1 / 33

The President’s Identity Theft Task Force Strategic Plan – Privacy Implications

The President’s Identity Theft Task Force Strategic Plan – Privacy Implications. Jonathan J. Rusch Special Counsel for Fraud Prevention Fraud Section, Criminal Division U.S. Department of Justice The Privacy Symposium – Harvard University Cambridge, MA August 23, 2007. Background.

aladdin-reed
Download Presentation

The President’s Identity Theft Task Force Strategic Plan – Privacy Implications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The President’s Identity Theft Task Force Strategic Plan – Privacy Implications Jonathan J. Rusch Special Counsel for Fraud Prevention Fraud Section, Criminal Division U.S. Department of Justice The Privacy Symposium – Harvard University Cambridge, MA August 23, 2007

  2. Background

  3. Statistics • Federal Trade Commission • Identity theft most frequently reported type of fraud reported to FTC, 2004 – 2006 • 2006: 246,035 complaints • Javelin Strategy & Research, 2007 • 8.4 million U.S. adults victims of identity fraud in preceding year

  4. President’s Identity Theft Task Force • Establishment May 10, 2006 by Executive Order • Tasks • Submit to the President a coordinated strategic plan to further improve the effectiveness and efficiency of the federal government's activities in the areas of identity theft awareness, prevention, detection, and prosecution • Coordinate federal government efforts related to implementation of the policy to use federal resources effectively to deter, prevent, detect, investigate, proceed against, and prosecute unlawful use by persons of the identifying information of other persons • Provide advice on the establishment, execution, and efficiency of policies and activities to implement that policy • Promote enhanced cooperation by federal departments and agencies with state and local authorities responsible for the prevention, investigation, and prosecution of significant identity theft crimes

  5. President’s Identity Theft Task Force • Composition • Chair: Attorney General; Co-Chair: FTC Chairman • Members: Five Cabinet departments; OMB; Social Security Administration; bank supervisory agencies; and Postal Service • Issuance of Strategic Plan: April 23, 2007 • Copies at http://www.idtheft.gov

  6. Premise of Strategic Plan • Identity Theft Has At Least Three Stages in Its “Life Cycle” and Must Be Attacked at Each Stage • Identity thief attempts to acquire victim’s personal information • Identity thief attempts to misuse the information he has acquired • Identity thief has completed his crime and is enjoying the benefits, while victim is realizing the harm

  7. Focus of Strategic Plan • Improvements in Four Key Areas • Keeping sensitive consumer data out of the hands of identity thieves through better data security and more accessible education; • Making it more difficult for identity thieves who obtain consumer data to use it to steal identities; • Assisting victims of identity theft in recovering from the crime; and • Deterring identity theft by more aggressive prosecution and punishment of those who commit the crime

  8. Improvements Prevention: Keeping Consumer Data Out Of The Hands Of Criminals

  9. Data Security in Public Sector • Decrease the Unnecessary Use of Social Security Numbers in the Public Sector by Developing Alternative Strategies for Identity Management • Survey current use of SSNs by federal government • Issue guidance on appropriate use of SSNs • Establish clearinghouse for “best” agency practices that minimize use of SSNs • Work with state and local governments to review use of SSNs • Educate Federal Agencies on How to Protect Data; Monitor Their Compliance with Existing Guidance • Develop concrete guidance and best practices • Monitor agency compliance with data security guidance • Protect portable storage and communications devices • Ensure Effective, Risk-Based Responses to Data Breaches Suffered by Federal Agencies • Issue data breach guidance to agencies • Publish a “routine use” allowing disclosure of information after a breach to those entities that can assist in responding to the breach

  10. Data Security in Private Sector • Establish National Standards for Private Sector Data Protection Requirements and Breach Notice Requirements • Develop Comprehensive Record on Private Sector Use of Social Security Numbers • Better Educate the Private Sector on Safeguarding Data • Hold regional seminars for businesses on safeguarding information • Distribute improved guidance for private industry • Initiate Investigations of Data Security Violations • Initiate a Multi-Year Public Awareness Campaign • Develop national awareness campaign • Enlist outreach partners • Increase outreach to traditionally underserved communities • Establish “Protect Your Identity” Days • Develop Online Clearinghouse for Current Educational Resources

  11. Improvements Prevention: Making It Harder to Misuse Consumer Data

  12. Gathering and Analyzing Information • Hold Workshops on Authentication • Engage academics, industry, entrepreneurs, and government experts on developing and promoting better ways to authenticate identity • Issue report on workshop findings • Develop a Comprehensive Record on Private Sector Use of SSNs

  13. Improvements Victim Recovery: Helping Consumers Repair Their Lives

  14. Training and Individual Assistance • Provide Specialized Training About Victim Recovery to First Responders and Others Offering Direct Assistance to Identity Theft Victims • Train law enforcement officers • Provide educational materials for first responders that can be used as a reference guide for identity theft victims • Create and distribute an ID Theft Victim Statement of Rights • Design nationwide training for victim assistance counselors • Develop Avenues for Individualized Assistance to Identity Theft Victims

  15. Statutory and Regulatory Issues • Amend Criminal Restitution Statutes to Ensure That Victims Recover the Value of Time Spent in Trying to Remediate the Harms Suffered • Assess Whether to Implement a National System That Allows Victims to Obtain an Identification Document for Authentication Purposes • Assess Efficacy of Tools Available to Victims • Conduct assessment of FACT Act remedies under FCRA • Conduct assessment of state credit freeze laws

  16. Improvements Law Enforcement: Prosecuting and Punishing Identity Thieves

  17. Coordination and Information/Intelligence Sharing • Establish a National Identity Theft Law Enforcement Center • Develop and Promote the Use of a Universal Identity Theft Report Form • Enhance Information Sharing Between Law Enforcement and the Private Sector • Enhance ability of law enforcement to receive information from financial institutions • Initiate discussions with financial services industry on countermeasures to identity theft • Initiate discussions with credit reporting agencies on preventing identity theft

  18. Coordination with Foreign Law Enforcement • Encourage Other Countries to Enact Suitable Domestic Legislation Criminalizing Identity Theft • Facilitate Investigation and Prosecution of International Identity Theft by Encouraging Other Nations to Accede to the Convention on Cybercrime • Identify Nations that Provide Safe Havens for Identity Thieves and Use All Measures Available to Encourage Those Countries to Change Their Policies • Assist, Train, and Support Foreign Law Enforcement

  19. Prosecution Approaches and Initiatives • Increase Prosecutions of Identity Theft • Designate an identity theft coordinator for each United States Attorney’s Office to design a specific identity theft program for each district • Evaluate monetary thresholds for prosecution • Encourage state prosecution of identity theft • Create/expand working groups and task forces

  20. Prosecution Approaches and Initiatives • Conduct Targeted Enforcement Initiatives • Conduct enforcement initiatives focused on using unfair or deceptive means to make SSNs available for sale • Conduct enforcement initiatives focused on identity theft related to the health care system • Conduct enforcement initiatives focused on identity theft by illegal aliens • Review Civil Monetary Penalty Programs

  21. Gaps in Statutes Criminalizing Identity Theft • Close Gaps in Criminal Statutes • Amend the identity theft and aggravated identity theft statutes to ensure that identity thieves who misappropriate information belonging to corporations and organizations can be prosecuted • Add new crimes to the list of predicate offenses for aggravated identity theft offenses • Amend the statute that criminalizes the theft of electronic data by eliminating the current requirement that the information must have been stolen through interstate communications • Penalize creators and distributors of malicious spyware and keyloggers • Amend the cyber-extortion statute to cover additional, alternate types of cyber-extortion • Ensure That an Identity Thief’s Sentence Can Be Enhanced When the Criminal Conduct Affects More Than One Victim

  22. Law Enforcement Training • Enhance Training for Law Enforcement Officers and Prosecutors • Develop course at National Advocacy Center focused on investigation and prosecution of identity theft • Increase number of regional identity theft seminars • Increase resources for law enforcement on the Internet • Review curricula to enhance basic and advanced training on identity theft

  23. Measuring the Success of Law Enforcement • Enhance the Gathering of Statistical Data Impacting the Criminal Justice System’s Response to Identity Theft • Gather and analyze statistically reliable data from identity theft victims • Expand scope of National Crime Victimization Survey • Review U.S. Sentencing Commission data • Track prosecutions of identity theft and resources spent • Conduct targeted surveys

  24. Privacy Implications of Strategic Plan

  25. Key Privacy Interests • Privacy: How do the recommendations affect individuals’ ability to control how personal information about them is collected, used, or shared? • Recommendations are designed to provide greater control over personal data, through keeping data out of criminals’ hands and increasing the difficulty of successful use by criminals • Decreasing unnecessary use of SSNs in public sector • Education on data security for public and private sectors • But recommendations also are intended to facilitate information-sharing among affected agencies in event of data breach or other theft • “Routine” use notices to allow disclosure to agencies that can assist in responding to data breach

  26. Key Privacy Interests • Confidentiality: How do the recommendations affect rules and practices that protect the confidentiality of personal information once it has been collected? • Recommendations do not seek to gather new information from consumers, other than in context of investigation involving abuse of personal data • Existing rules that constrain law enforcement (e.g., grand jury secrecy rule) continue to apply • Other information-gathering from consumers is designed to better measure incidence of identity theft and obtain more data on victimization (e.g., BJS surveys)

  27. Key Privacy Interests • Seclusion: Does the program use or foster surveillance? • Recommendations neither use nor foster surveillance

  28. Key Privacy Interests • Fairness: How do the recommendations affect fair treatment of individuals at every step? • Data Quality: • How do recommendations address – • Data collection directly from the subject of the information? • The use of accurate, timely, and relevant data? • Individuals’ access and correction rights? • Propagation of corrections throughout the system? • Recommendations are intended to provide fairer treatment of identity-theft victims • Recommendations do not seek to collect data directly from consumers other than victims • They do seek to expedite information-sharing between private sector and law enforcement in context of criminal investigation • Recommendations include individualized assistance (e.g., pro bono representation) for victims that would improve their ability to use existing measures for access and correction and to seek systematic corrections

  29. Key Privacy Interests • Notice: How do the recommendations affect provision of adequate notice to individuals of data collection, use, disclosure, and redress policies? • In general, recommendations are not geared to gathering new data (other than victim- and crime-related data) • On data breaches, recommendations are intended to foster improved notice to consumers

  30. Key Privacy Interests • Individual Participation and Accountability: Does the program provide due process through redress mechanisms wherever a person may suffer an adverse action or determination? • Recommendations include provisions to assist victims in recovery

  31. Key Privacy Interests • Transparency: Do the recommendations involve proposals that are open to public scrutiny, understanding, and participation? • Recommendations, and process leading to them, involve transparency • By their nature, most elements of recommendations (other than law enforcement-sensitive programs and techniques) are transparent • Opportunity for public to comment before issuance of Strategic Plan

  32. Key Privacy Interests • Liberty: Does the program limit individual freedom in some dimension? • None of recommendations seek to limit individual or organizational freedom • Number of recommendations are geared to improving protection of consumer data and protection of consumers

  33. Contact Data • Email: Jonathan.Rusch2@usdoj.gov • Phone: 202-514-0631 • Fax: 202-514-7021 • Mail: 10th Street and Constitution Avenue, N.W., Bond Building, Room 4300, Washington, DC 20530

More Related