make sure you have a balance on the card for 30 years) exist.

      • I've taken the best precaution available: My credit is horrible. (Try to get a loan with my name, Mr. Thief!)
    • by kesuki ( 321456 )
      well, excuse me for not using your tool. i wear a tinfoil hat, and while you do provide source, I'd have to painstakingly check every line of code, to make sure it didn't dump the data somewhere, on some remote web server or something, and i don't need to do that much to make sure my data is cleared. if the built-in data clearing tools of firefox aren't effective, there is a nice little tool called darik's boot and nuke. a mil spec hard drive eraser. i don't quite run it monthly, but it takes me about half
  • by computerman413 ( 1122419 ) on Sunday June 08, 2008 @04:40PM (#23702323)
    Data breach notification are useless when institutions don't know they've been breached. I'm sure there are lots of those cases.
    • And also what is preventing them from not reporting a breach? How easy is it to actually coverup a breach. They can always come back and say "Oops! we did not know someone had breached security measures.
    • Re: (Score:2, Insightful)

      Yep. And just because companies must notify consumers of a breach doesn't mean any sign that they'll actually do it. Sex offenders are required to notify the sex offender registry when they move. Not all sex offenders do that, either.
      • If you were a sex offender, would you notify your neighbors? I wouldn't - in a group of 100 people, at least one would think I was a serial pedophile after his kids and come for me at night. Also, in some places, there isn't any legal place for a SO to live - last I checked, it was illegal to ban someone from a city.
  • There is a very simple fix and it will be to have the costs and time that is needed to fix everything that occurs when someone's identity is stole be put on those responsible for the loss of the information which enabled the identity to be stolen in the first place. This means, if a company has a database which is breached from a known security vulnerability or from complete disregard of standard security practices, that company should be liable to fix the issue, not the customer who's data was lost. Any t
    • You're going at the problem from the wrong angle. Identity will *always* be stolen (phishing, etc). You have to make the information not worth anything.

      Basically, they should make the credit companies automatically have every single person's account in "theft protection mode" where they contact you by phone or letter to get permission to give out a copy of your credit. This makes it pretty much impossible for someone to get a loan, car, or credit card in your name. Then they need to make it so it's
      • Re: (Score:3, Interesting)

        by liquidpele ( 663430 )
        I take that back. They should put the burden on the companies to verify the social security # before hiring the person, or else they have to pay the taxes instead of the person (the thiefs usually don't have any taxes taken out to maximize their profits).
      • by mpe ( 36238 )
        Then they need to make it so it's easy to switch social security numbers if someone is working under yours and not paying taxes (assuming you can prove this of course).

        Or even simpler not using SSN's for anything other than their intended purpose in the first place.
  • by Jimmy_B ( 129296 ) <slashdot@jimran[ ] ['dom' in gap]> on Sunday June 08, 2008 @04:53PM (#23702415) Homepage
    Your credit card number is not a password, because you have to give it away every time you buy something. If someone wants to steal a credit card number, they can get it from any unscrupulous employee of any business that sells things, which means they'll always succeed. The solution is to replace credit cards with smart cards that use public-key cryptography. That means that your credit card contains a number which you can use to sign transactions and prove that you are authorized to make payments, but you don't have to give every employee of every merchant you buy from the power to impersonate you.

    Social security numbers have the same problem, only worse, because you can't just cancel your SSN like you can with a credit card. Banks pretend that your SSN is a password, but there are thousands of people who have access to your social security number and at least one of them will sell it on the black market.

    Fixing this mess will cost the banks a lot of money, but they made this mess and it's their responsibility to clean it up. We need the federal government to mandate real security measures, because fraud is quickly becoming the norm.
    • by cdrguru ( 88047 ) on Sunday June 08, 2008 @05:48PM (#23702739) Homepage
      Banks don't care because it costs them almost nothing to live with the current state of things. Credit card fraud costs the consumer, mostly because merchants get ripped off and have to eat the cost of sales to fraudulent card numbers.

      Credit card companies have very strict rules for merchants that prevent them from validating who a customer is beyond the signature on the card. For instance, they are not allowed to ask for a photo ID. If the card says "check ID" instead of being signed they are not supposed to accept it as it is not signed. The signature indicates that you have accepted the terms of the credit agreement, not any sort of identity verification. Violation of the merchant agreement can result in the merchant account being terminated. These days, a retail store not being able to accept credit cards might as well just fold up shop.

      Fraudulent loans and financing are a very small percentage. The FBI mandated that credit card fraud be lumped into "identity theft" a while back and that is where all the numbers are coming from. Unfortunately, there isn't any motivation to fix the problem because the wrong people - the merchants - are paying for the fraud.
    • My stupid state Arizona for years and years actually used your SSN as your driver's license number and put it right there on the card.
    • or is this the same situation as the airlines and many online transactions: the illusion of security?

      because joe and jane public know almost nothing about how the banking system works (and most don't seem to care), they don't understand the lack of security. another way to look at it might be to find some way to convince the average american that the government isn't looking our for everyone's interests, that's a tertiary objective. i've had many conversations with people about how various chemicals tha

    • by jimicus ( 737525 )

      The solution is to replace credit cards with smart cards that use public-key cryptography. That means that your credit card contains a number which you can use to sign transactions and prove that you are authorized to make payments, but you don't have to give every employee of every merchant you buy from the power to impersonate you. .......
      Fixing this mess will cost the banks a lot of money, but they made this mess and it's their responsibility to clean it up.

      Stop right there. You're taking the classic /. argument which says "It is technically possible to solve this problem, therefore the solution must be implemented".

      Thing is, it's been technically possible to solve this problem for years. Go back in time 50 years or so (when people actually had to go into their bank to do anything) and they could have solved it simply by taking fingerprints and keeping someone onsite who was an expert in fingerprint analysis.

      The reason that these technical solutions are se

  • by Dachannien ( 617929 ) on Sunday June 08, 2008 @05:02PM (#23702477)
    A long time ago, I wrote up a description of an identity clearinghouse, a government-run agency that allowed lenders to verify a potential borrower's identity without giving the lender any unnecessary information about the borrower's true identity. From the private citizen's side, it's all optional - register with the clearinghouse if you want, and go it alone if you want. From the lenders' side, it's mandatory to check with the clearinghouse before opening a line of credit for someone.

    To register with the clearinghouse, you go to a local government agency where identity is "managed" - e.g., your local DMV. You register there by providing your current contact information, and they ensure that you are the person you claim to be through their normal identification procedures (such as picture ID/driver's license pictures on file). If you later need to change your contact info, you do the same procedure (going to the DMV in person) to prove your identity.

    When you apply for credit somewhere, the lender first uses the identifying information you have provided to them (such as name, address, SS#, etc.) to verify your identity with the clearinghouse. If you haven't registered, the clearinghouse just responds that there's no such registrant in their records, and the lender is free to grant credit to the applicant. But if you have registered, the clearinghouse first checks to make sure the information they have on file matches the information the lender provides, and second, they use the information they have on file to contact you directly and ensure that you actually applied for credit with the lender in question. If both of those checks succeed, they respond to the lender with "yes", and if either fails, they tell the lender "no".

    This would greatly reduce the instances of people opening lines of credit in other people's names. However, one problem it doesn't address is fraudulent charges to legitimate lines of credit you already have (e.g., stolen/copied credit cards). Credit card issuers and merchants are both often on the hook for most of those sorts of charges, though, so they already take at least some steps to reduce that kind of fraud.

    • Re: (Score:3, Insightful)

      by cdrguru ( 88047 )
      Problem today is with "identity management" agencies. In Illinois the Governor mandated that the state DMV department (Secretary of State's office) would give driver's licenses to people producing a card from the local Mexican Matricula Consular [] office. What they do is give you (or anyone else) an ID that says you can then get a valid Illinois driver's license. Verification? None. It seems that birth records aren't well maintained in Mexico so it would be difficult for them to establish if someone was
      • Uhhh... how does this help someone steal an existing identity? Said immigrant gets a NEW driver's license number and a NEW SSN... you're just railing against how easy it is for immigrants to get ID... which doesn't help them perform ID theft in any way.

        OTOH if they were letting you pick out a DL and SSN from a list of existing people... well that would just be dumb, but then they'd be actively promoting ID theft...
    • by rossz ( 67331 )
      Sounds fine, except why does it need to be a government agency? I trust the government less than I would a business that has a vested interest in doing a good job providing a service. It's extremely rare for a government bureaucrat to get fired for incompetence. In business, if someone screws up enough they get shown the door.
      • Making it a government agency would streamline the process of prosecuting companies that violate lending laws by not consulting the clearinghouse. It would (should) also improve transparency to the public, in terms of government audits and things of that nature, to ensure that the job is being done correctly.

        Yeah, I know, the gubment isn't always the most trustworthy organization, but look at the FTC - people seem to like them pretty well, and the identity clearinghouse is right up their alley.
        • by rossz ( 67331 )

          Making it a government agency would streamline the process ...

          ROFLMAO. We're talking about the government here. Do you really believe that? The only government agency that is anywhere close to efficient is the post office (an opinion I did not have until I spent some time in Europe and dealt with their shitty postal service).
          • I think you misunderstand me. I'm not saying that a government agency would be particularly nimble. I merely mean that it would be even slower and more problematic for a private organization to manage the clearinghouse, when it comes to expecting federal prosecution to go off without a hitch when someone violates the law.
  • It is irresponsible for law and legal practice to bury consumers with an excessive number of data breach notices []. The notices happen so frequently that their meaning is diluted. --Ben []
  • So once again... (Score:3, Insightful)

    by tekiegreg ( 674773 ) * <> on Sunday June 08, 2008 @05:17PM (#23702561) Homepage Journal

    ...we've proven that a piece of paper alone can't stop crime, pollution, educate our kids, etc. it is only the enforcement thereof, or in the case of ID theft, steps to prevent such crime that will ultimately solve our problems.

    Long story short, let's move along and work to end the problem, not just write paper against it.

  • The majority of identity theft occurs due to illegal aliens using other people's SS numbers to gain employment. The criminals are in the minority. The solution to this is effective immigration policies, not draconian laws.

    Also, its rare for the illegal aliens to take out credit or anything on the SS number. They are just using it for employment purposes and thats it.
    • Well, illegal aliens *are* criminals (that word illegal means something) and using someone else's social security number as your own - for *any* reason - is a felony. So again, they're criminals. Perhaps a better way to put it might be "the majority of the criminals are illegal aliens" rather than stating that the criminals are in the minority.

      About immigration, I don't think it's mostly our policies that are ineffective, it's the enforcement. We need a southern border that a greased cockroach would find it
    • Stealing my identity, even for tax purposes, despite what you may believe, is still problematic for me. It results in the most interesting situation whereby I end up liable for taxes on wages and earnings which I never in fact earned. In the event this ever happens to me because an illegal immigrant stole my SSN and used it to work, I would be extremely pissed off.

      It sounds to me like you're making the assumption that what is happening is completely victimless. Not only does it change one's tax bracket for
  • FBI Out to Lunch (Score:4, Interesting)

    by Doc Ruby ( 173196 ) on Sunday June 08, 2008 @05:22PM (#23702583) Homepage Journal
    The FBI is in charge of protecting Americans from fraud and theft on that scale and across that national and global jurisdiction. But Bush's "Justice" Department isn't interested.

    Feel safer?
    • I suspect you're not involved in the security industry. I am, so I'm going to comment on this. The FBI is interested, and the DoJ is interested, and they certainly successfully prosecute cases and work very hard at it. I've met some of the people working on the security problem from the LE end of things, and they are very dedicated and talented individuals who are passionate about catching and prosecuting the criminals.

      However, they face a lot of problems, none of which can be laid at the feet of Bush, or o
      • Re: (Score:3, Interesting)

        by Doc Ruby ( 173196 )
        Well, I have worked in the "security industry" here in NYC, quite a lot making secure banking/brokerage/insurance infosystems during the late 1990s, and helping the NYC legislature's tech policymaking committee oversee secure NYC's IT (both government and its neighbors in the Financial District). I know quite a lot about both secure technology and government security operations.

        The FBI isn't nearly interested enough in these frauds. Despite how hard it is to find and bring these criminals to justice, that's
        • You probably support that fool Obama, so you're in no position to criticize anyone else. His answer to our economic problems is to raise taxes. Good luck with that, Barak. Let me know how it works out. Not that Hillary Clinton is any better; her answer to economic problems is also to raise taxes.

          By "don't much care for him," I mean that Bush is a tool. He's a false conservative, but he's no liberal, either. The best I can say about him is that he sucks less than Obama or either of the Clintons, and that's d
          • Let's see, you voted for Bush twice, and his rubber stamp Republican Congress any number of times, though you don't like him now. Suddenly, when the results of their Conservative government are undeniable, they're not really "Conservative". I could have told you that any time, that they were lying to you about conserving anything, but you Conservatives can't stand the truth.

            Your Bush cut taxes while creating catastrophic, expensive problems. But you think that we shouldn't pay more taxes. I agree. I believe
    • The FBI is more than just out to lunch in Kansas City. When I found out who (Kansas City big name attorney) was using my ID I called the police, they refused to make a report. I filed a complaint and received threats over the phone by officers calling from the police station(caller ID) and threats from officers in uniform knocking on my front door yelling they were going to kick the door in and teach me a lesson. No one would touch it. ACLU claimed they didn't have the resources, Attorneys claimed if they t
      • That is an outrageous story. Did you call the Kansas City Star to tell them about it?
  • by NoobixCube ( 1133473 ) on Sunday June 08, 2008 @05:41PM (#23702693) Journal
    ID theft will continue, now that criminals have about 4.5 million people's personal data from those backup tapes the Bank of New York lost. Not to mention all of the other data losses we've heard about on Slashdot. No amount of securing your personal data will help now, unless you plan on changing your date of birth and address. Seriously, that's all it takes. All it took to prove to Medicare (Australian health cover, just a shade short of socialised health) over the phone that I was me, when I needed to change some details, was my date of birth and current address. You put those on almost every form you fill out offline, and if you shop online, you put your address on those too. Date of birth and current address can be used as a lever to "update" someone's Medicare details, and have a new card sent to an ID thief. Medicare counts as a form of ID, so that makes the lever a little bit longer. An ID thief can use the new Medicare card as ID for other changes and updates. Even get a copy of a person's birth certificate sent to them.
    • The problem is that credit companies have to accept poor proof of ID because most people have nothing better

      All your most basic "personal" details are probably widely known along with you credit card numbers, SSN etc...

      Biometrics will not help - how do you prove you are you to get the Biometric info in the first place?

      It all comes down to - how can you prove you are you to a stranger - the answer is, you can't!

  • People still use drugs, murder, carjack, and rape despite laws passed against the behavior. Who'd-a-thunk-it?
  • by Goaway ( 82658 )
    Since when are data breach notification laws meant to reduce data breaches?
  • ID Theft In US Continues Apace Despite Data Breach Laws

    And in other news, people have been shot in in "Gun free zones".
  • One step that would go a long way to securing information is limiting how many different places store sensitive info. Most of the information businesses collect is for their benefit, not to verify your identity. It's collected and sold, or used for harassing (marketing) to you. It also should not ba able to be shared between each company they call a 'partner'. This should go for any type of information, not just financial.

    Additionally, it would help if not so much was public record. If you purchase a house,
  • Make banks have to verify your identity before they can create ANY new account in your name, and make all such institutions, from banks, to data mining companies, liable for the damage they cause to private citizens through not taking adequate means to protect the data they have on us. The down side to this sort of approach is that it would probably cause a wave of depression-like effects on the banking industry because it would be so difficult to sign people up for credit accounts. However, in the long run
  • My adopted father has been using my ss number for years. He has done so much damage I may never be able to own a car, have a bank account or anything else. Between the State of Missouri and apparently most other states being able to sell ss numbers and info bulk and credit reporting companies being exempt from recording information that may be wrong it will never be even vaguely manageable. The last 4 years has been an attorney that I won against, he does have friends in high places, the higher the place th
  • by MobyDisk ( 75490 ) on Sunday June 08, 2008 @09:35PM (#23703859) Homepage
    laws, but has all of this legislation actually cut down on identity theft? Legislation does not stop crime. Prosecution stops crime. Besides, these laws are weak. They are unenforcable since they state "if you did something wrong, you must tell us" and obviously if they don't tell they don't get caught. And even if they do tell, there is nothing you can do to stop it and it doesn't make the companies any more likely to take security measures. So these bills are probably a good idea that doesn't go far enough.

    I called Comcast today to register for service (yeah yeah, make fun of me, but they are the only game in town) and they asked me for my SSN. When I told them I couldn't do that, they hung-up on me. So this just shows me that not only is this business as usual, but it is getting worse. 10 years ago nobody would have dared ask for a social security number for something like this. How come things are getting worse while at the same time we are supposedly doing all this stuff to prevent identity theft?

    Bottom line: nobody cares, nobody does anything about it. The only ones who do are academics and a vocal minority like Slashdot.
    • Actually Comcast has been demanding SSN for at least 10 years. I've been trying that long to get my grandmothers SSN removed from their system.

      At this point, Comcast is the only company I do business with that demands SSN (and I only do business with them to pay my grandmother's cable bill which she refuses to cancel). I've had the opposite experience than you as the number of places demanding SSN has dropped significantly in the last decade or so.

      At the very least you did the right thing by not givin

  • since when? (Score:2, Insightful)

    ID Theft in US Continues Apace Despite Data Breach Laws
    Since when do laws really stop anything. There are laws against murder, yet people are murdered all the time. They got to get to the root of the problem, and there are ton of comments trying to identify the root, which is probably profit.
    • by rs232 ( 849320 )
      "yet people are murdered all the time"

      No, its guns that kill people, or more specifically bullets that kill people, go ask the NRA .. :)

      What we need is an RFDI chip in each gun that won't fire unless it's fully licensed .. :)
  • by Guppy06 ( 410832 ) on Sunday June 08, 2008 @11:18PM (#23704725)
    "Over the past five years, 43 US states have adopted data breach notification laws"

    "If you get hacked, you have to tell us, so that we can prosecute you for having lax security and your customers can abandon you." Or, you know, they can keep their mouthes shut, since the reason for these mandatory disclosure laws to begin with is that, unless these companies say anything, nobody but the thief knows they were compromised.

    I'm sure that even the use tax laws are more successful.
  • 'There doesn't seem to be any evidence that the laws actually reduce identity theft,'

    Because it's a technological problem that requires a technological fix. A totally new kind of online trading system, one that don't require the use of Credit Cards. I mean does any of this fix the software, err .. NO. Then what use is it, oh .. it makes the lawyers richer .. :)
  • People who keep bringing guns in although the sign says "Gun free zone"

"How many teamsters does it take to screw in a light bulb?" "FIFTEEN!! YOU GOT A PROBLEM WITH THAT?"