I blogged earlier on Joseph Menn’s excellent article concerning the various powerful interests that are trying to undo state laws that require businesses to give notice of security breaches. His article also has a peek into the financial support behind the various studies that have characterized the identity theft problem as overblown:
To press their case, companies and industry groups have testified and written to members of Congress and have underwritten studies that play down the threat of online identity theft.
In August, Indiana University law professor Fred H. Cate began circulating a paper arguing that some types of identity fraud were declining. Cate, a frequent congressional witness and widely quoted authority on data security, declared: “Information security breaches are among the least common ways that personal information falls into the wrong hands. In 2005, the most common source of personal information that resulted in an identity-based fraud, by a factor of two to one over any other category, was ‘lost or stolen wallet, checkbook or credit card.’ ”
A footnote attributed that statistic to its original source, a January 2005 study by Pleasanton, Calif.-based Javelin Strategy & Research. Javelin and several trade groups have trumpeted the finding for months, along with Javelin’s related conclusion that 72% of identify theft begins offline.
Cate failed to disclose that the relevant Javelin data came from the 54% of consumer fraud victims surveyed who said they knew how their personal information was taken. The remaining 46% had no idea.
Federal Trade Commission officials said this year that the latter group logically would include a much higher percentage of victims of major electronic security breaches, computer spyware and phishing, online come-ons that trick people into revealing their personal