The number of identity thefts in the US has skyrocketed during the past 15 months, but contrary to public perception, very few of those crimes are happening online, the US Federal Trade Commission (FTC) told a presidential advisory council this week.
"Identity theft is expanding and increasing every day," said Jodie Bernstein, director of the FTC's Bureau of Consumer Protection, during the first meeting of the President's Information Technology Advisory Committee. She said 2,000 calls per week poured into the FTC identity theft hotline last month alone. But less than 1 percent of all reported cases to date can be linked to the Internet, she said. The two most common causes are lost wallets or purses, and mail theft.
"We don't see as many Internet solicitations, but we are watching that," said Joanna Crane, program manager for the FTC's identity theft program. She added, however, that there is evidence that Internet-related thefts, particularly e-mail schemes, are increasing.
When asked by a council member if the FTC thinks Internet-related cases of identity theft are an unreported problem, Bernstein said it's possible but not likely.
"Our estimate would be very low - maybe 20 percent," she said.
Council member Larry Smarr, strategic adviser at the University of California's School of Engineering in San Diego, suggested that the FTC consider a hacker incident that happened just this week as an example of the growing threat of identity theft online.
Personal information and credit card numbers belonging to high-profile political and business leaders who attended the World Economic Forum (WEF) in Davos, Switzerland, were stolen off a WEF server. Microsoft Corp. Chairman Bill Gates and former president Bill Clinton were among the possible victims.
Ironically, that break-in made potential victims out of many of the business leaders who for years have defended self-regulation of industry privacy controls. Many, including Gates, Dell Computer Corp. Chairman Michael Dell and others, have urged the government not to intervene by implementing more regulations regarding privacy and protection of personal information online.
Steven Kobrin, a professor of multinational management at The Wharton School at the University of Pennsylvania in Philadelphia, has attended the last seven WEF summits and was among the victims of the latest hacker incident.
According to Kobrin, many industry executives have been outspoken opponents of regulation during past WEF summits and don't think there's a problem.
"This year, we had a panel on privacy, and people from industry said there wasn't a problem," said Kobrin. "Regulation tends to be a dirty word."
That's partly because it could affect companies' bottom lines. Regulation would mean that companies would have to invest more in storage technology to store information for long periods of time and security technology to prevent unauthorized access.
"We are not in the data storage business," said John Ryan, vice president and associate general counsel for Dulles, Va.-based America Online Inc. "We maintain records for a 90-day period. That's longer than most companies."
Ryan said the theft from the WEF server is a good example of the growing threat of online-related identity theft, but technically, it's not a criminal case of identity theft. He said US law states that identity theft isn't a criminal violation unless the stolen information is used to facilitate another crime, and that hasn't happened - yet.