Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

The Ultimate Identity Theft Prevention Plan

samzenpus posted more than 7 years ago | from the protect-ya-neck dept.

Book Reviews 187

Ben Rothke writes "It's a fallacy that our elected officials take forever to get things done. Two examples where Washington acted with speed are with the National Do Not Call Registry and the Sarbanes-Oxley Act. The National Do Not Call Registry was slated to take effect on October 1, 2003, but various marketing associations challenged its legitimacy and even if the FTC had the jurisdiction to enforce it. Notwithstanding, President Bush speedily signed the bill authorizing the no-call list to go into effect in September 2003 and the United State Court of Appeals upheld the constitutionality of the registry in February 2004. On June 25, 2002, WorldCom revealed it had overstated its earnings by more than $7 billion by improperly accounting for its operating costs. Senator Paul Sarbanes then introduced Senate Bill 2673 that same day where it passed 97-0 less than three weeks later. The House and Senate formed a Conference Committee to reconcile the differences between Sarbanes's bill and Representative Michael Oxley's bill (HR 3763) and on July 24, 2002, the Sarbanes-Oxley Act of 2002 was passed." Read on for the rest of Ben's review.

The bottom line is that when politicians really want votes and PR, they can act swiftly. The frustration is exacerbated when politicians choose to do nothing when it comes to identity theft. In Stealing Your Life: The Ultimate Identity Theft Prevention Plan, Frank Abagnale details the frustration that consumers face (and will face in the years to come) when their identities are stolen, the ease at which the criminals carry out such crimes, and the months and often years of effort required to regain ones identity.

Abagnale's tenure on the criminal side long ago gives him the advantage that he knows firsthand how criminals think and such an outlook is pervasive throughout the book. Looking at the current state of identity protection, he states that he is personally horrified at how easy identity theft is. In fact, he calls it "a crook's dream come true". The book details incident after incident where criminals and criminal gangs obtained credit in someone else's name with ease.

What makes this worse is that the book shows how we haven't even scratched the surface of the identity theft problem. Everyone, including the FTC agrees that current identity theft figures are quite low, due to the fact that so many cases go unreported or undetected.

The book notes that lenders often miscategorize a good deal of identity theft because it looks like delinquent bills, as opposed to a crime. Only later does the victim realize what has been going on and complains, at which time it becomes apparent that fraud was involved. But by that time, the money has been written off as a credit loss and then appears as negative information on the victim's credit report.

Like many other books on the subject of identity theft, Stealing Your Life: The Ultimate Identity Theft Prevention Plan covers the main issues, and makes numerous suggestions on how to control your identity. What is interesting about the book is that Abagnale also focuses on why identity theft is so popular for today's criminals. One of the main reasons it that the person committing the crime has the odds significantly stacked in their favor. The book quotes a Gartner study that found that identity thieves have roughly a 1 in 700 chance of getting caught by law enforcement, which is a figure any criminal would jump at.

The books 13 chapters are written in an easy to read and compelling style. The early chapters detail the prime causes of what makes identity theft such a problem and astutely notes that a large part of the problem is that financial services companies are conducting business today by doling out credit like candy and do almost nothing to ascertain that people really are who they say they are when applying for credit. In addition, issuers of credit in their haste to rack up more business frequently accept a social security number from an applicant at face value, without demanding proof. The book lists many examples of where children and dead people have been given credit.

In chapter 6, the book lists 20 steps one can take in the hope of preventing identify theft. The author notes that since the punishment for identity theft, and the recovery of stolen goods from identity theft are so low, the only viable source of action is prevention by the individual. All 20 steps are fundamental, from protecting your social security number and examining your financial statements, to using a shredder and more.

Chapter 8 lists one of the more important points of the book, in which Abagnale writes that all credit and personal information should be opt-in based, as opposed to the prevalent opt-out requirement. Such an approach is what one would hope Congress would mandate, but does not have the tenacity to do. The problem is that if a consumer does not opt-out, they are giving the financial institution permission to share their personal information with the hundreds and often thousands of affiliates they share data with.

Companies obviously prefer opt-out, which shifts the burden to the consumer to take action to keep their information from being shared. With opt-in, the burden shifts and the financial services company has to prove that consumers granted their consent to have their personal information shared. National opt-in requirements would significant stem the flow of personal information, which is in part why identity theft is so easy to carry out.

Aside from a glaring error in chapter 12 where Abagnale erroneously writes that true authentication is impossible on the Internet and occasionally hawking companies he has financial dealings with, Stealing Your Life: The Ultimate Identity Theft Prevention Plan is an interesting and entertaining book on a subject of the fasting growing crime in the USA.

The book details what happens when an apathetic Congress and financial services industry do almost nothing to protect their constituents, and the thieves who have never had it easier. These identity thieves are able to acquire gigabytes of personal information without ever having to leave their workstations. When you factor in that the odds are in their favor of never being prosecuted, it leaves nearly every individual at risk for identity theft.

With Congress dropping the ball and doing nothing, Abagnale shows that it is up to each individual to take responsibility for protecting their own personal information. Stealing Your Life: The Ultimate Identity Theft Prevention Plan is indeed a great place to start such an approach.

Ben Rothke is a security consultant with BT INS and the author of Computer Security: 20 Things Every Employee Should Know


You can purchase Stealing Your Life: The Ultimate Identity Theft Prevention Plan from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

cancel ×

187 comments

Sorry! There are no comments related to the filter you selected.

Summary? (2, Insightful)

xbytor (215790) | more than 7 years ago | (#19904609)

The summary extract on the front page has nothing to do with the rest of the summary or the article.

Or I'm confused again...

Re:Summary? (1)

gurps_npc (621217) | more than 7 years ago | (#19904745)

No. The poster needs a lesson in writting. Rule 1 = Put your topic in the first sentence, and summarize your argument/belief in the first paragraph.

Re:Summary? (3, Funny)

Hijacked Public (999535) | more than 7 years ago | (#19905217)

Yeah, everyone has to follow some standardized model of writing because readers can't be expected to actually read the whole thing or understand it, if it isn't standardized. Put the Executive Summary right up there at the top so people can read it and make up their minds without too much effort.

Also, show your work on long division. Don't make marks outside the circles. Use a #2 pencil. If you draw a sailboat in the footer you fail the entire test regardless of what you know. This is all because your success over the entire rest of your life is going hinge moron your ability to follow instructions to the letter rather than your ability to think.

Mod Parent Up (1)

Bastardchyld (889185) | more than 7 years ago | (#19906587)

If I had mod points my friend your post would have them... This is probably the most accurate (however sarcastic) description of how things actually work on /. Bravo!

Re:Summary? (0)

Anonymous Coward | more than 7 years ago | (#19906811)

I disagree. I want the summary to have some relevance to the rest of the article. This one was misleading. Once I figured that out I skipped to the /. comments.

Re:Summary? (2, Interesting)

eln (21727) | more than 7 years ago | (#19904781)

Let me summarize the article for you:

First part (front page): Government actually can get things done quickly, and here are two examples of when they did just that. Saying the government is incapable of doing things quickly is just factually wrong.

Second part (all but the last paragraph): Here's a bunch of stuff about this book that details things you can do to stop identity theft, and things the Government could do except the Government sucks and won't do anything.

Last part (last paragraph): Government is incapable of doing things quickly, so you'd better protect yourself.

Re:Summary? (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#19905067)

You forgot to add that it doesn't even make mention of the fact that Hedwig and Dobby die and Ron marries Hermoime.

Re:Summary? (1)

hpavc (129350) | more than 7 years ago | (#19905733)

Seems like a commercial for http://gunbroker.com/ [gunbroker.com] to me

Re:Summary? (1)

utopianfiat (774016) | more than 7 years ago | (#19906311)

Never mind that, there's trolling to be done!

Aside from a glaring error in chapter 12 where Abagnale erroneously writes that true authentication is impossible on the Internet

What the fuck is this shit, slashdot?! Have you read YRO recently and have you heard the longstanding legal argument that a personal computer is far removed from a PERSON? I mean ffs, at the very least anything you do in code ignores the fact that a person may not be in control of their computer and its data!

Furthermore: The ultimate identity theft prevention plan is to NOT HAVE AN IDENTITY. If you don't use credit, if you don't use banks, if you don't have social security, there's nothing to steal. Change your name to John Smith, erase your fingerprints with a chemical burn, and gouge out your retinas.

another summary (0)

Anonymous Coward | more than 7 years ago | (#19904613)

not a review

Always work as Anonymous Coward (1)

EmbeddedJanitor (597831) | more than 7 years ago | (#19905173)

No identity to steal!

Re:Always work as Anonymous Coward (0)

Anonymous Coward | more than 7 years ago | (#19905303)

Actually if we all publish our socsec numbers the system will be overwhelmed and it will no longer be a valid identifier.
It should not be an identifier anyway since it is very insecure.

Get back to tech stuff (0, Troll)

moseman (190361) | more than 7 years ago | (#19904641)

Who the F&*^ cares. Let's remove the political shit and get back to sci-fi and other nerd-oriented material. I for one am tried of it.

Re:Get back to tech stuff (0, Offtopic)

PopeRatzo (965947) | more than 7 years ago | (#19904973)

moseman, I'm tried of the political shit, too. The problem is that they're not going to leave us alone to enjoy our "nerd-oriented material" until we make an example out of a few of these cocksuckers. When politicians, at the behest of big telco, takes away the wide-open Internet that we all enjoy, the only "nerd-oriented material" we're going to get is going to come from some division or "strategic partner" of AT&T. Plus, it's not going to be as much fun reading "nerd-oriented material" when all the tech jobs are in Mumbai or Mexico and you're a "Coffee Master" at Starbucks, worrying about whether you're going to need an appendectomy and have to go into bankruptcy.

Michael Ledeen, the famous neo-con who helped the Bush Administration develop the current "proactive, preemptive" approach to foreign policy liked to say that every so often the US needs to take some insignificant country some where, slam them up against the wall a few times, just to let them know that we can still do it.

I feel the same way about tinpot dictators like Cheney and Bush. Every so often in the history of the US, the citizens have to take one of these little shits and teach them who's boss. We did it with Nixon, and Bush makes Nixon look like George Effing Washington.

Re:Get back to tech stuff (2)

The New Stan Price (909151) | more than 7 years ago | (#19906467)

History lesson for PopeRatzo:

1. George Washington marched troops into people's houses and demanded taxes on their stills. (Whiskey Rebellion)
2. George Washington talked of God and Faith in many of his speeches, just like the evil Religious Rightist G.W.
3. F.D.R. put Japanese into camps and opened people's mail during WWII. He preemptively attacked Germany, even though it was the Japanese who attacked us.
4. Kennedy got us into Vietnam, and preemptively attacked Cuba, then left people for dead and denied it.
5. The evil big telco and big oil provide jobs and products that people want. Congress, which has been controlled by Democrats 85% of the last century, made the rules that big telco and big oil follow.
6. Marxism and Leftism have produced more poor people and dictatorships than Capitalism ever has.

Opt-in is essential (5, Insightful)

fizzbin (110016) | more than 7 years ago | (#19904655)

It is absolutely correct that in order to combat identity theft effectively, information sharing must be opt-in. In fact, even to report your information to a credit reporting agency, you should have to explicitly authorize such reporting.

Of course, the credit bureaus and other data brokers who make money off your data would scream and holler. They would decry how "credit reporting is a benefit -- it lets you get credit easily and cheaply." Funny thing though -- you cannot refuse this "benefit".

Re:Opt-in is essential (4, Interesting)

Radres (776901) | more than 7 years ago | (#19904941)

Here's what I think: they should make credit card companies 100% responsible for any identity theft losses, as well as force them to pay restitution to identity theft victims.

That way, maybe the credit card companies will stop wasting paper and resources to flood our mailboxes with unnecessary credit card applications and start thinking about how to improve the security of setting up a credit card.

Re:Opt-in is essential (1)

Bastardchyld (889185) | more than 7 years ago | (#19906653)

You are 100% correct, however the problem with that is, that our legislators have no incentive to do just that. I mean seriously if they did make the companies liable the upside would be that they would get re-elected, the downside would be no free trip to the Bahamas. If they do not make the companies liable the upside is that the "Financial Services" companies will give them enough money to fix the damage caused by not doing anything, the downside is... Oh wait the only downside is nothing...

Re:Opt-in is essential (1)

Captain Splendid (673276) | more than 7 years ago | (#19905037)

(Score:3, Troll)

Jebus, this isn't even mods on crack, it looks like the credit agencies got mod points today!

Re:Opt-in is essential (1)

Red Flayer (890720) | more than 7 years ago | (#19905199)

you should have to explicitly authorize such reporting.
You do. Or don't you read the fine print on those service/credit agreements you sign?

You have a choice -- either be part of the credit culture (and deal with credit reporting) or get off the credit "grid" and not be able to easily purchase basic necessities like telephone service. You could go prepaid for some of that, though.

Re:Opt-in is essential (2, Interesting)

erroneus (253617) | more than 7 years ago | (#19905283)

Oh it is the credit industry's creation, by and large, that has enabled this problem with fraud. But more precisely, it is the accepted and institutional use of the "human serial number" (aka the SSN) that enables this to happen the most. And frankly, all of this was predicted to happen when this system was being created. It was created in spite of enormous protest and now this is happening. The credit reporting laws were created to help ease the public outcry... fair collection acts and the like as well. But truly, this system should simply be abolished. The old ways were for consumers to provide references and I'm guessing that should be good enough.

The risk of loaning money should always be a risk.

It just seems like every time, without fail, that government caters to a proposed business model, we the people get it up the butt.

I have said it before and I'll say it again. AVOID DOING THINGS ON CREDIT. You'll find that there will be more money in your pocket somehow and you'll be less ready to buy "stupid things" so often. Further, if more people did this, we'd find prices for consumer goods dropped to "wal-mart" prices more often because no one would want to sell too many things that were beyond what people are willing to pay for in cash!

Re:Opt-in is essential (0)

Anonymous Coward | more than 7 years ago | (#19905403)

and then people would stand outside appliance and electronic shops to rob people who are going to make major purchases because they will have tons of cash on them. Credit is a free loan as long you a pay it in full every month. Only the irresponsible should avoid using credit.

Re:Opt-in is essential (1)

erroneus (253617) | more than 7 years ago | (#19905695)

Have you not heard of debit transactions?

Re:Opt-in is essential (1)

Bastardchyld (889185) | more than 7 years ago | (#19906779)

Debit is simply there to make using credit easier.

Debit was created by the credit companies so that they take the spending money out of spending money. This is why the cards look and feel exactly the same. It takes away our sense of value. We are no longer handing over a $20.00 bill that we will never get back we are simply swiping a card that we get right back.

When people get used to using debit it becomes easier to use a credit card, because in reality you are just using a different piece of plastic. There is no connection between this card and money. I personally think that these financial services firms will continue to change the method of payment that consumers use to keep consumers off-balance and out of touch with how much they are actually spending.

Besides one of the downsides of the debit card is that you may only be protected from theft of any amount OVER your bank accounts balance (assuming the thief manages to snag your PIN as well).

Re:Opt-in is essential (2, Insightful)

Zathrus (232140) | more than 7 years ago | (#19906109)

It is absolutely correct that in order to combat identity theft effectively, information sharing must be opt-in


No it's not. What should be freely available, however, with no requirements or costs, is a credit block -- the ability to prevent any new accounts from being opened on your credit reports as long as the block is in place (typically the block can be temporarily removed/disabled via phone and a PIN; that way you can still get new credit, but at least then you _know_ when you're getting new credit).

Funny thing though -- you cannot refuse this "benefit".


Sure you can. Just never give your social security number on any form that asks you for it.

Of course, you may also find that you can't get credit at all in such a situation. But that's basically what you're asking for anyway. After all, if it's an "opt-in" to share credit info, then why couldn't I just open a few lines of credit, refuse to allow them to send info on them, and then default on them? Oh sure, it's illegal, but what are they going to do? Send debt collectors after me? Relatively easy to deal with, especially if you're the kind of person who would pull this. They can't ruin my credit report -- I've told them they can't.

Look, credit has become ubiquitous purely because of the credit bureaus and their data aggregation. It's not an inherently bad thing, but it could certainly be improved. A freely available block would go a long way toward solving the issues. It wouldn't completely fix them; that's fine. The point isn't to stop it completely, as that would be too costly to both the creditors and to consumers, but to make it too difficult and expensive (in terms of money, time, effort, and/or likelihood of being arrested) for identity thieves to bother with.

If you think that credit aggregation is unnecessary -- well, then be prepared to have the credit industry go back to how it was prior to their existance (which started in the 1940s and 50s) -- short term, variable rate mortgages were the norm, credit cards didn't exist (unsecured credit? Are you kidding me?), and loans of all kinds were both more expensive and more difficult to get. Why? Because lenders had no real way of telling if a borrower would be a good risk. Pretty much your best bet was to have a bank with whom you did all your business (because then they know your credit), use them for years, and then ask for a loan. Young? New in town? Too bad. You're too high of a risk. Get lost.

Note that I'm not saying the aggregators are perfect. Far from it. But it's a far, far better scenario with them than without.

Oh, and note -- if you're a business that uses credit scores you can also forgo giving the bureaus any information. Of course, you'll pay 3-5x as much per inquiry (even in bulk, for partial data) than you will if you report back to them.

Congress acts in haste, we regret at leisure (4, Insightful)

Attila Dimedici (1036002) | more than 7 years ago | (#19904695)

Yes, Congress can act rapidly. Unfortunately, it almost always results in a bad law. Sarbanes-Oxley is a great example, it costs a lot more than it saves. The most efficient way to prevent the problems it is designed to curb is by keeping the tax on stock dividends at the same as the tax on capital gains. If a company gives a dividend, it cannot play the accounting games that lead to the abuses that SOX was designed to stop.

False statement != fallacy (0)

Anonymous Coward | more than 7 years ago | (#19904865)

It's a fallacy that our elected officials take forever to get things done.

No, it is not a fallacy. A fallacy is an invalid form of reasoning, not an incorrect statement. Dicto Simpliciter is a fallacy. Circular reasoning is a fallacy. A popular belief which is incorrect is NOT a fallacy, it is merely an incorrect belief. When used in the context of a formal argument, it would be a false premise.

If you are going to use fancy words like "fallacy," get them right.

Re:False statement != fallacy (1)

PCM2 (4486) | more than 7 years ago | (#19905113)

Nice rant, AC, but maybe you want to pick up a dictionary [m-w.com] next time you feel like playing Word Nazi.

Re:False statement != fallacy (0)

Anonymous Coward | more than 7 years ago | (#19905311)

You're a fucking idiot. No other words describe your stupidity.

Brilliant! (0)

Anonymous Coward | more than 7 years ago | (#19906635)

If I wasn't also an AC, I would mod you insightful. They way you demonstrated the error of the grandparent post and backed up your case with links and supporting evidence really shows your intellectual superiority.

I am sure the GP poster read your post and thought, "you know, he has a good point. I was mistaken. I should thank him for pointing that out and work harder at verifying my facts before posting in the future. I wish more people would make useful posts like that."

Way to go!

Re:False statement != fallacy (1)

Jansingal (1098809) | more than 7 years ago | (#19905941)

There was a grammar book written which has a list of words called 'lost causes'. It is words who true meanings were mangled, but since they are so heavily used, impossible to return to the tgrue meaning. While the true def. of fallacy is reason based, it is used to refer to any misconception. /jay

Re:Congress acts in haste, we regret at leisure (1)

AuMatar (183847) | more than 7 years ago | (#19905339)

You don't seem to understand what SOX was supposed to do. It was not designed to stop a single tax scam. It was designed to prove accountability in finances, so that executives in the future can't play the "I didn't know about it" game. As for the cost- 90% of the cost is due to auditors outright lieing about whats required, in order to get juicier contracts.

Re:Congress acts in haste, we regret at leisure (1)

Attila Dimedici (1036002) | more than 7 years ago | (#19905717)

It wasn't supposed to stop a tax scam. It was designed to stop companies from cooking their books to make their stocks the company appear more valuable than it actually was(oversimplification). In other words companies were playing games with their books so that people would pay more for their stocks. These games don't work when the company is paying a dividend. If the tax rate on capital gains is less than the tax on dividends (which it was throughout the 90's) then investors prefer for the company to reinvest in the company rather than pay a dividend. The investor will make his profit off the sale of the stock. If the tax on dividend is the same or less than the tax on capital gains, many investors will prefer a dividend so that they can redistribute their profit and still maintain their "position" in a particular company. You can't pay out a dividend every year if your profits are all generated by shifting debt around.

Re:Congress acts in haste, we regret at leisure (1)

SeattleGameboy (641456) | more than 7 years ago | (#19906455)

[Quote]You can't pay out a dividend every year if your profits are all generated by shifting debt around.[/Quote]

That is a gross over-simplification how the problems SOX is trying prevent.

As long as I have cash-flow, I can easily pay out dividend and STILL cook the books. It is not like Enrons and Worldcoms of the cooked the books for decades, it was for a limited time period (10 years). As long as I have enough cash-flow I can easily cover the dividends required. As matter of fact both Worldcom and Enron payed dividends while they were cooking the books.

The problem is that there is a HUGE payoffs for executives if they can show short-term progress. Paying dividends have no effect other than to give even more motivation for the executives to cook the books (since they own significant stock holdings).

Re:Congress acts in haste, we regret at leisure (1)

Attila Dimedici (1036002) | more than 7 years ago | (#19906607)

Neither Enron nor Worldcom would have been able to cook their books the way they did if they were paying out dividends. Several years ago I saw a detailed analysis by an investment expert showing the nature of both of their accounting tricks and why they would not have worked if the company was paying dividends. Part of the explanation has to do with the cash for the dividends and part of it has to do with the way that available cash would have been reduced. Basically the gist of it was that they were already using their cash flow to disguise what they were doing, if they had to pay dividends out of that cash flow as well, it would not have been big enough to hide what they were doing.

Re:Congress acts in haste, we regret at leisure (2, Insightful)

Arcane_Rhino (769339) | more than 7 years ago | (#19905649)

Why was this marked flamebait?

The National Review pointed out recently that Sarbanes-Oxley, which was more or less intended to protect the non-professional investor by requiring greater scrutiny and transparency of publicly traded companies, requires a lot of overhead to administer. Consequently, while the larger firms can/have complied without a blink, the smaller start-ups (in particular, but not exclusively) have simply opted to avoid Sarbanes-Oxley by not going public.

So what, one says... Well, these smaller companies, while a greater risk, also provide greater gains. Not being publicly traded, however, the required money for investment is substantially higher than all but the wealthy can afford. Consequently, Sarbanes-Oxley leaves only the wealthy in a position to invest in projects with the greatest returns.

So, getting back to my question, while you may or may not think that Sarbanes-Oxley is a great piece of legislation or disagree with my (very likely butchered) representation of a conservative analysis of Sarbanes-Oxley, how is the parent flamebait?

Re:Congress acts in haste, we regret at leisure (0)

Anonymous Coward | more than 7 years ago | (#19905709)

I agree with you that SOX costs a lot more than it saves, but your alternative would be 100% ineffective. How is that going to stop fraud or lax controls in any way, shape or form? Do you realize that most of the

The only way I see your plan working is if you somehow force companies to give out a piece of their stated profits in dividends. Otherwise, companies can go merrily along, inflating their earnings, and raising their stock price as usual.

Re:Congress acts in haste, we regret at leisure (1)

jellie (949898) | more than 7 years ago | (#19905785)

Congress often acts rapidly only in response to big incidents. For example, Sarbanes-Oxley was passed in the wake of the Enron and WorldCom scandals, the PATRIOT Act following the attacks, and the Kefauver-Harris Amendment (which required drug manufacturers to prove the safety and efficacy of a drug) was passed after the thalidomide incident. The PATRIOT Act is an example of a terrible law, in every way. Sarbanes-Oxley has its flaws (some of which you mentioned), but it was not really intended to save money, but rather to hold executives accountable for the company's accounting. The Kefauver-Harris Amendment, IMO, is considered to be a very good (and obvious) requirement.

And as for identity theft, Congress will only pass a sweeping law if some wide-scale incident of identity theft occurs... oh wait...

Re:Congress acts in haste, we regret at leisure (2, Insightful)

Attila Dimedici (1036002) | more than 7 years ago | (#19905899)

SOX was intended to protect the small investor. It has resulted in fewer opportunities for the small investor (fewer companies going public, profitable public companies going private). SOX is a bad law. I am not familiar with the K-H Amendment, but every law that I am familiar with that was passed quickly after some major event (because Congress "had to do something") has been a bad law.

Re:Congress acts in haste, we regret at leisure (1)

Shihar (153932) | more than 7 years ago | (#19906439)

SOX murders startups that go public. The reporting requirements take an army of accountants to comply with. Only large corporations can effectively go public these days do to the horrific costs that SOX imposes upon small businesses. As a result, most small businesses try and get bought out instead of going public. If they get bought out, the accounting is someone else's problem. SOX has done nothing good for American businesses. The amount of money being lost due to the stock market being a place where small businesses can no longer participate in is far more than whatever money is being saved in higher accountability standards.

Congress could not of thought of a more effective way to hurt small businesses while at the same time bettering large businesses (especially ones that like to buy small businesses) if they had tried. SOX is a financial crime. The only thing worse than the fact that SOX got passed without one fucking congressperson thinking about the consequences of their shitty bill is the fact that they still have not repealed it.

Re:Congress acts in haste, we regret at leisure (1)

coredog64 (1001648) | more than 7 years ago | (#19906621)

It's not just the reporting requirements. My employer has been advised by our SOX auditors that every system needs to enforce separation of duties. I can have privileged
access to either prod or dev, but not both. So rather than granting access to prod and dev on the condition of being responsible, my boss has to grant me access to one or the other.
Which means even though I have time to support both prod and dev, I cannot. 2x the employees for 1x the work doesn't make for very good financials.

Re:Congress acts in haste, we regret at leisure (0)

Anonymous Coward | more than 7 years ago | (#19906711)

Sarbox has been a boon for IT, a veritable Y2K replacement. Despite the credit "web 2.0" has been given for reinvigorating the tech economy post 2001, it's nothing compared to the demands sox put on brick and mortar businesses, which have in turn required significant IT expenditures just to get a handle on the problems it created. I hope they never repeal it and somthing tells me if they do, it won't be "web 3.0" that will save us.

A fallacy? (1, Interesting)

doombringerltx (1109389) | more than 7 years ago | (#19904699)

So because Bush quickly signed the the do not call registry into law in 2003 then that is a credit for governments swift action? Telemarketing has been a huge pain in everyones ass and telemarketers calling during diner has been a joke for as long as I can remeber. By 2003 spam and pop ups were doing a great job of helping to make telemarketing obsolete anyways.

Re:A fallacy? (1)

UbuntuDupe (970646) | more than 7 years ago | (#19904769)

Yeah, griping about telemarketers was a national pasttime (sp) long before '03 -- I personally remember it in the 80s, and I'm sure it was big even before that. And then when they passed the law, they exempted politicians and, for all practical purposes, any business that I have ever communicatd with (ongoing business relationship!). So yeah -- not very swift.

Btw, I just love when the presidents of these marketing associations gripe when someone posts their contact information ... as if it's a violation of their rights to get all these calls!

First Prime Factorization Post (1)

2*2*3*75011 (900132) | more than 7 years ago | (#19904705)

On June 5*5 2*7*11*13 WorldCom revealed it had overstated its earnings by more than $2*2*2*2*2*2*2*2*2*5*5*5*5*5*5*5*5*5*7 by improperly accounting for its operating costs. Senator Paul Sarbanes then introduced Senate Bill 3*3*3*3*3*11 that same day where it passed 97-0 less than 3 weeks later. The House and Senate formed a Conference Committee to reconcile the differences between Sarbanes's bill and Representative Michael Oxley's bill (HR 53*71) and on July 2*2*2*3 2*7*11*13 the Sarbanes-Oxley Act of 2*7*11*13 was passed.

True Authentication on the Internet? (0)

lib3rtarian (1050840) | more than 7 years ago | (#19904729)

The reviewer says that the authors claim that true authentication is impossible on the internet is an error. I think this is more a matter of opinion. The term true authentication, without getting too semantic, is open to a debate that I see being philosophical in nature. If one's definition of true authentication involved, say, eye-to-eye contact, then this obviously couldn't be accomplished on the internet (even a webcam could be spoofed). What do people think? Obviously eye-to-eye contact isn't a great definition, but neither is an RSA ID.

Terrible Examples (5, Insightful)

loteck (533317) | more than 7 years ago | (#19904751)

Sarb-Ox was indeed put together and passed very quickly, and it shows. The cost to implement compliance is so overwhelmingly high that small and midsize businesses simply cannot afford to do it, and Congress has recognized this and delayed enforcement. It seems all but sure at this point that Sox will never take effect on small and midsize public companies in its current form.

The Do Not Call registry was timely? People have been complaining about unwanted phone solicitations for years and years. That is actually an excellent example of Congress showing that it is incapable of moving quickly enough.

And, finally, lets not forget about the USA PATRIOT act. That passed in 1 night in response to 9/11, and I'm sure my fellow Slashdotters will agree that it was brimming with righteousness and justice. Thank christ Congress acted quickly on that one.

No, I'm afraid kneejerk reactions by Congress are not the answer you seek. The elephant in the room that no one in Congress wants to recognize is that identify theft is so easy now only because we have tied ourselves to our Social Security numbers, something that was never supposed to happen and something that fundamentally undermines the idea of individual privacy and freedom. Do not look to the people who created this problem in the first place to fix it without continuing to divest you of your personal liberties.

Re:Terrible Examples (3, Insightful)

slughead (592713) | more than 7 years ago | (#19905127)

And, finally, lets not forget about the USA PATRIOT act. That passed in 1 night in response to 9/11, and I'm sure my fellow Slashdotters will agree that it was brimming with righteousness and justice. Thank christ Congress acted quickly on that one.

Most if not all of the components of the Patriot Act had been previously written and people had been trying to tack it onto other legislation for years.

For as much as the Patriot Act gets the blame for all our "rights lost" in the past 6 years, it really was just a short piece of literature that merely 'connected the dots' on all this other crap that we had already established.

For example, the FISA (Foriegn Intelligence Surveillance Act) court was handing out secret warrants without accountability since Reagan created it in the 1980's. The Patriot Act simply turned that court against American citizens. Just one tiny change in wording can have profound effects.

Government moves slowly, but much of the time methodically, in taking away individual liberty.

Rewarding the Guilty (3, Interesting)

Anonymous Coward | more than 7 years ago | (#19905165)

Agreed, Sarb-Ox was put together and passed very quickly, and it shows.

Consultants are in the business of selling billable hours, nothing more. It doesn't matter if they are accountants, lawyers or MBAs. Their advice is what led to the meltdowns at Enron, MCI, etc. They were trying to find clever ways to reinterpret SEC rules and GAAP(Generally Accepted Accounting Procedures). GAAP are not written by the government. The SEC trusts the financial services industry to police itself with its own written policies. That trust was violated.

Sarb-OX was a knee-jerk reaction that created more rules, more oversight, and more billable hours for the financial services industry. The intent was good, but the implementation was flawed, it rewarded the guilty.

Much like our income tax system should be simplified, so should the SEC and GAAP rules be simplified. The amount of paperwork and billable hours that are created just for executives to move a sale, or a loan, or a payment from Q3 to Q4 just to maintain a stock price in the short term to get their bonus is an enormous drain on our entire economy.

Imagine a world where the accounting rules were so simple that the Financial Services Industry could only bill half of the hours next year.

Re:Terrible Examples (2, Interesting)

MarsDefenseMinister (738128) | more than 7 years ago | (#19905451)

You touched on but didn't explicitly identify the main problem: the law was a reaction to a very very few bad apples and it makes everybody else pay for the mistakes of those few.

Prices to the customer are higher because the prices to the companies are higher. This is truly a cure that is worse than the disease, introducing a huge level of economic inefficiency. If it's ever required for small companies, it'll raise the bar for entrepreneurs even further, lowering the number of companies created. This thing is attacking the capitalist economy directly. Our entire way of life is based on that kind of economy, and I have a sneaking suspicion that it originated as an attempt to undermine that, to move us towards a more European model. Could this be one of the reasons why this was enacted so quickly? That it was planned in advance, waiting for a reason to implement it?

Patriot Act was passed quickly too (0)

Anonymous Coward | more than 7 years ago | (#19904793)

And any review that fails to mention that the author was the main character from Catch Me If You Can while mentioning the totally unrelated sarbox bill is probably not very good.

location (0, Troll)

JustNiz (692889) | more than 7 years ago | (#19904803)

>> It's a fallacy that our elected officials take forever to get things done. Two examples where Washington acted with speed are...

Please can article-posters to slashdot stop assuming all readers are in the USA.

Re:location (0)

Anonymous Coward | more than 7 years ago | (#19904935)

Actually the poster made no assumptions about the locality of the reader. If you have no interest in reading about US-centric articles on a site hosted in the US, then feel free to ignore them.

Re:location (1)

vfrex (866606) | more than 7 years ago | (#19904949)

But that would require us to assume that there is civilized life outside of the USA. As far as we know, there are just primates and communists.

Re:location (3, Insightful)

eln (21727) | more than 7 years ago | (#19904987)

No. No matter how many times you post this, Slashdot will continue to be a primarily US-centric site. There is nothing you can do about this. I suggest you either find a site tailored for your country or learn to relax. Do people on British sites that refer to "our Prime Minister" complain that those sites are assuming all of their readers are from Britain?

Are you one of those guys that posts in every Linux article insisting we call it GNU/Linux or that we start using the term "Gibibyte" (which sounds like someone with a stutter trying to say "Gigabyte" for base-2 storage numbers?

Re:location (4, Funny)

TheBearBear (1103771) | more than 7 years ago | (#19905197)

Please can article-posters to slashdot stop assuming all readers are in the USA

Don't you think it a bit trivial to make such a request? Where does it stop? Can article-posters to slashdot stop assuming that all readers can read English? Can article-posters to slashdot stop assuming that all readers are on planet earth? Can article-posters assume that all readers know what a "Washington" is? What is an "elected official"? Stop the madness and stop assuming! (I'm assuming you know what sarcasm is)

Re:location (1)

TacNuke (890744) | more than 7 years ago | (#19905367)

I assumed all the articles would be posted in Esperanto. . . go figure.

Re:location (1)

MrR0p3r (460183) | more than 7 years ago | (#19905789)

How do you say "douchebag" in your native tongue?

Don't worry about us on slashdot... (3, Funny)

Magneon (1067470) | more than 7 years ago | (#19904851)

Most of us have no life or identity to steal...

Re:Don't worry about us on slashdot... (0)

Anonymous Coward | more than 7 years ago | (#19904903)

mod parent up :D

Re:Don't worry about us on slashdot... (0)

Anonymous Coward | more than 7 years ago | (#19905499)

Most of us have no life or identity to steal...
No, but most of us has a WoW account that can be stolen :(

Re:Don't worry about us on slashdot... (1)

More_Cowbell (957742) | more than 7 years ago | (#19906087)

Hey!

I have a life, you insensitive clo...

::sigh:: No, I guess no criminal would like to steal my identity... with a credit score probably in the high 400s'

:(

Frank Abagnale (5, Informative)

necro81 (917438) | more than 7 years ago | (#19904871)

If the name of the author is familiar, it is because Frank Abagnale [wikipedia.org] 's exploits were popularized in the 2002 movie [wikipedia.org] Catch Me If You Can [imdb.com] . Leo DiCaprio played the Abagnale, with Tom Hanks as Carl Hanratty, the FBI agent tracking him down.

Given Abagnale's extensive knowledge and experience in check (and other) fraud, he speaks with some authority on the sad state of how easy identity theft can be.

Glaring error? (5, Funny)

Frank Abagnale (1129871) | more than 7 years ago | (#19904887)

Aside from a glaring error in chapter 12 where Abagnale erroneously writes that true authentication is impossible on the Internet and occasionally hawking companies he has financial dealings with

Look, man, I was really high when I wrote that chapter; you've got to give me a break.

--
This post brought to you by OnlyIAmMe(TM) ID Theft Prevention, Inc.
Secure your identity today! Plans start at $1,995 for a limited time.

There is already a system in place... for now (2, Interesting)

Yold (473518) | more than 7 years ago | (#19904897)

It is my understanding that in at least of the 30 of the 50 states you can "freeze" your credit, not allowing someone else (or yourself) to take out loans, get a credit card, etc. Choicepoint and the other 2 (asshole) credit bureaus are lobbying against this.
      It really gets my goat that, contrary to what is in the social security act (it is illegal to use it for anything except SS purposes), our SSNs have become the defacto identifier in terms of any goverment, university, or financial application. Its like a freakin username with no password.

Re:There is already a system in place... for now (0)

Anonymous Coward | more than 7 years ago | (#19905261)

I tried this. You can't *actually* freeze your credit unless you've already been a victim (what certification they require, I don't know.)

If you haven't been burned before, you can opt to be notified if someone applies for credit in your name, but - I bought a used car under my own name, and was never informed by any of the three agencies. And god knows that once you receive that snailmail, weeks later, the criminal will already have sold the goods and disappeared...

The consumer has zero recourse except a tinfoil hat.

Re:There is already a system in place... for now (1)

tbannist (230135) | more than 7 years ago | (#19905607)

That's what happens when you don't actually enforce a law, people don't follow it. Now if the government had cracked down on any non-SS use of SSNs when it started, they wouldn't be used like that...

More MisInformation (2, Insightful)

asphaltjesus (978804) | more than 7 years ago | (#19904899)

The entire notion of "identity theft" simultaneously preys on the fears of individuals by creating the specter of more bogeymen and promotes the Consumer Information mega-industry.

You want to stop "identity theft?" Make the collection and sale of personal data against the law. Oh wait. That would mean participating in your government.

Today's lesson: we've all gotten exactly what we've put into this issue.
   

Re:More MisInformation (1)

apathy maybe (922212) | more than 7 years ago | (#19906837)

I've a better idea, how about we abolish government (along with capitalism), removing the vast majority of incentives to try and pretend to be someone else.

Failing that, we could just abolish identities, except that capitalism and the government couldn't work then could they... The government needs to link you with a number, they need to be able to find you in their file, similarly so do the corporations.

The problem with the current system of government is that it actively discourages citizen participation in any meaningful sense. In the USA for example, elections are on a Tuesday (!), and there is no incentive to change that, because it would mean more poor people voting. As well, once elected (in most "democratic" systems currently in place), there is no way to recall a bad (or whatever other adjective you like) politician. California seems to try and have the most citizen participation in its governmental process, and you see the mess they have there. The trouble is that they don't try hard enough, and try to keep the politicians around (who basically aren't needed).

Oh, and my method of protecting my identity? I use other people's identity, that way mine doesn't get out...

Frank W. Abagnale (0, Redundant)

iamdrscience (541136) | more than 7 years ago | (#19904921)

For those unfamiliar with Frank W. Abagnale [wikipedia.org] , the author of this book, he was the real-life basis for the movie Catch Me if You Can [imdb.com] about his crime spree in the 1960s, during which he took on various fake personalities and passed over $2.5M in bad checks. So he definitely has some practical expertise about the criminal mind and identity theft.

That said, nowadays, identity theft online is a very large section of ID theft related crimes nowadays and I would question his expertise in this area since most of his crimes were committed in a time before the internet or even widespread inter-bank computer networks.

My tips (3, Interesting)

michaelmalak (91262) | more than 7 years ago | (#19904925)

  1. Put a fraud alert on your credit file. You may have to give a reason, such as that you have reason to believe someone you don't trust has gotten access to your identifying information, or that you accidentally responded to a phishing attack. I've never had to make up a reason -- I always get a false charge on my credit cards at least once a year. The fraud alert lasts for a year, and anytime any company wants to extend you credit, they have to call the phone number associated with the fraud alert (hint: give the credit agency your cell phone number when you establish the fraud alert). Note that this can be a pain. You may miss the call. Or worse, when you call back it goes to a general phone number and no one knows what the heck you're talking about. Or worse, the company extending the credit (e.g. perhaps a cell phone company) may just not be set up to handle credit files with fraud alerts.
  2. Alternatively, or in addition, pay Equifax their extortion money of $130/year for their 3-in-1 monitoring. Any activity on your credit file at any of the big three credit agencies causes an e-mail to be sent to you. Account creations are sent within a day or two. But balance changes on existing accounts are sent only once per month -- which is next to worthless since you can just check your monthly statements.
  3. For brokerage accounts, get two-factor authorization (i.e. an RSA SecureID token). It's often free, depending upon your balance.
  4. Pay in cash at restaurants, and as much as possible elsewhere.
  5. Use TrueCrypt for electronic documents.
  6. Use a locking file cabinet (keeps guests out, even though it's worthless against burglars).

Re:My tips (2, Informative)

loteck (533317) | more than 7 years ago | (#19905057)

As an alternative to the fraud alert, most states now have regulated the ability to "freeze" your credit. No inquiries can be made to your credit while it is locked, period. If you want to enable a creditor to run a query, you have to "unfreeze" it temporarily, which can take up to 3 days to do.

Costs to do this vary by state, in some its free and in some there's a fee between $3 and $20. You can look it up here [consumersunion.org] .

As long as you are thinking ahead on any loans or credit applications you do, it seems like a great option for almost anybody.

Re:My tips (2, Informative)

jellie (949898) | more than 7 years ago | (#19905463)

To add to that, you should request credit reports periodically to monitor for any abuse, if you're in the US. AnnualCreditReport [annualcreditreport.com] is a site run by the 3 credit reporting agencies. You can request a free credit report per year from EACH company, meaning you could get one every four months.

(Note: depending on which state you live in, you may also be eligible for free credit reports from the companies themselves. The website is run by the credit agencies but I don't believe it's commercial - I think they were compelled to create it under some law - I may be wrong though.)

Re:My tips (1)

RubberChainsaw (669667) | more than 7 years ago | (#19906113)

Fraud alerts must be renewed every 90-180 days. Only TransUnion offers 1 year alerts according to this website [bankrate.com] . Although they are not a guarantee by themselves, they do offer a measure of protection that shouldn't be ignored. There are some subscription services that will automatically renew your fraud alerts for you. Lifelock [lifelock.com] and Debix [debix.com] are two commercial subscription services that will perform this service for around $50-100/year. I'm sure there are others that I am unaware of.

I use Debix and recently signed up for phone service at a new apartment. About half-way through the sign up procedure, the sales rep put me on hold and transfered me to a lady over in the fraud dept. This was a little shocking at first, until I remembered that I had fraud alerts which needed to be cleared. After I told the lady about the fraud alerts, all she had to do was call the number on my file, and give her name and reason for calling to the automated service. I received the call immediately, and gave my approval. She received notification about my acceptance immediately, and we were able to continue the sign up. The whole ordeal added about 10 minutes to the sign up process.

For $5/month it is a very useful service.

Re:My tips (2, Interesting)

Slashdot Parent (995749) | more than 7 years ago | (#19906541)

1. [...] anytime any company wants to extend you credit, they have to call the phone number associated with the fraud alert
This is mostly false. The fraud alert is simply an advisory inserted into the credit report, and it is totally up to the creditor if he wants to call the number on it and verify. Some credit report interfaces don't even display the fraud alert. For instance, one time I was opening a bank account and they pulled my credit, but the interface never brought up my fraud alert.

2. Alternatively, or in addition, pay Equifax their extortion money of $130/year for their 3-in-1 monitoring. Any activity on your credit file at any of the big three credit agencies causes an e-mail to be sent to you. Account creations are sent within a day or two. But balance changes on existing accounts are sent only once per month
Balance information is only reported to the bureaus once per month, so it's hard to ask them to do any better for you. ;) Anyhow, I do not see a huge value in a service such as this. It cannot prevent ID theft--it can only help you catch it early. But what good does that do? Call your local police department and ask them what there procedure is for ID theft cases. It usually consists of: 1) take report, 2) file it, 3) there is no step 3. You can pull your credit for free 3 times per year. This is good enough, IMO.

3. For brokerage accounts, get two-factor authorization (i.e. an RSA SecureID token). It's often free, depending upon your balance.
Which brokers offer this service? Mine does not.

4. Pay in cash at restaurants, and as much as possible elsewhere.
Overrated. You are not liable for unauthorized use of your credit card. Disputing charges takes 3 seconds.

5. Use TrueCrypt for electronic documents.
Can you give me an example? What is this supposed to accomplish?

6. Use a locking file cabinet (keeps guests out, even though it's worthless against burglars).
What kind of company do you keep? With friends like that, who needs enemies?

True Authentication is Impossible for Joe User (4, Insightful)

CodeBuster (516420) | more than 7 years ago | (#19905053)

Aside from a glaring error in chapter 12 where Abagnale erroneously writes that true authentication is impossible on the Internet

While strictly speaking, from a theoretical standpoint, he is, as you say, wrong about true authentication being impossible it is also important to consider the audience to whom this book is speaking. In fact, it can be very difficult for the average user, in practice, to be certain that a particular electronic transaction is secure (there have been several recent studies confirming this). This combined with the fact that the phishers, identity thieves, spammers, and other malcontents are actively subverting the system to trick users in ever more sophisticated and clever ways means that from a practical standpoint, for the average user, this may be good advice (i.e. to consider internet transactions to be unsecured or at the very least suspect). I know that this is Slashdot and we all know better here (i.e. we wouldn't be easily fooled by phishers or get hit with a rootkit or keylogger...or so we hope), but if experts have difficulties then just imagine how the average users feel.

Re:True Authentication is Impossible for Joe User (1)

trolltalk.com (1108067) | more than 7 years ago | (#19905605)

True identification IS impossible on the Internet. Any and all solutions have cracks in it. Heck, you can't even prove your identity in "real life" unless you've been fingerprinted at birth. Prove who you really are. Can you prove that you weren't switched at birth? That you weren't really adopted, and your adoptive parents never told you (or the converse - that your parents told you you were adopted, but lied - to cover up, for example, that your uncle is really your father ...)

Sure, people have known you for years and will vouch for your identity - but people have killed other people, stolen their identities, and then after enough time passed, people vouchsafed them as the "real".

Can Be Obtained With Your Vote: (-1, Flamebait)

Anonymous Coward | more than 7 years ago | (#19905243)


for International Extortionists Incorporated [whitehouse.org] .

Otherwise, you future is futile.

Cake and Eat It (1)

jbohumil (517473) | more than 7 years ago | (#19905257)

Federal government wants institutions to keep lots of private data forever so they can ask for it when they want to collect your child support, get your tax, or look for terrorists. The best way to solve identity theft is to get private business out of the business of aiding the government to do it's job.

gotta love (2, Insightful)

Arthur B. (806360) | more than 7 years ago | (#19905265)

How SOx is presented as an "obviously good" thing. It's killing ipos, it's preventing the little companies from going public and getting funding. Now they can't turn to the public anymore and can only rely on big institutional investors. Yeah, hurray for Sox.

SOx blows -- I miss Enron (0)

Anonymous Coward | more than 7 years ago | (#19905559)

I can't wait until they get rid of Sarbanes-Oxley. Then I'm gonna get rich on the next Enron, Global Crossing, etc. Rich I tell you.

Re:SOx blows -- I miss Enron (1)

Arthur B. (806360) | more than 7 years ago | (#19905759)

Enron cheating stockholders is as much a reason to pass SOx as rapist being caught is a reason to emasculate everyone.

I miss Aurthur Anderson too (0)

Anonymous Coward | more than 7 years ago | (#19906121)

There is no need for whatsoever for SarBOx. Except:

Worldcom
Sunbeam
Adelphia Communications
Tyco International
Global Crossing
Qwest ...and on and on.

How quickly we forget.

Lifelock (1)

mcwop (31034) | more than 7 years ago | (#19905289)

http://www.lifelock.com/ [lifelock.com]

You have to pay, but the service covers most of the basics.

Re:Lifelock (1)

tweak4 (1074671) | more than 7 years ago | (#19906259)

From what I've heard (and I'm afraid I don't have a link to back this up), but almost everything that LifeLock does, the average consumer can do themselves, and for free. Furthermore, the owner of the company was so convinced in the company's abilities that he started off a radio commercial by giving out his Social Security Number. Within 2 weeks of first hearing that commercial, the news reported that someone had successfully used his SSN to get an unsecured loan...

the ultimate identity theft prevention plan... (1)

kitsunewarlock (971818) | more than 7 years ago | (#19905405)

Is not having an identity! Be born a feral child in a large park, scrapping together language and education based on the teach-ins and demonstrations that take place in said park, living off the scraps of the birthday parties and occasional graduation ceremonies in the town...

Most states have laws to freeze your credit (1)

Solandri (704621) | more than 7 years ago | (#19905481)

Consumer Reports has an editorial on freezing your credit report [consumerreports.org] this month. They even include a list of states having such laws [consumersunion.org] . Most of them require a small fee (~$10) to lock, then temporarily unlock your credit report; but this is generally much less than the "credit monitoring" service scams that creditors try to sell (these services only tell you when identity theft may be occurring, they don't prevent it).

Once it's locked, anyone trying to pull your credit report will be denied (unless you authorize unlocking it before they try to pull the report). Inability to pull your credit report should result in an automatic denial for things such as opening a bank account or credit card, stopping any identity theft before it happens.

Re:Most states have laws to freeze your credit (1)

droopycom (470921) | more than 7 years ago | (#19906793)

If everybody starts using this, it will only be a matter of time before thieves figure out a way to unlock your file for their purpose.

mo3 dowN (-1, Troll)

Anonymous Coward | more than 7 years ago | (#19905599)

The whole credit system is a broken mess (4, Insightful)

ckokotay (206080) | more than 7 years ago | (#19905609)

ID theft is just one of the many, many problems with the credit system in the US. The worst problem is with reporting - things are reported to credit bureaus that have nothing to do with credit, much of it is deliberately false both from credit companies and third party debt collector scum, and finally what the credit report is permitted to be used for.

Good examples are credit card companies deliberately not reporting credit limits to drop your coveted 'score' (so you are ALWAYS over the limit), to third party debt collectors re-aging old debt, to out and out falsifying payment records, etc...

And, then there are other things like medical bills. Why are unpaid medical bills on a credit report? It is not credit, and has no bearing on your ability or desire to pay your mortgage or car loan. Tough luck that you didn't have insurance - you should have thought about that before you went and got cancer. Or what about that fenceline dispute you had with your neighbor that you took to small claims court. You lost, there was no monetary award, yet a judgement still appears on your 'credit' report. Plain wrong.

Oh, and then there is permissible purpose. Exactly what does a credit report have to do with a job? How about insurance? How many people were 'right-sized' into 'bad credit'? Now you can't get another job because your credit is bad? C'mon, does anyone see something wrong with this? Credit reports are about useless for determining credit worthiness for a myriad of reasons, and we want them applied here to? Give me a break. Got 'bad' credit? Can't rent now either - so where the hell are you supposed to live? The problem of people using credit reports for things other than granting credit is big and getting a lot bigger, but will anyone stand up an write Congress about it? And you can forget cable, direct tv, cell phone plans, satellite radio, or any other services. Down in Texas they are raising gas utility rates on people who have bad credit. Wake up people! Not all people have bad credit on purpose even in the absence of ID theft.

The system is a horrible disgrace - designed to bilk billions out of the public - nothing more, even if you leave ID theft out of it altogether.

Until there are laws passed that are stronger than the FCRA and impose criminal penalties and much higher fines, you will never see the end of this.

Re:The whole credit system is a broken mess (1)

slartibart (669913) | more than 7 years ago | (#19906627)

What god-given right do people have to borrow money? There's no such right. Because if there were, then someone would be forced to loan it to them. How would you feel if YOU were forced to loan money to some deadbeat, and never get it back?

Loans are business. If these credit report companies are badmouthing you (and a bunch of other people) to the whole world, there ought to be a gold mine of a business opportunity for someone who can determine credit-worthiness more accurately.

There should be thousands of credit-worthy people out there with interest payments in hand just waiting to hand them over to anyone who will give them a loan. Why has no one tapped this enormous market?

I suggest that it's because no one has found a more accurate system that doesn't cost huge amounts of money. If you know of one, I suggest you keep it quiet and find some capital to start loaning out. You'll get real good interest rates.

Illegal Immigration complicates the situation. (1)

TheNarrator (200498) | more than 7 years ago | (#19905741)

There are millions of illegal immigrants working with fake SSNs. They Give fake SSNs to hospitals, cell phone providers, banks, tax collectors, schools, etc. How would illegal immigrants operate if you had tough penalties for using someone else's SSN? This is one of the biggest politically sensitive roadblocks to better identity theft protection in this country.

Re:Illegal Immigration complicates the situation. (1)

mozkill (58658) | more than 7 years ago | (#19905835)

This is slightly untrue. You actually do not need an SSN to get a bank account, a cell phone, or get into a hospital or school. So, your assumption that they have been using fake SSNs is wrong because in fact, they didn't need to give one in the first place.

Simple Solution (2, Interesting)

tom's a-cold (253195) | more than 7 years ago | (#19906015)

Pass a federal law that states (reiterates?) that an individual has ownership of their personal data.

Any use of that data would require opt-in or, better yet, payment to its owner.

The credit reporting firms are snooping on us now and making money from it. Let's see how viable their business model would be if the free lunch were taken away. Screw parasitic middlemen.

The other option... (1)

divisionbyzero (300681) | more than 7 years ago | (#19906269)

Have a fake identity! ;-)

Identity theft does not exist. (1)

h4rr4r (612664) | more than 7 years ago | (#19906347)

Identity theft does not exist. It is nothing more than fraud and should not be a problem for the consumer. If I make up a totally fake identity and get loans how is this any different from identity theft? This simple fact should be legislated to make sure it is observed.

1 in 700 sounds good to me (0)

Anonymous Coward | more than 7 years ago | (#19906525)

Time to start stealing identities.

stop treating SSNs as secret (3, Interesting)

epaulson (7983) | more than 7 years ago | (#19906583)

It seems to me that we'd go a long way in fixing identity theft if we stopped treating knowledge of personal info as proof you are that person. My cable company uses my social security number as "proof" that it's really me - but god only knows how many people know my social security number. My bankers, my employer (and everyone who can touch the payroll system) my doctors office, my insurance companies. The list is very long.

It should be illegal to use the SSN as a shared secret, and anyone who does use it as a secret identifier should be liable for any expenses they incur. VISA would be a lot more effective at combating fraud if they had to pay for every false credit card opened in my name.

Even better, if we didn't have to treat SSNs as secret information anymore, it'd make our lives a lot easier. The SSN is a great primary key for me - it's one number I can remember, and it does a good job of uniquely identifying me. I want to be able to give it to more people.

If Congress really can act quickly when it wants to, a good way to bring this about is to require all members of Congress to publicly disclose their SSN on January 1st 2008.

Don't you wish they hadn't taken a bit more time? (2, Insightful)

why-is-it (318134) | more than 7 years ago | (#19906713)

On June 25, 2002, WorldCom revealed it had overstated its earnings by more than $7 billion by improperly accounting for its operating costs. Senator Paul Sarbanes then introduced Senate Bill 2673 that same day where it passed 97-0 less than three weeks later. The House and Senate formed a Conference Committee to reconcile the differences between Sarbanes's bill and Representative Michael Oxley's bill (HR 3763) and on July 24, 2002, the Sarbanes-Oxley Act of 2002 was passed."

It would have been nice if they had taken some time to consider what the problem was, and then decide if additional legislation was required.

I am not familiar with the entire text of Sarbanes-Oxley. I am familiar with the effects of some parts of that act and I have a hard time understanding the need for it. A lot of time and effort is spent on activities that generate a lot of paperwork, with few obvious returns for anyone.

Maybe it's just me? You see, I was under the impression that it was illegal for executives to falsify SEC filings and steal from the shareholders BEFORE Sarbanes-Oxley. The need for this legislation was never obvious to the likes of me.

Sociopaths like Ken Lay and Bernie Ebbers are going to do what they are going to do regardless of the laws on the books. The existing laws didn't stop Lay and Ebbers, and I doubt that the Sarbanes-Oxley act would have made any difference. Perhaps it would have have made their thefts more difficult to pull off, but at the end of the day if a group of executives and board members band together and tell the same lie, it's really hard for the auditors to prove otherwise.

FWIW, Enron was quite open about what they were doing - it was all in the notes of their SEC filings. Unfortunately, nobody paid any attention to what they were doing as long as the stock kept increasing in value.

I just don't think Sarbanes-Oxley is a good example of a law period, never mind a law that was rushed through the legislative process.

For the record: I am *NOT* a libertarian. I have no use for libertarian ideology. It is naive and completely unworkable.

It just seems to me that the solution to criminal problems (and theft on this scale is clearly a criminal problem) is dull, ordinary police-work. It's very effective, but it takes time and resources and it does not generate a ton of publicity when the politicians need to be seen doing something about an issue they simply do not understand.

I do wonder if there would have been the political will to authorize an investigation and infiltrate the likes of Enron and Worldcom when their stocks were still going up? Would the public have been in favour of hauling Lay and Ebbers off to jail when their own investments were still doing great?

I would like to thing so, but somehow I doubt it...

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?