by Daniel J. Solove
Identity theft is terrible crime, and it can wreak havoc on victims’ lives. In an identity theft, the thief uses a victim’s personal information to improperly access accounts, obtain credit in the victim’s name, or impersonate the victim for other purposes.
But there is an effective way to stop a lot of identity theft, and the legal framework is already in place to do it. In a relatively short time, the Federal Trade Commission (FTC) could prevent a significant amount of identity theft – perhaps even a majority of it – and no new laws need to be passed.
I know that it might be hard to believe – as hard to believe as a suitcase filled with a million dollars just sitting abandoned on the sidewalk – but it is quite true.
Before I explain how, I need to provide some background.
Professor James Grimmelmann likes to shop at Kohl’s. So much so that he applied for credit at Kohl’s. And he got it.
The problem is that James Grimmelmann didn’t really apply for anything. It was an identity thief. Continue Reading
Kudos to my friend Chris Hoofnagle (Samuelson Clinic at Berkeley Law School) who had his paper on SSRN written about by the New York Times:
For quite some time, banks and financial institutions have been using people’s Social Security Numbers (SSNs) to verify their identities. Suppose you want to access your bank account to check your balance, change addresses, or close out the account. You call the bank, but how does the bank know it’s really you? For a while, banks were asking you for your SSN. Your SSN was used akin to a password. If you knew this “secret” number, then it must be you. Of course, as I have written about at length, a SSN is one of the dumbest choices for a password. Not only is it a password that can readily be found out, but it is a password that’s very hard to change. Not a wise combination. People’s SSNs are widely available, and the data security breaches in the past two years exacerbated the exposure. A lot of legislative attention has focused on the leakers of the data, and rightly so, but not enough attention has been focused on the businesses that use people’s SSNs as passwords. If SSNs weren’t used in this way, leaking them wouldn’t cause the harm it does.