e-mail theft

Of course, the big cyberlaw news for today is the arrest of an AOL engineer who stole 92 million e-mail addresses (see article in New York Times.)

I am always surprised to read about "theft" of an information. In France, there is still a debate going on about whether an information can indeed be "stolen". Identity theft (not a big problem yet in France) would be considered a fraud, not a theft.

I am very concerned about this news though. According to the New York Times, the stolen list included e-mail addresses, but also the telephone number, the ZIP code and the type of credit card used for billing purposes. With a telephone number and a ZIP code, it is a breeze to get the names and addresses of the AOL users, if one would wish to do so. That is a solid first step towards perpetrating identity theft on a vast scale.

The actual credit card numbers were kept in a separate database. Could it be that using a system of separate databases would be a great tool to prevent identity theft? Stealing a database of e-mail addresses would still allow creating a Spam list, but if this database contained no other information, less harm would be done.