This administration must lead on cyber
Not just words but action needed on identity theft
Our free-market economy has long been a fertile ground for entrepreneurship and invention. As a society, we've also always done what is necessary to ensure that Americans can safely and securely enjoy the benefits of new innovations. The same America that made the personal automobile available to the entire middle class also popularized the seat belt.
Similarly, the Internet has had a revolutionary effect on our economy. Innovators have never had a better, easier-to-access platform to reach customers and audiences; people are connected as never before. But, as a glance at recent headlines will tell you, the promise of the Internet is threatened by identity thieves and other crooks who are stealing data about Americans in ever greater numbers. And if government watchdogs like the Federal Trade Commission (FTC) don't get involved soon, the problem will only get worse.
A recent report by Javelin Research confirmed that identity theft continues to rise, with an estimated 13.1 million victimized by ID theft in 2013. The Bureau of Justice Statistics reckons the annual losses due to identity theft are nearly $25 billion. Indeed, a recent bipartisan poll commissioned by my organization, CCIA, showed that 75 percent of Americans are worried that information about them may be stolen by hackers. So, as the world observes Safer Internet Day this week, it's time for policymakers to take notice of this disquieting reality and, more importantly, to act.
Of course, one doesn't need statistics to grasp the threat posed by online criminals and fraudsters. Just ask anyone who's ever had their personal data stolen, who's had to spend months (or years) recouping losses and rebuilding credit after having her accounts hacked. Or talk to one of the more than 100 million shoppers whose personal data was breached in a monster cyber attack last year. Some policymakers may not yet realize the urgency of this issue, but I assure you that those 40 million Americans, who have spent the last two months anxiously scanning their bank statements and replacing their credit cards, know exactly what is at stake. So does the financial community: new estimates indicate the breach cost banks more than $200 million.
Even more disconcertingly, as the Washington Post reported this weekend, experts believe this is just the beginning. According to the report, the Target attack is "likely to be the leading edge of a wave of serious cybercrime." Cybercrime has never been easier or less expensive for criminals; honest businesses and consumers, meanwhile, have never been more vulnerable to attack.
The good news is that, collectively, we have what it takes to address this problem. American consumers are more aware than ever about the importance of online data security. And, as economic activity increasingly moves online, every company has a vested interest in keeping its consumers' information safe. The fact is, however, that businesses and consumers can't safeguard themselves without help. Identity theft has reached such alarming proportions that a policy response is essential. Indeed, the same bipartisan poll showed that Americans want action: three-fourths of respondents said the government should do more to protect online data security.
Some in Congress have floated the idea of national data breach legislation, which would mandate that consumers are notified whenever their personal data (like credit card information) is stolen or otherwise put at risk. This is a good idea that merits further attention in Congress. The chairwoman of the Federal Trade Commission (FTC), meanwhile, has acknowledged that her agency can do more to defend consumers and businesses. The FTC can start right away by convening a workshop on online data security. This would provide a forum for businesses, law enforcement and consumers to come together to share experiences and-under the FTC's guidance-begin developing best practices for protecting Americans' data.
Even in today's divisive political climate, helping American businesses and consumers fight back against fraud should be a no-brainer. Yet so far the only material step we've seen taken was last week, when Congress excoriated Target executives before the cameras. While these hearings are an important step, to be sure, they don't protect the millions of Americans who have fallen victim to fraud. Nor will it do anything to prevent the next data breach. To do that, our policymakers and regulators must take action. Americans deserve no less.
Black is president of the Computer and Communications Industry Association.