The experts weigh in
Some security experts applauded the legislators efforts. "The disclosure laws are good things. It builds accountability on both sides," said Dave Jevens, chairman of the Anti-Phishing Working Group and vice president at Teros Inc., a security vendor in Santa Clara, Calif."You can phish and send millions of e-mails and maybe get a thousand victims. But if you get a well-formed database with 250,000 names, you can make a quick couple of million dollars."Other experts, however, see flaws in Feinsteins bill and similar state measures proposed recently. "The definition of personal information is too narrow. If I steal your bank account number, home address, phone number and the amount of money you have in your account, but not your PIN, the bank doesnt have to disclose that," said Mark Rasch, chief security counsel at Solutionary Inc., in Omaha, Neb., and a former federal prosecutor. To read more about Microsoft and eBays anti-phishing network, click here. Several lawmakers are drafting privacy legislation broader than the Feinstein approach. Sen. Charles Schumer, D-N.Y., said last week that he intends to introduce a comprehensive identity theft bill soon. Calling ID theft "Americas leading consumer complaint," Schumer said there must be national limitations on the disclosure of data by private companies. Particularly incensed about the Westlaw online research service provided by a division of Thomson Corp., Schumer said subscribers can obtain the Social Security numbers of millions of Americans. "This makes identity theft as easy as operating a computer," he said. Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.