Here’s a Better Identity Theft Idea for Elizabeth Warren

Jaap Arriens/NurPhoto via ZUMA

Hannah Levintova reports that Elizabeth Warren has introduced legislation in response to the Equifax hack:

The bill, titled the Freedom from Equifax Exploitation (FREE) Act, would require credit reporting agencies to offer customers free options to impose or lift a “credit freeze” that stops the sharing and selling of personal credit information to third parties. Currently, there is no federal rule requiring that credit reporting agencies offer any sort of freeze option, and agencies that do, charge between $2-$10 each time a freeze is imposed or lifted.

….The bill—also sponsored by Sen. Brian Schatz (D-Hawaii)—would also offer consumers better fraud alert protections in the wake of the breach, requiring credit reporting agencies to offer up to seven years of renewable fraud alert protections.

As happy as I am to see Warren responding to this—even if there’s precious little chance of Republicans offering their support—I’m surprised that her bill is so weak. It should be stronger and less complicated.

A “credit freeze” is a simple thing: it means that if you apply for credit and someone asks for a credit report, Equifax¹ has to contact you first to make sure that it was really you who applied for credit. That’s it. This should be the default. No hassles, no loopholes. Your personal financial information never gets shared with anyone else until you give explicit permission.

In some cases this would delay getting credit. But these days, it would be a minor imposition for most people. Think about what happens when you forget a password and have to change it. You get an email or a text within seconds and then you click a Confirm button. Done. It could work the same way for credit. There should be a single central clearinghouse that links Social Security numbers with email addresses and phone numbers, and credit reporting agencies would all use that clearinghouse to contact credit applicants for confirmation.

Note that this would be kept entirely separate from the credit report itself. This means that if a hacker does somehow get hold of your credit report, they still don’t know your email address or phone number, so they can’t use the information in the report to go on a credit application spree.

Is this perfect? No, but nothing is perfect. It means you have to keep your contact information up to date if it changes. If you forget, it could result in a long delay getting credit approved. And what if you don’t have email or a smartphone? Then the credit reporting agency would have to contact you via phone, or maybe even postal mail. If that’s too much of a hassle for you, you could apply to have your account permanently accessible to anyone who wants to see it—i.e., permanently unfrozen. Needless to say, if you did that you’d be responsible for any credit hacking or identity theft.

These days, a simple text/email confirmation would be easy for 95+ percent of us, with that number increasing every year. It’s a better solution than Warren’s.

Could more be done? Probably. If the credit reporting agencies were made statutorily responsible for identity theft, I’ll bet they’d think of a few more ideas. So how about it, Senator Warren? Why not a bill that requires identity confirmation in all cases and makes credit reporting agencies responsible for identity theft? It’s simple, easy, and effective. It would make the credit reporting agencies unhappy, and it would drive up their costs, but I think I can live with that.

¹And TransUnion and Experian and anyone else who sells credit reports.


as we head into 2020 is whether politics and media will be a billionaires’ game, or a playing field where the rest of us have a shot. That's what Mother Jones CEO Monika Bauerlein tackles in her annual December column—"Billionaires Are Not the Answer"—about the state of journalism and our plans for the year ahead.

We can't afford to let independent reporting depend on the goodwill of the superrich: Please help Mother Jones build an alternative to oligarchy that is funded by and answerable to its readers. Please join us with a tax-deductible, year-end donation so we can keep going after the big stories without fear, favor, or false equivalency.


as we head into 2020 is whether politics and media will be a billionaires’ game, or a playing field where the rest of us have a shot.

Please read our annual column about the state of journalism and Mother Jones' plans for the year ahead, and help us build an alternative to oligarchy by supporting our people-powered journalism with a year-end gift today.

We Recommend


Sign up for our newsletters

Subscribe and we'll send Mother Jones straight to your inbox.

Get our award-winning magazine

Save big on a full year of investigations, ideas, and insights.


Support our journalism

Help Mother Jones' reporters dig deep with a tax-deductible donation.


We have a new comment system! We are now using Coral, from Vox Media, for comments on all new articles. We'd love your feedback.