Collective Effort and Collective Liability - Essay Example

Collective Effort and Collective Liability The significance of identity theft cannot be overstated; indeed, as stated by a leading scholar dealing with the forensic aspects of this type of criminal endeavor, “Identity theft is rapidly becoming the most pervasive financial as well as brutal crime to occur in the history of the United States” (Collins, 2003). What makes this type of criminal pursuit so damaging and so difficult to prevent is the fact that identity theft can be accomplished either physically or electronically; consequently, law enforcement is too often compelled to react in a borderless environment in which criminals operating across the globe commit identity theft almost instantaneously and then disappear. The elusive nature of these criminals has been prominently noted by Howard Beales, a Director of the Bureau of Consumer Protection, Federal Trade Commission (hereinafter “FTC”), who stated in recent testimony to the Subcommittee on Technology, Terrorism and Government Information of the Senate Judiciary Committee that “Access to someone's personal information, through legal or illegal means, is the key to identity theft. Unlike most crimes where the victim is immediately aware of the assault, identity theft is often silent and invisible.” (2002). It is this silent and invisible nature of the crime that renders it so popular among the criminally-inclined and so difficult to combat. This paper will argue that the nature of identity theft demands much more than a typical law-enforcement approach; more specifically, the best response must come from a collaboration of the public and the private sector. This is not to suggest that organizations such as local law enforcement or the FTC cannot aid significantly in the battle against identity theft, they most certainly can contribute as the FTC’s data clearinghouse functions demonstrate (Identity Theft Victim Complaint Data, 2006), but to suggest instead that the technological weapons necessary to combat identity theft must come first and foremost from the private sector in the same way that common sense and diligence in dealing with personal information must be exercised by the individual. To this end, this paper will define what is meant by identity theft, describe the different types and the consequences of identity theft, and then describe how best to respond to identity theft. As a preliminary matter, identity theft is defined by federal statute. The Identity Theft Act defines identity theft as occurring whenever a person “knowingly and without lawful authority produces an identification document or a false identification document” (18 U.S.C. section 1028(a)(1), 1998) or otherwise possesses, transfers, uses, or creates an identification document or false identification document while knowing that any of these acts are unlawful. (18 U.S.C. sections1028 (a)(2)-(a)(7), 1998). These intentional misuses of personal information are punishable whether they are carried out by hand, through the conventional postage system, or through electronic means (18 U.S.C. section 1028 (c). Because the Identity Theft Act of 1998 was deemed an inadequate deterrent, Congress passed the Identity Theft Penalty Enhancement Act in 2004 in order to increase sentences for violators of the 1998 Act (18 U.S.C. 1028A). Despite these new laws, and the enhanced punishments, identity theft continues to plague individuals (Lahey & Matejkovic, 2001), businesses (Beales, 2002; Collins, 2003), and even powerful and well-resourced governmental organizations (Identity Theft. Internal Revenue Service, nd; Kahn & Roberds, 2005). The irony is that the identity theft crime has many enemies, legislation in place to criminalize all acts associated with identity theft, enhanced punishment legislation, and yet the crime is increasing rather than decreasing; clearly, therefore, current responses are inadequate. Even a cursory examination of the relevant data and statistics is sobering. From a financial point of view, Collins notes that “Personal identity theft is a $100-billion per annum industry worldwide; however,…the cost of stolen business identities can be expected to be even greater” (2003). The statistics are similarly disturbing in terms of the sheer number of individuals, businesses, and governmental organizations which have been victimized in some way by identity theft. The FTC, as a part of its mandate to protect consumer privacy, maintains a Data Clearinghouse which tracks identity theft crimes; the most recent annual survey reveals that in the United States alone (1) there were more than 246,000 complaints about identity theft (Figure 3, 2006), (2) that more than half of the victims didn’t learn about the theft of their identification data until one to sixty months after the theft occurred (Figure 8, 2006), and (3) that a majority of the victims failed to contact either a law enforcement agency or a credit reporting agency in order to attempt to mitigate the damage done through the criminal misuse of their personal information (Figures 9 & 10, 2006). Even the most optimistic analysis of this data is alarming; it is alarming because the financial costs are extraordinarily large and because the victims are often unaware of the fact that they have been stolen from until it is too late to prevent some of the more damaging consequences of identity theft. To be sure, the consequences can be severe. For individuals, as noted by Beales, there are both direct and indirect consequences (2002). Direct consequences may involve both fleeting and more permanent financial losses in which a victim’s wages are attached, in which tax refunds are withheld, or in which liens are levied against the victim’s property. Indirect consequences may flow from damaged credit reports or sullied background checks; some examples of common indirect consequences might include a victim being denied such things as credit, employment, loans, governmental benefits, services for utilities and telecommunications, and even leases for apartments. For businesses, the potential effects are similarly destructive. The mechanics by which identity theft is accomplished are surprisingly simple. In order to steal the identity of an individual, for instance, all that a criminal needs to obtain is some combination of an individual’s legal name and their address, telephone number, driver’s license number, Social Security number, place of employment, employee identification number, mother’s maiden name, demand deposit account number, savings or checking account number, or their credit card number (Collins, 2003). In the business context, an enterprising criminal would only need what Collins refers to as “Business Identifying Information” such as a business’s name, address, telephone number, corporate credit card numbers, banking account numbers, federal employer identification number (FEIN), State Treasury Number (TR), electronic filing identification number (EFIN; Internal Revenue Service), electronic transmitter identification number (ETIN; Internal Revenue Service), e-business websites, URL addresses, and e-mail addresses (2003, citing Collins & Hoffman, 2003). Once this personal information is obtained, then the criminals use this information in order to commit credit card fraud (25%), phone or utilities fraud (16%), bank fraud (16%), employment-related fraud (14%), government documents or benefits fraud (10%), loan fraud (5%), as well as other miscellaneous types or fraud or failures (30%) (Identity Theft Victim Complaint Data, Figure 4, 2006). In the final analysis, this is a crime which is easily committed, which relies upon easily obtained data, and which is subsequently used in ways which can prove financially and emotionally devastating. The fundamental problem is how to best respond to identity theft. The FTC acknowledges that it possesses no real independent law enforcement function; quite the contrary, the FTC serves as a complaint center, an education resource for consumers and businesses, and it provides significant networking and information-sharing functions with hundreds of law enforcement agencies across the country (Beales, 2002). As a result, while an important resource, the FTC is hardly a sole solution. Indeed, as stated by Lahey and Matejkovic, “the law currently provides…victims little recourse or remedy for the harms they suffer” (2001). The point is that even if the criminals are caught, there is very little chance, as borne out by the statistical data, that the victims will be able to collect against the offenders. There is, therefore, an inadequate legal regime dealing with the identity theft problem; in their view, the solution is a new legislative scheme which expands liability regardless of fault; more specifically, Lahey and Matejkovic propose imposing strict liability for all holders and users of personal information under the premise that the risk of substantial civil liabilities would encourage more discretion and care (2001). In conclusion, although a no-fault legislative scheme might seem extreme, it is clear that the current legislation is failing; a more appropriate response, and the one advocated in this paper, would be a partnership between public organizations, such as the FTC and law enforcement, with the private sector (Stubblebine & van Oorschot, 2005) combined with a new Identity Theft Act which imposes civil liability for those whom lose control of the personal information entrusted to them. Extreme crimes require collective effort, collective contributions, and collective liabilities. References Beales, H.. “Identity Theft: the FTC'S Response.” Prepared Statement the Federal Trade Commission. Before the Subcommittee on Technology, Terrorism and Government Information of the Senate Judiciary Committee Washington, D.C. March 20, 2002. Collins, J. M. “Business Identity Theft: The Latest Twist.” Journal of Forensic Accounting 1524-5586/Vol. IV (2003), pp. 303-306. Collins, J.M. & Hoffman, S.K. (2002, January). “Identity Theft: Perpetrator (n = 1,037) profiles and practices.” Case study conducted in preparation for grant funding, submitted January 2003 to the National Institute of Justice, U. S. Department of Justice, Office of Justice Programs. “Identity Theft.” Internal Revenue Service. Identity Theft and Assumption Deterrence Act of 1998 ("Identity Theft Act"). Pub. L. No. 105-318, 112 Stat. 3010 (1998). Identity Theft Penalty Enhancement Act. 18 United States Code section 1028 (2004). “Identity Theft Victim Complaint Data.” Federal Trade Commission: Identity Theft Data Clearinghouse, January 1-December 31, 2006. Kahn, C. M. & Roberds, W. (2005). "Credit and identity theft," Working Paper 2005-19, Federal Reserve Bank of Atlanta. http://ideas.repec.org/p/red/sed006/34.html Lahey, K. E. & Matejkovic, J. E. “Identity theft: no help for consumers.” Financial Services Review 10 (2001) p. 221-235. Stubblebine, S,. & Van Oorschot, P. C. “Countering Identity Theft Through Digital Uniqueness, Location Cross-Checking, and Funneling.” Financial Cryptography and Financial Security. Springer Publishing: Berlin Volume 3570/2005 (2005) pp. 31-43. Read More