Identity Angel

Thieves have been stealing identities for a long time, but the Internet has no doubt accelerated the trend. A big reason is that search technology makes it easier to pull together information on the Web.

In such a leaky environment, technology ought to take a more active role in safeguarding our personal data. That's the object of work being done at Carnegie Mellon University in Pittsburgh, Pennsylvania. Latanya Sweeney, a software engineer at the university, has developed a computer program called Identity Angel that goes on the Internet and looks for the "holy trinity"--the three key data points needed to steal a person's identity. Two of the three data points--name and address, and date of birth--are often public record. The third--personal identity numbers like the Social Security number in the United States--are in wide circulation among credit-card companies, banks and other business as a means of verifying identity and checking credit.

On July 23, Sweeney kicked off Identity Angel's one-year trial run. The program is now working its way through servers, scouring online documents. When Identity Angel finds a holy trinity, it will send a warning e-mail to the person at risk. (This assumes that the person's e-mail address is online, too; Identity Angel doesn't make phone calls or post letters.) The e-mails will explain the study and include contact information at Carnegie Mellon for those who want more information.

In the first two weeks, Identity Angel discovered more than 5,000 people who were vulnerable to ID theft. School and government sites are common sources of Social Security numbers, but most are found--surprisingly--on résumés held in online job banks. Sweeney plans to release the first e-mails later this month. "This is going to be a really weird event," says Jay Foley, director of the nonprofit Identity Theft Resource Center. He foresees a flurry of complaints and threatened lawsuits directed at the bureaucracies that haven't removed Social Security numbers from online documents.

Sweeney hopes that someday governments, credit-card companies and consumer-advocacy groups will use the program to prevent identity theft. "We would love to be able to say, 'Look at how many tens of thousands of people we saved from identity theft'," she says. That would indeed be a godsend.