We're becoming an information society -- much too fast to have the normal time to adapt to the wrenching societal and cultural changes that such paradigm shifts usually cause.
And the more I look, the more I see a gap between How We Used To Do Things and How We're Gonna Have To Do Things.
And this post has to do with identify theft.
Yes, It's A Growing Problem
We've all seen the stats, and heard the horror stories. We may even know someone who's had their identity stolen.
I do a fair amount of public speaking, and one of the questions I've started to ask the audience is "how many of you have had your identity stolen?". And every time I ask the question, more hands are going up.
But It's More Than A Number Or A Statistic
When I talk to these people after the presentation, it's very clear that these people have had their trust violated. Yes, it's a pain notifying everyone that your identity has been stolen, and contacting all your creditors that it's not really you.
But, going deeper, this is a personal tragedy for the people involved. When I talk to them, they're angry. They're anxious. On a very deep and fundamental level, they've been violated.
The emotions that come pouring forth are visceral. They remind me of someone who's been robbed, or had some other really bad personal tragedy in their life.
It's Not Clear Who's At Fault
And that's part of the problem.
Look, if I trusted a bank with my money, and the bank told me "sorry, we lost it" there'd be a pretty clear set of expectations as to who was at fault, and what should be done. Heck, it wouldn't even go to court -- there's plenty of societal precedent as to the roles and responsibilities involved.
But if I trusted some company with my information, and they lost it, who's to blame? I see all sorts of defensive posturing by the companies involved. Heck, in today's world, it's hard to track back who might have leaked the information in the first place.
I know it's my information, but who of the dozens (if not hundreds) of companies that have access -- including the ones I don't know about -- might have let this slip?
I don't know what the answer is. But imagine that there was legislation that every piece of of personally identifiable information had to be stored alongside a unique identifier that represented which company collected the information. If the information is passed to another entity, they have to add their ID to the tag list as well. There are other similar standards and rules out there, why not for my personal information?
Now, maybe that's not a perfect solution, but it would show a chain of accountability -- hopefully -- of where the information was gathered, and how many organizations touched it before it went into the wild. Separating the personal information from the ID tag set would be considered a serious crime, with presumed criminal intent.
And What About Enforcement?
I can't back up this statement, but it's my impression that identity-related crimes aren't pursued with the same vigor as other more traditional crimes. Property theft is considered pretty serious. Financial theft is considered more serious. Mishandling (or misrepresenting) financial information is considered very serious indeed.
But what about identify theft? Should it be a federal crime, something pursued by the FBI? And if not, why not?
And I Think There's More Accountability In Store For The Providers
So, why is it MY fault that your lax security procedures allowed someone to open a credit account without my permission? Or take out a loan? Or buy something?
Why is it that the victim of the crime is the individual, and not the company that provided the goods or the service? Something is basically wrong in the legal system here.
We don't hold individuals responsible when they're the victims of violent crimes in the physical world. Why would we ever hold them responsible for the consequences when they're victims of violent crime in the information world?
Enough Ranting, Already ...
As you can tell, I think there is plenty of injustice to go around here. I would argue that there's a basic shift of perspective required here: away from the individual, and towards law enforcement and legislation.
I don't think businesses are bearing the full consequences of their actions. They don't suffer when they inadvertently cause someone to be the victim of identity theft, and they aren't held accountable when an identity thief causes even more damage.
But, being philosophical for just a second, I think it underscores the rapid shift we've made to an information society, and how -- in many regards -- our social institutions are struggling to keep up in this new world.
I'm surprised that this hasn't become an election year issue. Maybe it will be yet ...
One of the things that makes me angry is that exactly at the time when identity theft is becoming a booming industry, I am receiving (literally) dozens of credit card 'invitations' via snail mail that could easily be stolen. There's an awfully big disconnect....
Posted by: Michelle | September 25, 2007 at 12:12 PM