Slashdot Mirror
Government To Fix Identity Theft?
Cobb writes "With nearly 50 million identities compromised in the last 6 months, the powers that be are gearing up to fix the problem. 'Prosecutors and privacy experts say that what America needs is a coordinated national strategy. While 15 states require companies to tell consumers if their data has been compromised, there's still no national law.' A new study joins a host of other statistics -- some private, some government-sponsored -- attempting to quantify the size of the ID theft problem. There is no universal agreement on the size of the problem, on the way to count the victims, or even on how to define identity theft."
Databases are a pain to maintain.
Try not. Do or do not, there is no try.
-- Dr. Spock, stardate 2822-3.
~~~
The so called solution turns out to become much worse than the original problem.
Perhaps if banks and merchants would control credit a little better we might not have as much of a problem. They could start by not sending credit card offers to my dog.
[Insert pithy quote here]
Yep, that'll help. Except for all those criminals who don't obey the law.
Ronald Reagan was right, the most frightening words in the English language are "Hi, I'm from the government, and I'm here to help."
All movements for social change begin as missions, evolve into businesses, and end up as rackets.
"While 15 states require companies to tell consumers if their data has been compromised," how does this fix anything. The data is been stolen already...
If the government privated identity management it could not get any worse. Government made monopolies like that on identity management only end in crisis and wasted taxpayer dollars. Oh well. Our government is out of control these days. Can anyone say revolution time? Pitchforks and shotguns!
I hope they don't form all these comittees, have all these meetings, and make a national law that makes it mandatory for companies to tell us our information has been stolen. It would be better if they passed laws that held these companies more financially responsible for these identify thefts. That would help them beef up security. I think...
"Perfect!"
- immediate reaction, with accompanying drool spot on table, of every bureaucrat and lobbyist, at every level of government, upon hearing these words, as applied to every issue ever raised for debate.
Require any company that handles personal / sensitive information to NEVER be connected to the Internet. Better: No WI-FI... EVER. Even better: Disallow PC's altogether... mainframe style.
Security breaches have no economic impact on most companies, so therefore, they do nothing about them. It's often too costly to handle data safely.
I applaud federal regulations in this area. Did I really just type that?
"That's not ironic, it's just mean!" - Bender
A whole lot of people have been using my indentity today!!
This seems pretty standard for anything involving politics. Nobody can agree on anything.
Here in Minnesota; we are on our first day of a state government shutdown because nobody could agree on a stinkin' budget.
Way to go guys!
It is silly that someone can committ such fraud just because they collect some numbers (SSN, phone, address, Credit Card, Driver's License, Passport). What we need is a system where simply possessing the numbers does not allow for fraud. The solution probably has something to do with biometrics. Of course, criminals will work against that too, but I just don't see how we can legislate ID theft into submission.
Logic would dictate that your information is private BY DEFAULT, as in other enlightened countries.
The only way to fix the problem is not to have all these laws after the fact, but to stop the sharing at the source. For example, you sign-up at a bank for a new account. You cannot at that time ask for you information not to be shared. You must call up later and say:
1) I don't want my information shared to third-parties.
2) I don't want my information shared to afflilated companies.
3) I don't want any offers, etc.
If you miss one your screwed. Just think of all the things you've registered for where your information is flying around. It's absolutely unstoppable.
I'd love to do a credit freeze on my account, but in Texas you can only do that AFTER you prove to the credit companies that your a victim of identity-theft. That's like handing out a condom after rape.
The credit-bureaus snap back that without access to the sea of "metadata" people won't get all these advertisements for low-interest lows and crap like that. Makes me want to puke.
Maybe we can change out our SSN#s every so often, but otherwise I assume having your identity stolen will be common-place in 5 to 10 years.
Peace out!
Happy 4th.
"This isn't a study in computer science, its a study in human behavior"
Government To Fix Identity Theft?
Ha! Ha ha!
...
Oh! Ummm, if you're looking for the answer, it's no.
Njrrekalrn aklfjeri alfkje l jefle a fjk aiefnk adfnk eir aer f ejr iija fanmr ijraf jajk dlsiknsjiala. Meijinklio hdfkj djff ej a bnr rhgkadwnf fuckingwankers fddkjlfd lkdfj rei alfnk w nld flkas fnek sdif ew ldj fjnd fj dldkfek ee dafkljfjke a\nfa jk dfakljlkfkej rwjkfelj ilikefuckingtrafficcones flkjjldf elkjkf dsfd kleerwkl efdsk lkjfdlj ae jif dakfd kdlarkei eekjd adf dlkf flfderefdfd fdfsakljsdfjfdksdf shitinmypantsfdjkldffkljsdfjidrjliwf fdkjfsd
We just need to identify the identity thiefs by gathering more identity data.
I'm still trying to figure out what people mean by 'social skills' here.
If the Guv would do their job and effectively fine the banks who let "accidents" happen, this problem would go away overnight. Treat customer information like worker saftey. Extend OSHA penalties and poof! Problem solved.
"If this were an illness, Congress and the United States would be calling for an all-out war on this illness, because it would be critical for the American people."
Here we go... The War on Identity Theft!
I am really sure this WILL be as effective as the war on drugs.
Lets see:
1) First we will lose our right to any form of privacy at all. ( for our safety of course )
2) The subdermal chips are coming!
3) The usual arguments about "the number of the beast."
4) Wacky holdouts living in the woods in Montana and Idaho and parts of eastern Washington who refuse to get on the grid.
5) The return of the barter system for these holdouts.
6) Microsoft leading the way for tracking all the identities.
I can't wait!
--ken
Bitcoin pyramid: Join here: http://www.bitcoinpyramid.com/r/1427 it's FREE!
Just like when we had that War on Drugs, and now there are no drugs any more. Or like when we had the War on Terror, and now there's no terrorism any more. America just gets better by the second!
Coming soon from the same people who correctly discovered Iraq's weapons of mass destruction, balanced the budget and solved Medicare.....
Your privacy problems fixed.
It was actually the same ID used maliciously 50 million times. Why the Social Security office SSN 123-45-6789 to Mr. John Smith of Main Street is beyond me...
If brevity is the soul of wit, then how does one explain Twitter?
...dam, in my country the government doesn't know everybody identity , what is kindda bad, but kindda better than that. You guys are the civil society, do something.
The issue is gaining momentum, with several bipartisan proposals aimed at restricting the use of Social Security numbers and creating a new cyber-security center. The latest bill would require companies that collect data to tighten controls and tell customers how that information is used.
Good! It's by no means the silver bullet in identity theft, but I really get sick of having companies ask for my SSN when it's none of their goddamned business! Even when I took Sun certifiation exams, the unique identifier that they wanted to use was my SSN! Exactly what business is it of a certification examination center to have my (or anyone's) SSN?
The problem, however, is one that government will never be able to fix - consumer stupidity. It's staggering that people are so shocked when they find out that their identity was stolen, yet they will look at you dumbfounded if you ask them:
* Do you shred all of your mail, bank statement, receipts, and so forth before throwing them away?
* Do you make sure to never purchase from e-mails that you didn't ask for?
* Do you make sure to purchase on-line through secure, HTTPS connections?
* Do you willingly give out information to people on the phone who claim to be from one business or another?
I'm sure that the government will do what it can (even if it further tramples on our individual rights one way or another) but until the general public stops their carelessness with personal information or materials that contain personal information, identity theft will keep going and going just like that damned rabbit.
The Overrated mod is for reversing inappropriate, positive mods, not for voicing disagreement with a post.
The reason identify theft is the fasteest growing problem is that a lot of crimes that used to be called something else is now called identify theft.
Someone steals your credit card number and orders porn? That's no longer credit card fraud, that's identity theft.
Someone forges a check against your bank account for porn? That's no longer check fraud, that's identity theft.
Somebody ordering a pizza in your name, because they can't afford porn? That's no longer a phone prank, that's identity theft.
Nearly all economic crime can now be classified as identity theft. Nearly all is being so classified.
It's impossible to tell how much of a problem there is, at this point. We're all too distracted by watching the sky falling.
Ronald Reagan was right, the most frightening words in the English language are "Hi, I'm from the government and I'm here to help.
If you ask him now, I bet it'd be more like:
"Hi, I'm Saint Peter and I'm going to review your life to decide whether or not you go to Hell...."
"While 15 states require companies to tell consumers if their data has been compromised..." This is only true if the data lost/compromised is plain text data. Any company in any state can lose all their information with out having to report a thing, if the information is encrypted. So while we honestly think we're seeing a decline in lost/compromised/stolen information, we're actually just not hearing about it as much anymore. Oh, I feel safer already! The whole thing is one big joke, but only the owners of big business are laughing.
something should be here besides this dumb message
Identity "theft" is not the fault of the offended party, so why should they have to spend their resources fixing it?
The best idea yet is that unless the creditor can prove that you authorized any purchases made on your account, then they have to eat it. It is the creditor's job to make sure they know who to whom they are giving credit. It is then ultimately their responsibility to track down identity thieves. If their internal policies are so lax, that they don't know their customers from a hole in the ground, then they need to shape up. I think that this policy is the only way to get them to fix these problems, by hurting their bottom line.
persomnal information is copyright to the individual. Anyone who wants to use that information must negotiate a license. ROT13 "everything" as well so that individuals benefit (for once) from the DMCA!
How about this: why doesn't the Government allow us to opt out of the Social Security program? I'd like to see those identity theft bastards try to steal mine when I don't even have a SS number. Of course, the way things are now that would never happen in a million years, because the powers that be don't give two shits about what their citizens really want.
'Paedophiles to fix children abuse problem'
'Oil companies to fix Kyoto treaty'
'Microsoft to fix GPL'
Um, news at $time_of_news_at_local_location?
It takes a man to suffer ignorance and smile
Be yourself no matter what they say
Haven't they put senators on no-fly lists, before?
Yeah, they'd be great for keeping identities separate and secure.
how about instead of storing our information we have some sort of password (credit card number, ssn, etc.) that gets encrypted and all we have to do is match the code (obviously not sha1, maybe sha1024). Then there is a big book of codes that everyone can see, but only the individual knows the pass.
Just trying to promote discussion. Please feel free to attack any loop holes in my argument. Or you can just call me an idiot.
Government To Fix...
Barcode on the forehead, RFID tag with built-in 4096 bit RSA digital-signature generator conveniently implanted under the skin of the left hand! Simple!
Hail Cthulhu!
While 15 states require companies to tell consumers if their data has been compromised, there's still no national law.
Someone tell me how making a law to inform people that their identities have been stolen prevents identity theft?
Don't take life so seriously. No one makes it out alive.
We just agree on a biometric standard? Then instead of worrying about whether somebody stole some silly precious number of yours, you could log in to your computer with a retinal scan or something and be done with it? (Yes. I know there are issues with biometrics, but certainly a triple-system from different vendors, locked into tamper-resistant hardware -- there has to be a solution available, right?) I was blogging about something like that this morning
New Biometric Device From Fujitsu
California allows residents to put a block on all approvals for credit in their name. Credit isn't issued unless that person is tracked down and approves it.
This ought to be made federal law. It wouldn't eliminate identity theft but it would drastically reduce much of the resulting fraud.
-- Slashdot: When Public Access TV Says "No"
I should think coming up with a definition would be easy. Here's one:
Identity Theft: when one party successfully represents themselves as a second party during a transaction with a third party, using documents and information that belong to the second party, and that have been obtained without the second party's knowledge or permission.
There ya go, that one's free. Now either figure out a way to stop it, or stop feeding it with all these "convenient" opportunities for faceless transactions between strangers at the push of a button.
Bluh.
Sure... just write a law that makes it illegal, that'll solve the problem.
Just like anything else that was outlawed.
* We have no more spam, since it was outlawed a short while ago.
* We have no illicit drugs, either, right?
* We temporarily "eradicated" alcohol. Remember that from your history classes?
* Hell, we've eliminated ALL illegal criminal activity by simply legislating them away.
* Et cetera, ad nauseam, ad absurdum.
Riiiighht...
The problem with socialism is that they always run out of other people's money. - Margaret Thatcher
Haven't Minnesotans heard about a continuing resolution?
-- Slashdot: When Public Access TV Says "No"
You can keep a secret and prove to someone that you have the secret without ever showing your secret.
RSA comes to mind, where you're the only one on Earth who can decrypt something that was encrypted with your public key. To verify your identity, the bank generates a large random number, encrypt it using your public key (printed on a card that you can show anybody), and asks you to recover the random number (with some temperproof hardware of your choice).
If the government wants to prevent identity theft why don't they start looking at all the problems that they themselves are creating. SSNs are probably the biggest single liability when it comes to identity theft, and yet all the wonderful new Citizen ID / Real ID/ passport changes that they have been trying to push through are even more inherently insecure.
Yes, lets broadcast your passport information to everone in the vacinity via RFID, that will make things harder for the terrorists, and safer from identity theft. We can also increase the number of government agencies that require use of SSN's making them even more widespread and unprotected. While were are at it we'll increase the the penalties for crimes, wasting more tax payer money on prisons, but not actually decreasing crime. Then we can make some empty statements about being tough on crime and securing your identity - the voters will love that.
grrr
The biometrics biz doesn't want you to know, but biometrics suck.
Even if one were to develop a much better biometric system, there are serious drawbacks. Any biometric key is really just a password that cannot be changed, even if the password has been compromised, or even if the whole system has been cracked wide open.
Suppose someone invents a "foolproof" retinal scanner system, which is deployed at every point-of-sale terminal in the US. All credit card transactions are verified with the retinal scanner. A year later, someone figures out a way to imprint retinal holograms on contact lenses, or finds some other circumvention. Now if someone gets his hands on your retinal data, your financial life is completely hosed, forever, or at least until you convince the powers-that-be to trade in $50 billion worth of retinal scanners for updated models. You can't call the credit card company and ask for a new retina.
As ever, security is really more about attitude than about devices. An awful lot of dollars worth of credit card fraud, for example, would be stopped cold if store clerks bothered to just check the signatures on credit card slips.
If you didn't have an SS#, you'd have a bundle of other "unique" identifiers.
The problem is not the SS#'s exist, the problem is that everyone adopted it as their own unique identifier. If an SS# only linked you to your Social Security account, it's theft would little harm. Instead, it has become the key to allowing crooks to impersonate you.
-- Slashdot: When Public Access TV Says "No"
Remember, it's not theft if there is nothing physical involved - it's merely identity infringement, and perfectly legal in many countries. Only the US goes overboard and makes a big deal over a little harmless identity infringement in their usual heavy handed, overbearing way.
try { do() || do_not(); } catch (JediException err) { yoda(err); }
We also need something to put the liability on the credit card companies when they do scew up. If my identitiy is stolen due to some lameness like a currier dropping a package, I may have to be informed, I may not be financially liable, but I still have to get my credit information and make sure no one is opening new cards in my name etc. The burden to deal with it is still on me.
There is another thing to keep in mind here. When a credit card charge is disputed, the credit card company actually makes money on the deal. Lets say that you buy something at Amazon.com with a stolen credit card. The credit card company takes it cut from the transaction (2 or 3%). Then when the charge is disputed, the credit card company takes the money from the retailer, as well as a chargeback fee.
Overall, they have an incentive to let credit card info get stolen.
Since when did operating systems become a religion?
Wait until my brother knows i'm using his slashdot login to karma whore on identity theft. :)
The next step is to limit sharing of personal information; this is something that some states have achieved.
Make sure that lists are opt-in. Businesses must ask personal permission at all times.
Higher penalties for stealing mail or other personal information that is used for wrong purposes.
Require online businesses to use secured connections for better protection.
Hold banks, credit card, loan agencies, etc. accountable for credit history fuckups.
Require timetables on identity theft resolutions; have businesses pay for it.
Fine companies for losing personal information.
If this does not work, let people buy cheap guns and shoot mother fuckers who commit or contribute to identity theft. Why should people sit in silence if credit card industry gets a fat profit that is growing from year to year? Make those fuckers responsible for their fuckups.
but no one will want to do it.
Apply the same privacy and security standards to financial institutions that HIPAA requires.
I went to work on a PC at a doctors office, it was the machine that contains patient records.
That machine was forbidden from being connected to the internet in ANY way what-so-ever and was forbidden from being connected to their inhouse LAN.
The STAND ALONE machine had a modem in it but it was only allowed to connect to a certain system through a single dial-up line.
No other use of the machine was permitted. It had no disc drives so it was not possible for employees to install stuff from home or to copy things from it.
The machine was pretty damn isolated from the outside world.
Of course that will never happen with financial institutes because they WANT these things to happen, that way the people will cry for more security. And they will get it, with Orwellian security like retina scans and sooner or later, DNA scans, like in the movie GATTACA
Personally, I have no financial anything. I don't use banks at all in any form. I have no credit, I have no savings or checking accounts, I have no credit cards.
I live strictly by cash alone. Everything I own is paid for. I pay utility bills with green cash, in person at the local grocery store. I owe no one for anything.
You want to steal my identity? I don't give a shit, go ahead, I don't use it anyway..
Reminds me of a bumper sticker/shirt idea I wanted to try:
"We're the government: we don't make promises, only threats."
It is not the job of government to solve all of our problems. More government is almost never the answer to any problem. The problem here is the credit system and lack of accountability on the part of businesses for identity fraud. The banking system doesn't suffer nearly as badly from these problems. Why is that? It's the credit system, which is one of the few areas of the American economy that is under-regulated.
"I have never won a debate with an ignorant person." -Ali ibn Abi Talib
We want to be able to walk into a car delership, bank, electronics store and walk out with whtever it is we want on credit. The only way this is possible is for the financiers to have access to our "credit history" to see what interest level they can shaft us with. If we are so ticked with identity theft, the quickest cure is for us to have a little patience and wait a couple of days for purchase confirmation on big ticket items, and callbacks on others.
Let's say you go to an online merchant and made a purchase. The financial institution should then call you at the phone numbers of record, that you gave when you opened the account, to confirm that it is indeed you that is making the purchase. This would maybe slow us down, and horror of horrors may force us to actually think about whether or not we actually need whatever it is that we are purchasing.
We have been so trained to want things instantly that we are willing to give up part of our financial security for immediate "satisfaction".
Sorry for the rant, but it isn't just the companies that are to blame, and a solution that punishes the institutions without challenging our ways of thinking about the way we approach our finances is only going to change the problem's appearance, not fix it.
I'm a happy pessimist. I expect and prepare for the worst, when it doesn't happen I am pleasantly surprised.
"Prosecutors and privacy experts say that what America needs is a coordinated national strategy." Ha! Good luck trying to encourage that. Our government's collective coordination can't currently poor piss out of a boot that had instructions on the bottom.
Funny how fast things happen when the FTC Chief gets their credit card info stolen..
#include bier;
http://www.tampabays10.com/weird/weird_article.as
I can say that the system is definitely screwed. All I'm doing is living my life, and due to some fool with a penchant for living other people's lives, I had to spend WEEKS trying to convince people that I'm not Ms. L. Kennedy. This despite the fact that I'm also not a woman.
The debt collectors are out for one thing - collection. If you have been wrongly listed as the person responsible for a payment, they want nothing to do with you.
Stupid system...
The entity which acts upon a false identity should be held liable.
-Max
It takes very little information to open or change a credit account. Put the fruad cost on the credit company. They are the making the problem. They should bear the cost. That who force them to not give credit to anyone with an SSN without a letter or call.
As far a Info brokers Pay the $25 to reissue the credit card to each lost account. Secure the data or pay the price.
It is easier to steal money from a bank with a phone call. Try to cash a check with out proper ID at a teller, not happening. Hello Bank I moved and lost my credit card. Mail me a new one, No problem.
Just remember to cross reference it to the old ones first...
Oh well, what the hell...
We shouldn't HAVE to "opt out" of slimy marketing bullshit. It should be opt IN... ONLY.
I'm sick of having to call various agencies to opt out of marketing TRASH. Why do we put up with it?
Oh, that's right.. marketers have more money than us, so they lobby the hell out of congresscritters.
Ugh.
... and I'm here to help you.
If you disagree with me on social issues, then it's pretty clear that you are a narrow-minded bigot.
Right.
Who needs government!?!
People are basically trustworthy, right...?
We need a complete and open market system. The only thing "controlling" anything would be the market and how much $$$ you have at your disposal.
Lawlessness?!?
Simply buy your own police force
Your neighbor is dumping dioxin into the stream that runs through your property?!?
Quit complaining! This is a free market society, remember! Buy your own de-toxifier and make your neighbor pay for it with your paid for police force.
You know, I always had a hankerin' to re-live those heady days of the beginning of feudalism in 8th century Europe.
We play the game with the bravery of being out of range
and free markets before I puke my credit offers all over.
Remember, the Senate just passed CAFTA.
They're looking out for the little guy!
We play the game with the bravery of being out of range
companies should not be allowed to "own" information about a person period. telling consumers is "good" only in that its more than currently happens but it does nothing to solve the problem of information being kept when and where it should not.
We routinely hear about peoples info being stolen, I can't believe we dont punish violators more severely and make information sharing an opt in instead of opt out setup.
Where do you want to be, What are you doing to get there.
freedoms is this going to cost us?
To-do List: Receive telemarketing call during a tornado warning. Check.
I work in the healthcare industry where we're extremely sensitive about SSN, patient information, and so on.
Banning SSN and other identifiers sounds good on paper, until people think through some of the implications. Right now we have dozens of separate systems that are not linked. Patients in one system may or not be a patient in another. If a doctor prescribes a drug in one system, the other system may not know this.
Because of these disconnects, the problem of not being able to clearly identify people because extremely troublesome. People can die if we can't figure out who they are in all these separate systems. The nice thing about SSN is that people typically know what their SSN is and it rarely changes.
True, we could fall back to guessing on matches by name, address, and DOB, but none of these are very reliable. We could issue our own numbers, but they wouldn't remember it and affiliated medical systems wouldn't have that number in it anyway.
I don't have any solutions on this one. It seems as if the desire for privacy is going up against the desire to have quality healthcare. It'll be interesting to watch this over the next few years.
Want to solve identity theft? Stop making the authentication so easily replayed.
Identity theft is too easy for two reasons:
1. The best uniquely identifying piece of information (in the US) is the SSN. It is a perfect username. And yet, we keep using it as both the username AND the password. It is stupid. Just because I know a unique name for a person shouldn't mean I can open a line of credit for him/her.
2. Even if there were a separate "secret" password, it wouldn't be secret once used. Every time you prove to someone that YOU are you in the current system, you empower that person to prove that HE is you. Let me say that again, because it is important: every time you prove to someone that YOU are you in the current system, you empower that person to prove that HE is you. And, even if you trust that guy, the information you have given can be stolen or lost by him and used by someone else you don't trust.
Instead, we need to find a good way to make public-key encryption work for the masses. Public-key encryption can be used to safeguard one's identity because the authentication is not so easily replayed.
Imagine a dedicated piece of hardware, similar in form-factor to a credit-card-sized calculator, complete with LCD display and numeric keys. Have that card be able to generate key-pairs and easily display and transmit the public key. Then, set up a ubiqitous public key infrastructure that financial institutions and others can use to verify that the public key you give them is really yours.
The government can actually be of help here. Nearly everyone in the US has to go to the DMV and get a driver's license. There is actually quite a bit of identity verification that goes on there, certainly compared to what goes on at a credit-card bank. If the DMV also provided a free key-signing service, then people could bring their key cards in and get their public-keys signed as belonging to the actual person in question.
Then, when a company that wants to authenticate that you really are who you claim to be, they can sign a challenge and send it to you. Your key-card can verify that the challenge is legitimate, and respond by signing their challenge using the stored private key. This private key, btw, would never be accessible off the card or shown in the LCD display.
The neat part about this is that the credentials necessary to prove you are you are never anywhere but that key-card in your possession. It can't be stolen from the bank's computer system or replayed by a retail clerk. Even if it gets physically stolen, they would need your PIN number to use it.
Also, because this would be mandated and use open standards, no one bank or institution would need to shoulder the costs. Each individual would have to purchase a conforming card only once and be able to use it for all financial transactions.
... they would help prevent the usage of Social Security or Driver's License numbers for purposes which they were never intended for. Those numbers were intended to facilitate a government program or priviledge, not act as target for every living American. It's nothing short of ridiculous that my entire life can be destroyed, simply through the loss of one of perhaps half a dozen 7 to 10 digit numbers.
Though I strongly oppose the basis for the Real ID, I'm hoping that it's introduction will consolidate the large number of information that can be used to steal an identity. Likewise I'm wishing that it will come with strong laws which limit it's distribution and outlaw sale of it.
"No, no, no, really, Government, we're OK! Yessir, just a little glitch, we'll get it worked out ourselves! Go back to Iraq and finish rendering it into the unspoiled Eden that you promised..."
"gearing up to fix the problem."
Let me translate for those not wearing foil hats: "Gearing up for National IDs".
I8-D
Agrguing that the government requires everyone to get an SSN and then to conclude the way to deal with identity theft is to eliminate SSN's is typical of the lame emptyheaded remarks that pass for insight on /..
There was no government requirement mandating that everyone get an SSN. The SSN serves to uniquely identify anyone who is eligible to receive Social Security benefits. I.e., anyone who has ever worked for an employer who followed the law and made SS contributions in his or her name.
Since it was so obviously convenient to use this unqiue identifier in other contexts, people did just that. And, as well, parent began acquiring SSN's for their children. This took place decades before anyone had heard of databases.
You can't discontinue SSN's without discontinuing Social Security.
The use of unique identifiers -- for SS, for private retirement programs, for medical use, for tax purposes, in the schools, etc. -- is not going to go away. Rather, it will increase.
-- Slashdot: When Public Access TV Says "No"
Should work about as well as that War on Drugs went. No more drugs in the US any more right?
Identity theft is less a problem of insecure merchant databases and more a systemic problem of establishing one's identity. A determined sleuth can quite easily obtain the necessary identity information of practically anyone they want to. We need a system where it does not matter if your name, address, birth date, SSN, etc. are compromised because your identity is not solely be based on such things. As much as I hate big (inefficient) government, it seems to me that is where identify establishment should take place. It is government that already issues SSN numbers, birth certificates, death certificates, passports, visas, "resident alien" cards, etc. Perhaps it is time for a national ID card. I think we have more to fear from "big business" than "big brother". I certainly would not want to trust a Microsoft or Oracle with all my personal data. Until we have a more secure way to establish one's identity and keep it from being stolen, the problem will only get worse.
Which brings me to the next point: identify theft and credit card fraud are similar but not the same. Both are inherently too easy to exploit and it is my guess that the latter is a much bigger problem. All one basically needs is a valid credit card number, expiration date, and CVV (a correct billing address is an added plus) in order to commit credit card fraud. All this information is routinely stored in on-line databases by merchants around the world. When such databases are compromised, a thief has all the information he/she needs run up credit card bills on all of them.
VISA and MasterCard are mandating the CISP program (Cardholder Information Security Program) on all merchants, requiring them to adhere to a certain level of security (e.g. encrypting credit card information, using 3rd parties to audit security, etc.). This is all fine and good, but it has long been in the self interest of merchants to make sure their data remains relatively secure and that new cards are checked with address verification and/or CVV numbers. Merchants are the ones that suffer the most when customers issue chargebacks for fraudulent charges; credit card companies simply stick it to the merchant after reversing the charge to your card. Some states require merchants to disclose when they know they've been hacked. This is a helpful step, but hardly a solution. Most merchants are loathe to disclose this information if they think they can get away with it because they stand to lose their customer base. If I had received a certified letter from Amazon saying that my personal information had been stolen, I would think twice about ever using Amazon again.
Requiring merchants to plug security holes is much like requiring all the villagers to plug the holes in the dike with their fingers rather than fixing the dike in the first place. It is the system that needs to be fixed more than the insecurity of merchant databases. It should not be so easy to run up a tab on someone else's account just by having their credit card number and a few other particulars. Rather than putting the whole burden on merchants to keep an inherently insecure system secure, credit card companies need to change the way credit is processed online so that it is not so trivial to abuse. Merchants are not in the security business, but credit card companies should be. It is simply not fair to put all the entire burden on merchants.
Do we have to resign ourselves to purchasing things online and then crossing our fingers, hoping that the card we submitted and our identity will never be stolen? I would be interested in your ideas on how to fix the current system or what to replace it with.
One would think that the gov't would be pushing hard to crack down on this problem. It will never go away (like most crimes), but they could make signifcant inroads in stopping this rampant outbreak.
Case in point, look at the software piracy issue. Yes, it needs to be stopped. The gov't has assembled this multi-national coaltion to bust the pirate rings. A similar action could be started, which I think would better serve the average citizen.
But then again, a lobby would need to exist for this. There probably is one, but not with a lot of heavy funding.
The problem is ... We want to be able to walk into a car delership, bank, electronics store and walk out with whtever it is we want on credit
No. The problem is that this information is collected on ALL people in the United States. I've never bought anything on credit. I don't plan to buy anything on credit. If I want to move into a house... I won't do it until I can afford it.
You see... some people like to keep their lives entirely in the black. Some people live a lifestyle they can afford. For these people... there is absolutely no reason to collect credit information!
It's not just a matter of coercing comanies into being responsible with information, it's a matter of giving citizens much more control over who has it, who is allowed to have it, and what they do with it.
Ditto. Let the people who want instant credit opt IN to making their credit history readily available. I don't want instant credit, so why should I suffer the insecurity of it because of everyone else?
And perhaps more fundamentally, if this data can't be stored and used in a secure way, then we should all just have to live without the the "convenience" that it might otherwise have provided. If something can't be done properly then it shouldn't be done at all, no matter what the benefits might be.
Which government? The same one that has the world's largest deficit but continues to spend money on non-essential items? The one that bullies smaller, less advanced countries because it makes the government feel macho (have you ever seen them bully China?)? The same government that is filled with corruption, waste, greed and mismanagement?
If you're refering to the US govenrment, then, HA HA HA HA HA HA HA! That'll be the day when the US actually "fixes" something.
Wouldn't a really good way of stopping ID theft be to stop using the same ID number all over the freaking place for every financial account you own? I'm talking about our Social Security Number.
The government made the problem, now they want to make a solution through more legislation. It's so freaking cute to watch them act like morons!
That they are going to WAIT to tell people that their personal information has been stolen, until their stupid *law* is passed!!
I will gladly loose all of life's battles.. in order to win the war..
More like "government to pass yet another bunch of poorly-thought-out laws and regulations in response to a perceived need to be seen as 'doing something' about the problem."
In other words, don't hold your breath.
Of course, given what's been going on lately, and the sheer magnitude of these security breaches, it's likely that some of our elected leaders are going to get hit, and hit hard. That may make them sit up and take notice but, like all Internet-borne crime they really haven't the power to stop it. They make think they do, and they surely want us to believe they do, but they don't.
The higher the technology, the sharper that two-edged sword.
It's amazing when it happens. All the companies drop you like a hot potato. You have no friends. Everyone is out to get back their money. I even had the bank tell me it's every man for themselves.
It was Hell. You have no clue to how bad it can get with relationships with finance companies when it's on your credit history. It's not that they do not want to do business with you. It's the SIN number they want to stay the fuck away from. Too bad you own that SIN number. Fuck you.
Seriously, I have been through it. It's the worst situation to be in.
Anyone remember the Quicken data files that could be searched by Google. Those people are fucked...
I feel better already.
Join the Slashcott! Feb 10 thru Feb 17!
Now that they have created the false problem and the false reactions, here comes the solution. I hope that everybody will wake up and see that the end result of this whole thing will be to desensitize the public and get them to line up and get chipped..
"It's not just a matter of coercing comanies into being responsible with information, it's a matter of giving citizens much more control over who has it, who is allowed to have it, and what they do with it."
I once had the chance to talk with Representitive Rick Boucher, and he said the same thing. Unfortunately, he explained to me that most of the congressmen are for the companies, because companies drive America's economy. He said that the economy is the priority, even over the citizens, and that our congressmen will do anything to protect the economy.
So; until congressmens priorities change from the economy/business to the people/wellbeing -- not much is going to change.
... until the unthinkable happens, and a terrorist gains the identity of John Q. Citizen, and buys a plane ticket, enters a nuclear facility, etc.
The reason: it's a victimless crime. Credit card companies write it off, police say "well you didn't really lose anything, since insurance covered it/it was written off", and don't investigate.
I know from personal experience. I even hired a PI to find the guy (which the cops wouldn't do, since he just laid low in another county), and they wouldn't investigate. I even gave them his address, and they wouldn't serve a warrant because he was living in another county. Wasn't worth their time.
And this wasn't a high tech scam, either. Just someone breaking into my house while I was away and stealing a checkbook and reading some mail.
Remember how people didn't like the Euro (on board chip) Card in the USA? And the National ID? (with on board chip)
Too bad, that's the solution to the problem *they* just created in the last few weeks, with the media and banker's help of course.
Enjoy!
Ceterum censeo subscriptionem esse delendam.
For many years, the US state that I live in (which shall rename anonymous) required all land deeds to have SSN's on the document filed at the county courthouse. That was yet another simplistic method of implementating a statewide ID number that the counties could use to tell who owned what, etc.
.. but I won't tell you which state I live in. Knowing this is bad enough, revealing the state would be criminal. The whole situation is FUBAR.
So.. down at the courthouse, on the microfilm (some counties may have it on optical I'm sure) is a land deed with my SSN on it. Exposed for all to see. You can't get at it over the internet (at least not in this county, some larger ones perhaps).
This msg is brought to you by the letter 'W'.. for Worthless Wuss
To do all that, I need your SSN.
So, yeah. I store it. I don't store it online. I don't give it out to anyone. But I do store it.
"Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent
I believe that part of eliminating identity theft is to pass legislation that requires mail to be delivered to mail slots in postal customers' doors. Much identity theft could be be prevented by taking this simple step.
BTW, to reiterate other posts, people then should follow up by shredding their mail after reading it, or saving it in a secure file.