Could we stone them instead?

President Bush last week signed into law the Identity Theft Penalty Enhancement Act, meaning that those who pilfer personal information such as credit card and Social Security numbers now face the prospect of up to five additional years in the slammer.

Here’s hoping that every minute of that extra time is as miserable as it is well deserved. Identity theft not only costs U.S. businesses and consumers tens of billions of dollars annually, but the unabated escalation of such crime also threatens to grievously undermine public confidence in conducting commerce online. Merchants are panicked, as well they should be, and a variety of industry alliances have coalesced around the common goal of stemming the tide, as well they should.

Perhaps worst of all, identity theft keeps creeping into my life.

My ATM/credit card was canceled a while back because BJ’s Wholesale Club let a crook make off with a batch of numbers, something I learned of only after the card was rejected at the grocery checkout counter. Fortunately, the checkout embarrassment and a few days of nervous uncertainty were the extent of my victimization. Identity theft victims typically spend between 30 and 60 hours working to undo the damage, according to one study.

Today, I received an “eBay account error” notice from a party pretending to be the online auction outfit that couldn’t possibly have been a more obvious phishing foray: I don’t have an eBay account. I’ve gotten a handful of similar entreaties as of late about my non-existent accounts with PayPal and various banks.

A savvy friend who works right here at “The Leader in Network Knowledge” tells me he almost got hooked by a phisher shortly after using PayPal to buy something on eBay. The real transaction had lowered his defenses, a natural enough reaction on anyone’s part.

They’re targeting my family, too. We have had an MSN account since the beginning of time but no longer need it now that our cable company has come across with broadband (something Verizon still hasn’t done in my neighborhood five years after telling us DSL would be available within six months). Anyway, Mrs. Buzz opened an e-mail ostensibly from MSN customer service, which said they needed our credit card number confirmed. She presumed I had already attempted to cancel the account and that the request for our number was a legitimate part of that process. I had done no such thing. Fortunately, she showed me a printout of the e-mail before acting on its request to fax them the information.

So I’m ready to see a bunch of these creeps do serious time in the can.

However, wanting to see such criminals punished isn’t the same thing as believing that the harsher sentences spelled out in this new law will do much to reduce identity theft. I don’t believe any such thing.

Politicians are extraordinarily focused when it comes to “getting tough” with criminals, especially in an election year. On the other hand, they aren’t so great about measuring the success of these get-tough initiatives. Jail cells cost taxpayers plenty, and despite nonstop prison building they remain in short supply compared with the number of individuals who might reasonably belong in one – including, these days, that other blight on the ‘Net – hard-core spammers. When identity thieves get five extra years, some other deserving criminal – maybe even a violent one – isn’t doing that time.

This might be all well and good if the public gets an extra measure of protection against identity theft in the bargain; not so well and good if all we get is the satisfaction at seeing bad actors behind bars.

Note to identity thieves: Mine really isn’t worth stealing. Note to readers: The address is buzz@nww.com.