House Legislation Would Crack Down On SSN Thieves...EXCEPT NOT
Anne Broache from CNet has the story:
At 56 pages (PDF), the latest effort is far lengthier and more prescriptive but includes many of the same provisions. It was introduced Monday by Reps. Michael McNulty (D-N.Y.) and Sam Johnson (R-Texas), who lead a House subcommittee on Social Security that claims to have held 16 hearings on the subject.
The new bill, called the Social Security Number Privacy and Identity Theft Prevention Act, appears likely to prompt the same concerns from privacy advocates about the number of carveouts on SSN sales it proposes. It would permit the sale and use of the identifiers "to the extent necessary" for law
public good," or, of course, with the SSN holder's consent.
Of course, with all of these exceptions, there might as well not be any legislation at all. I'm especially amused by Acxiom demanding more handouts for SSN trading, given that said firm has been involved in not one, but two high-profile data breaches. The national security exception will give Acxiom all the latitude it needs--especially since the Justice Department has been engaged in aggressive data mining using information gleaned from consumer databases.
The only way to end the danger of the SSN as a key to identity theft is to stop using it as an identifier for all but the most pressing business. As long as any exceptions are made for its use, even for the best of purposes, even the strongest criminal penalties will simply be slaps on the wrist, ineffectual after-the-fact solutions that don't address the underlying problem.