Your E-Mail May Be Touched by 'Identity Angel' Today, people will begin receiving emails from a Carnegie Mellon University program that trolls the internet for names, dates of birth and social security numbers. If you're contacted, you're a likely victim of identity theft. Don't worry -- Identity Angel will tell you how to fix things.
NPR logo

Your E-Mail May Be Touched by 'Identity Angel'

  • Download
  • <iframe src="https://www.npr.org/player/embed/5630787/5630788" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript
Your E-Mail May Be Touched by 'Identity Angel'

Your E-Mail May Be Touched by 'Identity Angel'

Your E-Mail May Be Touched by 'Identity Angel'

  • Download
  • <iframe src="https://www.npr.org/player/embed/5630787/5630788" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript

Today, people will begin receiving emails from a Carnegie Mellon University program that trolls the internet for names, dates of birth and social security numbers. If you're contacted, you're a likely victim of identity theft. Don't worry — Identity Angel will tell you how to fix things.

MELISSA BLOCK, host:

There is a computer program out there right now looking for you on the Internet. It's searching for key information that could make you vulnerable to identity theft. Your name and address, date of birth and Social Security number. That computer program, called Identity Angel, today began e-mailing potential victims that it had found that information.

Latanya Sweeney is head of the Identity Angel project at Carnegie Mellon University's Data Privacy Lab, and Dr. Sweeney, what would this e-mail say if it landed in my inbox?

Ms. LATANYA SWEENEY (Carnegie Mellon University's Data Privacy Lab): It would say that you're a likely victim of identity theft, that we had found sufficient information about you on the Internet that someone could fraudulently get a credit card in your name. And then we would identify the source. We are recommending that you have it removed as soon as possible, and then telling you a little more information about why this puts you at risk to identity theft.

BLOCK: So it gives some tips on how to try to prevent this from happening, then?

Ms. SWEENEY: Right, exactly. The number one thing that we're spotting that people can correct quite easily is resumes. A person or an institution puts a resume out there that includes the fields that you mention. So simply removing or modifying the information, and we give you guidelines about what to do, that is, don't have a Social Security number at all. You don't really need to put your date of birth, and advice like that about what you might want to do to change it, and also where we found the resume.

BLOCK: And that's what the bulk of them are coming from, is these job-search boards with resumes on them?

Ms. SWEENEY: Yeah, and not even just job searches, sometimes just personal information that people are putting on their resume that they put on their own web page, or places where people have gone to conferences and workshops and so forth who also list their resumes.

BLOCK: How many hits or matches have you found so far where you've able to find all this information about people?

Ms. SWEENEY: We started on Monday, and we have a little more than 5,000. We had to stop because we have to be able to control the volume of e-mail that goes out so that we can be very responsive to those people who have inquiries.

BLOCK: When you created this computer program to search for this data, what were the kinks you had to work out? How tricky was it?

Ms. SWEENEY: At first, it's both difficult and easy. What was very easy is that if you were mischievous, how easy it is to find information about individuals that included Social Security numbers. What made it very difficult, though, was how could you automate the process and alert the person so that they could take corrective action? Finding them automatically, peeling out the information, trying to find the e-mail address that goes with that person and then contacting them turned out to be kind of a laborious task in order to get a computer to do that reliably in an automated way.

BLOCK: You know, there are so many e-mails that come in that seem to be one thing and are actually something else. I suppose you'd also be up against the hurdle of people getting something from you which you mean to be well-intentioned, and people would think maybe there is some ulterior motive here. I'm going to ignore it.

Ms. SWEENEY: Well, we did a couple of experiments before we got to this point of being able to do this automatically, and in the earliest experiments, that's exactly what would happen. We would send an e-mail to the person and about half of them would start ranting and raving at us as if we were trying to make them a victim of identity theft.

So in subsequent experiments, two things happened. One is we improved the wording on our e-mail message to make it a lot clearer to people what exactly we were attempting to do. And the second thing that changed is people have become far more sensitive to identity-theft issues. By the time we did the second experiment, the response was dramatically different. We got a lot of thank yous and we're really glad to know that and we're glad you're doing this kind of thing.

BLOCK: Latanya Sweeney, thanks very much.

Ms. SWEENEY: Okay, great. Thank you.

BLOCK: Latanya Sweeny heads the Identity Angel program at Carnegie Mellon University's Data Privacy Lab in Pittsburgh.

Copyright © 2006 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information.

NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.

Identity Theft IQ Test

The following identity theft IQ test, provided courtesy of the Privacy Rights Clearinghouse Web site, helps people assess the risk of their identities being stolen:

I receive several offers of pre-approved credit every week (5 points).

Add 5 points if you do not shred them.

I carry my Social Security card in my wallet (10 points).

My driver's license has my Social Security number on it (10 points).

I do not have a post office box or locked, secured mailbox (5 points).

I use an unlocked, open box at work or at home to drop off my outgoing mail (10 points).

I carry my military ID in my wallet at all times (10 points).

I provide my Social Security number whenever asked, without asking questions about how that information will be safeguarded (10 points).

Add 5 points if you provide your number orally without checking to see who might be listening.

I am required to use my Social Security number at work as an employee ID or at school as a student ID number (5 points).

My Social Security number is printed on various documents frequently seen in the workplace, such as on time cards (10 points).

I have my Social Security number and/or driver's license number printed on my personal checks (10 points).

I am listed in a "Who's Who" guide (5 points).

I carry my insurance card in my wallet, and either my Social Security number or that of my spouse is on that card (10 points).

I have not ordered a copy of my credit report for at least two years (20 points).

I do not protect my discarded personal, credit and financial information from thieves by shredding them prior to putting them in the trash (10 points).

Each one of these questions represents a possible avenue for an identity thief.

Understanding Your Score:

If you scored 100 points or more you are at high risk for identity theft.

A score of 50-100 makes your odds of being victimized about average but higher if you have good credit.

A score of 0-50 points means you have a low risk of being an identity theft victim.