News.com has a rather troubling article today about how ID theft and phishing are converging to create a new very active threat to electronic commerce. Here is the key excerpt:
While we normally post policy-related stories and this one isn’t policy per se, it struck us as particularly troubling for couple of reasons. First, both identity theft and phishing seem to be growing threats to consumers. While Congress has held numerous hearings on the deluge of identity theft incidents since the start of the year (here is one we covered on ChoicePoint), it has yet to move any of various pieces of legislation to regulate data brokers or increase privacy protection. Further, little attention has been paid to phishing. We doubt that Congress is looking into how the issues may be converging. In fairness, Congress does move rather slowly, particularly on issues that overlap so many different committees such as this one.
Second, Congress just passed, and the President signed, the Real ID Act as part of the emergency supplemental appropriations bill. In USACM’s view, this act will significantly increase the risk of identity theft by linking each state’s drivers license databases to one another without any security mandates or clearly identifying who has access to what data.
Since Congress is generally a strong supporter of fostering electronic commerce, it would seem it should balk at things that can directly undermine this goal. This article would also seem to strengthen security expert Bruce Schneier’s arguments that new threats can undermine two-factor security strategies.