Personal Data Exposed! Can Legislation Fix It?

rabblerouzer writes "Millions have had their personal information stolen because of lax security and may not even know it because of the patchwork of state laws that fail to mandate timely notification of victims. Boston-based law firm Mintz Levin is seeking feedback on what you would like to see included in draft legislation."

New SSN

[Alchemar]

One of the biggest problems with identity theft is that SSN were not intened to be used for identification purposes. My Social Security card clearly states that it is for Tax and social security purposes only - not for identification. Yet every organization out there wants to use your SSN for an ID. It use to be my student number, my health care number, and I can't recall the last time I needed to access banking information that I wasn't asked for the last 4 digit to "VERIFY MY ID" The people that set up Social security numbers knew that using it for ID would be bad. Try refusing to give your SSN. Unless you are independently wealthy, that means no job, no bank account, no phone, no Drviers license, no house, no car, and no insurance. What I want is for them to enforce the laws that we have. If we must have a new law, make it a criminal offense to ask someone for their social security number unless they must file a tax in that person's name, and also make it a criminal offense to use the social security number for any purpose other than filing that tax form. The main problem is that since the Social security office doesn't recognize that a social security number is an ID, having your ID stolen is not a valid reason to get a new number. The social security office recomends that you move to a new country and start over, and other countries actually have fleeing the US for identity theft as one of the reasons to seek relocation into their country

If they absolutly need a national means of identifying people, then it needs to be in a secure manor. My suggestion is to issue everyone an electronic ID card. With all the extra "security" that goes into an id they can afford a small dedicated computer the size of a credit card calculator that only gives a secure ID number. When someone needs to verify your ID, they must request a key from the goverment, similar to a tax ID, but it is the public key for an encryption. They give you their public key, you enter it into your computer wich has your private key, it generates a number, the company sends that number to a goverment computer, it returns the critical information for the person involved. Name and Birthday. If they require more information, they must fill out the goverment forms explaining what information they need, and why; which becomes public record. Set it up so that your computer tells you what the company is, and what information they will be given. Now they have a secure means of identifing you, and you can verify who is requesting the information, and the ID number you give them is only good for that company. They can't use the data to request a new credit card, because the credit card company would be given a different number based on their public key. Set a password on the computer so that it can't be used if stolen, and set provisions where someone can request a new card and private key if it is compromised.

Re:The problem isn't disclosure

[CantStopDancing]

The banks, merchants, etc... are the real losers. However, if it was a serious problem, banks and merchants would be doing something about it.

and the reason they're not is because, and this is the important bit, they pass the costs on to their customers. That's right, banks and merchants don't lose one red cent over identity theft. They simply raise rates or add extra fees or apply previously non-existent charges, when it happens too often. *every* instance of identity theft is subsised by *every* customer of that organisation, without exception.