RealTime IT News

Liberty Aims to Contain Identity Theft

The Liberty Alliance Project is stepping up its assault on identity theft with the creation of a new group geared to stymie criminal activity on the Web.

The Liberty Identity Theft Prevention Group, which includes Liberty members RSA Security, Nokia, AOL and American Express, say they will fight ID theft around the world.

The move comes at a time when fraudsters' attempts to pilfer pieces of consumers' identities, including credit card, bank account and Social Security numbers, is rising.

As a result, more consumers are chilling out on using the Web for conducting commerce.

Perpetrators use the information to siphon off consumer funds, or make purchases using the banking data. According to a study from Forrester Research, 9 percent, or an estimated 6 million U.S. online households have experienced identity theft.

While perpetrators are circumventing technology to keep them out of consumers' private information, consumers aren't helping because of their lack of knowledge about how attacks occur.

This is why the group plans to introduce best technological and policy practices and educate consumers and businesses, providing them with the tools they need to make better decisions, said George Goodman, president of the Liberty Alliance management board and a director at Intel.

Goodman said that unlike the Federal Trade Commission, which regularly cracks down on cases of ID theft, Liberty is uniquely positioned because it 44 government, consumer and business groups lending their expertise to one cause: Locking out Web grifters.

"At Liberty, we're in a position of looking at public policy issues and business and policy guidelines that go along with the technological aspects of what we do," Goodman said.

It's a tricky proposition. Liberty, which makes standards designed to allow secure Web services over the Internet, regardless of the type of infrastructure, has created guidelines so that consumers can control what personal information they share and with whom they share it.

The problem is that online identities are difficult to manage because most consumers have multiple online user names and passwords for e-mail, instant messenger, or even corporate intranets.

Forrester Research analyst Jonathan Penn said Liberty is positioned to create technical specifications designed to combat identity theft. So long as the organization watches out for certain pitfalls.

"A challenge Liberty faces is one of scope and focus, and how it works with related groups," Penn said. "For example, are they (or how are they) going to address any of the issues relating to offline fraud and id theft?"

Penn also said Liberty also needs to be careful not to claim to be the "single trusted resource" for ID theft services, solutions, and information because so many other companies and parties try to do that, too, and some of those are sponsored or run by members of Liberty.

"So one pitfall to avoid is the potential for redundancy of purpose leading to conflict," Penn said. "Surely there would be a complementary relationship between this Liberty group and, say, the ID Theft Assistance Center formed by the Financial Services Roundtable.

"Liberty could serve as a type of clearinghouse, providing direct information and answering inquiries where appropriate, and directing inquirers to other, third party resources already established. But such cooperation and coordination is not yet clear."

The Liberty Identity Theft Prevention Group is co-chaired by Michael Barrett, vice president of security strategy and architecture for American Express, and Alex Popowycz, member of the Liberty Alliance management board and vice president for Fidelity Investments.

Liberty will host its first Identity Theft Workshop on July 20, 2005 in Chicago.

Liberty has looked at identity issues before, published guidelines and hashed out standards for a federated identity network. Federated ID triggers single sign-on so that users can tap their accounts without storing all of their personal information.