Report: Warrantless Surveillance Legal

Regardless of your political party affiliation, I found the following United Press International (UPI) news story quite interesting:

"U.S. President George W. Bush's authority to conduct warrantless electronic surveillance comes from the Constitution, a partisan congressional report says. A Republican staff assessment of the revised Foreign Intelligence Surveillance Act said the president's controversial program is legal. The 13-page assessment comes as the Senate prepares to debate legislation as early as Tuesday on extending legislation governing electronic surveillance of suspected foreign terrorists and spies, The Washington Times reported Monday. The Protect America Act, passed in August, temporarily revised the 1978 Foreign Intelligence Surveillance Act to help authorities better monitor newer technologies. The law expires at the end of January."

We US citizens get to decide what type of government we want. It is not a given; it is not a "slam dunk" that there shouldn't be data privacy for consumers. We get to decide as a nation. We citizens get to decide via voting and via our Congressional reps what checks and balances should exist between the three branches of federal government. We get to decide what oversight exists.

Want to learn more about the Protect America Act? Read this ACLU fact sheet, this Wired analysis, or this San Francisco Chronicle analysis.

Identity Theft Predictions For 2007 Come True

At the end of 2006, the Identity Theft Resource Center (ITRC) made five predictions about identity theft for 2007. Sadly, the ITRC was correct on all five predictions:

• "There will be an increase in check fraud, check synthesizing, and check counterfeiting.
• Phishing will continue to grow as a problem.
• Child, family, and domestic identity theft victims will be acknowledged by law enforcement and companies.
• There will still be a lack of sensitivity and responsiveness toward victims by some law enforcement agencies, companies, and government agencies.
• We will see more communication between various law enforcement entities in multi-jurisdictional cases including the creation of regional taskforces."

The ITRC also made predictions for 2008:

• "... [identity] thieves are getting younger and younger. Recently two people in their early 20’s were arrested, in possession of sophisticated forgery equipment. This is a strong indicator that identity theft is becoming a lucrative career path.
• Identity theft will continue to grow more international in scope. Scams will become more sophisticated and will be harder to detect, as thieves become more industrious and skilled at designing viruses,..
• There will be an increase in the number of breaches due to poor information handling policies and practices.
• There will be a continuation of contradictory studies with less agreement on victim census, cause and effect, facts and overall cost of identity theft. This will lead to confusion, misguided legislation and governmental actions.
• On the positive side, ITRC believes that businesses will develop and implement better ways to authenticate the identity of applicants including Internet and telephone applications.
• There will be a higher recognition of identity theft as a crime by law enforcement. This will lead to more reports written to assist victims in taking advantage of state and federal victim recovery rights.
• There will more legislative action on the issue of identity theft, including limiting the use of Social Security Numbers.
• States and non-profits will be in a better position to provide more victim assistance at no charge."

All of this tells me that we consumers have to be more engaged with issues associated with identity theft. We have to be smarter about where we shop and how we pay for purchases. We have to be more diligent about monitoring our financial files and credit reports. We have to be responsible in using anti-virus software and creating strong passwords. And, we consumer have to hold accountable the companies and agencies that lose our personal data; and the politicians that fail to support identity theft legislation.

How Secure Is Your Bank?

Last week, Javelin Strategy & Research announced the results of their 2007 Banking Identity Safety Scorecard. The report studied identity fraud prevention, detection and resolution for the top 25 banks in the USA. According to the report:

"This year, financial institutions showed strength in resolution practices, but vulnerability in prevention and detection. Javelin analysts recommend that banks provide more account monitoring tools to its customers and empower them to “watch and catch” identity fraud earlier."

Selected ratings for some banks (100 points total possible score):

• Bank of America -- 78 points
• (Tie) JP Morgan Chase, Washington Mutual and Wells Fargo -- 70 points
• Citibank -- 69 points

According to the report:

"... the average financial institution met 77% of the recommended resolution criteria, but showed slower progress in detection and prevention measures. In the 2007 Scorecard, the average bank achieved only 44% of Javelin’s recommended prevention standards and 51% of the detection criteria."

The report included 5 recommendations for consumers:

1. "Enroll in mobile and email account alerts."
2. "Turn off paper statements."
3. "Stay alert for phishing scams."
4. "Frequently monitor accounts."
5. "Don'€™t use your full social security number."

That's definitely good advice.

Finally, A Profile Emerges Of the Typical Identity Thief

The Center for Identity Management and Information Protection at Utica College recently completed a study, funded by the U.S. Department of Justice, of the U.S. Secret Service's case files related to identity theft. The researchers analyzed 517 cases closed by the Secret Service between 2000 and 2006.

This study, which focused on a profile of identity thieves, is long overdue since most studies focus on the ID-theft victims. I think that it's also important to note that these 517 cases are a tiny portion of the total number of identity theft cases every year, many of which go unreported. According to the Federal Trade Commission, about 9 million Americans have their identities stolen each year.

Anyway, the key findings of the study:

• "42.5% of offenders were between the ages of 25 and 34. Another 18% were between the ages of 18 and 24."
• "Two-thirds of the identity thieves were male."
• "Nearly a quarter of the offenders were born outside the United States."
• "80% of the cases involved an offender working solo or with a single partner"
  
• "Fewer than 20% of the crimes involved the Internet. The most frequently used non-technological method was the rerouting of mail through change of address cards. Other prevalent non-technological methods were mail theft and dumpster diving."
• "Of the 933 offenders, 609 said they initiated their crime by stealing fragments of personal identifying information, as opposed to stealing entire documents, such as bank cards or driver's licenses."
• "Most of the offenses were committed by non-employees who victimized strangers."
• "Employee insiders were the offenders in just one-third of the 517 cases. When an employee did commit identity theft, the offenders were employed in a retail business in two out of every five instances... Stores, gas stations, car dealerships, casinos, restaurants, hotels, doctors and hospitals were all considered retail operations"
  
• In about a fifth of the cases, the employee worked in the financial services industry.

While this is valuable research, one must be careful about making conclusions since the study included only Secret Services cases, and of those only closed cases. Want to learn more? Read the Associated Press news release, download the CIMIP study, or read the Red Tape Chronicles post.