Identity Theft Crackdown: Strengths, Weaknesses and Red Flags for Identity Theft Task Force Strategic Plan
April 25, 2007
|
Identity Theft has taken center stage this week following the release by The President's Identity Theft Task Force of its latest plan: Combating Identity Theft, A Strategic Plan. The aim of the plan, outlined in a 120 page document, is undoubtedly a noble one: to eliminate or drastically reduce Identity Theft and its related negative consequences. In doing so, the task force analyzed most aspects of Identity Theft and its related crimes and tools including Phishing, Dumpster Diving, Carding, Skimming, etc...
The plan has several strengths and represents a great effort to confront one of the most daunting crimes of the new Millenium. However, there are also some weaknesses, as well as potential red flags, as illustrated below. If the implementation of the plan leverages its strengths by properly addressing weaknesses and red flags, consumers throughout the world could benefit substantially from this initiative.
The Strategic plan's most notable recommendations are listed below:
|
|
 | A- Reduce unnecessary use of Social Security numbers by Federal Agencies
B- Establish National Standards for safeguarding personal data, and announcing any related data breaches
C- Implement a Public Awareness Program through education of consumers, public sector, and private sector
D- Create a National Identity Theft Law Enforcement Center
E- Introduce new measures, expand and toughen-up existing laws for the prosecution and punishment of Identity Thieves
F-
Enable victim recovery through various efforts, including making
victims whole on value of time spent to repair lives, as well as the
possible introduction of an Identification document for Authentication
Purposes
G- Encourage Other Countries to Enact Suitable Domestic Legislation Criminalizing Identity Theft
H-
Facilitate Investigation and Prosecution of International Identity
Theft by Encouraging Other Nations to Accede to the Convention on
Cybercrime
I- Identify the Nations that Provide Safe Havens for
Identity Thieves and Use All Measures Available to Encourage Those
Countries to Change Their Policies
J- Enhance the United States
Government’s Ability to Respond to Appropriate Foreign Requests for
Evidence in Criminal Cases Involving Identity Theft
K- Assist, Train, and Support Foreign Law Enforcement
Many
of the above recommendations will undoubtedly help in the deterrence
and fighting of Identity Theft. However, some of the suggested
solutions also entail potential weaknesses. Specifically, it should be
noted that it is not the |
existence of a Social Security number, nor the
requirement for the use of such number that increase the threat of
Identity Theft. However, it is the use of such number as an identifying
data, and the unauthorized use of such data that exposes victims to the
threat of Identity Theft. Hence, if the use of Social Security numbers
is curtailed (and we certainly believe it should be curtailed),
Identity Thieves may simply target whatever other Identifying
Information becomes required to validate a person's identity. A
creative solution needs to be advanced to render any identifying
information in the wrong hands useless.Prior to the release of the Strategic Plan, we published an article titled: Identity Theft, Phishing and Malware: Global Problems Requiring Global Solutions and Coordination.
In such article, we stressed the importance of tackling Identity Theft
from an international perspective. The Strategic Plan also made such
recommendations as illustrated in the above recommendations G through K.
However, to make such recommendations effective, the government needs
to address international cooperation through both the public and
private sectors. Most of the above recommendations are related to
coordination with foreign government sectors. The U.S. can increase its
effectiveness in fighting Identity Theft by possibly preventing U.S.
companies from outsourcing customer services to other countries, unless
such companies adhere to at least the same proposed National Standards
for safeguarding personal data, and the countries where such companies
operate have enacted the above steps G through K. Otherwise, U.S.
companies may simply shift their social responsibility to another
country with different government and corporate standards. Another area of weakness is the lack of emphasis on the adoption by consumers of a Credit Freeze, also known as Credit Lock / Credit Lock Down / Security Freeze.
The Plan calls for the assessment of credit freeze laws. Specifically,
the plan only included the following paragraph on the topic of Credit
Freeze: "These provisions (Credit Freeze Laws)
are relatively new, and there is no track record to show how
effective they are, what costs they may impose on consumers and
businesses, and what features are most beneficial to consumers. An
assessment of how these measures have been implemented and how
effective they have been would help policy makers in considering
whether a federal credit freeze law would be appropriate. Accordingly,
the Task Force recommends that the FTC, with support from the Task
Force member agencies, assess the impact and effectiveness of credit
freeze laws, and report on the results in the first quarter of 2008."Such
statement is rather weak for many reasons. Primarily, the reference to
the costs associated with Credit Freeze seems to totally ignore the
following fact: it doesn't require an extensive study to realize that
such costs pale in comparison of the costs of Identity Theft. The Plan
did not call for the analysis of the costs of most of its other
recommendations, which will undoubtedly be a lot less effective in
preventing financial damages from Identity Theft than a Credit Freeze
would be (and where the costs associated with those other measures will
probably be a lot more than those for Credit Freeze). Criminal
investigators are typically trained to first identify the motive behind
a specific crime. For some reason, when it comes to Identity Theft, the
motive seems to be ignored. The motive is primarily money. Identity
Thieves steal identities for the main purpose of making money. The only
way Identity Thieves can make money on the theft of an Identity, is to
use the victim's credit to secure illicit credit, loans and transfers.
The ability to place a Credit Freeze / Credit Lock / Security Freeze
prevents the issuance of any new credit or loans. Although this does
not necessarily eliminate all potential financial harm from Identity
Theft, it certainly eliminates a lot of it. Purging most of the motive
will undoubtedly also purge most of the crime. Identity Theft would not
be totally eliminated, as other motives could possibly include :
securing legal status for a job, committing a crime in someone else's
name, etc...The plan also raises potential red flags regarding
Privacy, as well as State Law Jurisdiction. The creation of the
National Identity Theft Law Enforcement Center has many advantages.
However, the sharing of victim data among state and local identity
theft investigators could ultimately lead to Privacy Issues. Such
issues could also cause a conflict between State Privacy Laws, and
Federal Laws.Furthermore, the Plan also suggests that Federal
Data Breach Notification law should supersede State laws. Some states,
such as California, were the first to pass highly effective privacy and
data breach laws. It would be in the best interest of consumers that
neither law supersedes the other. Criminals should be subject to the
strictest interpretation and implementation of both State and Federal
laws. For example, if the Federal law requires notification of data
breach only when several pieces of personal information are stolen in
tandem, such as social security number, date of birth and driver's
license information, while state law requires notification when any one
of such items is stolen, then consumers are better protected when State
law prevails. Otherwise, a consumer whose social security number is
stolen may not be notified under Federal law. This would cause Identity
Thieves to "trickle" their crimes: one day stealing the social security
number, another day stealing date of birth, etc... and the consumer
would stay in the dark until financial damage has occurred.The
Identity Theft strategic plan is a good effort to tackle Identity
Theft. The implementation of such plan, including addressing its
weaknesses, and eliminating other red flags, would help in providing
consumers an added layer of protection against Identity Theft.
Consumers, on the other hand, should never rely on a government plan
alone, to protect themselves against Identity Theft. Consumers should
remain active on a daily basis in deterring, detecting and defending
against Identity Theft. Such Identity Theft protection measures are
extensively discussed at www.creditlock.com.Related Links:http://www.creditlock.comhttp://www.ftc.govhttp://www.idtheft.gov/reports/StrategicPlan.pdf
|
|
To Go Back to Blog, Make Comments or RSS Feeds Click Here |
 |
| Members of Creditlock.com enjoy free access to Credit Lock Down Pro. To access service, Click This Box |
|
|
|
Seed Newsvine