Identity theft: Calendar
How are laws to combat ID fraud progressing? What events are coming up? Keep track with News.com's regularly updated schedule.
Nov. 7-11
2005 ACM Conference on Computer and Communications Security
Where: Hilton Alexandria Mark Center, Alexandria, Va.
More info
Nov. 11
Digital Identity Management Workshop 2005
Where: George Mason University, Fairfax, Va.
More info
Nov. 14-15
2005 IASTED International Conference on Communication, Network and Info Security
Where: Phoenix
More info
Dec. 10-13
2005 International Conference on Information and Communications Security
Where: Beijing
More info
Dec. 14-16
2005 International Conference on Cryptology and Network Security
Where: Fujian, China
More info
Feb. 2-3, 2006
(Pre-conference workshop Feb . 1)
Network and Distributed System Security Symposium
Where: Catamaran Resort Hotel, San Diego
More info
Feb. 7, 2006
CIO Impacts Forum 2006
Where: University of California at Los Angeles
More info
Feb. 13-17, 2006
RSA Conference 2006
Where: McEnery Convention Center in San Jose, Calif.
More info
March 21-24, 2006
SecureIT Conference 2006
Where: Anaheim, Calif.
More info
March 21-24, 2006
ACM Symposium on Information, Computer and Communications Security
Where: Taipei
More info
April 10-12, 2006
EDUCAUSE Security Professionals Conference 2006
Where: Denver
More info
May 21-24, 2006
2006 IEEE Symposium on Security and Privacy
Where: The Claremont Resort, Berkeley, Calif.
More info
Aug. 6-10, 2006
National Association of Property Recovery Investigators
Where: Gold Coast Hotel and Casino, Las Vegas
More info
Of the legislation introduced in Congress in 2005, the following three bills are likely to proceed:
H.R.1745: Restricts the sale or "purchase" of Social Security numbers and their use on ID cards.
S.1408: Requires notification of security breaches and permits new "security freezes" on credit reports.
S.1789: Creates a wide-ranging regulatory scheme aimed at "data brokers," companies' data security practices and "privacy impact assessments" of government data-mining. (Was S.1332)
The fate of several other measures is less predictable:
S.29: Restricts the sale or "purchase" of Social Security numbers and their use in public records.
H.R.1078: Permits the Federal Trade Commission to restrict the sale of Social Security numbers.
H.R.3325: Orders a study on whether there is a link between methamphetamine and crimes relating to identity fraud.
H.R.3804: Amends the U.S. tax code to permit deductions of expenses related to repairing identity fraud.
S.768: Creates new Office of Identity Theft bureaucracy and regulations aimed at "data merchants."
H.R.1263: Requires businesses to offer "opt-out" before disclosure of personally identifiable information through a "self-regulatory" mechanism approved by the government.
S.1326: Requires notification of security breaches involving "computerized data containing sensitive personal information."
S.500: Forces the FTC to regulate "information brokers."
H.R.1099: Targets phishing sites that use fake domain names or send fraudulent e-mail posing as a business.
S.1594: Tells financial institutions to notify their customers of security breaches.
H.R.3997: Amends the Fair Credit Reporting Act to require credit agencies to focus more on identity fraud complaints.
H.R.220: Restricts governmental use of the Social Security number and prohibits a governmentwide uniform "identifying number."
S.116: Imports a European-style regulatory regime by broadly restricting the disclosure or sale of personal information.
By Declan McCullagh
It didn't take long for members of Congress to realize that the recent string of well-publicized security breaches amounted to a political opportunity.Early this year, after Bank of America, LexisNexis and ChoicePoint acknowledged serious security problems, politicians scrambled to capitalize on the news by introducing an array of proposed solutions. Spurred by surveys showing Americans' dissatisfaction, at least two dozen ID fraud-related bills now exist.
But internecine squabbles between congressional committees and spats over states' rights have stalled that process, yielding only a handful of proposals with sufficient momentum to be enacted into law anytime soon.
Details vary widely. But one general theme requires that serious breaches involving personal information be reported to the customer. That broadly mirrors a California notification law, which took effect in July 2003 and led to some of the recent security incidents becoming public.
A more contentious topic is what to do about the ready availability of Social Security numbers. "Once again we're forced to ask, 'Why should it continue to be legal to sell a person's Social Security number without permission?'" Rep. Joe Barton, a Texas Republican who heads the Energy and Commerce Committee, said in April. "If it takes a new law to protect people from identity thieves, so be it."
Since then, though, it's become less clear whether Congress will take such a dramatic step. A leading proposal championed by Sen. Arlen Specter, a Pennsylvania Republican who heads the Judiciary Committee, originally banned the sale or "purchase" of SSNs. A revised version does not.
Another factor is opposition from business groups, which say that identity fraud is already illegal--and point out that Mastercard was subject to stringent government regulations but still managed to expose 40 million customer accounts. Academics and former Federal Trade Commission member Orson Swindle have cautioned against rushing into new regulations that could generate unintended consequences.
So what's likely to happen? Especially if security breaches continue to be well-publicized, Congress will feel pressured and is most likely to group a number of proposals together in one mammoth package. If not, setting security breach standards could remain in the hands of state governments.
Nov. 7-11
2005 ACM Conference on Computer and Communications Security
Where: Hilton Alexandria Mark Center, Alexandria, Va.
More info
Nov. 11
Digital Identity Management Workshop 2005
Where: George Mason University, Fairfax, Va.
More info
Nov. 14-15
2005 IASTED International Conference on Communication, Network and Info Security
Where: Phoenix
More info
Dec. 10-13
2005 International Conference on Information and Communications Security
Where: Beijing
More info
Dec. 14-16
2005 International Conference on Cryptology and Network Security
Where: Fujian, China
More info
Feb. 2-3, 2006
(Pre-conference workshop Feb . 1)
Network and Distributed System Security Symposium
Where: Catamaran Resort Hotel, San Diego
More info
Feb. 7, 2006
CIO Impacts Forum 2006
Where: University of California at Los Angeles
More info
Feb. 13-17, 2006
RSA Conference 2006
Where: McEnery Convention Center in San Jose, Calif.
More info
March 21-24, 2006
SecureIT Conference 2006
Where: Anaheim, Calif.
More info
March 21-24, 2006
ACM Symposium on Information, Computer and Communications Security
Where: Taipei
More info
April 10-12, 2006
EDUCAUSE Security Professionals Conference 2006
Where: Denver
More info
May 21-24, 2006
2006 IEEE Symposium on Security and Privacy
Where: The Claremont Resort, Berkeley, Calif.
More info
Aug. 6-10, 2006
National Association of Property Recovery Investigators
Where: Gold Coast Hotel and Casino, Las Vegas
More info
Of the legislation introduced in Congress in 2005, the following three bills are likely to proceed:
H.R.1745: Restricts the sale or "purchase" of Social Security numbers and their use on ID cards.
S.1408: Requires notification of security breaches and permits new "security freezes" on credit reports.
S.1789: Creates a wide-ranging regulatory scheme aimed at "data brokers," companies' data security practices and "privacy impact assessments" of government data-mining. (Was S.1332)
The fate of several other measures is less predictable:
S.29: Restricts the sale or "purchase" of Social Security numbers and their use in public records.
H.R.1078: Permits the Federal Trade Commission to restrict the sale of Social Security numbers.
H.R.3325: Orders a study on whether there is a link between methamphetamine and crimes relating to identity fraud.
H.R.3804: Amends the U.S. tax code to permit deductions of expenses related to repairing identity fraud.
S.768: Creates new Office of Identity Theft bureaucracy and regulations aimed at "data merchants."
H.R.1263: Requires businesses to offer "opt-out" before disclosure of personally identifiable information through a "self-regulatory" mechanism approved by the government.
S.1326: Requires notification of security breaches involving "computerized data containing sensitive personal information."
S.500: Forces the FTC to regulate "information brokers."
H.R.1099: Targets phishing sites that use fake domain names or send fraudulent e-mail posing as a business.
S.1594: Tells financial institutions to notify their customers of security breaches.
H.R.3997: Amends the Fair Credit Reporting Act to require credit agencies to focus more on identity fraud complaints.
H.R.220: Restricts governmental use of the Social Security number and prohibits a governmentwide uniform "identifying number."
S.116: Imports a European-style regulatory regime by broadly restricting the disclosure or sale of personal information.
By Declan McCullagh
It didn't take long for members of Congress to realize that the recent string of well-publicized security breaches amounted to a political opportunity.Early this year, after Bank of America, LexisNexis and ChoicePoint acknowledged serious security problems, politicians scrambled to capitalize on the news by introducing an array of proposed solutions. Spurred by surveys showing Americans' dissatisfaction, at least two dozen ID fraud-related bills now exist.
But internecine squabbles between congressional committees and spats over states' rights have stalled that process, yielding only a handful of proposals with sufficient momentum to be enacted into law anytime soon.
Details vary widely. But one general theme requires that serious breaches involving personal information be reported to the customer. That broadly mirrors a California notification law, which took effect in July 2003 and led to some of the recent security incidents becoming public.
A more contentious topic is what to do about the ready availability of Social Security numbers. "Once again we're forced to ask, 'Why should it continue to be legal to sell a person's Social Security number without permission?'" Rep. Joe Barton, a Texas Republican who heads the Energy and Commerce Committee, said in April. "If it takes a new law to protect people from identity thieves, so be it."
Since then, though, it's become less clear whether Congress will take such a dramatic step. A leading proposal championed by Sen. Arlen Specter, a Pennsylvania Republican who heads the Judiciary Committee, originally banned the sale or "purchase" of SSNs. A revised version does not.
Another factor is opposition from business groups, which say that identity fraud is already illegal--and point out that Mastercard was subject to stringent government regulations but still managed to expose 40 million customer accounts. Academics and former Federal Trade Commission member Orson Swindle have cautioned against rushing into new regulations that could generate unintended consequences.
So what's likely to happen? Especially if security breaches continue to be well-publicized, Congress will feel pressured and is most likely to group a number of proposals together in one mammoth package. If not, setting security breach standards could remain in the hands of state governments.