Interactions - March/April 2009

Identity Theft Prevention Tips (source: Federal Trade Commission)

Deposit your outgoing mail in post office collection boxes or at your local post office, rather than in an unsecured mailbox.

Don’t carry your SSN card; leave it in a secure place.

Give your SSN only when absolutely necessary, and ask to use other types of identifiers. If your state uses your SSN as your driver’s license number, ask to substitute another number. Do the same if your health insurance company uses your SSN as your policy number.

Carry only the identification information and the credit and debit cards that you’ll actually need when you go out.

Keep your purse or wallet in a safe place at work; do the same with copies of administrative forms that have your sensitive personal information.

When ordering new checks, pick them up from the bank instead of having them mailed to your home mailbox.

police station (if they haven’t been arrested already) and file an impersonation report. To complete this report, the victim must ask to have mug shots taken and to be fingerprinted. These prints and photos are then compared with those of the imposter. Their mug shot and personal details are entered on a police computer accessible to officers 24 hours a day. Police record and store their fingerprints and offer no assurances that these records will ever be removed. If exonerated, victims should then request an official clearance letter or certificate of release and are expected to carry this with them at all times in case they are wrongly arrested again. This process

represents a complete inversion of the usual processing of victims and criminals. Unlike criminals, however, victims are expected to willingly subject themselves to this documentary regime or risk being judged as having failed to live up to the new responsibilities associated with their “victim identity.”

Victims and potential victims alike are expected to transform the minutia of their daily routines in light of informational risks. It is a project that involves attending to the flows, accuracy, and security of the composite bits of documentary identities. For individual citizens, this process aims to foster a particular form of life characterized by an ongoing hyper vigilance about routines for managing their data double. The often mind-numbing minutia of the proliferating identity theft risk-reduction strategies often exceed the bounds of what might be reasonably expected from most citizens in managing a single risk. When all such expectations fall on individual citizens, it becomes highly unlikely that all of these can be effectively incorporated into a person’s daily regimen.

This, in turn, accentuates a larger political point about how individuals are positioned as the source of identity theft risks. Such a characterization effectively ignores the role of institutions in creating the risk of identity theft by systematically placing profit and organizational self-interests ahead of any concerns about the public. When information security has been breached, policies often preclude companies’ informing customers of this fact out of a

fear of negative publicity and as a way to save money. So, even when credit card companies know that the personal details of thousands of their cardholders have been compromised, they do not routinely issue those customers new cards because of the costs involved. Instead, they subject the consumption patterns of those suspect cards to still greater electronic profiling, and cancel individual cards only when there is evidence of fraudulent use. This practice saves the company the considerable cost of having to mail out thousands of new cards, but in the process they effectively consign a subset of cardholders to victimization.

The policies and practices of credit agencies are most responsible for the comparative ease of identity theft. Take preapproved credit cards. While it is common knowledge that identity thieves regularly steal and use them, these costs—and the attendant victimization of innocent citizens—are written off as a cost of doing business. But beyond the obvious risk of this junk mail is something more insidious. The credit industry is fixated on being able to quickly grant credit, and individual agencies pride themselves on being able to approve transactions in a few seconds. This emphasis on speed consciously sets aside questions about the accuracy of information and the security of transactions. Businesses fear that if credit purchases take too long to process, or if security measures are too stringent, then legitimate purchases will be rejected and they will lose revenue. From a business perspective, one of