The topic of data protection stole the show at the RSA Conference on computer security here this week. Identity theft and corporate espionage were dominant themes among the 15,000 attendees.And with good reason. Data are the new currency of the Internet age for legitimate and illegitimate businesses, says Howard Schmidt, former chief information security officer of eBay who now is a consultant. Data have never been shared as quickly, and in such vast amounts.

But as millions of Americans use personal data to shop and bank online, and as more companies store data electronically, they remain targets for online fraudsters, Schmidt and others said.

Microsoft Chairman Bill Gates, security experts, politicians and other analysts offered their takes on the problems, and suggestions to fix them:"The most dangerous breach."

Identity theft was, again, a major source of discussion. There was no shortage of hand-wringing over the consequences of consumer data ending up in the hands of fraudsters, and the fear was highlighted by an FTC report of rampant consumer complaints about identity theft.

But the unreported filching of data from government agencies and private enterprises worries Richard Clarke. "ID theft is one thing, but the theft of proprietary information without the knowledge of the government or a private business is another," Clarke, best-selling author and former White House cybersecurity czar, said Wednesday. "The most dangerous breach is one you are unaware of."

The cost to companies and agencies is immeasurable, says Clarke, in town to take in the conference and plug his cyberthriller, Breakpoint. And he fears the threat is growing, especially from Russia and China.

His solution? Federal law that requires government agencies and private industry to encrypt, or digitally scramble, sensitive data.

On Tuesday, U.S. Sens. Patrick Leahy, D-Vt., and Arlen Specter, R-Pa., introduced a data-privacy bill that makes it a crime to conceal security breaches involving personal data.

Gates: "A stupid system."

Identity theft was also on the mind of Gates, who visibly perked up when the subject turned to the credit card-issuing system during an interview after his Tuesday morning speech.

"It's a stupid system," he said, waving his hands dismissively. "It's a weak system when someone with your Social Security number or mother's maiden name can apply for credit without you knowing it."

Gates says the problem is largely solvable with an authorization system that requires consumers' final approval when any financial transaction is made under their name. He suggests biometric smart cards as part of a solution that could be achieved within five years.

But there will be a "paradigm shift" only when fraud costs force a change in the system, Gates says. Federal law? There were rumblings throughout convention halls and hotel lobbies about a push in Congress to make a federal law protecting consumers from the loss of sensitive information. But the author of California's data-breach notification law — used as a model for more than 30 other states — is worried a weak national law would pre-empt stronger state laws.