The President’s Identity Theft Task Force Combating IDENTITY THEFT A Strategic Plan April 2007 COMBATING IDENTITY THEFT A Strategic Plan Table of Contents Glossary of Acronyms .................................................................v Identity Theft Task Force Members ............................................... vii Letter to the President .............................................................. viii I. Executive Summary .............................................................. 1 A. Introduction .................................................................................. 1 B. The Strategy .................................................................................. 2 II. The Contours of the Identity Theft Problem ............................. 10 A. Prevalence and Costs of Identity Theft ......................................... 11 B. Identity Thieves: Who They Are .................................................. 12 C. How Identity Theft Happens: The Tools of the Trade ................... 13 D. What Identity Thieves Do With the Information They Steal: The Different Forms of Identity Theft ........................ 18 III. A Strategy to Combat Identity Theft ....................................... 22 A. Prevention: Keeping Consumer Data out of the Hands of Criminals ..................................................................... 22 1. Decreasing the Unnecessary Use of Social Security Numbers ........................................................ 23 2. Data Security in the Public Sector .......................................... 27 a. Safeguarding of Information in the Public Sector ............... 27 b. Responding to Data Breaches in the Public Sector .............. 28 3. Data Security in the Private Sector .......................................... 31 a. The Current Legal Landscape ........................................... 31 b. Implementation of Data Security Guidelines and Rules ..... 32 c. Responding to Data Breaches in the Private Sector ............. 34 4. Educating Consumers on Protecting Their Personal Information ..................................................... 39 B. Prevention: Making It Harder to Misuse Consumer Data .............. 42 C. Victim Recovery: Helping Consumers Repair Their Lives ............. 45 1. Victim Assistance: Outreach and Education ........................... 45 2. Making Identity Theft Victims Whole ..................................... 49 3. Gathering Better Information on the Effectiveness of Victim Recovery Measures ................................................................ 51 iii TABLE OF CONTENTS D. Law Enforcement: Prosecuting and Punishing Identity Thieves .......... 52 1. Coordination and Intelligence/Information Sharing ................ 53 a. Sources of Identity Theft Information ................................ 54 b. Format for Sharing Information and Intelligence................ 55 c. Mechanisms for Sharing Information ................................ 55 2. Coordination with Foreign Law Enforcement ......................... 58 3. Prosecution Approaches and Initiatives ................................... 62 4. Statutes Criminalizing Identity-Theft Related Offenses: The Gaps ................................................................ 65 a. The Identity Theft Statutes ................................................ 65 b. Computer-Related Identity Theft Statutes ......................... 66 c. Cyber-Extortion Statute .................................................... 66 d. Sentencing Guidelines Governing Identity Theft ................ 67 5. Training of Law Enforcement Officers and Prosecutors ........... 69 6. Measuring Success of Law Enforcement Efforts ...................... 70 IV. Conclusion: The Way Forward ............................................. 72 APPENDICES Appendix A: Identity Theft Task Force’s Guidance Memorandum on Data Breach Protocol ................................................................... 73 Appendix B: Proposed Routine Use Language .......................................... 83 Appendix C: Text of Amendments to 18 U.S.C. §§ 3663(b) and 3663A(b) ................................................... 85 Appendix D: Text of Amendments to 18 U.S.C. §§ 2703, 2711 and 3127, and Text of New Language for 18 U.S.C. § 3512 ................................ 87 Appendix E: Text of Amendments to 18 U.S.C. §§ 1028 and 1028A .......... 91 Appendix F: Text of Amendment to 18 U.S.C. § 1032(a)(2) ...................... 93 Appendix G: Text of Amendments to 18 U.S.C. §§ 1030(a)(5), (c), and (g) and to 18 U.S.C. 2332b ......................................................... 94 Appendix H: Text of Amendments to 18 U.S.C. § 1030(a)(7) .................... 97 Appendix I: Text of Amendment to United States Sentencing Guideline § 2B1.1 ............................................................................ 98 Appendix J (Description of Proposed Surveys) ......................................... 99 ENDNOTES ...................................................................................... 101 iv COMBATING IDENTITY THEFT A Strategic Plan Glossary of Acronyms AAMVA–American Association of FCU Act–Federal Credit Union Act Motor Vehicle Administrators FDI Act–Federal Deposit Insurance Act AARP–American Association of FDIC–Federal Deposit Insurance Retired Persons Corporation ABA–American Bar Association FEMA–Federal Emergency APWG–Anti-Phishing Working Group Management Agency BBB–Better Business Bureau FERPA–Family and Educational Rights BIN–Bank Identification Number and Privacy Act of 1974 BJA–Bureau of Justice Assistance FFIEC–Federal Financial Institutions Examination Council BJS–Bureau of Justice Statistics FIMSI–Financial Industry Mail Security CCIPS–Computer Crime and Initiative Intellectual Property Section (DOJ) FinCEN–Financial Crimes Enforcement CCMSI–Credit Card Mail Security Network (Department of Treasury) Initiative FISMA–Federal Information Security CFAA–Computer Fraud and Abuse Act Management Act of 2002 CFTC–Commodity Futures Trading FRB–Federal Reserve Board of Commission Governors CIO–Chief Information Officer FSI–Financial Services, Inc. CIP–Customer Identification Program FTC–Federal Trade Commission CIRFU–Cyber Initiative and Resource FTC Act–Federal Trade Commission Fusion Center Act CMRA–Commercial Mail Receiving GAO–Government Accountability Agency Office CMS–Centers for Medicare and GLB Act–Gramm-Leach-Bliley Act Medicaid Services (HHS) HHS–Department of Health and Human CRA–Consumer reporting agency Services CVV2–Card Verification Value 2 HIPAA–Health Insurance Portability DBFTF–Document and Benefit Fraud and Accountability Act of 1996 Task Force IACP–International Association of DHS–Department of Homeland Security Chiefs of Police DOJ–Department of Justice IAFCI–International Association of DPPA–Drivers Privacy Protection Financial Crimes Investigators Act of 1994 IC3–Internet Crime Complaint Center FACT Act–Fair and Accurate Credit ICE–U.S. Immigration and Customs Transactions Act of 2003 Enforcement FBI–Federal Bureau of Investigation IRS–Internal Revenue Service FCD–Financial Crimes Database IRS CI–IRS Criminal Investigation FCRA–Fair Credit Reporting Act Division v GLOSSARY OF ACRONYMS IRTPA–Intelligence Reform and PIN–Personal Identification Number Terrorism Prevention Act of 2004 PMA–President’s Management Agenda ISI–Intelligence Sharing Initiative (U.S. PRC–Privacy Rights Clearinghouse Postal Inspection Service) QRP–Questionable Refund Program ISP–Internet service provider (IRS CI) ISS LOB–Information Systems Security RELEAF–Operation Retailers & Law Line of Business Enforcement Against Fraud ITAC–Identity Theft Assistance Center RISS–Regional Information Sharing ITCI–Information Technology Systems Compliance Institute RITNET–Regional Identity Theft ITRC–Identity Theft Resource Center Network MCC–Major Cities Chiefs RPP–Return Preparer Program (IRS CI) NAC–National Advocacy Center SAR–Suspicious Activity Report NASD–National Association of SBA–Small Business Administration Securities Dealers, Inc. SEC–Securities and Exchange NCFTA–National Cyber Forensic Commission Training Alliance SMP–Senior Medicare Patrol NCHELP–National Council of Higher SSA–Social Security Administration Education Loan Programs SSL–Security Socket Layer NCUA–National Credit Union Administration SSN–Social Security number NCVS–National Crime Victimization TIGTA–Treasury Inspector General for Survey Tax Administration NDAA–National District Attorneys UNCC–United Nations Crime Association Commission NIH–National Institutes of Health USA PATRIOT Act–Uniting and Strengthening America by Providing NIST–National Institute of Standards Appropriate Tools Required to Intercept and Technology and Obstruct Terrorism Act of 2001 NYSE–New York Stock Exchange (Pub. L. No. 107-56) OCC–Office of the Comptroller of the USB–Universal Serial Bus Currency US-CERT–United States Computer OIG–Office of the Inspector General Emergency Readiness Team OJP–Office of Justice Programs (DOJ) USPIS–United States Postal Inspection OMB–Office of Management and Service Budget USSS–United States Secret Service OPM–Office of Personnel Management VHA–Veterans Health Administration OTS–Office of Thrift Supervision VOIP–Voice Over Internet Protocol OVC–Office for Victims of Crime (DOJ) VPN–Virtual private network PCI–Payment Card Industry WEDI–Workgroup for Electronic Data Interchange vi Identity Theft Task Force Members Alberto R. Gonzales, Chairman Attorney General Deborah Platt Majoras, Co-Chairman Chairman, Federal Trade Commission Henry M.
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages120 Page
-
File Size-