With the "prosecutor purge" scandal hanging over him, Attorney General Alberto Gonzales and Federal Trade Commission (FTC) chairman Deborah Platt Majoras released the latest federal strategy for fighting identity theft Monday.
Consumer advocates and privacy specialists were generally underwhelmed by the plan.
Gonzales and Majoras are co-chairs of the President's Identity Theft Task Force, comprised of heads of multiple government agencies, commissioned to come up with comprehensive strategies for fighting identity theft, fraud, and cybercrime.
Although Gonzales was bombarded with questions related to his role in the firing of multiple U.S. attorneys from their jobs, he attempted to focus his statements on the identity theft plan.
"Much has been accomplished, and there are more protections in place now than ever before," Gonzales said. "But the president and the task force recognize that we need to do more."
"Identity thieves steal consumers' time, money, and security, just as sure as they steal their identifying information, and they cost businesses enormous sums," Majoras said. "The Strategic Plan submitted to the President provides a blueprint for increased federal prevention and protection."
Gonzales' role in the prosecutor firings has cost him considerable standing on Capitol Hill and led many to call for his resignation.
"Several senators have raised the question of whether you can be credible and whether or not you can be an effective attorney general," one reported asked at today's news conference. "Do you still believe you can, and have you offered your resignation to the president?"
"No," Gonzales replied curtly. "I'm focused on making sure our kids are safe, making sure our neighborhoods are safe, making sure consumers are safe, and that's one of the reasons I'm here today."
One Step Forward ...
The plan came in two volumes, totaling 190 pages. The first volume contained the Task Force recommendations, while the second contained information and resources relating to identity theft. Among the recommendations:
• The formation of a National Identity Theft Law Enforcement Center as a clearinghouse to collect, analyze, and share identity theft information among the various private and public sector agencies. The Center would be headed by the Justice Department, and would include the FTC, the Social Security Administration, the U.S. Postal Service, and the FBI, among others.
• Decrease the usage and collection of Social Security numbers on the state, local, and federal levels. The Task Force recommended that the federal Office of Personnel Management (OPM) complete its review of how various agencies utilize SSNs, and to help develop guidance on limiting their collection to absolutely necessary functions.
• Establishing federal standards for data breaches, including risk evaluations to determine the severity of the breach, consumer and media disclosures, and enforcing the standards in the public and private sector.
• Developing a "Universal Identity Theft Report Form" to be used as the standard for all complaints across the board
• Extensive education of the public, private, and consumer sector on how to protect oneself from identity theft.
... One Step Back
Several aspects of the report may actually hinder stronger prosecution and enforcement against identity theft. The report recommends that its federal laws pre-empt existing state laws on identity theft and fraud, many of which are stronger and more favorable to the consumer than legislation currently proposed at the federal level.
If the new recommendations become law, California's data breach disclosure laws -- acknowledged to be the strongest in the nation -- would be superseded.
Were it not for those rules, the public might never have known about the ChoicePoint data breach that vaulted the issue to the national stage, cost the embattled data broker $15 million in an FTC settlement, and turned it into a model of privacy protection.
Federal legislation proposed in the Senate, by contrast, would give law enforcement carte blanche to delay consumer notification of data breaches while they investigate, and would enable businesses to handle their own "risk assessments," rather than opening their records to neutral third parties.
The report is also lukewarm on endorsing "credit freezes," which enable consumers to lock out access to their credit unless they give specific permission. Although many states already have credit freeze laws on the books, the report only recommends further study of the legislation.
Indeed, the report's strongest words about credit freezes are these: "Because most companies obtain a credit report from a consumer before extending credit, a credit freeze will likely prevent the extension of credit in a consumer's name without the consumer's express permission."
Both volumes of the report are available as free PDF downloads from the government's identity theft "resource" page, IDTheft.gov.
