http://www.redherring.com/Article.aspx?a=11839 April 19, 2005 New York Attorney General Eliot Spitzer has urged his state's legislators to do more to protect consumers from digital fraud and taken a swipe at computer criminals. "The theft of one's identity and personal information is not a matter of "if," but a matter of "when," Mr. Spitzer said on Monday. "New York State must enact reforms to strengthen consumers' ability to control personal information and to facilitate the prosecution of identity theft crimes." The proposed legislation would make it easier for consumers to file identity fraud complaints, put "security freezes" on credit files, and provide "opt-out" lists for consumers who do not want their data passed along to third parties. Mr. Spitzer's legislation would make it tougher for businesses. It would require companies to notify customers whenever they send out reports containing their information. The notification would include the address of the entity which had requested the private information. Companies would also have to inform New Yorkers of any exposure of their personal information that affected more than 500 people. The proposal resembles California Senate Bill 1386, which became law in July 2003. It requires companies to inform California of data leaks. On Tuesday, the Senate Judiciary Committee was scheduled to consider ways to augment the existing legislation. Senate Bill 852 would make companies as responsible for theft of records as they are now for digital data theft. More than 785,000 Americans learned that they may have been the subject of identity theft in the last three months. HSBC, a U.K. bank, recently informed 180,000 of its customers that information the company kept on them had been exposed to potential criminals (see HSBC Warns 180,000 of Fraud) [1]. Earlier the same week, data-collection firm LexisNexis announced it would mail 280,000 letters to Americans who had their information tapped into inappropriately (see LexisNexis Leaks 280,000 IDs [2]). Before that, the San Jose Medical group lost 185,000 patient records and social security numbers when someone walked out of the hospital with a computer under each arm. The recent rash of identity theft started with ChoicePoint's announcement in February that it had lost detailed data on 145,000 people at the hands of a low-tech fraudster (see The Choicepoint Incident [3]). Cyber trespassers On top of the legislation designed to protect consumers, Mr. Spitzer has called for tougher penalties on computer criminals. He wants to prosecute people who gain access to computers surreptitiously, but who do not do any harm. The proposed legislation would also make encrypting information a crime if it concealed some other crime. The anti-hacker part of Mr. Spitzer's proposed legislation has drawn criticism from computer experts. "I've always admired Elliot Spitzer because of the types of bad guys he went after," said noted cryptographer Phil Zimmermann. "But I think it would be a mistake to make it a crime to use crypto. It's pervasive, and built into our web browsers and applications. It would be hard for most people to avoid using crypto because of its ubiquity." Making cryptography a crime when it is used to conceal illegal activity would be a step in the wrong direction, said Mr. Zimmermann, who created an encryption program called Pretty Good Privacy. "We need an ever-increasing ubiquity of crypto deployment across all relevant applications on the Internet, in databases, in access control, in authentication, in backup utilities: everywhere," he said. "That will help reduce identity theft, which is certainly a goal shared by Mr. Spitzer." [1] http://www.redherring.com/Article.aspx?a=11798&hed=HSBC+Warns+180%2c000+of+Fraud [2] http://www.redherring.com/Article.aspx?a=11763&hed=LexisNexis+Leaks+280%2c000+IDs [3] http://www.redherring.com/Article.aspx?a=11336&hed=The+Choicepoint+incident _________________________________________ InfoSec News http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Wed Apr 20 2005 - 21:02:26 PDT