US Government to Centralize Identity Theft Protection
2011-04-01Washington, DC - When the 112th Congress re-convenes after its March 27th, 2011 recess, the Senate will consider a congressional bill regarding identity theft.
The proposed bill, soon to be known as Public Law 101-90008, is of interest not only to individuals whose identity has been stolen, but also to the information security community that monitors laws regarding privacy and security.
The Federal Government Privacy Act of 1974 set the precedent for prohibiting unauthorized disclosure of the records that government agencies collect. This was further strengthened (with regard to medical information) by the 1996 Health Insurance Portability and Accountability Act (HIPAA). However, the advent of the internet age has created a new problem: private information is being published on public outlets (such as the internet and social networking sites), and not everyone is aware of how to apply controls to protect their information. This problem is compounded by the ever-increasing complexity of the methods hackers use to obtain personally-identifiable information — even for those users who do apply available privacy controls. This has resulted in a skyrocketing number of cases of reported identity theft as this private information lands in the hands of criminals.
The consequences for those unlucky individuals varies from lost financial backing, loans/scholarships, insurance coverage, and potential job offers, to actually being arrested for crimes they did not commit.
Various states have passed their own laws regarding privacy, but this new bill grants powers to the Federal Government and its various departments to supersede those state-mandated laws. PL 101-90008 defines the methods by which the government will exercise its option, as specified in the 4th Amendment, of taking all U.S. citizens’ identities for safekeeping.
After the identities have been acquired, the government will then assume responsibility for any unauthorized access to individual's credit card, bank accounts, health records, etc., leaving no liability for an individual.
Typically, identities are not needed to carry out day-to-day tasks. A person’s countenance alone serves as sufficient authorization for a spouse, employer, or family member. If an identity is necessary (for example, to travel, appear in court, or apply for a loan) individuals can file for a temporary custody of their identity. Proposed timelines for transfer back to an individual include timeframes of two days, two weeks, and up to four months. Individuals are, in fact, encouraged to regain custody at least once every five years to keep their identity up-to-date as physical anomalies occur due to aging.
Identities will be stored in a secure, locked-down series of warehouses located on a remote government-leased island in tamperproof, liquid nitrogen containers similar to that pictured. In advance of this bill becoming law, these facilities have already been Common Criteria-certified at EAL 6+. This effort has been criticized by the “Management Association for Identity Assurance” (MAfIA), which has proposed to store the identities in their own commercial storage facilities evaluated at EAL2 using the “Identity Storage Protection Profile” the organization has developed. The organization has offered to store the identities free of cost. “We have our own ideas how to make this business profitable” said Theb Igboss, the CEO of MAfIA.
Custody of identification will be transferred according to strict guidelines to include trusted courier and/or armed guard delivery. The transfer includes procedures to ensure the correct identity is matched back to the appropriate individual, requiring that the individual successfully:
- Provide appropriate documentation, such as valid drivers’ license, social security number, birth certificate, and/or international passport.
- Pass biometric verification, including:
- Fingerprint scan
- Blood type match
- Handwriting analysis
- Voice recognition
- Retinal examination
- Hair follicle size/texture/core pairing
- DNA nucleotides sequencing (to within 1 in 5 million)
- Taste bud analysis
In addition, the Federal Government retains the right to require additional tests, including but not limited to:
- Fit the requestor’s foot to footwear confiscated pre-transfer
- Recognition of the requestor by two (2) pets belonging to either the requestor, or a friend, neighbour, or other family member
About atsec information security
atsec information security corporation is a U.S. Government accredited laboratory, based in Texas, which tests information assurance (IA) and IA-enabled commercial off the shelf (COTS) information technology.
Combining all of our technology security experience and expertise, atsec information security corporation additionally provides strong consulting skills for: network penetration testing; embedded systems and hardware security testing and analysis; the Federal Information Security Management Act (FISMA); Information Systems Security Management Systems (ISMS); and independent security assessments based on your individual needs.
atsec also operates Government accredited laboratories in Germany and Sweden.
