In the spring of 2006, with reports of computer hacks, lost laptops, and other
precursors to identity theft increasing, President Bush appointed an Identity
Theft Task Force to investigate the problem and suggest solutions.
The group was composed of many of the President's cabinet
including the secretaries of the Treasury, Commerce, Health and Human Services,
Homeland Security, and Veterans' Affairs as well as heads of a number of government
and quasi-government agencies such as The Federal Deposit Insurance Corporation,
the Federal Reserve System, the Securities and Exchange Commission, Office of
Thrift Supervision, the Postal Service, and other banking regulators. The Task
Force was chaired by Attorney General Alberto Gonzales and Deborah Platt Majoras,
Chairman of the Federal Trade Commission.
The Task Force
released their findings last Monday.
The report acknowledges that millions of Americans are victims of identity
theft and "the financial and emotional trauma it causes." Identity theft can
take many forms but its victims are always left with the job of repairing
the damage it causes on their own. "It is a problem with no single cause
and no single solution." The report follows with what can only be seen as self
congratulatory remarks about the work the government has done since Congress
enacted the Identity Theft and Assumption Deterrence Act in the late 1990s.
This includes the establishment of an Identity Theft Data Clearinghouse by the
Federal Trade Commission and prosecution by the Department of Justice of a wide
range of identity theft schemes.
The report, at the same time, recognizes that the problem of identity theft
has become, during this same time frame, more complex and challenging for the
general public, the government, and the private sector and that both public
and private sectors have been confronted with difficult and costly decisions
regarding resolution and with increasingly pressing demands on law enforcement.
The Task Force states that it solicited comments from consumer advocacy groups,
law enforcement, business, and from the victims themselves and emerging from
this research was, first of all, a profile of the "life expectancy"
of identity theft.
First the thief attempts to acquire personal information about
the victim. This can involve low-tech methods such as "dumpster diving" or complex
frauds like malicious computer codes. The stolen information is not necessarily
used for identity theft; during the past year some 73 million people have had
personal information compromised and little appears to have been used for that
purpose but, the report said it is still troubling with potential devastating
results for the persons involved.
Second, the thief attempts to misuse the information. Thieves
can sell the information they have acquired to others or use it themselves by
accessing and misusing existing credit, brokerage, banking, or other financial
accounts or by establishing new accounts that will allow them to take out loans
or make charges and then disappear. The stolen information can also be used
to establish accounts to receive benefits to which the thief is not entitled
or to provide documentation for illegal immigrants.
The third part of the cycle occurs when the identity thief
has completed his work and is enjoying the results while his victim is slowly
awakening to the damage.
To avoid this cycle of damage the Task Force recommends a broad range of improvements.
To prevent identify theft consumer information should be kept out of the hands
of criminals. To this end the Task Force recommends decreasing the use of Social
Security numbers for identification in the public sector; educating
federal agencies on how to protect data (an important step given the enormous
amounts of such information that has been lost by the Veterans Administration
and other agencies); and ensuring that those agencies respond effectively when
data is lost.
In the private sector the report recommends that national standards be established
for the use of Social Security numbers and to require both protection of data
and appropriate and prompt notice to victims when protections are breached.
There should also be an on-going public awareness campaign to educate the public
about identity theft.
Once data is compromised the Task Force says it is essential to reduce the
opportunities for criminals to misuse the data, however they admit that authentication
of applicants is currently liable to error and the report falls back on some
rather weak recommendations that amount to developing better procedures.
Victims of identity theft are often cast adrift, spending years trying to prove
that they did not charge the plasma TV or bounce checks all over Cleveland.
The Task Force offers only broad suggestions to help in this situation. One
is to train law enforcement and other first responders to provide assistance
to victims; another is to assess the efficacy of tools currently available to
victims. Two others that are interesting are amending criminal statutes that,
where restitution is appropriate, would allow victims to recover the value of
the time they spend trying to clear the problem and to study whether there should
be a national system to provide victims with identification documents that would
enable them to obtain credit despite the damage that has been done.
There were also a number of recommendations dealing with prosecuting
and punishing identity thieves which included information sharing, cooperation
with foreign law enforcement, changing monetary thresholds for prosecution,
closing gaps in existing identity theft statutes, more training for law enforcement,
and of course the ever popular establishment of a new agency and a few new forms.
Our cynicism aside, this is important stuff and we hope that the report doesn't
land in somebody's bottom drawer. People are losing their homes, their
credit, and their livelihood because of identity theft and it is only going
to get worse if comprehensive and effective action is not taken.