The NY Times published an editorial today, “The Data Fleecing of America,” which praises members of the US Congress who are trying to do something about Identity Theft Fraud by Impersonation.

If it were not for California’s pioneering law requiring notice to affected consumers, the rest of the nation might not have even heard warnings of how their assets and identities are increasingly at risk. Senator Dianne Feinstein, Democrat of California, is proposing a national requirement for consumer notification, with civil damages for negligent companies. Her bill is a good start in conjunction with a comprehensive measure by Senators Charles Schumer of New York and Bill Nelson of Florida to begin regulating data merchants by requiring registration with the Federal Trade Commission. It would adopt stronger safeguards, stop the easy access to Social Security numbers and help identity theft victims regain their fiscal balance.

Credit-card companies and information brokers - not consumers and merchants - bear prime responsibility for the ravages of data thieves.

(emphasis mine)

There’s some inkling of clue in that final sentence, but it’s too little too late to save this editorial.

How many times do we have to say it? The SSN cat is out of the bag. It can’t be put back, no matter how much people would like it to be. Fixing the problem is going to be hard and it’s going to be expensive. If I had to guess where in the Seven Stages of Grief people are at the loss of their beloved SSN as an all-in-one identifier and password, I’d definitely go with “Denial.”

So let me say it one more time: The number of compromised credit card numbers, Social Security Numbers, Bank Account Numbers, and other bits of PII is simply too great. When real life reads like something out of The Onion, it’s time to admit that Humpty Dumpty probably isn’t going to come out of this in one piece and start tackling the Root Cause of the problem–inadequate authentication methods for financial transactions.

Personally, I like Bruce Schneier’s suggestion that the US Government should announce that they are going to publish the SSN of every American in, say, two years. This would force the updating of financial transactional systems and as an added bonus, create a huge demand for all those poor FORTRAN and COBOL programmers who’ve been looking for work since Y2K.