The Identity Theft Conundrum
“Identity theft” presents an inherent conundrum: The very attributes of modern commerce that consumers value and expect-rapid, easy, 24-hour access to a wide variety of innovative products, services, and information-make identity theft easy to perpetrate and difficult to detect. Similarly, the most effective tools for preventing and detecting identity theft often interfere with that speed and convenience.
For example, how does a merchant verify that a customer presenting a check or credit card or requesting instant credit is in fact who he claims he is? The only way is to require that the customer provide more information or more forms of identification. Yet few customers are willing to tolerate being asked for a second or third piece of identification when making a simple purchase (privacy advocate Beth Givens testified before Congress in July 2000 that federal law should require credit grantors to verify at least four pieces of information), and few consumers would consider a service convenient or rapid (much less “instant”) if they were required to carry a passport or birth certificate to avail themselves of it.
The Role of the Government
In an effort to deal with the problem of identity theft, Congress and some state legislatures are considering laws that would restrict access to, and the use of, Social Security Numbers and other public records. Proposals for such laws are an ironic and ill-focused response to a growing problem, for at least five reasons.
1. Public records are a powerful tool to fight, not facilitate, identity theft.
Two of the major issues concerning identity theft today are how to accurately identify consumers, and how to separate data about one individual from data about another. This is made all the more difficult by the fact that approximately 16 percent of the U.S. population-about 42 million Americans-changes addresses every year; there are approximately 2.4 million marriages and 1.2 million divorces every years, often resulting not only in changed addresses, but also changed last names; and, as of 1998, there were 6 million vacation or second homes in the United States, many of which were used as temporary or second addresses.
Public record information is key to both objectives. It helps businesses verify information needed to identify individuals, such as name, address, telephone number, and the like. And information in public records, such as Social Security Numbers, provide the most reliable, cost-effective way yet developed for ensuring that information about one consumer is not erroneously provided to another consumer or added to another consumer’s file.
Yet this is precisely what proponents of legislation designed to restrict the use of Social Security Numbers want to stop. They argue that such legislation is necessary to limit the availability of Social Security Numbers in the market and thereby reduce their availability for use in identity theft. It is questionable whether legislation would have that effect, given the widespread availability of Social Security Numbers in hundreds of other government and private settings. But it is certain that such a law would greatly increase the likelihood of identity theft and innocent errors by making it harder to identify specifically a unique individual. Far from invading privacy, Social Security Numbers and other public records are a key to accurately identifying citizens and reducing the prevalence of identity theft.
2. Laws restricting access to, and the use of, public records ignore the most common form of identity theft.
Many identity theft laws ignore the fact that identity theft, although often thought of as a crime committed by strangers, is in fact most often perpetrated by friends or business associates. In fact, the Chief Credit Office of Household International, Inc., testified before Congress in 1999 that half of all incidents of identity theft are committed by a family member. Robert Hartle, one of the most well-publicized victims of identity theft and now a leading victim’s rights advocate, discovered that his personal information had been taken by the estranged husband of his mother.
So while legislatures are focused on new laws protecting consumer identity from theft by strangers, they are doing virtually nothing to deal with the most common form of identity theftthat perpetrated by friends and colleagues.
3. The government provides many identity thieves with the tools of their trade.
Laws that would restrict access to, or the use of, public record information ignore the most important role that the government plays in facilitating the activity of identity thieves: providing them with fraudulent forms of identification. The government, motivated by a laudable desire to serve citizens, has made it easier than ever to obtain identification documents. Identity thieves take advantage of that new ease and use it to obtain fraudulent identification documents, such as drivers licenses and birth certificates. According to one 2000 survey of identity theft victims, 45 percent of their cases involved fraudulent drivers’ licenses. Driver’s licenses, state identification cards, birth certificates, and other forms of government-issued identification are the tools that the rest of the economy relies on to verify identity. These and other forms of government-issued identification are the keys to unlocking an individual’s financial record.
4. Laws restricting public records ignore the other steps that the government should be taking.
Laws restricting access to, or the use of, public records not only fail to address the problem of identity theftand, in fact, further exacerbate itthey also distract attention from the other steps that the government can and should be taking to deal with this growing problem.
Virtually all victims of identity theft report that the injury they suffer is greatly exacerbated by the difficulty of working with the police and other government agencies to repair their credit and reputations, and apprehend the perpetrators. One identity theft victim, typical of the stories of many others, told the authors of one survey on identity theft: “The police department treated me as if I were the criminal.” One victim reported being told by the police that “it was not their job.” This is the near-universal refrain from identity theft victims
And victims find that reports of identity theft made with one law enforcement agency are not shared with others. Similarly, the government has so far done little to respond to the problem of identity thieves who use their false identities when arrested or filing for bankruptcy. The government’s inability or unwillingness correct judicial and law enforcement records contributes significantly to the harm experienced by victims of identity theft when they are arrested-often repeatedly-for crimes they did not commit, or they are denied benefits because of bankruptcies they did not file. These are important areas for the government to address.
Ironically, while the government has been slow to respond to the needs of identify theft victims, business has been far more responsive. As a result, one harm that identity theft victims do not suffer is having to pay for the fraudulent charges that identity thieves rack up in their victims’ names. Those charges are virtually always paid by the merchants from which the goods or services were fraudulently obtained, or the financial institutions that extended credit or whose charge or debit cards were fraudulently used by the identity thieves.
5. Laws closing public records ignores the critical role of the individual.
Laws restricting access to, or the use of, public records distract attention not only from the important steps that the government should be taking to combat identity theft, but also from the vital steps that individualsand only individualsmust take to protect themselves.
Keeping a close watch on account activity; reporting suspicious or unfamiliar transactions
promptly; properly destroying commercial solicitations; storing valuable documents securely; protecting account names and passwords; and never disclosing personal information to unknown callers are just a few of the practical steps that consumers can to take to protect themselves against identify theft by both strangers and friends.
Efforts to restrict the use of Social Security Numbers illustrate the irony that privacy protections, rather than being logically motivated by concerns about identity theft, are often wholly at odds with efforts to prevent identity theft. In reality, identity theft is often greatly facilitated by privacy, and the most effective tools for addressing identity theft involve the disclosure and use of additional personal information Government proposals to deny access to Social Security Numbers and other public records that can be used to authenticate identity turn the government into the unwitting accomplice of identity thieves. We must find better solutions.
Frankly, what is needed today are not more laws, but rather better enforcement of existing laws, better education of consumers, more efforts to help identity theft victims recover their good
names and credit records, more effective oversight of government-issued identification, and more explicit recognition of the inherent tension between protecting consumer benefits, including privacy, on the one hand, and preventing identity theft on the other.
Not all of the government’s obligations with regard to identity theft require action: A number require the government to refrain from well-intentioned actions that have the unintended effect of limiting the tools that consumers and businesses use to fight identity theft. Moreover, the government should avoid enacting laws that restrict the availability and use of critical information that helps businesses authenticate the identities of consumers, manage information about them accurately and responsibly, and protect it from unauthorized access or use. Laws prohibiting the use of SSNs for identifying and separating consumer information, that limit the use of fingerprints and other biometric identifiers, or that restrict the ability of retailers to verify the accuracy of consumer information with third parties greatly diminish the ability of businesses to protect consumers from identity theft.
Similarly, the government should be careful to avoid imposing overly burdensome restraints on the responsible uses of personal information. Preventing identity theft is a critical objective, but, as we have seen, many tools to achieve that end also interfere with providing the services that consumers expect and demand. The government should be careful to balance any measure designed to protect against identity theft with the other costs it imposes on consumers and businesses. Overly burdensome restraints on the responsible use of personal information may make identity theft more difficult, but they will also make beneficial services impossible, impractical, or unduly expensive.