News for Public Officials and the People They Serve
Unclaimed Property
Home Auctions By State

ID Theft Bill Targets Government Websites

David Bloys - News for Public Officials

Jan-17-07

Law enforcement agencies have known for years that criminals were using government websites to gather information on victims. Now, proposed legislation could cut criminals off from this rich source of sensitive data.

If someone wants to steal your identity, the thief usually needs only four pieces of information. Your full name. Your address. Your date of birth. And your Social Security number. Who is the biggest collector of this information? Why, the government, of course.

U.S. Senator Dianne Feinstein (D-Calif.) has introduced legislation (SB238) to stop identity thieves by blocking them at the source.

While some officials have denied their websites are a problem, the evidence continues to mount that criminals are finding everything they need on county and state websites.

In July of 2002 Kevin Moehring pled guilty to using the Hamilton County (OH) website to steal the identity of the general manager of U.S. Bank Arena in Cincinnati. According to published reports, Social Security numbers and other information gleaned from the county website were used to steal nearly $500,000 from at least 120 victims.

In 2005, Judge Robert H. Alsdorf,  KING COUNTY SUPERIOR COURT, Washington wrote, "It is hard to conceive of a broader invasion of privacy than freely disseminating the information to the entire world and rendering it instantaneously accessible to all."

Criminal use of government websites has increased as more and more local agencies are publishing the collections online. Last year, in Arizona, while Maricopa County officials were denying that criminals were using the county website, a 23-year-old methamphetamine user was showing Scottsdale officers how he used the County Recorder’s website to easily steal identities.

Also last year, investigators in Utah found that the states own websites may have been used by criminals to steal the identities of children under the age of 13. Similar cases have been reported across the country.   

The proposed legislation would prohibit the sale or display of Social Security numbers over the Internet by commercial or government agencies. Critics question whether Feinstein's bills will do much to cure cavalier attitude government and business displays towards the security of individuals' data.

The bill contains exemptions for law enforcement, public health agencies, and businesses to collect and store Social Security numbers for credit and fraud checks, leading critics to say that the bill has too many loopholes to be effective.

Marc Rotenberg, director of the Electronic Privacy Information Center (EPIC), said the bill's current draft "contains too many exceptions and too few rights for Americans whose personal information has been improperly released."

Bulk Transfer

The Act would not only prohibit federal, state and local government agencies from displaying Social Security numbers on Public Records posted on the Internet, but also bar the bulk sale or display Social Security numbers without an owner's consent.

"If a person's Social Security number is compromised, the path to identity theft is a short one," Feinstein said in a statement. "Thieves can obtain Social Security numbers through Public Records -- marriage licenses, professional licenses, and countless other public documents -- many of which are available online."

The bill would also block government agencies from selling Social Security numbers in information on CD-ROMs or other electronic media.

Data aggregators frequently buy the records in bulk electronic form from county officials for a fraction of what local citizens must pay. For example, Fort Bend County Clerk Dianne Wilson (TX) sold twenty million images for about two thousand dollars in 2005. Local residents pay a dollar a page for copies of their own documents. Wilson reported that bulk electronic sales of county records were routine for her office.

The proposed laws will hold both government and business responsible for sensitive information entrusted to them. More than 60 percent of the breaches tracked by the Identity Theft Resource Center in 2006 were at universities and government agencies.

A Feinstein spokesman said, "We must ensure that government agencies and businesses take responsibility and protect Americans' Social Security numbers.” 

The bill would provide for criminal and civil penalties against government and businesses.

"The legislation would also impose some limitations when a business can ask a customer for a Social Security number. In addition, the bill would prevent the employment of inmates for tasks that would give them access to the Social Security numbers of others", the spokesman said.

"We must ensure that government agencies and businesses take responsibility and protect Americans' Social Security numbers."

 

Get the newsletter - its Free

 

Related Reports

Government Websites Cross Jurisdictions To Serve Data Worldwide
 
Proposed Bills Could Stop Illegal Aliens From Taking American ID's and Jobs
 
How Criminals Use Online County Records
 
 
State Website Exposed 202,000 Social Security Numbers
 
Redaction Failed - Travis County Puts Sensitive Records Back Online
 
The Truth About Redaction
 

The Lives of Three Citizens

As Told and Sold on the County Website

 
  Settle Your Debts....