Identity Theft but He That

Identity Theft But he that filches from my good name Robs me of that which not enriches him And makes me poor indeed." Shakespeare, Othello, Act III, Sc. iii. This past February, data aggregator ChoicePoint announced that the personal information of 145,000 in its system had been stolen by thieves; within two weeks, Bank of America was forced to admit that it lost the backup information for more than 1.2 million credit card holders, and immediately after that, DSW reported that it's stores' credit card security systems had been breached.

Corporate America, long infatuated by the hyper-speed power of the Internet, is being forced to acknowledge its pitfalls, ever encroaching on the lives of innocent civilians. Over the past few years, the public transition from in-store purchases to the online markets has coincided with the availability of cheaper database software and storage devices, which make safeguarding valuable data increasingly difficult.

As a result, identity theft is at an all time high due to the proliferation of online financial transactions with companies ill-equipped to handle the information consumer's have been safeguarding for decades. Last year, the Federal Trade Commission sponsored a survey implicating identity fraud as the fastest growing crime in America, with over 9.9 million victims reported, and possibly thousands more either unaware or too embarrassed to admit to their abuse.

Identity theft, a moniker used to encapsulate all fraud committed in which someone wrongfully obtains and uses the personal data of someone else, affects all members and levels of society, from CEOs of major corporations to the postmaster serving his neighborhood. It is a problem that has changed over the years, but the recent rise in an Internet-dominated society has caused not only a marked increase in the theft, but also a rapid transformation in how it occurs.

In the past, Dan Rather and Barbara Walters would report, on occasion, the sad stories of grandmothers and either naive or innocent civilians who would fall prey to identity scams, revealing personal information over the phone to thieves gearing their schemes towards providing a savings account for their futures or assisting in a charitable act. The news reporters would remind the public, with stern face and completely severity, to remember the words of parental wisdom and not give out information to strangers.

The dawn of the Internet age brought these standards social mores into new question. Online transactions, first observed with hesitation by the mass public, were soon proven to be as safe a way of consumer interaction as the traditional marketplace but were also augmented by significant convenience and ease. The idea of sending out information over cable and telephone wires grew less fearsome, and while Americans started purchasing en masse from Amazon and Ebay, the corporate side of the equation failed to keep up.

The sudden surge in profitability and addition of lower-quality software was only worsened by the coming of age of the true techie generation, adept at not only using computers and developing the software to be used on them, but navigating the holes and tears in the online fabric with the ease that only comes from true fluency in technological language. According to the Department of Justice, the problem is made worse by the amount of personal data that is so easily spread in today's world.

Unlike your fingerprints," they report, "which are unique to you and cannot be given to someone else for their use, your personal data, especially your Social Security number, your bank account or credit number, your telephone calling card number, and other valuable identifying data can be used, if they fall into the wrong hands, to personally profit from your expense." The reports of incidence most frequently involve the withdrawal of money from a personal bank or financial account, but the worst cases involve completely pilfered identities, with vast debts accumulated and crimes committed in the victim's name.

Ultimately, the mere financial costs are exaggerated to the extreme by the correction of the victim's reputation in the community and erasing the erroneous information for which the criminal is entirely responsible. The worst cases are few and far between, but so severe that they warrant the attention of the public in addressing the problem, remedying the errors, and creating a viable solution.

One notorious case of identity theft is popularly bantered about in Congress and by decision makers wishing to highlight the possible severity of the crimes and their need for attention; it involves the story of a convicted felon incurred more than $100,000 of credit card debt, obtained a federal home loan, bought multiple houses, motorcycles, and handguns in the victim's name. At this point, identity theft was not yet a federal crime, and the criminal called the victim, taunting him with future endeavors, reminding him of his low legal power.

Ultimately, the criminal filed for bankruptcy - also in the name of the victim. The victim and his wife spent the next four years of their lives attempting to restore their credit and reputation, spending an additional $15,000 of their own to remediate their financial lives. The criminal was tried to the fullest extent of the law - making a false statement in order to procure a firearm. This case, and others, spurred Congress to pass a new federal law in 1998 making identity theft a federal offense.

In the past four weeks alone, more than 2 million people have been put at risk of such criminal activity, with massive breaches in their personal information securities on the parts of major businesses. From Time Warner and Ameritrade to Ralph Lauren, corporate failures have augmented the already booming business of selling personal information, something that has risen drastically in the last five years. In both 2003 and 2004, 10 million Americans reported that they were victims of identity theft.

In 2002, the FTC reported a far smaller 161,800 identity thefts, already up 88% from the 86,200 the year before. In 2000, the reports were still significantly less, totaling only 86,198. On average, victims spend $1,200 of their own money and at least 600 hours trying to manage the problem; the financial loss to businesses that were victims of identity theft in 2003 alone as approximately $50 billion.

According to a study by the Identity Theft Resource Center, a government-funded non-profit, losses in the business community today on average are between $40,00 and $92,000 per victim, although the report acknowledges some cases with nearly insignificant spending and others that incurred vast debts. The estimates for cost, time, and effort increase for 2005, and the ITRC suggests a plausible $1,400 spent in remediation per victim.

Since the FTC acknowledged the identity theft crisis in 1998 and passed a law preventing its federal legality, protection mechanisms to prevent theft have increased with correspondence to the rise in numbers. The Identity Theft Act comprises not only the legislation necessary for indicting the thieves committing the crimes, but also establishes a reasonable system of action for victims and a well-noted desire to substantially decrease the problem in the coming years.

The Act required the FTC to create and distribute a multi-lingual Identity Theft Booklet, availing the consumer of the scams and dangers of which they should be made aware; in its first three years, the FTC distributed more than 1.2 copies. The booklet, Act, and Commission all stress the growing importance of protecting sensitive personal information, promoting safe computer practices to increase consumer confidence, and helping victims regain trust of automated and online financial transactions.

Because so many people are losing not only their financial security but also their identity, the government, corporations, and swaths of non-profits have been and are still developing consumer tools to help people not only prevent the fraud, but also to deal with it systematically once it has been committed.

Among these tools are fraud alerts offered by the ITRC, making known new phishing scams and other criminal plots; the national Victim to Victor program, a series of books and counseling program developed by an attorney, sheriff reserve, and former identity theft victim hailed by Senator Dianne Feinstein as invaluable for both victims and policy makers; alerts, information, and policy news from the Department of Justice website; and the Privacy Rights Clearinghouse, closely affiliated with the IRTC, and with basic, self-explanatory information for consumers and corporations, as well as legislators and the media.

Key to the growing concern about and rise in identity theft is the role played by ever-changing technology. The poor use of technology can be attributed to three different ways in which the security of consumers is breached, all of them a true danger to corporations. Fortune reports that, Executives hoping to avoid joining in should beware: Boosting spending on it security alone won't help.

Secure information typically walks out the door in one of three ways: hackers grab it, employees steal it, or companies loose it through incompetence, poor gatekeeping, bad procedures, or some combination of the three." Advancing technology, they say, is still largely responsible for the "capturing" of the supposedly secure information.

In one case in 2000, two-20-year-olds hacked into the Lowe's credit card mainframe from a white Pontiac Grand Prix parked outside a store, synching a single laptop to the wireless system that was meant for employees to use to locate products. The hackers, obviously to blame for the crime, played on the flaws of a computer system that should not have allowed for a security breach.

While the same hackers were responsible for the fall of a non-profit online service provider named Arbornet only months before, they were unaware of the increasing watchful eye of the Lowe's corporation on their actions. While Lowe's was not yet able to smooth the seams of its system and the holes allowing access, they were able to keep watch, something that all corporations need to take responsibility and do.

From the corporate data center in North Carolina, Lowe's employees were able to trace the breaches in the system and, instead of attempting to shut it down themselves, called for help - from the Charlotte FBI. Working together, they were able to make use of the careful observance of the systems to capture and indict the two young hackers.

The same crimes that play out on a corporate level befall single individuals on a regular basis, most of whom do not have the computer savvy to watch and prevent security breaches of information on their computers or wearily know what information to give whom online.

This sense of mistrust is particularly true lately, when the old adage of not giving information to strangers was disregarded for only giving information to seemingly-legitimate companies online, like the Gap or one's own bank; yet, this new adage seems to give way in light of the recent weeks, when those most trusted with personal information have let it go.

While poor company choices, insecure technology, poor interfaces, and extremely knowledgeable hackers are to blame for much fraud, the role of the consume as an ignorant agent has to also be addressed and faulted. It is this issue - the ignorant consumer - that the government is theoretically required to protect.

Because the basis of the American government is to protect the citizens from harm that might befall them in ways amenable to public interest, the government must take responsibility to help consumers first understand their levels of ignorance, a social charge not easily mastered by the pride Americans characteristically exhibit, but also make knowledge readily available, at their disposal, and easily understood.

At the same time, the role of mandatory Internet security measures to be implemented service providers and built-in fees meant to cover (nearly insure) computers to cover incidence of theft are suggested as public solutions. As solutions abound on the scene, their viability comes strictly into question.

Built in fees attached to a computer upon purchase in order to insure it from theft is encouraged by many, but fails to hold up under the microscope - from what could a built-in fee protect? How could it be applied? If a fraud is committed, the consumer will still have to take the time, money, and legal action to remedy the personal effects, although the idea offers the bonus of encouraging consumer trust.

Regardless of its viability, the concept of insurance is one that insights feelings of security in the American public and is worth entertaining. Stiffer fines are also widely discussed, frequently by legislators who wish to implement a fearsome system of penalties, including jail time, for those who commit the fraud. California, in 2003, became the first state to require companies to publicly announce security breaches, an alternate form of prevention that, while dispersing knowledge to the public, also incites more market fear about online fiscal transactions.

Mandatory ISP coverage is among the most feasible nascent solutions to the problem of identity fraud. Already embraced by start-ups like NetZero who appeal to the renegades from AOL and cable- and phone company- based services, desiring lower fees and higher protection, the coverage requires mandatory filtering of information on behalf of the ISP, tracking how, when, and where information goes when leaving the personal computer to which it provides internet access and where it goes.

The system, in early and proposed stages, marries well with journalists, who acknowledge the public relations strength of the concept, as well as the ultimate security that it may provide.

The use of privacy software by the ISPs would establish an early wall of protection and an immediate source of blame; for example, in the case of the Lowe's security breach, while hackers were at fault for committing the actions, the wireless networking system that made the whole so gaping a twenty-year-old in a Grand Prix could step through it suggests a critical lack of responsibility on behalf of the service provider as reflected in their software.

The May 10 Hearings on Identity Theft and Data Broker Services, as documented by the Sensenbrenner Advocates Watchdog for Judiciary lobby group would suggest that the Federal Government agrees. Testimonies included Kurt Sanford, President and C.E.O.