Identity theft has become an enormous problem, and governments aren't doing nearly enough to protect us from it, former White House counterterrorism chief Richard Clarke said yesterday.

Clarke was the featured speaker at a conference on cyber security for state legislators and business leaders at Carnegie Mellon University.

Identity theft -- which is being conducted more and more by international criminal gangs based in countries where law enforcement is lax -- is primarily a crime problem, but is also a national security problem, said Clarke, who headed an interagency task force on terrorism in the Clinton administration and in the first Bush administration.

"It's happening all over the world, and it's happening in record time," Clarke said. He recounted how a thief in Australia was able to clean out a victim's bank account and transfer the money to a foreign country in under 15 minutes.

"Antigua and Aruba are nice places to visit, but you wouldn't want your money to go there without you," he said.

Clarke won fleeting fame last year when he told the commission investigating the Sept. 11 attacks that in the early months of his presidency, Bush hadn't paid much attention to the threat posed by al Qaida. Clarke now heads a private cyber security firm.

A national identification card would be an effective means of preventing identity theft, but it can't be called a national ID card if Congress is to adopt it, Clarke said.

"This is an issue that brings the far left of the Democratic Party and the far right of the Republican Party together, Bob Barr and Barney Frank holding hands."

"What they don't know is that we already have a national ID card," Clarke said. "It's called a driver's license."

But driver's licenses are easy to fake. Clarke said he bought one for $46. "It looks just like the real thing. It just doesn't have my name on it."

Though airlines require passengers to present drivers' licenses before boarding an airplane, they make no effort to determine whether the licenses are genuine, Clarke said.

If driver's licenses were smart cards -- if they contained a fingerprint or DNA -- they would be effective in preventing identity theft and could get people through airports faster, he said.

"You could slide your card in the machine and go right on the plane," Clarke said. "Let the 30 percent who don't want a national ID card stand in line."

The most common forms of identity theft over the Internet are "phishing" and "pharming," Clarke said.

In phishing, the identity thief sends an e-mail to the victim, claiming to be a legitimate organization with which the victim does business, requesting personal information such as passwords, bank account numbers and Social Security numbers.

Wary consumers can protect themselves from phishers, but not from pharmers.

Pharmers redirect victims from the legitimate commercial Web site they had been planning to visit to a phony Web site that looks exactly like the genuine one. When users log in with their user name and password, the information is captured by criminals.

Companies should be required immediately to report identity theft to customers, Clarke said.

Another proposal he endorsed would forbid companies from using Social Security numbers as identifiers.