First, some good news: according to the New York Times Magazine , “there are indications that identity theft has peaked.” Keep in mind that this doesn’t mean that identity theft is down, but it does mean that the problem is not growing the way it has been for years. However, this wouldn’t be much of a blog post if I didn’t immediately follow that up with some bad news: our attempts to deter identity theft are targeting the wrong people, and that makes us more vulnerable than we realize.
Two recently published articles help explain the prevalence of identity theft. Ars Technica reported on an unreleased study about “failures to secure computerized personal records.” According to this report, “60 percent of the incidents involve missing or stolen hardware, insider abuse or theft, administrative error, or accidentally exposing data online.” This means that identity theft is largely being committed by disgruntled employees or nontechnical crooks picking up misplaced hard disks, not malicious programmers stealing personal information. Thus, laws that target hackers as the source of identity theft do little to deter its most frequent cause: carelessness.
A second article last week reinforced the message of the first. Computerworld reported that photocopiers make users vulnerable to identity theft. Many modern photocopiers store digital images of what they reproduce. Unfortunately, Computerworld said, “unless security provisions are in place, the data are stored unencrypted and remain there until the drive is full and new data overwrite old.” Thus, without more technical savvy than a screw driver and instructions, an identity thief could potentially steal hundreds of sensitive records from copy shops as people prepare (and copy) their taxes. Corporations that photocopy sensitive personal records are also at risk.
Thankfully, prevention is possible, and I hope that increased media attention focused on identity theft will prod institutions, corporations, and governments to take action with this new information in mind. Collectors of sensitive information must have policies that follow it every step, ensuring that nothing is lost and responding immediately and transparently when something goes amiss. This may require legislative change at some point, but for the time being, you can be an active consumer. When someone asks you for sensitive information, ask why. If they have a good reason, demand to know how they will ensure that your privacy is protected. If they don’t have a good reason or can’t ensure that your privacy will be protected, don’t give them information that could compromise your identity.
Comments