Letter to Mnuchin/Powell

August 4 , 2018

Federal Reserve Chairman Jerome Powell
20th Street and Constitution Avenue N.W.,
Washington, DC 20551
Re: Financial Security in the Information Age

Dear Mr. Powell:

I sent this earlier to Treasury Secretary Steve Mnuchin.

September 11, 2017

I read about the Equifax fiasco. Given my small part in helping with the design of financial reporting systems for the federal government way back in 1978 (when credit cards were mostly a dream, and the idea of having to carry an identification card was anathema to most US citizens), I think I could make some comments and suggestions to fix it.

First, the computer information processing industry got carried away in trying to make financial transactions really easy, and glossed over the essential first step - establishing the identity of an owner - and how to react when the identity information is stolen. The Patriot Act fixed some of it for financial accounts, but we still rely too much on third party information. It is so bad now that the person most in need of the ability to prove his/her identity - the owner of an account - can sometimes be the least able to do so - because of the use of "publicly available" possibly bad information to verify identity. I recently had the experience of being unable to get my annual credit report from Equifax - because they had bad data in their system and I was unable to provide the bad information they were using to remotely verify my identity. We have an ancient distributed method of doing this - it is called the notary public system. Today they collect a biometric (the fingerprint, or a signature) from a real person, validate against identity documents, and then endorse a statement as having been made by that person. We need to upgrade this system to reflect modern life. Then make it mandatory for initial establishment of an account, or a mandatory option for reconnecting to an already established account.

Secondly, given current technology and practices, there is no excuse for storing or displaying permanent identification numbers like social security numbers (or any encryption from which they can be derived) on any electronic system beyond the time the end user is actually connected to the system. Such practices should be outlawed outright with a severe penalty of like $10K per number so stored or displayed. Storage of such information on paper (or other non-electronic form) should be acceptable precisely because it is hard to access information stored that way. Identification symbols that are assigned internally by an organization, are unpublished, are never displayed or shared, and are never used by the organization to verify identity, but are used to tie different records together within an organization should be freely allowed. Temporary identification numbers (e.g. valid for no more than a year) should also be OK, but there should be some controls over them too. In fact, the IRS could issue such a number to each tax payer every year.

Third, the banking industry has taken too much control away from an individual when managing an account. Arbitration agreements limit liability; banks dont actually verify signatures on checks, or even the payee line or amount in words line of a check; dont respect the date on the check; destroy checks instead of returning them, convert checks into EFT without explicit authorization, and even write checks on an account and submit them without a signature (signature on file!). Check images that do come back are often illegible because of the low quality of the imaging. Sometimes I do want a real cancelled check as proof of payment - it would be helpful if there was a standardized way of marking checks to make them ineligible for conversion to EFT (maybe even check truncation). All of these are confidence busters, and erode trust in banks. Explicit provision should be made regarding how to handle payments to entities that no longer exist, or are misclassified as dead.

Finally, I think you should also consider the impact to the economy and the country of a successful coordinated attack on a centralized organization like VISA. Having enough distributed trading resources (like physical cash in the hands of regular people!) can prevent paralysis in emergencies. We should be encouraging people to keep around a few months worth of their expenses in physical cash, and look for ways to give them the confidence to do so. Key to this is limiting the ability of DEA, Treasury agents, and police to seize cash - as far as people are concerned this is just as much armed robbery as that perpetrated by a mugger with a gun. A government agent should be able to separate a person from his money only if there is a public court order authorizing it, the person is arrested, or if the government agent is operating undercover as somebody who would. Since cash is a promise made by government, and people will want to preserve the value of what they have, cash in hand will work to enhance cooperation with government in a crisis. You could also put some real teeth into the phrase printed on many notes "This is legal tender for all debts, public and private".