ORAL TESTIMONY

FOR THE UNITED STATES HOUSE OF REPRESENTATIVES

COMMITTEE ON GOVERNMENT REFORM

TOM DAVIS, CHAIRMAN (VIRGINIA)

HENRY WAXMAN, RANKING MINORITY MEMBER (CALIFORNIA)

 

INVESTIGATIVE HEARING ON PRIVACY AND SECURITY WITH REGARD TO PEER-TO-PEER FILE SHARING

HEARING DATE: MAY 15, 2003 10:00 A.M.

ROOM 2154

RAYBURN HOUSE OFFICE BUILDING

TESTIMONY PROVIDED BY MARI J. FRANK, ESQ.

 

Good morning, Chairman Davis, Ranking Member Waxman, honorable committee members, and invited guests. Thank you for the opportunity to address you today.

My name is Mari Frank. I am an attorney and author of The Identity Theft Survival Kit from Laguna Niguel, California.

My identity was stolen (in 1996) by an impostor who paraded as an attorney robbing me of my profession, my credit and my peace of mind.  She obtained over $50,000 using my name after going on-line to obtain my credit report.

Your personal information, worth more than currency itself, can be used to apply for credit cards, mortgages, cell phones, insurance, utilities, products and services all without your knowledge.  A fraudster can do anything you can do- and worse- even do things you wouldnít do such as commit crimes or engage in terrorist activities. 

     There are three motivations for ID theft.

1.  Financial Gain

Robert is a high tech computer consultant who normally encrypts all sensitive data on his computer.  Unfortunately, his resume was not stored in an encrypted file.   He suspects that his impersonator accessed his computer through a network, copied his resume, and used it to obtain a well paying job.  When Robert applied for the same job- he was shocked to find out another person with his name and credentials was already hired.

2.  Avoiding Prosecution-.

Tom was laid off from a high paying job in the medical industry.  He had great recommendations and felt sure he would be rehired.  For two years he was denied position after position after each company had performed a background check. Finally, Tom hired a private investigator that showed him that his criminal background included 2 DUIís and an arrest for murder.  None of which belonged to him.  

3. Revenge -

The first cyber stalking case prosecuted in Orange County, California turned out to be identity theft.  A computer expert was angry when a woman he liked shunned his advances, so he impersonated her in a chat room- stating that she has fantasies of being raped. When he gave out her phone number and address, several men appeared at her door.  Terrified she called the police.

     There are many ways in which personal information can be obtained. According to the FTC 72% of victims have no idea how their information was accessed.

     The May 2003 CALPIRG study on police and identity theft lists the top sources of identity fraud:

1.     Mail Theft  

2.     Dumpster Diving

3.     Unscrupulous Employees -.

4.      Stolen or lost wallets

5.     Internet Fraud  (hacking, false web sites, p2p file sharing ñ email vulnerabilities)

6.     Burglary- Theft

7.     Friends, Relations

8.      Phone Scams with pretext calling.

9.     Unethical Use of Public Documents ñ

10.   Shoulder Surfing-

11.   Medical Cards and drivers licenses

      12.  Personal Information Sold By Financial Institutions

          Since this hearing is focusing on the Peer-to-Peer file sharing vulnerabilities, and the potential of revealing sensitive information on our computers. I suggest the following 10 identity theft protections for computer users.

1 .RESEARCH ANY PROGRAM BEFORE INSTALLING IT

2.  LEARN HOW TO SAFELY STOP SHARING YOUR FILES AND HOW TO BLOCK UNWANTED FILES FROM ENTERING YOUR COMPUTER. 

 3. IF POSSIBLE, WHEN USING PEER-TO-PEER FILE SHARING AND THE INTERNET, USE A COMPUTER THAT DOESNíT STORE PERSONAL INFORMATION ON IT. 

4.  PASSWORD PROTECT AND ENCRYPT YOUR SENSITIVE FILES,

5.  DONíT PUT ANY CONFIDENTIAL INFORMATION IN YOUR E-MAILS UNLESS THEY ARE ENCRYPTED. 

6.  BE CONSCIOUS ABOUT WHAT INFORMATION YOU SHARE IN YOUR FILES, AT WEBSITES, IN CHAT ROOMS AND IN E-MAIL.  

7.  READ THE PRIVACY POLICIES OF THE WEBSITES YOU DEAL WITH. 

8. MAKE SURE YOU HAVE UPDATED VIRUS PROTECTION ON YOUR COMPUTERS. 

9.  USE A HARDWARE FIREWALL WHENEVER POSSIBLE.

10.   DONíT ASSUME THAT YOU ARE ANONYMOUS

 Your confidential information is a valued commodity. Marketers, information brokers, and the financial industry buy, transfer, and sell your aggregated profiles including your income, credit worthiness, buying, spending, and traveling habits, health information, age, gender, race, and more.  Intimate facts about your life are shared legally and illegally without our knowledge or consent. The loss of control over the access to our personal information has led to the epidemic of identity theft.  

I applaud this committeeís research exposing the perils posed by Peer-to-Peer File Sharing.  Itís important to acquire knowledge, security measures, and careful strategies.   Hopefully, divulging security flaws in Peer-to-Peer file sharing and other technologies to the media and Congress, will encourage companies to make user friendly security a top priority.

But, P2P file-sharing may pose less of a threat of identity theft than the careless display of the records at your doctorís office, the negligently piled tax returns left on your accountantís desk for the cleaning crew to review, the unencrypted and unlocked cabinets with personnel files at work, the non- shredded trash dropped in bins behind banks, insurance agencies, and mortgage companies, and the hacked data bases of credit card companies, Universities, and the like.

 To prevent financial identity theft, the burden should be with the credit grantors who are in the unique position on the front end, to take precautions, require verification of address changes, and refuse to issue credit to a fraudster. Unfortunately, quick, easy credit, pre-approved offers, convenience checks, mass marketing of mega databases, and sloppy information handling procedures, make this a simple crime.   I encourage this honorable committee to also investigate ways in which the financial industry, marketers, and information brokers, can better protect the security and privacy.   Since the Financial Modernization Act GLB passed in 1999, identity theft has sky rocketed.  Whether online or offline, our sensitive information must be better protected to foster consumer trust our economy and society will flourish.

Thank you.

Mari Frank