Confetti: Identity Thieves' Manna From Heaven

The scene of the crime is the Macy’s Day Thanksgiving Day Parade. This year was spectacular — great entertainment with many new balloons and floats. Fall was in the air and so, too, was the confetti. This year, however, some of it was comprised of shredded confidential documents, floating to the ground, courtesy of the Nassau County Police Department.

You see, the confetti strips dumped on the parade route at 65^th Street and Central Park West included Social Security numbers, license plate numbers, phone numbers, police detail assignments, incident reports, and even details about Mitt Romney’s motorcade, likely from the second presidential debate at Hofstra University on Long Island. How do we know the Nassua County Police were involved? The documents included the acronym “NCPD”.

I wasn’t there, but an 18-year-old Tufts University student named Ethan Finkelstein was. He described one piece of confetti that settled on a friend’s coat. “It landed on her shoulder. It says ‘SSN’ and it’s written like a Social Security number, and we’re like, ‘That’s really bizarre.'”

Bizarre, indeed, but I think “insane” is a more appropriate word choice.

“That would have to come from our headquarters,” a Nassau County police source told the New York Post. “They have stuff that’s supposed to be shredded and go to burn piles. It sounds like some of it ended up where it wasn’t supposed to be.”

Get everything you need to master your credit today.

Get started for free

Yup, sure sounds like it. Gold star!

Let’s start with what we know for sure. Whoever committed this act of super nova-like stupidity (it’s too kind to call it negligence) either had one hell of a sense of humor (and disregard for the prospect of future employment) or s/he manifested more than a modicum of brain dysfunction. Actually, both qualities were in evidence. The deluge of personal identifying information on parade goers betrayed the sort of incompetence one might expect from a Tea Party sign painter. The actual event suggests a catastrophic failure of policy and procedure that confounds the imagination. How could such a thing be allowed to happen even one time?

Would you believe me if I told you it happened at another parade this year? Last February at New York City’s Super Bowl celebration parade for the New York Giants, some of the “confetti” dropped from office buildings was actually unshredded paper containing personal information and records — an identity thief’s El Dorado of Social Security numbers and medical records, including detailed information about a 54-year-old woman’s mammogram.

Some may be tempted to make light of such stories — until you consider that the mammogram results belonged to a woman who actually exists, who would be completely justified in thinking that her privacy had been systematically violated — and further, that a crime had been committed against her.

Still, some were unconcerned. “I don’t get the impression that people are actually going to pick up these pieces of paper and cause something like identity theft or something along those lines,”said one bystander. This point of view is dangerous and unsurprising — after all, identity theft, like the radiation at Chernobyl or the germs that cause cholera, is invisible, and thus easy for non-victims to ignore.

Like cholera, radiation poisoning, and a host of other ills, identity theft is all too real — even in a pastoral setting like Manhattan. We ignore it at our peril.

At the end of the day, these failures occur because policies and procedures are missing or ignored. They result from failures of leadership and management. A case in point: the Governor of South Carolina — who arguably should not be left within reach of anything more dangerous than a can opener, let alone a state government.

In October, it was revealed that more than 75% of South Carolina residents had their Social Security numbers, credit card numbers, and other personal information breached in August after someone stole credentials from one of 250 state employees with access to the South Carolina Department of Revenue (DOR) database.

Amazingly, that data was not even encrypted.

If you think that was stupid, wait till you hear the governor’s excuse. Encryption is “complicated and cumbersome technology.” Interesting point, but here’s the thing: encryption is not hard! It’s actually pretty simple. What’s hard is having your identity stolen, your accounts emptied, your credit ruined and your life turned upside down because bureaucratic brain surgeons in your state government thought encryption wasn’t worth the trouble.

Still, I’m sure South Carolinians will sleep much better having heard the governor’s subsequent suggestion — now that it’s too late — that encryption might be a good idea after all.

There’s no shortage of dumb decisions in the political sphere, but it’s worth asking just how badly our current cost cutting budgetary obsessions are warping our ability to make intelligent cost-benefit choices — especially in such high-stakes situations. From identity theft to cyber-warfare, our inability to weigh risks in a rational way is costing us big time — and may ultimately be our undoing. Example: In the past 24 hours, we’ve learned that the entire South Carolina disaster could have been avoided by spending as little as $25,000 for a dual password system to keep hackers out of that database. “I almost fell out of my chair,” said the co-chairman of the cyber-security subcommittee investigating the debacle. “For $25,000, we wouldn’t be here.” Would it have been worth it? 6.4 million consumers and businesses — given the chance — obviously would have said yes.

Frankly, this level of incompetence and disregard for the public good should be criminal. People in positions of public trust who allow such acts should be held accountable. Lose their jobs. Go to jail. Or both.

And we must mandate encryption of databases containing personal identifying information, from SSNs on down — and set criminal penalties for failing to do so.

When I said “we ignore identity theft at our peril,” I simplified too much. Too often, those who ignore these risks ignore them at other people’s peril — despite a clear fiduciary responsibility to defend the public. The Chief Executive of South Carolina is sadly yet another in a long line of shirkers and buck-passers, who don’t seem to understand what’s really at stake here. Whether the topic is identity theft or the fiscal cliff, it’s our job — as voters and as consumers — to hold these folks accountable.

Image: Caitee Smith, via Flickr