Identity Theft Poses Persistent Threat

N E W  Y O R K,   April 30, 2001 -- On the Internet, quips the famous New Yorker cartoon, no one knows you’re a dog. But that’s not the case anymore.

In fact, today not only is someone likely to know if you're a dog, but they might also know your favorite brand of dog food and whether you've recently purchased a copy of the Lassie Collection 10 pack from Amazon.com.

Privacy has emerged as one of the hot-button issues in the Internet sector and beyond, and perhaps no other topic has recently captured the public's fears about the Information Age as forcefully as identity theft.

The recent case of the Brooklyn busboy who stole the identities of rich and powerful Americans like Oprah and Steven Spielberg suggests that if thieves can get to the elite, it's a piece of cake to rob the rest of us.

‘You Feel Violated’

Victims of identity theft say the experience is like a nightmare whose effects can endure for months or even years.

"I felt totally helpless," says Landon Browning, an engineer in San Francisco who fell victim to an identity thief last year. "I never knew when something new might spring up. I was totally depressed about it."

"It was as horrible feeling," says Robert, a Web developer in Washington, D.C., who asked that his last name not be used. "You feel violated." He says that he spent over 70 hours of personal time dealing with the theft of his identity — far less than most victims of ID theft.

According to CalPIRG report, the typical identity-theft victim spends 175 hours actively trying to resolve the problems caused by the theft. Problems include clearing up credit reports, filling out and submitting affidavits and dealing with lawyers.

The financial costs can be great as well, as victims must deal with a constant barrage of legal fees, phone calls, and miscellaneous expenses.

But perhaps the most difficult cost to bear is the emotional toll taken by identity theft, the feeling that you are always vulnerable.

"It almost tore apart my marriage," says Robert Calip, a victim from Washington state. "Things were so bad that at one point my wife and I were on the verge of divorce. We were really at our wits' end."

Fastest-Growing Crime

According to the Federal Trade Commission, of the roughly 25,000 complaints received for 2000, 25 percent were related to online fraud and deception. So far this year, the FTC says it has been getting more than 3,000 contacts each week via its new identity-theft hotline, up from 285 in 1999.

Although exact numbers are hard to come by, experts and law enforcement officials agree that identity-theft cases have ballooned in recent years, largely because of the Internet. The FBI calls identity theft the fastest-growing white-collar crime in the nation.

"The problem is so large," says security expert John Vranesevich, "that no one can get a handle on it." Vranesevich founded AntiOnline, a company whose sleuthing services have been called upon by the FBI and the Department of Defense.

Indeed, the major law enforcement agencies whose job it is to investigate identity theft crimes in the United States say the Internet has dramatically affected the way they do business.

"[The Internet] has changed the entire landscape of law enforcement," says Bruce Townsend, special agent in charge of the financial crimes division of the Secret Service. "It's been a major challenge for us to deal with the cyber age."

‘A Badge, a Gun and a Laptop’

And the challenge comes with significant costs: Not only must agencies like the Secret Service upgrade their systems to keep up with rapidly changing technologies, their staffs must be well versed in the techniques and lingo of the cyber world.

"Today," says Townsend, "all new recruits get a badge, a gun and a laptop."

But while there is a heightened awareness among lawmakers that something must be done, so far, little of substance has been accomplished.

Congress passed a bill last year that would have restricted the sale of personal information including Social Security numbers, credit information and other data. But President Clinton refused to sign the measure because he said it wasn't strong enough.

This year, two identity-theft bills have been introduced in the Senate, but political pressure from the credit industry makes it doubtful that any bill restricting the sale of personal information will become law.

All three national credit bureaus have come out strongly against any legislation that will hamper their efforts to sell consumers' personal information — a key source of their revenue.

Crime, Made Easy

But while it's proving difficult to find a legislative cure for identity theft, the crime is remarkably easy to perpetrate.

"It's incredibly easy," says Vranesevich. "Even the most novice user can get online and with a little bit of teaching could [commit identity theft] in an hour."

All that is required is a Social Security number and the name, address and phone number of its rightful owner, says Betsy Broder of the FTC. In many cases, this information can be readily found online via various data services like US SEARCH or Net Detective, or even offline with the phone book.

Armed with such information, an identity thief can open a bank account, take out a loan or order credit cards — all of which can now be done from the anonymity of a personal computer.

Compounding the ease of the theft is growing demand for the stolen data: There is a vast virtual black market on the Web, using tools like Internet Relay Chat (IRC) and Instant Messenger (IM), where individuals buy and sell stolen credit card and Social Security numbers with the same ease they might hawk Pez Dispensers on eBay.

And since the Internet is a global phenomenon, the traffic in stolen identity flows effortlessly across borders.

"Today a hacker in Moscow can break into a system in Singapore, steal credit card numbers and transfer them via the Internet to a co-conspirator in Buenos Aires, where merchandise will be purchased that is transshipped and sold on the streets of Miami," says Townsend.

And the crimes are committed in the blink of an eye. "The time it took for me to describe that to you," he notes, "is just about how quickly a transaction like this could have been completed."

Townsend says the current identity theft hot spots are Eastern Europe and Southeast Asia — where the level of education and technical sophistication is high, and where tracking down and prosecuting criminals can be very tricky.

Protect Yourself

Not everyone agrees on how the problems associated with identity theft can be resolved. But most seem to agree that things could improve dramatically if we ceased using Social Security numbers as the primary means of identifying consumers.

"The Social Security number was never meant to be a universal identifier," says Edward Wade, a Las Vegas-based security expert and author of the book Identity Theft. "In fact, it is really poorly suited to the task."

Privacy experts also say that people need more control over what happens to their personal information. They argue for legal requirements that people be made aware whenever information like their Social Security number is being used.

"We need to put the person back in the driver's seat to control their information, " says Andrew Shen, Senior Policy Analyst at the Electronic Privacy Information Center.

Another possible solution is the adoption by banks and credit card companies of new technologies such as retinal scans and voice signatures that could help significantly reduce the level of fraud by raising the bar on perpetrators.

For now, however, there are no such fundamental changes on the horizon. The best thing a consumer can do is to take the necessary steps to protect his or her personal information both online and off and — in a world where information is currency — hope that thieves don't set their sights on their identity.

.