September 2007

Shaken by an earthquake, victims brace themselves for the aftershock, which may be even more damaging than the original. It's the same with identity theft: The original shock was harsh enough, but now we face the second round.

Your identity is good for more than stealing your money. The thief or the purchaser of your identity can open bank accounts in your name, open an Internet account, or even aid terrorists in buying the tools of their trade. Meanwhile, law-enforcement authorities exhaust their expensive yet limited resources chasing wild geese. Central Internet monitoring spots a high-level community persona that has been logging frequently onto a terrorist site. The suspect is monitored, followed, spied on. At the end of this all-consuming effort, it turns out that the poor "naked" fellow is completely innocent. The bad guys have used his identity as a cover.

In the corporate world, competitors have been eliminated by faking e-mails that they supposedly sent to competitors compromising their own firm. It's done by a hacker who signed up for a private e-mail account using the stolen identity. Alternatively, the hacker purchased a prepaid cell phone using a credit account in the name of the target person. The hacker knows that corporate security is sophisticated enough to buy phone records from vendors. With such "evidence" in hand, security believes it has solid proof that the phone purchased by the suspect was used to make phone calls to a competitor.

None of us knows if our identities are being abused as we live out our daily lives. If our reputations are getting clouded just below the "illegal" threshold, we might be denied credit, jobs, contracts--and never even realize it. Some well-to-do people who found their names on all sorts of restricted lists (e.g., the "No Fly" list) have hired detectives to track down the stolen identity to its source. Most of us can't afford to clear our names that way.

The pervasiveness of fraudulent charges, and the rush by credit card companies and financial institutions to cover (so far) the reported losses, has given rise to a new cottage industry: faked victims. One obnoxious scheme involves two crooks who willingly share their personal data so that they can mutually raid each other's account, complain to the target financial institution, and get reimbursed.

So many faked identities are in circulation that some thieves steal identities from prior identity thieves unwittingly, or buy identities formerly sold to another. Foreign students on their way back home are offered a large sum of cash against their identity. The buyer acquires rock-solid credentials ready for ample abuse.

Merchants care to be paid. If the purchaser is not who he says he is, but still pays up, it's good enough for them. And so e-commerce unwittingly gives a track record to identity thieves and helps create a phantom person from data belonging, say, to a foreigner who never set foot in the United States.

Faked identities also undermine the electronic weapons authorities could use to combat terrorists. For example, electronic commerce is positioned to serve as a powerful anti-terrorism weapon that could be invoked in the worst-case terrorism scenario. Experts are contemplating an Intifada-like terror wave in which every day a bus or a restaurant could be destroyed by a suicide bomber. (This was the reality of everyday life in Israel during the second Intifada). To flush out the invaders, it might be necessary to ban cash transactions in favor of monitored electronic commerce. But this extreme means will not work if the identity-based accounts in the U.S. have been too contaminated by bogus IDs.

Rampant identity theft could also hinder rescue plans in case of a disaster, degrade vaccination plans in case of a plague, and distort movement-tracking in case of an epidemic.

The deterioration of our civil data is akin to arterial sclerosis. It builds up without many side effects. And when one day the infected person exerts himself in some emergency, his blood flow cannot keep up and his heart fails. We must hope that exemplary leadership and public awareness will reverse this encroaching degradation of our data health before a case of national exertion proves disastrous on a national scale.