Thursday, October 15, 2009

The Fallacy of the Fallacy of Identity Theft

Okay, sometimes bad ideas just slink away on their own, but a reckless, poorly researched Wall Street Journal column has attracted enough tweetness to keep the bad meme recirculating. As much as I fear the wrath of Wall Street Journalists, I simply can't let this go uncorrected.

Earlier this week Julia Angwin posted a story titled The Fallacy of Identity Theft, in which she accused big corporate bad guys of conspiring against the poor folk to whip up a panic regarding the non-existent crime of identity theft. (After all, who can resist a corporate conspiracy story?)

As far as I know, no one can steal my identity. Even if my bank account number, my credit card number and all my passwords are stolen, I am fairly confident that I will still be me and the thief will be a different person.

Yes, the criminal will be masquerading as me. But anyone who knows me – my husband, my children, my colleagues, my doorman, my employer – will not be fooled. If "I" was actually stolen, I believe that would be called a kidnapping.

The entities that would be fooled by a masquerader are ones that don't really know me: my bank, my credit card company, places where I do online or offline shopping. Maybe they should have done a better job figuring out who I was before parting with my money or their goods....

Meanwhile, you wouldn't know it from the headlines, but identity fraud began to decline...independent researchers at Javelin Strategy & Research show fraud declining to $48 billion in 2008 from $58 billion in 2003...

It turns out that "identity theft" is one of the most brilliant linguistic constructs ever, with its terrifying specter of losing not just your money – but your soul. Maybe it's time that we renamed it what it is: a fear campaign designed to get us to buy expensive services that we don't need.

Oy. So much ignorance in this story -- where do I begin?

First and foremost, identity theft is a real crime, with real victims. The damage cannot be quantified by simply measuring the consumer's reported losses. It's true that at the end of the day, victims of ID theft do not lose their homes or cash -- when they finally document the fraud, the banks generally do return the asset. But it usually takes years (35 years, in this case) to find out what happened, convince the bank or merchant that you didn't really borrow their money, convince the credit bureaus to clear the reported deficiencies from your credit report, and then convince them again as the negative report circulates among the credit bureaus. And unless you're unusually lucky that law enforcement agencies are willing and able to catch the thieves, the thieves still have your data and continue to wreak havoc. And throughout this anxious, painful ordeal, don't even think about getting a credit card, mortgage, car loan or cell phone. Even checking into a hospital or getting a new job can be difficult. You might even end up in jail.

Oh, but you still have your soul, so what's the big deal? Well apparently it is a big deal to the victims, who have inundated Julia with a shit storm of comments and actual data regarding identity theft. I wonder why she didn't interview any victims prior to writing her cutesy rant? For example, she could have asked Fed Chairman Ben Bernanke, a rather sophisticated consumer who was still vicitmized. According to Bernanke, "Identity theft is a serious crime that affects millions of Americans each year."

Julia twists a lot of facts. She blames the banks for poor security but so what? Yes, it's their job to secure our assets, and that's why they eventually give the money back, but how does that cure the other, more painful consequences? Yes, some ID theft does hurt only banks, but not all of it. Yes, ID theft is often perpetrated by relatives, but so what? How does that mitigate the pain? Yes, direct financial losses are declining, but why doesn't she even mention the years of hassle, paperwork and bad credit that victims endure?

Most importantly, it is misleading to conclude from last year's reported decline in financial losses that ID theft is going away. Any vicitm's real pain is measured in years not in dollars, and so the much more relevant datum is that in 2008 alone the number of victims increased 22%, to 9.9 million in the US.

As for the term "identity theft" it was not coined by the industry, and it would have been easy for Julia to figure that out instead of lobbing speculation. (Hey Julia, wasn't "Heart Disease" invented by the medical industry to sell you more drugs?) The first known use of "Identity Theft" was in a newspaper article in 1966, and the term was applied to financial fraud as early as 1991 by the Social Security Administration, more than 12 years before "the industry" existed (ooh, the feds must be in on the conspiracy).

Julia's philosophical challenge to the literal meaning of "Identity Theft" is worthy of a midnight dorm room conversation. Dude, why call it a firewall--is there really a fire raging around it? Totally! And why call it a computer virus -- does your PC get a fever? And the clincher: "If I was actually stolen, I believe that would be called a kidnapping." (Oh damn, there goes our evil plot to trick people into confusing the two crimes.)

I could pick apart much more of her story, but Who Has Time For This? Obviously Julia is generating page views by whipping up corporate conspiracies and, in the process, recklessly advising people not to protect themselves from a very real and damaging crime. Then again, maybe I'm wrong about her and she'll retract her column in light of more information. I hope so.


  1. You get them GIRL! Are you an associate of PrePaid Legal? We have the most complete, comprehensive plan out there for IDENTITY THEFT. Our partner RESTORES you to you. Please check my website for more details. Have an awesome day!

  2. I got a different point from her posting: banks should be libel for the 'identity theft' not the victims.

    You can definitely argue the data that is used in the posting, but I think that is missing the main point...

    If the banks (or other institutions) can't properly identify someone they should be the ones that have to deal with the aftermath.

  3. Chrizbot,

    If you think I disagree, then I wasn't being clear. Yes the banks should be libel, and they ARE libel, but only for the dollars, not the heartache. and not the next time, and the next time. and not the hassle of being denied credit for years while it gets straightened out. your observation is theoretically correct, but practically we're still screwed when it happens. that's what you, and Julia, are forgetting.

  4. Daniel3:01 PM

    David, don't you and Chrizbot mean "liable" not "libel"? Normally I would just be shaking my head in disbelief, as when people write "I am a principle at a law firm", but knowing well your all-around grammar prowess, i am afraid i may be missing something or wondering if you both wrote your posts from an Iphone.

  5. Daniel

    Write you our. My grammar is teriffick butt my spelling sucks.


  6. This is a series that the WSJ are running. Two weeks ago, it was 'email is dead', last week 'PID Theft doesn't exist' Soon enough they will tackle the really hard issues of Yeti and UFOs. And Yetis in UFOs, along with a gangmember Lochness Monster.