The Congressional furor over identity theft continues. This time the target is databases that, in the eyes of Sen. Charles Schumer (D-NY), make identity theft way too easy. Schumer showed up yesterday with the addresses and social security numbers of former Attorney General John Ashcroft, former Secretary of Homeland Security Tom Ridge and several executives at Westlaw, the company whose database Schumer used to obtain the information. The Washington Post has a nice write-up. Check out this quote from the article: “Westlaw’s service could be entitled ’Identity Theft for Dummies,’” Schumer said. “To my mind, what bank robbery was to the Depression era, identity theft is to the information age. Everyone’s susceptible.” I’m not trying to single out Westlaw, and I don’t think that Schumer was either. There are plenty of information companies out there—Lexis Nexis, for example—and Schumer’s main criticism (that it is too easy for people who don’t have or shouldn’t have a need for this information to get it) and concerns apply to them, too. In fact, the article ends with a more general quote on the overreliance on Social Security numbers and wonders whether these identifiers are part of the problem. Instead of in-depth analysis I’m going to leave you with some quick hit thoughts. Companies have databases that track employees’ Social Security numbers, in HR if nowhere else. Are Schumer’s concerns applicable to these databases as well? Obviously there is a difference between a company that sells the records in its database and one that maintains them solely for internal use, but where exactly is the line between the two, particularly in some future legislated environment? Reading between the lines here, I think that the concerns over database-based identity theft eventually lead to two issues that no one—at least among the majorities of both congress and the business community—really wants to see legislated. One is data security; effective legislation would essentially have to be Sarbanes-Oxley for security, the very thought of which should be enough to make most CIOs think about switching professions. The second is the issue of a federal ID that would in essence replace Social Security as our primary identifier. There’s talk about doing this for government employees now. I looked into this about a year ago and concluded that it would be an enormously complicated endeavor, full of wide-reaching implications that I’m not convinced outweigh the benefits. I’ll post something on it if anyone ever starts talking about a national ID system. Related content opinion Website spoofing: risks, threats, and mitigation strategies for CIOs In this article, we take a look at how CIOs can tackle website spoofing attacks and the best ways to prevent them. By Yash Mehta Dec 01, 2023 5 mins CIO Cyberattacks Security brandpost Sponsored by Catchpoint Systems Inc. Gain full visibility across the Internet Stack with IPM (Internet Performance Monitoring) Today’s IT systems have more points of failure than ever before. Internet Performance Monitoring provides visibility over external networks and services to mitigate outages. By Neal Weinberg Dec 01, 2023 3 mins IT Operations brandpost Sponsored by Zscaler How customers can save money during periods of economic uncertainty Now is the time to overcome the challenges of perimeter-based architectures and reduce costs with zero trust. By Zscaler Dec 01, 2023 4 mins Security feature LexisNexis rises to the generative AI challenge With generative AI, the legal information services giant faces its most formidable disruptor yet. That’s why CTO Jeff Reihl is embracing and enhancing the technology swiftly to keep in front of the competition. By Paula Rooney Dec 01, 2023 6 mins Generative AI Digital Transformation Cloud Computing Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe