Halting 'Identity Theft' In Era of Internet Access
Bill would limit availability of personal data
WASHINGTON — It's called "identity theft."
Criminals get hold of information about an individual - Social Security number, mother's maiden name, old addresses, credit history - and use it to make charges against credit cards, access bank records, or steal government checks.
It happened to Mari Frank, a lawyer in Laguna Niguel, Calif. A woman fed Ms. Frank's name and Social Security number to a New York bank, got a credit card, and charged $11,000 in her name. The woman also took out a $15,000 line of credit at Frank's bank and bought a red Ford Mustang. Frank only learned of the fraud when the New York bank called for payment.
"It was shock. It was panic. It was technology rape. It was financial rape," she told the San Diego Union-Tribune.
Crooks get information about people in many ways. But one way causing alarm on Capitol Hill and elsewhere is misuse of the Internet, where far more personal information is available than many people realize.
Currently, companies and individuals can collect and distribute personal information with little regulation. But with the increased availability of such data over the Internet and the spread of electronic mail, such information can be widely shared and easily obtained by anyone, leaving individuals increasingly vulnerable.
Sen. Dianne Feinstein (D) of California decided to find out what information was available about her - and was startled by what she learned.
"My staff was able to retrieve my own Social Security number and other personal information from a commercial database in less than three minutes," she says. That experience, along with complaints from constituents, led her to introduce a bill to curb the distribution of Social Security numbers, unlisted telephone numbers, and other personal information.
Sen. Charles Grassley (R) of Iowa, cosponsor of the bill, adds that it takes "minimal information and a few keystrokes" to retrieve a "lifetime" of credit history and other personal information. "For this reason, it is important that we work to make sure some personal information stays out of the hands of people we have never met, whose intentions we don't know," he says.
The Grassley-Feinstein proposal is a step in the right direction, says Robert Ellis Smith, publisher of Privacy Journal, a monthly newsletter in Providence, R.I. But he says Congress needs to focus its attention, in particular, on the "credit headers" on credit reports, which link individuals to the reports. Widespread availability of credit headers, he says, is "a very dangerous practice."
Credit-industry representatives, however, are more skeptical. "We're still studying the bill and its impact..., but at first blush it would appear overly broad," says Lynn Strang of the American Financial Services Association.
Mr. Smith applauds the proposed restrictions on Social Security information, but he says Congress is partly to blame for the problem. Last year, for example, Congress passed laws requiring states to print Social Security numbers on driver's licenses; to require a single number "which will probably be a Social Security number" for health insurance; and to collect Social Security numbers for professional licenses, divorce decrees, and child-custody actions. Moreover, lawmakers decided to encourage use of Social Security numbers in combatting illegal immigration.
"Congress is schizophrenic on Social Security numbers," Smith says. "[Protecting] Social Security numbers ought to be handled in a comprehensive way and not just piecemeal."
The bill has been referred to the Senate Finance Committee.
KEY PROVISIONS OF THE 'PERSONAL INFORMATION PRIVACY ACT'
The Senate bill would:
* Prohibit credit bureaus from buying and selling certain personal information not available in the local phone book, especially the "credit headers" on credit reports, which link the reports to individuals. Credit bureaus routinely sell or rent this information to marketers and mailing-list brokers.
* Prohibit buying and selling Social Security numbers without consent of the person involved.
* Restrict state motor vehicle departments, which often use Social Security numbers for driver's licenses, from distributing license numbers for surveys or marketing.