ID theft stirs lawmakers
- By Florence Olsen
- Apr 15, 2005
Whether regulation or market forces will prevail in the public debate about electronic identity theft may be decided in favor of legislation this year as lawmakers react to a series of high-profile thefts involving personal information from data aggregators such as ChoicePoint and the LexisNexis Group.
Federal lawmakers have introduced 18 cybersecurity bills and state legislators have offered 30 bills to deal with growing online threats stemming from spyware, phishing, spam and other pernicious activities on the Internet.
But businesses executives worry that too many new rules without uniform standards would be harmful to commerce and the economy, said Arthur Coviello, president and chief executive officer of RSA Security, speaking today at the Center for Strategic and International Studies (CSIS) in Washington, D.C.
Coviello said he favored more widespread adoption of known industry best practices such as encrypting stored data and using strong authentication to control access to online information. But Coviello and other CEOs who spoke at today’s policy event were not prepared to say whether such industry best practices should be enforced through government regulation.
"The government must not regulate in haste," and risk creating a patchwork quilt of rules that could produce unintended consequences, Coviello said.
Many pieces for solving the problem of identity theft already exist, said James Lewis, senior fellow and director of the technology and policy program at CSIS. The next step will be trying to put those pieces together.
Those pieces, he said, include setting standards for stronger core documents such as driver’s licenses that establish a person’s identity, improving the technology that links to those documents and creating incentives for people to replace weak pin and password security with stronger two-factor authentication.
"We need to move quickly if we're going to preserve the benefits of the Internet for commerce," James said.
Coviello echoed that concern, saying that "for the first time, we actually run the risk of going backward on the Internet because of the level of fraud" that now exists.