Indictments Against Largest ID Theft Ring Ever
It was really big news yesterday, but I don’t think it’s that much of a big deal. These crimes are still easy to commit and it’s still too hard to catch the criminals. Catching one gang, even a large one, isn’t going to make us any safer.
If we want to mitigate identity theft, we have to make it harder for people to get credit, make transactions, and generally do financial business remotely:
The crime involves two very separate issues. The first is the privacy of personal data. Personal privacy is important for many reasons, one of which is impersonation and fraud. As more information about us is collected, correlated, and sold, it becomes easier for criminals to get their hands on the data they need to commit fraud. This is what’s been in the news recently: ChoicePoint, LexisNexis, Bank of America, and so on. But data privacy is more than just fraud. Whether it is the books we take out of the library, the websites we visit, or the contents of our text messages, most of us have personal data on third-party computers that we don’t want made public. The posting of Paris Hilton’s phone book on the Internet is a celebrity example of this.
The second issue is the ease with which a criminal can use personal data to commit fraud. It doesn’t take much personal information to apply for a credit card in someone else’s name. It doesn’t take much to submit fraudulent bank transactions in someone else’s name. It’s surprisingly easy to get an identification card in someone else’s name. Our current culture, where identity is verified simply and sloppily, makes it easier for a criminal to impersonate his victim.
Proposed fixes tend to concentrate on the first issue—making personal data harder to steal—whereas the real problem is the second. If we’re ever going to manage the risks and effects of electronic impersonation, we must concentrate on preventing and detecting fraudulent transactions.
I am, however, impressed that we managed to pull together the police forces from several countries to prosecute this case.
Shane • August 7, 2008 1:10 PM
“If we want to mitigate identity theft, we have to make it harder for people to get credit, make transactions, and generally do financial business remotely:”
Agreed. Again, as I’ve said before and in reference to liability concerns, the major effectiveness of combating this type of theft is going to come in the form of lowering the incentive (or return on investment) for the crime in the first place.