• A Midsummer Harvest of Bogus Trend Stories
  Drivel from the New York Times, the Washington Post, and the Boston Globe.
  Jack Shafer
  posted July 22, 2008
• Building a Better Anonymice Trap
  Messrs. Starkman and Jelveh show the way.
  Jack Shafer
  posted July 18, 2008
• Tracking the Anonymice
  See how they run in the Post, the Timeses, and the Journal.
  Jack Shafer
  posted July 15, 2008
• The New Yorker Draws Fire
  Barry Blitt's cover illustration of the Obamas wigs out the chattering classes.
  Jack Shafer
  posted July 14, 2008
• Advice for Marcus Brauchli
  Of the unsolicited variety as he ascends to the executive editorship of the Washington Post.
  Jack Shafer
  posted July 7, 2008
• Search for more press box articles
• Subscribe to the press box RSS feed
• View our complete press box archive

Dehyping Identity TheftThe New York Times finally sees reason.

About four months ago, I gassed on and on about the New York Times hyping the crime of identity theft. In a Page One May 30 feature, the newspaper accepted at face value the estimate from a 2003 Federal Trade Commission survey that identity theft cost the economy $48 billion.

Preposterous, I frothed, after inspecting the methodology of the FTC-commissioned survey. A couple of weeks later, Business Week scoffed at the number, too, noting as a point of comparison that banks only made $103 billion in profits in 2005. How could identity-theft losses be half as large as their total profits? The magazine cited two smaller estimates as more plausible: the Department of Justice's estimate of $3.2 billion in identity-theft losses during six months in 2004, and an industry survey that reported banks lose $1.1 billion to credit card fraud annually.

Yesterday (Sept. 27), the Times finally got around to debunking the $48 billion figure in a levelheaded story by business reporter Steve Lohr. In "Surging Losses, but Few Victims in Data Breaches," Lohr writes, "But most industry analysts are skeptical that the actual losses are near the $48 billion estimate, which is widely quoted." He then cites the DOJ's $3.2 billion estimate.

Lohr's piece made no mention of the credulous May 30 Times story, nor a previous Times piece from June 21, 2005, that also swallowed whole the $48 billion estimate. Except for ignoring his paper's role in disseminating the wacky figure, the Lohr piece is an excellent example of skeptical, scrutinize-the-numbers journalism. He butchers the identity-theft hysteria, writing:

But while high-profile data breaches are common, there is no evidence of a surge in identity theft or financial fraud as a result. In fact, there is scant evidence that identity theft and financial fraud have increased at all. Even when computer networks are cracked into, and troves of personal information intentionally stolen, fraudsters can typically exploit only a tiny fraction of it.

An increase in identity theft isn't what's fueling the panic, Mark Rasch, a former Justice Department prosecutor who now consults on computer security, tells Lohr. "It's an explosion of laws requiring notification of data loss."

Fred H. Cate, the director of the Center for Applied Cybersecurity Research at Indiana University, says people confuse data loss with identity theft and go off half-cocked.

"My concern is that by overstating the current problem, we will end up paying less attention and responding less effectively when far more serious problems do surface. It's like the boy who cried wolf," Cate explains to Lohr.

I wish somebody would tell me why the Times ran its sensationalized May 30 piece on Page One but ran Lohr's sober take in its "Circuits" section. It's almost a row-back. I'm not suggesting that newspapers need to annotate themselves, but this particular attempt on the part of the Times to dispel hysteria would be more effective if the paper nodded to its own role in stirring up the madness.

******

In 2001, my Slate colleague David Plotz taunted identity thieves everywhere with a piece he wrote for GQ in which he divulged his social security number; his home address; the name of his mortgage company; the make, model, and license plate of his car; the name of his bank; and other revealing data. His identity was never hacked, although he did get some interesting postal mail from prisoners. (See a PDF version of the story.) Send your adventures in identity theft to . (E-mail may be quoted by name unless the writer stipulates otherwise. Permanent disclosure: Slate is owned by the Washington Post Co.)

Shafer's hand-built RSS feed.

PRINTDISCUSSE-MAIL

• Health & Science
  How Doctors Know It's Really Autism
• Arts & Life
  Hollywood's Insidious Plot To Teach Your Kid To Read
• Health & Science
  Is Soy Milk Better for the Planet Than Cow Milk?
• Arts & Life
  Who Says Generation Y Is Colorblind?

• Today's Headlines
• 
  Wed, 23 Jul 2008 12:00:27 -0400
• Queen Elizabeth II Announces She's Pregnant Again
  Wed, 23 Jul 2008 11:00:00 -0400
• Ebert and Roeper Leaving 'Ebert and Roeper'
  Wed, 23 Jul 2008 08:00:21 -0400
• » More from the Onion

• Today's Headlines
• Can Mugabe Survive Zimbabwe’s New Political Order?
  Tue, 22 Jul 2008 22:31:17 GMT
• How the Pine Beetle is Destroying Colorado Forests
  Tue, 22 Jul 2008 20:20:17 GMT
• Obama in the Middle East: No Easy Questions
  Tue, 22 Jul 2008 17:15:44 GMT
• » More from Newsweek

• Today's Headlines
• When Thugs Cry
  Wed, 16 July 2008 18:25:58 GMT
• Black in America, Now What?
  Tue, 22 July 2008 14:45:43 GMT
• Gen Y and the Colorblind Lie
  Tue, 8 July 2008 18:14:03 GMT
• » More from The Root