Amid the whirring of pigs&39; wings and the crackling of ice from the underworld comes another unexpected noise: the sound of someone in government actually taking charge. Believe it or not, federal agencies across the board have been given 120 days to go through their files, track down every unneeded SSN, and put a plan into place to "eliminate the unnecessary collection and use of Social Security numbers within 18 months."

These long overdue marching orders arrived in a memo from Clay Johnson III, deputy director for management of the Office of Management and Budget, sent to the heads of every federal department and agency. The agencies were also told to review all information that could be used to identify an individual citizen or employee, make sure those records are accurate, and "reduce them to the minimum necessary" for the agencies to do their job.

Never mind the inevitable chorus of whining bureaucrats. Johnson has drawn a line in the sand that will be tough to retreat from, and that&39;s all to the good.

This welcome sea change is based on the common-sense premise that "the federal government should not unnecessarily collect or maintain personally identifiable information," according to an OMB spokesperson. That may sound obvious to the ordinary mortals among us, but bureaucrats are a breed apart. That being so, this realization has taken a little time.

Too much time, if you ask the 26.5 million military personnel whose SSNs and other personal data were on a laptop stolen from a Veterans Affairs Department employee. (To make matters worse, 2.2 million of those people were on active duty — not the people you want give an extra set of problems to.) In the wake of that scandalous breach, an investigation by a House committee found that 19 federal agencies had suffered a total of 788 breach incidents since the beginning of 2003, putting hundreds of thousands more Americans&39; personal information in jeopardy along the way.

But provided the federal government actually follows through on this call to action, we&39;ll have taken a major step forward in the fight against identity theft by early 2009. Will that undo the sorry record of breaches, inaction, and doubletalk? No way — that would require a time machine. Then again, maybe Johnson has more miracles up his sleeve.