From a recent survey:
Nearly half of U.S. voters say they don’t shop online because they fear identity thieves may capture their bank-account information, according to a survey released on Wednesday by a technology-industry trade group.
These fears are heightened because of the rash of security breaches in recent months. I previously posted about these breaches here and here.
However, these fears are misplaced. Much identity theft has little to do with whether people shop online or not. In fact, it has little to do with the measures people might take to protect themselves against identity theft. When I’m interviewed by journalists about identity theft, they often ask me for tips that consumers can do to protect themselves. They are looking for the usual tips — shred your documents, guard your Social Security Number like a hawk, and so on. But these tips aren’t very protective. Social Security Numbers are sold by many companies for a small fee; they appear on numerous public records; and yet companies continue to use them as passwords to gain access to accounts. As I wrote in a law review article about identity theft: “The problem stems not only from the government’s creation of a de facto identifier [the Social Security Number] and lax protection of it, but also from the private sector’s inadequate security measures in handling personal information. ” Thus, I tell journalists that these tips often just make victims of identity theft feel that they are to blame; and that these tips make people feel the illusion of being safe when in fact they are not.
There is little a person can do to protect herself from identity theft. Even if you shred all your documents, you’re only as safe as the lowest common denominator among the hundreds — if not thousands — of companies that use your personal data. Much identity theft occurs not because of online fraud or because people fail to shred their documents, but because of a bad employee at a company who steals people’s data, because of data leaks, or because of the theft of mail. For an account of how identity thieves perpetrate their crimes, see MSNBC journalist Bob Sullivan’s Your Evil Twin: Behind the Identity Theft Epidemic. There are some really fascinating stories in this book.
Identity theft occurs because of an information system that is flawed. The leakage of Social Security Numbers would not be such a problem if they weren’t so widely used by companies and financial institutions as passwords to allow access to people’s accounts. We have a system of monitoring people’s credit and processing personal information that leaves people out of the loop and that lacks sufficient accountability. It’s no wonder identity thieves readily exploit the system.
While such public fears over identity theft might spur legislative action, I wish that people were fearing the real problems. People are correct to be worried, but they have little idea about the causes of identity theft.
Originally posted at PrawfsBlawg
* * * *
This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics. Professor Solove also posts at his blog at LinkedIn. His blog has more than 1 million followers.
Professor Solove is the organizer, along with Paul Schwartz, of the Privacy + Security Forum and International Privacy + Security Forum, annual events designed for seasoned professionals.
If you are interested in privacy and data security issues, there are many great ways Professor Solove can help you stay informed:
* LinkedIn Influencer blog
* Twitter
* Newsletter
