In the spring of 2006, with reports of computer hacks, lost laptops, and other precursors to identity theft increasing, President Bush appointed an Identity Theft Task Force to investigate the problem and suggest solutions.
The group was composed of many of the President's cabinet
including the secretaries of the Treasury, Commerce, Health and Human Services,
Homeland Security, and Veterans' Affairs as well as heads of a number of government
and quasi-government agencies such as The Federal Deposit Insurance Corporation,
the Federal Reserve System, the Securities and Exchange Commission, Office of
Thrift Supervision, the Postal Service, and other banking regulators. The Task
Force was chaired by Attorney General Alberto Gonzales and Deborah Platt Majoras,
Chairman of the Federal Trade Commission.
The Task Force released their findings last Monday.
The report acknowledges that millions of Americans are victims of identity theft and "the financial and emotional trauma it causes." Identity theft can take many forms but its victims are always left with the job of repairing the damage it causes on their own. "It is a problem with no single cause and no single solution." The report follows with what can only be seen as self congratulatory remarks about the work the government has done since Congress enacted the Identity Theft and Assumption Deterrence Act in the late 1990s. This includes the establishment of an Identity Theft Data Clearinghouse by the Federal Trade Commission and prosecution by the Department of Justice of a wide range of identity theft schemes.
The report, at the same time, recognizes that the problem of identity theft has become, during this same time frame, more complex and challenging for the general public, the government, and the private sector and that both public and private sectors have been confronted with difficult and costly decisions regarding resolution and with increasingly pressing demands on law enforcement.
The Task Force states that it solicited comments from consumer advocacy groups, law enforcement, business, and from the victims themselves and emerging from this research was, first of all, a profile of the "life expectancy" of identity theft.
First the thief attempts to acquire personal information about the victim. This can involve low-tech methods such as "dumpster diving" or complex frauds like malicious computer codes. The stolen information is not necessarily used for identity theft; during the past year some 73 million people have had personal information compromised and little appears to have been used for that purpose but, the report said it is still troubling with potential devastating results for the persons involved.
Second, the thief attempts to misuse the information. Thieves can sell the information they have acquired to others or use it themselves by accessing and misusing existing credit, brokerage, banking, or other financial accounts or by establishing new accounts that will allow them to take out loans or make charges and then disappear. The stolen information can also be used to establish accounts to receive benefits to which the thief is not entitled or to provide documentation for illegal immigrants.
The third part of the cycle occurs when the identity thief has completed his work and is enjoying the results while his victim is slowly awakening to the damage.
To avoid this cycle of damage the Task Force recommends a broad range of improvements.
To prevent identify theft consumer information should be kept out of the hands of criminals. To this end the Task Force recommends decreasing the use of Social Security numbers for identification in the public sector; educating federal agencies on how to protect data (an important step given the enormous amounts of such information that has been lost by the Veterans Administration and other agencies); and ensuring that those agencies respond effectively when data is lost.
In the private sector the report recommends that national standards be established for the use of Social Security numbers and to require both protection of data and appropriate and prompt notice to victims when protections are breached.
There should also be an on-going public awareness campaign to educate the public about identity theft.
Once data is compromised the Task Force says it is essential to reduce the opportunities for criminals to misuse the data, however they admit that authentication of applicants is currently liable to error and the report falls back on some rather weak recommendations that amount to developing better procedures.
Victims of identity theft are often cast adrift, spending years trying to prove that they did not charge the plasma TV or bounce checks all over Cleveland. The Task Force offers only broad suggestions to help in this situation. One is to train law enforcement and other first responders to provide assistance to victims; another is to assess the efficacy of tools currently available to victims. Two others that are interesting are amending criminal statutes that, where restitution is appropriate, would allow victims to recover the value of the time they spend trying to clear the problem and to study whether there should be a national system to provide victims with identification documents that would enable them to obtain credit despite the damage that has been done.
There were also a number of recommendations dealing with prosecuting and punishing identity thieves which included information sharing, cooperation with foreign law enforcement, changing monetary thresholds for prosecution, closing gaps in existing identity theft statutes, more training for law enforcement, and of course the ever popular establishment of a new agency and a few new forms.
Our cynicism aside, this is important stuff and we hope that the report doesn't land in somebody's bottom drawer. People are losing their homes, their credit, and their livelihood because of identity theft and it is only going to get worse if comprehensive and effective action is not taken.