This question and answer thread on the controversial hot topic, "ID theft and national security," was originally posted in our peer-to-peer forum ITKnowledge Exchange.
Q: From InfoSafety: "If it turns out, as I believe, that enemies of the United States are behind a lot of the major ID thefts in the US, that would mean a lot of money is going to our enemies. Can we therefore surmise that those who mishandle our identity information, by means of their poor stewardship of our identities, are also responsible for endangering our national security?"
A: From MadMaxB, "I have to disagree with your statement that we are also responsible for endangering our national security! That is like saying a victim of any crime is responsible for that crime. We give our trust to holders of our personal information and in today's world we do not have the option not to. What I get from your statement is we should blame the victim and not punish the criminal. What we are responsible for is not holding the caretakers of our personal information more responsible. And yes, we should all insure that we do not facilitate the enemies of the United States with replies to phishing e-mails and such."
A: From bobkberg, "I don't believe your point is the crux of the matter. The bottom line in all computer/network security issues is (and will likely always be) failure in human behavior. Where this leads may well involve our enemies -- I have no doubt of that -- but human greed and laziness tend to rise to the top of the pile where problems are often found. As long as there are people who do not understand that their personal security is THEIR business, then we will collectively be guilty of providing a fertile ground for those who would use our own weaknesses against us. And that final point makes no distinction as to whom that enemy might actually be."
A: From thepete, "The current situation is that we cannot rightfully say identity theft is fully the fault of the victim any more than we can say acid rain is fully the fault of factories. Meaning you have consumers who are unaware of the full effects of their demand, lawmakers unaware of conflicts in regulations, and industrialists unable to combine both demand and regulation successfully into a viable and safe product. The resulting portrait is a victim whose safety is dependent on so many variables that he/she cannot control whether it be faulty OS, applications, Internet providers and all those whom the victim must entrust electronic information to either directly (banking) or indirectly (garbage pick-up). So until there is veritable trust in computing at all levels, we can't hold the victim responsible without intent of malice or proof of disregard for legislated standards.
"Before this happens, people need to stop buying bad products from lying vendors, legislators need to base legislation on facts instead of fear and users need to have a clear concept of what role they play in security. So don't be so quick to oppress the already subjugated victims by labeling them as enemies of the state until we can figure out how to prove which party is truly guilty."
A: From Kerm, "The scary part is that the post and all replies so far are correct. Those who store our information are not careful enough. Those that provide the information are not careful enough. The government's job would be easier if we gave up more rights. We the six-packers are at extreme risk if we do so. The software products we use are not secure enough. The "computer industry" (manufacturers and customers) is spinning out of control while corporate management is tarnishing their record quality and concern for product safety. HIPAA is so misunderstood that I've seen patients being denied access to their own records! Encrypt everything? With what (that will always be secure)? There used to be extended public debate on the front page when gasoline prices went up a few cents. Have we (the six-packers) lost the ability to drag issues into the news and press the issues until all the dusty corners see the light?"
You can read more responses to this controversial topic or start your own in the ITKnowledge Exchange forum.
This was first published in March 2005