The Federal Trade Commission has acknowledged that the epidemic of identity theft claimed almost 10 million victims last year. But on the same day it released the data, September 3, the agency attacked a new California privacy law that would cure the problem by limiting the corporate trade in our private information.

For the Bush Administration, individual hackers and criminals are responsible for identity theft, not the financial institutions that trade our private information like stocks and bonds, putting it at risk of being stolen. That’s like blaming the drug trade on the street dealers, not the drug cartels. Corporations that refuse to protect our private information are as responsible for identity theft as those who commit the crime. George W. Bush’s reasoning is probably clouded by the campaign cash he received from the financial services industry. In this election cycle, through June 30, that includes $2.1 million from securities and investment firms, $582,250 from commercial banks, $562,292 from the insurance industry and another $967,100 from other finance companies.

The explosion of identity theft corresponds to the Congressional felling, in the late 1990s, of Depression-era walls between banks, insurers and brokerages. This allowed companies to affiliate across industry lines and share private customer information with their affiliates to increase their commercial opportunities. Citigroup, for example, has 1,700 subsidiaries and, under current federal law, this corporate family cannot be stopped from trading in our private information, even when a consumer explicitly says no. Each of Citigroup’s subsidiaries can then sell our private information to other unaffiliated companies, and so on. That’s how I was able to buy, on the Internet, the Social Security numbers and home addresses of Director of Central Intelligence George Tenet, Attorney General John Ashcroft and FTC chairman Timothy Muris for as little as $26.

The California privacy measure signed by Governor Gray Davis August 27 allows consumers to say no to the trading of their private information among affiliates in different businesses. For example, Citibank could not share your private financial information with its insurance or real estate affiliates. The Bush Administration and GOP Congress, however, are backing federal legislation that would pre-empt Californians’ new privacy rights. Their specious argument, echoing the banks and insurers, is that privacy laws must be uniform, and the stronger California law will hamper efforts to stop identity theft because it requires rules different from the rest of the nation. The problem, according to FTC official Howard Beales, comes from “the theft of information from firms or by hackers, not from the sharing of information that institutions did intentionally.”

Bush will have to square that position with his campaign pledges from the last election. “I believe privacy is a fundamental right, and that every American should have absolute control over his or her personal information,” he said. Bush has also declared, “I think there ought to be laws that say a company cannot use my information without my permission. We can live in a private world.” But people cannot have absolute control over their private financial information when it is floating around among thousands of corporate affiliates. (Ironically, the White House is probably the last private world. Bush’s Social Security number is not for sale, because he is too well-known.)

George W. Bush will have to choose between the commercial freedoms of corporations and the privacy rights of Americans. There is no way to spin the identity theft crisis so that corporate America has no responsibility.