?"> Observers agree that markup likely will be delayed because the Senate Banking Committee wants to get its hands on it, as does the House Financial Services Committeeboth of which tend to be hostile to consumer protection, said Chris Hoofnagle, director of the West Coast office of the EPIC (Electronic Privacy Information Center). At the heart of the battle between industry and consumer groups lies three key legislative components: First, the bill doesnt specifically exempt data thats encrypted. It also has stringent notification requirements wherein the breach of a single consumers data triggers notification requirements, as opposed to other bills stipulations that larger totals, such as 10,000 records, will trip the notification requirement. Finally, and most importantly, it provides for a consumers right to freeze their credit report.Hoofnagle suspects that the committees will water down consumer protection in the bill by targeting the credit report freeze. "[Credit freezes] can at least theoretically slow down impulse buying decisions," he said. "With the freeze, you have to call an agency to say, Please thaw my record so I can buy a big-screen TV. In that delay, you might speak with your spouse or think to yourself, Can I really swing this?"The credit industrys view is that people vote with their pocketbooks, and they want the convenience of instant credit. As McNabb pointed out, however, Californias law has a provision whereby consumers can receive a PIN to thaw credit temporarily. A credit bureau has three business days to act on the thaw request, and the thaw can last as long as it takes to refinance a housefor example, 10 days or 30 days. Three days isnt that far away from instant credit, McNabb said. Besides, pre-ChoicePoint, a mere 4,000 Californians had frozen their credit reports in the three years of the laws existence. "Even when they know about it, not everybody will do it," McNabb said. But the idea of a freeze is particularly appealing for people who arent in the market for credit, such as the elderly or disabled; in other words, people who are traditional targets of fraud. Some security experts find the lawor any law thats been proposedmisses the point. Bruce Schneier, chief technology officer at Counterpane Internet Security Inc., said its absurd that banks arent responsible for the fraudulent withdrawal of money from accounts, for example. "The situation is where the people who are responsible for the problem have no responsibility to fix it. They dont care," he said. "Thats how not to run a railroad." Schneier pointed to credit card companies, which are typically responsible for fraudulent purchases past an initial $50, as being a much better model. "Credit cards are safe, with all the security measures the credit companies have put in place." he said. "But there are no rules on how cards are kept in your wallet. Unlike banks, which say, If somebody else uses your password to withdraw money, youre screwed." Pete Lindstrom, research director at Spire Security LLC, would prefer that we all stop pretending that any of this supposedly private informationSocial Security numbers, mothers maiden nameis actually private. "We want to continue with the façade that this information is somehow being kept from most folks or from a lot of people," he said. "Really, so many people have access to this information, its silly to begin with. If we really cared about identity theft, wed be looking for stronger authentication." Rather than a credit report freeze, Lindstrom said he would like to see a requirement that stipulates that consumers be notified whenever their credit report has been accessed. "Id rather just know, if a Toyota dealership has just accessed my credit report," he said. "Id know if I had just bought a car or not. Youd have much better evidence of wrongdoing." Lindstrom also has a strong desire to see Social Security numbers publicly published, so we can finally give up on the idea that theyre sacred, and so we can finally get away from banks and other financial institutions tendency to use such insensitive information as barter for our financial welfare. "Were creating this façade that we can protect this information, and in reality we cant. There are too many people who have legitimate access to this stuff that can go bad to begin with. Credit card numbers or Social Security numbers, the only reason those identifying numbers are sensitive is these entities are treating them sensitively as if theyre good authenticators, and theyre not. "As long as we create this façade that we can put Pandora back in her box, then were going to try to do it." Check out eWEEK.coms for the latest database news, reviews and analysis.