Internet Insecurity

(2 of 5)

Abdallah's high-profile arrest brought national attention to identity theft, which the FBI says is the nation's fastest-growing white-collar crime. An estimated 500,000 Americans have their identities stolen each year. A sign of the times: at least four insurance companies now offer ID-theft policies. The Privacy Rights Clearinghouse, which works with victims, says it takes an average victim of identity theft two years to clear his credit rating. A growing worst-case scenario: "criminal-identity theft," in which thieves use the stolen identity when they are arrested, leaving their victims with a criminal record that can be difficult to expunge.

Most identity theft still begins off-line, often in such low-tech ways as a criminal sifting through garbage to find an unwanted preapproved credit card. But once an ID theft is under way, the Internet can make the work considerably easier. A particular problem: fast-proliferating websites that sell fake IDs.

It was a fake-ID seller who helped an identity thief run up $30,000 in false charges to Charles Glueck, a Metarie, La., dentist. After Glueck lost his wallet, the man who took it went online to get a driver's license with his picture and Glueck's identity. He then used that license to get 15 credit cards in Glueck's name and started charging. Glueck was shocked to learn later from police that the website had not broken the law because when it shipped the driver's license to the thief, the license was marked for "novelty" use only. "Once you know how to work a computer, you can be whoever you want to," Glueck says.

2 YOU MAY BE UNINTENTIONALLY REVEALING INFORMATION ABOUT YOURSELF AS YOU MOVE THROUGH CYBERSPACE

Surfing the internet feels anonymous, like looking through the pages of a magazine in a library. But the websites you visit can look back at you. Many use "cookies" to collect data about your visit--where you go in the site, what links you click on. There was a blowup last year when it appeared that Internet advertising agency Doubleclick would match up its cookies with data from an off-line marketing company that had names, addresses and phone numbers of 88 million Americans. That plan, since abandoned, would have let the company create personal profiles of individuals and their Web-surfing habits.

Your Web browser may also be giving away information about you as you travel through cyberspace. Whether you know it or not, your browser's "preferences" menu may include your name, e-mail address and other information that can be captured and stored by sites you visit. Your Internet Protocol address can also give you away. Every computer on the Internet is assigned an IP address, the online equivalent of a street address, that allows it to receive data. Dial-up connections usually assign you a new IP address every time you connect. But if you use a fixed connection (like DSL or cable), you may have a permanent IP address that any website you visit can capture and, by comparing it against a database, connect to you by name.

Sometimes the spy is an "E.T." program, so called because once it is embedded in your computer it is programmed to "phone home" to its corporate master. RealNetworks' RealJukebox program was found in 1999 to be sending back information to headquarters about what music a user listened to. The Federal Trade Commission decided in May that zBubbles, a now defunct online shopping service once owned by Amazon, probably deceived consumers when it told them that the information it collected about a user's Web surfing would remain anonymous.

3 THAT PERSONAL INFORMATION YOU JUST PROVIDED TO A WEBSITE MIGHT BE SOLD--OR STOLEN

Websites, particularly e-commerce sites, collect a lot of data from visitors. If you buy a book or a magazine at a bookstore and pay cash, there will be no record linking you to the purchase. But the books, magazines, music and movies you buy online are all linked to you by name. Web retailers are collecting a sizable database of information on individual purchasers. Who's buying pornography, and who's buying extreme political tracts. Who's buying cancer drugs, or contraception.

E-commerce sites routinely share your information, or sell it. The Electronic Frontier Foundation launched a campaign in early June against Macys.com for giving away info from its bridal registry to its business partners. Amazon, which once permitted users to choose to keep their data confidential, rewrote its privacy policy last year to say customer data are an "asset" it may sell or transfer in the future. If an e-commerce site you bought from goes bankrupt, it could be legally required to sell your data to the highest bidder. And sites routinely sell or exchange your personal information. Privacy advocates are pushing for federal legislation requiring websites to let users opt out of sharing, as has recently happened in financial services (see box).