Identity theft: Calendar

/* /*]]>*/ Schedule of events Nov. 7-11 2005 ACM Conference on Computer and Communications Security Where: Hilton Alexandria Mark Center, Alexandria, Va. More info Nov. 11 Digital Identity Management Workshop 2005 Where: George Mason University, Fairfax, Va. More info Nov. 14-15 2005 IASTED International Conference on Communication, Network and Info Security Where: Phoenix More info Dec. 10-13 2005 International Conference on Information and Communications Security Where: Beijing More info Dec. 14-16 2005 International Conference on Cryptology and Network Security Where: Fujian, China More info Feb. 2-3, 2006 (Pre-conference workshop Feb . 1) Network and Distributed System Security Symposium Where: Catamaran Resort Hotel, San Diego More info Feb. 7, 2006 CIO Impacts Forum 2006 Where: University of California at Los Angeles More info Feb. 13-17, 2006 RSA Conference 2006 Where: McEnery Convention Center in San Jose, Calif. More info March 21-24, 2006 SecureIT Conference 2006 Where: Anaheim, Calif. More info March 21-24, 2006 ACM Symposium on Information, Computer and Communications Security Where: Taipei More info April 10-12, 2006 EDUCAUSE Security Professionals Conference 2006 Where: Denver More info May 21-24, 2006 2006 IEEE Symposium on Security and Privacy Where: The Claremont Resort, Berkeley, Calif. More info Aug. 6-10, 2006 National Association of Property Recovery Investigators Where: Gold Coast Hotel and Casino, Las Vegas More info Legislation in Congress Of the legislation introduced in Congress in 2005, the following three bills are likely to proceed: H.R.1745: Restricts the sale or "purchase" of Social Security numbers and their use on ID cards. S.1408: Requires notification of security breaches and permits new "security freezes" on credit reports. S.1789: Creates a wide-ranging regulatory scheme aimed at "data brokers," companies' data security practices and "privacy impact assessments" of government data-mining. (Was S.1332) The fate of several other measures is less predictable: S.29: Restricts the sale or "purchase" of Social Security numbers and their use in public records. H.R.1078: Permits the Federal Trade Commission to restrict the sale of Social Security numbers. H.R.3325: Orders a study on whether there is a link between methamphetamine and crimes relating to identity fraud. H.R.3804: Amends the U.S. tax code to permit deductions of expenses related to repairing identity fraud. S.768: Creates new Office of Identity Theft bureaucracy and regulations aimed at "data merchants." H.R.1263: Requires businesses to offer "opt-out" before disclosure of personally identifiable information through a "self-regulatory" mechanism approved by the government. S.1326: Requires notification of security breaches involving "computerized data containing sensitive personal information." S.500: Forces the FTC to regulate "information brokers." H.R.1099: Targets phishing sites that use fake domain names or send fraudulent e-mail posing as a business. S.1594: Tells financial institutions to notify their customers of security breaches. H.R.3997: Amends the Fair Credit Reporting Act to require credit agencies to focus more on identity fraud complaints. H.R.220: Restricts governmental use of the Social Security number and prohibits a governmentwide uniform "identifying number." S.116: Imports a European-style regulatory regime by broadly restricting the disclosure or sale of personal information. Why Congress is acting now By Declan McCullagh It didn't take long for members of Congress to realize that the recent string of well-publicized security breaches amounted to a political opportunity. Early this year, after , and acknowledged serious security problems, politicians scrambled to capitalize on the news by an array of proposed solutions. Spurred by showing Americans' dissatisfaction, at least two dozen ID fraud-related bills now exist. But internecine squabbles between congressional committees and have stalled that process, yielding only a handful of proposals with sufficient momentum to be enacted into law anytime soon. Details vary widely. But one general theme requires that serious breaches involving personal information be reported to the customer. That broadly mirrors a California notification law, which took effect in July 2003 and led to some of the recent security incidents becoming public. A more contentious topic is what to do about the ready availability of Social Security numbers. "Once again we're forced to ask, 'Why should it continue to be legal to sell a person's Social Security number without permission?'" Rep. Joe Barton, a Texas Republican who heads the Energy and Commerce Committee, . "If it takes a new law to protect people from identity thieves, so be it." Since then, though, it's become less clear whether Congress will take such a dramatic step. A leading proposal championed by Sen. Arlen Specter, a Pennsylvania Republican who heads the Judiciary Committee, originally banned the sale or "purchase" of SSNs. A revised version does not. Another factor is opposition from business groups, which say that identity fraud is already illegal--and point out that Mastercard was subject to stringent government regulations but still managed to . Academics and former Federal Trade Commission member Orson Swindle against rushing into new regulations that could generate unintended consequences. So what's likely to happen? Especially if security breaches continue to be well-publicized, Congress will feel pressured and is most likely to group a number of proposals together in one mammoth package. If not, setting security breach standards could remain in the hands of .

Identity theft: Calendar

Get the CNET Home newsletter