Iowa proposes ID theft 'passport'

Lawmakers in Iowa are proposing a special "passport" meant to protect victims of identity theft against false criminal action and credit charges.

The "Identity Theft Passport" will be a card or certificate that victims of identity fraud can show to police or creditors to help demonstrate their innocence, Tom Sands, a state representative of the Iowa House and supporter of the proposal, said in an e-mail interview Tuesday.

"I am a banker, when I am not in the legislature, and have witnessed the results of stolen identity," Sands said. "I continue to see and hear about Internet frauds that try to get information to steal a person's identity, so it only seems identity theft will become a greater problem."

The passport can be presented to law enforcement officials to help prevent arrest or detention for an offense committed by someone using the victim's identity, according to the text of the bill proposing the measure. Also, victims could show it to creditors to help in any investigation and establish whether there has been any fraud, according to the proposal.

However, it is up to the law enforcement agency and creditor to decide whether to accept the passport after considering the circumstances of the case, Sands said.

Even though Iowa is not one of the states that is hit hardest by identity fraud, issuing identification to victims "makes a lot of sense," said James Van Dyke, an analyst at Javelin Strategy & Research in Pleasanton, Calif., which researches identity fraud.

"The process of issuing official paperwork or cards to allow individuals to identify themselves to law enforcement that they have been victims of identity fraud should help end the perpetrator's spree of crime," Van Dyke said.

The idea for the identity theft passport came from a Republican legislator in Ohio who was a victim of identity fraud, Sands said. "A number of states are now considering the identity theft passport concept as the incidence of this crime continues to escalate across the nation," he said.

While a passport may make it easier for an ID fraud victim to cope with the problems the crime has caused them, the need for such a passport is actually a troubling sign, said Ray Everett-Church, a privacy expert.

"It shows how dismally bad the system is at coping with the aftermath of identity theft," he said. "It's a sad commentary that we have to issue people a 'get out of jail' card because our society can't figure out how to scrub bogus data from computerized databases."

Identity theft continues to plague consumers, topping the list of fraud complaints reported to the Federal Trade Commission last year. Consumers filed more than 255,000 identity theft reports to the FTC in 2005, accounting for more than a third of all complaints, the agency said in January.

To receive an Identity Theft Passport, a person would have to file a police report and then send it, along with an application form, to the Iowa Attorney General's office, according to the proposed bill.

The Identity Theft Passport proposal, House File 2506, passed the Iowa House of Representatives on Thursday. It is next to be considered by the state senate.

[marileev]

Education about Privacy Issues are also Key

In addition to strong legislation to protect individual's Private Information (financial, healthcare, etc.) it is also important to back the legislation up with a push to provide education to things like:

* What are the safeguards my doctor/lawyer/accountant uses to protect my information
* What are the latest Phishing Scams?
* Should I use encryption
* Should people I do business with use encryption

--Marilee V.
http://www.essentialsecurity.com
http://www.iwantmyess.com

[OneWithTech]

The initiative is being drivin' in the right direction.

Although it's a nice thought to now the there is somebody out
there that realizes identity theft is a major problem.

As a web programmer I'm immersed in the "rights" and "wrongs"
or web development with the intentions of making a web
application that would be cross platform as well as secure and
accessible for a wide range of audiences'.

Do to the lack of sticking with standards and the need to be
overzealous with features; web browser developers like
Microsoft and Apple continue to produce sub-par operating
systems that essentially aid in identity theft. All of this while
leaving the developers and end-users to rely on the durability of
anti-spyware as well as anti-virus software that is constantly
being defeated by hackers, crackers, and would-be digital
extortionist's.

As this may seem like it has nothing to do with the subject at
hand in reality it does. The computer is still used in the end
result of document forgery as well as digital forgery. The very
use of a PC unprotected leaves the end-user at a risk of a
multitude of crimes.

So the thought of an extra certificate ensuring that I'm who I say
I am is grandiose notion at best. For identity theft to be stunned
to the point of paralyzation there will need to be a stricter policy
in place then the one Iowa is providing. This policy would entail
the feat of cracking down on security where security is needed
the most: Operating Systems and Rogue Websites.

I can feel the pain of the Ohio Republican Legislator who was a
victim of identity fraud. I was a victim too.

It's unfortunate that it takes an event like this to happen for
someone like a Legislator to recognize the problem. The
difference between me and the Legislator in this situation is
marginal at best. We both felt violated in the sense that
someone was using our identity for the all the wrong reasons.
Essentially leaving us "out in the cold" when the creditors came
knocking on the door.

Let me ask you this personally Mr Legislator:

When you brought your identity theft case to the police, what
did they do?

Did they [the police] know how to handle the situation?

When they were done with you, did you feel like your assailant
had been caught and justice served?

What measures were taken by the police or detective in this
matter to ensure that your identity wouldn't be used elsewhere?

How was your identity stolen? Government computer, personal
computer, someone snooping through your NONE shredded
important papers in the back alley garbage?

Maybe you where checking out an online service that required
some personal information and that service got hacked. Of
course you wouldn't know about it because you have to be a
"Citi Bank" or "Ebay" or "Amazon" with X amount of users before
your forced to "release" information about the security breach.

Think about it, I have a database with 80,000 users paying me X
amount of dollars a month for my killer online service and then
"Snap"; the database gets breached and only 50,000 users have
been exploited! Do I tell anybody?

Why, If I tell anybody then nobody will trust my online service
and I will essentially lose clients and money as well. So that's out
of the question. Besides, there's no Government Regulation
besides the CHEEZY one in California.

What am I purposing?
1. I'm purposing that there be a Government ID Theft Service
Center where people like myself are able to Register as
somebody that's had there identity stolen.

2. The Government Service would be accessible to Government
officials as a web service that would be used to verify Identity
Theft Victims.

3. Upon Registration on the Government ID Theft Service Center
you are given the option of downloading a Serial Numbered
Certificate.

4. The Serial Numbered Certificate would bare a mocked state
seal of origination with information pertaining to the documents
structure and business as well as who the document is issued to.

5. Business could buy into, or use, the Government Service as an
extra line of security against identity theft for there business.

6. For Business Hardware would come in the form of a License or
State ID scanner that is connected to the Government ID Theft
Service Center. Upon scanning the license the information is
matched against the database of known ID Theft Victims.

7. If a person is flagged against the database then they would
have to produce the documentation stated in 4. The Serial
Numbered Certificate is entered into the database to verify
integrity.

8. Entering the Serial Number of the Certificate in a convenient
"Verify Serial Number" box returns whether the Certificate is
valid or not.

9. Certificates that have been stolen or misplaced can be easily
renewed at Government ID Theft Service Center (GID Theft
Service Center) ensuring that protection is maintained.

10. Somebody getting caught using a "dirty" Certificate would be
denied the transaction and could face possible Misdemeanor
Charges or worse yet; Felony Charges.

The tactics stated above would ensure the security of both
Credit Card and Check user's alike. Creating this service is easy
and it ensures the safety of the public as a whole while cutting
down on ID theft.

Although this is only one solution to a number of problems that
revolve around owning a piece of technology like a computer.
It's a valid solution.

The only way to ensure total digital
security in the future is to make those that create the technology
responsible for how it's used.

~Justin

[203129769353146603573853850462]

Holy crap! It's just a band-aid!!!

It's like putting a sticker on the fender of your car that says "This tire has a slow leak" instead of fixing the tire.

Silly. Just silly.

[Yet Another Mark Johnson]

Social Security Administration

What boggles the mind is that there is NO way right now that you can find out if your Social Security Number has been used by someone else, the Social Security Administration flatly REFUSES to answer inquiries on this.

Just getting Congress to open hearings on why the SSA won't notify you (much less investigate on their own) would be a start! If a single SSN is actively being used by more than one person there is obviously a problem.

[rcrusoe]

Cops are some of the people stealing IDs

They need to use the big nails when it is law enforcement
personnel breaking the law.

http://www.officer.com/article/article.jsp?id=22852&siteSection=5

[marileev]

The Trusted leaking our Info

That's a very good point you bring up regarding officers stealing our private information. Often in the news we see a broken trust with those who we trust to act appropriately with our sensitive information. In the news, Financial firms like Fidelity have leaked a significant amount of Personal Financial Information.

http://www.theregister.co.uk/2006/03/22/fidelity_laptop_hp/

Those who we trust with things like PFI seem to fall short.

--Marilee Veniegas
http://www.essentialsecurity.com
http://www.iwantmyess.com

[Ragingdemo]

Blah Blah Blah Law's Law's Law's

We don't Need No More Stinkin Law's !!!! Hello Has any of you NICE people takin an HONEST look at Our Penal Law's lately Have you ANY Idea how Many Law's and Sub Law's there are On the Book's for anything from NOT walking your Dog with the Proper Dog Poo Scoop to Brain Dead Idiot law's that make it a Violation to operate your Lawn mower on a Sunday morning before 9AM Yes you guessed it and there is a Nice Man in Blue there to Help you with his Braclets If per chance you don't see things His way . There's Law's for what you and your wife do in the Bed room and Law's for what you talk about on the CB Radio In fact there are Law's for just about everything and anything WE THE LITTLE COULD EVER WOULD EVER THINK OF DOING ... Yes these are Designed Solely for them Little people and in NOWAY apply to those Top 2% er's Or well you know the rest . They were Designed to keep Us silly little people busy and constanly looking in Our Rearveiw Mirror so We don't bother ourselves with those "Other things" that REALLY Matter Like Who's Robbing Us Blind week in and week Out everyday of the Year Or working together to get a better handle on Our Government and the Very Special Special interest groups that seeem to swarm around OUR elected officials like those Ugly Green shiny fly's that swarm around Dog Do .... Oh Yes you People you just keep on rockin your Head up and down like My Bobble head in the back deck of My chevelle !

[KingSyd88]

This is a good start. I think there should be tougher penalties for ID theft. I feel that a person found guilty of ID theft should get 25 years in prison.