The CIMIP will explore a range of identity theft topics, from its causes to the effect of regulatory action, to improvement in identification authentication systems.
The coalition includes the FBI, the U.S. Secret Service, LexisNexis, IBM, Utica College, Carnegie Mellon University, Indiana University and Syracuse University. CIMIP is the latest organisation to use a collaborative approach to address security IT issues. Other such groups include the Forum of Incident Response and Security Teams (FIRST) and the Anti-Phishing Working Group.
"We're working with some of these groups, and FIRST is a partner, but these organisations tend to focus on individual (cases) and take a piecemeal approach," said Gary Gordon, CIMIP's executive director and a professor of economic crime management at Utica College. "We want to pull pieces of their research together in with ours...and be a clearinghouse of research."
The centre expects to operate on a budget of nearly US$500,000 in its first year, of which half is coming from corporations and the other half from federal grants, Gordon said. The center, however, expects to double or triple its funding in its second year, he added.
In addition to the causes of identity fraud, the center's research will focus on early detection and prevention. It will also will home in on how cybercriminals' tactics have evolved.
Security experts have noted that over the past couple of years, hackers have become less interested in launching attacks for the sake of notoriety and more to make money from identity theft. In 2004, an estimated US$52.6 billion was stolen via identity theft, although most of the thefts were not executed online, according to a survey by Javelin Strategy Research.
The group will also research the effect policy decisions, legislation and regulatory actions have had on combating identity theft. Congress, for example, introduced a bill earlier this year that called for law enforcement agencies to be notified before the public when a data leak occurs.
Other areas of research for CIMIP will include improvements in identity authentication systems, as well as the role of emerging technologies to guard information and improve privacy for users.
"Identity theft is a growing problem with significant negative effects on American businesses and individual citizens and potentially disastrous effects on U.S. national security," James Burns, the acting assistant director of the FBI's criminal investigative division, said in a statement. "From this threat, the CIMIP was born."
The centre plans to share its research and provide identity management resource information to companies, law enforcement agencies, academics and the public via its Web site and other forums. CIMIP will also sponsor symposia on the topic.
"Information technology has changed our lives tremendously, and for the better. But right now, many Americans are rightly confused and frightened about identity theft," Sen. Hillary Rodham Clinton, who recently introduced a privacy bill of rights in the U.S. Senate, said in a statement. "The challenge we face is how to take advantage of the benefits achieved through the advances of technology without compromising our basic right to privacy."
It is somewhat comforting to know that the feds, business, and the education community are concerned over the identity crisis, but, unfortunately, these are the very culprits who have committed the breaches. Where are the watchdogs with the experience in this issue, like Privacy Rights Clearinghouse, Electronic Privacy Information Center, and some consumer input for a change? I am a former broker of mailing lists turned privacy activist, and can speak with authority on the junk mail industry, as well as some of its relationships with the government and education. The problem isn’t just our names and private information dribbling all over the environment, it is the use of this same data, by the same powers mentioned in the article, to invade every aspect of our inner sanctum.
I believe George Orwell predicted the data breaches of 2005, as well as the iron fist control that now exists over our private lives. 1984 is about a totalitarian state where every aspect of public and private behavior is regulated. We certainly aren’t at that point, but the control over our names and personal data by business and government has set the stage for the next step. As Erich Fromm wrote in the book’s “Afterword,” Orwell warns us that, unless drastic changes are made, people will become “soulless automatons.” If you look closely at Orwell’s “Party” in 1984, as the representation of the all-powerful force that controls every aspect of the people of the fictional country of Oceania, it is easy to draw a comparison with the situation today, where our private information is under the exclusive control of government agencies and business.
There is only one way to protect the use of consumers’ names and personal data. Pass federal legislation to give the individual control over this private information, and, while we’re at it, pay them for its use. You can read about it in my blog, The Dunning Letter at: http://thedunningletter.blogspot.com/2006/07/independence-is-control-over-your-name.html
Jack E. Dunning
Cave Creek, AZ