How not to address child ID theft

Over on Emergent Chaos, Adam disagrees with ITRC’s proposed Minors 17-10 Database to reduce child identity theft:

…. Unfortunately, this idea is totally and subtly broken.

Today, the credit agencies don’t get lists from the SSA. This is a good thing. There’s no authorization under law for them to do so. The fact that they’ve created an externality on young people is no reason to revise that law. The right fix is for them to fix their systems.

The right fix is for credit bureaus to delete any credit history from before someone turns 18. Birth dates could be confirmed by a drivers license, passport or birth certificate.

Here’s how it would work:

1. Alice turns 18.
2. Alice applies for credit and discovers she has a credit history
3. Alice calls the big three credit agencies and gets a runaround explains she’s just turned 18, and apparently has credit from when she was 13.
4. The credit agency asks for documents, just like they do today (see “when do I need to provide supporting docs”)
5. The credit agency looks at the birthday they’ve been provided, and substracts 18 years from the year field.
6. The credit agency removes the record from the report

It’s easy, and doesn’t require anything but a change in process by the credit bureaus. No wonder they haven’t done it, when they can convince privacy advocates that they should get lists of SSN/name/dob tuples from Uncle Sam.

The problem I see with Adam’s proposal is that it doesn’t prevent ID theft in the first place, which is what ITRC’s proposal at least attempts to do.  Yes,  his approach would clear Alice’s record, but there would still be all kinds of erroneous records circulating with her name and SSN attached to them in public record databases and other databases because the ID theft wasn’t prevented.

Of course, the new ID Analytics report on multiple SSNs per person and multiple persons per SSN does not inspire confidence in any approach that attempts to use SSA’s database for anything and raises questions in my mind about  ITRC’s proposal.

But more importantly, perhaps: why are we still trying to make the system work with SSN? Hasn’t it become abundantly clear by now that the only thing SSN should be used for is for SSA benefits?

About the author: Dissent

6 comments to “How not to address child ID theft”

You can leave a reply or Trackback this post.
  1. Identity Theft Resource Center - August 13, 2010

    The problem with your proposal is that it is reactive and not proactive. What stops parents from using children’s SSNs? Will they opt in to a program to protect children- no. The credit bureau does not dictate what a credit issuer may or may not do. They simply provide knowledge. That first line of credit may be a legitimate SSN of a 40 year old legal immigrant. The credit issuer is not psychic. Secondly, the credit issuers/bureaus are just one part of the problem. Multiple SSNs are used for work, benefits, crimes, and other activities. A person can file a tax return using another person’s SSN. How does the CRA help there? We are trying for a system-wide approach that will be customized by various governmental agencies that are required to maintain confidentiality. We have a basic premise for an idea. It is now time for us to work it out with various agencies which is what we are doing. PS- using e-verify is not the only answer either. It has been proven to have too many holes.
    Linda Foley, Founder

    • adam - August 16, 2010

      Your proposal, as documented on your web site, focused on CRAs, and that’s what I responded to.

      The effectiveness of the requirement for government agencies to maintain confidentiality is well documented here on this site.

      More databases will only strengthen the mistaken belief that an SSN can act as an identifier and an authenticator. That’s what needs to be addressed. Your mention of e-verify is yet another example of that.

  2. Identity Theft Resource Center - August 13, 2010

    Adam, lists are sold. Those of the deceased. How do you think all the sites get them? From the CDC which gives them to HHS and then to the Dept. of Commerce which sells them. Did you know that in one state about 4 years ago, the GAO testified at a Senate hearing that 160 dead people had driver’s licenses?

    • adam - August 16, 2010

      That the SSA sells lists of deceased people is justified because they have no privacy rights anymore.

  3. Golde - August 16, 2010

    Pardon me- those left behind most definitely care when accounts are frozen because some nurse or attendent who hovers over the dying stole their spouse’s SSN and now a lien is on the bank account that pays the bills for the widow. Secondly, I am quite sure my mother would not want all of her information scattered to the winds. Her info was private when alive and should continue to be so, following her wishes, after death. Are you implying that it is okay to use the SSN of the deceased because they don’t have any rights anymore? I don’t think so, you seem to be a thoughtful, educated person. The point that I see in all this is they are trying to plug holes for those who can’t do so themselves. Yes, thieves will find a way to get info. That’s a given. Hey- it’s us against the thieves. Find a better mousetrap to suggest.

    • adam - August 19, 2010

      Golde, that’s a great point. I was not meaning to imply that SSNs should be made public, only that that’s the reasoning which the SSA gives today for making them public.

Comments are closed.