Computer Crime & Identity Theft - Essay Example

Computer Crime & Identity theft Computer Crime The Department of Justice has a rather wide ranging definition as regards Computer, or Cyber crime as it is also known, as, "any violations of criminal law that involve a knowledge of computer technology for their perpetration, investigation, or prosecution" (Jacobson & Green, 2002, p. 279). While this particular definition is necessarily broad in order to include any crime perpetrated by a computer, hackers and Computer crime require a more precise definition and more stringent legislation than is currently in use. A more precise analysis of Computer crime is given by Vatis in the article, The Next Battlefield: The Reality of Virtual Threats: Computer attacks generally consist of directed intrusions into computer networks to steal or alter information or damage the system; malicious code, known as viruses or worms, that propagates from computer to computer and disrupts their functionality; or denial of service attacks that bombard networks with bogus communications so that they cannot function properly. (2006, p 58) For the purposes of this paper the particular computer crime will be concentrated in the area of identity theft and the impact it has both personally and economically on the individual and society. What is Identity Theft? The encyclopedic definition of identity theft is the use of another person’s identity, i.e. financial, personal, geographic or other source, to commit fraud or other types of misrepresentation. By using another person's social security number, driver's license number, date of birth, address, online information one may open bank accounts, apply for loans and credit cards, get a cell phone and so on. In addition to financial loss that can result from identity theft, by using another’s identity the credit history and even the legal history of the victim can be damaged in the extreme. ("Identity Theft," 2007) According to the Identity Theft and Assumption Act of 1998, identity theft (ID theft), occurs when someone is "knowingly transferring or using, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, in the unlawful activity that constitutes a violation of federal law." It is a federal crime. (Alt, 2007, p. 67) Until recently all Computer Crime was difficult to prosecute for a number of reasons. One of the biggest problems is that large companies often refuse to publicize their involvement when someone has hacked into their system and stolen data or damaged programs and information. By revealing that their systems have been compromised a company may subject itself to a loss of consumer confidence and potentially loose many clients, depending on the product or service they offer. The company may also be subjected to lawsuits from clients who claim that there was no due diligence preformed as regards the security of their information. It is estimated that between twenty-five and fifty percent of all business have experienced some sort of intrusion or breach of security of their computer networks. (Yang & Hoffstadt, 2006). Another reason is the multi-jurisdictional nature of the problem regarding the quite often substantial difference between the location of the crime and the criminal. The crime may be committed on a corporation that resides in the United States while the criminal may be in a completely different part of the world and in a country that has no extradition agreement with the US (Jacobson & Green, 2002). This will of course require cooperation between governments far beyond the usual means in order to facilitate the capture and prosecution of these particular Computer criminals. There are three fronts that need to be addressed when attempting to prevent and / or prosecute Computer crime. Businesses themselves need to make the effort to keep their security up to date and be willing to prosecute the criminal. Software and hardware manufactures have to work in conjunction with business to help prevent these security breeches and combat an ever increasingly intelligent Computer criminal, and finally government must be the primary central source for the impetus of all this: Government involvement is essential to coordinate and assist with the international aspects of Computer-crime, to facilitate standardized security protocols and unfair practices over the Internet, and to prosecute persons who commit the acts legislatures deem harmful enough to make criminal. (Yang & Hoffstadt, 2006, p. 213) There is also a certain early Computer "ethic" among hackers that must be noted here. This includes such principles as the right for everyone to have access to computers and that this access should be unlimited and total; all information should be free and available. Furthermore, the original hanker ethic did not consider unauthorized access without malicious intent to be unethical (Wible, 2003). This, unfortunately, is no longer the case but can be used to aid in prevention of the deliberate malevolent intent of the current Computer criminals. In Wible's article, A Site Where Hackers Are Welcome: Using Hack-In Contests to Shape Preferences and Deter Computer Crime, he presents the idea of companies arranging contest for hackers to break into their systems, with stringent guidelines of course, to help them prevent, detect and circumvent any future attacks by Computer criminals (2003). Identity theft has been around for a very long time, long before the advent of the Internet and computers. It was still the theft or at least the copying of another person in order to substantiate yourself within a community. In modern times there are many levels and parameters that this crime can reveal itself. A sergeant with the Los Angeles county police department, Sunil Dutta, reveals some of these unique attributes as well as the fact that most of the perpetrators get away “Scott-free.” (2007, p. 290) Sergeant Dutta also reports that in certain cases the Identity Thief can commit crimes under the assumed identity, registering his own fingerprints in the stolen name, and the victim can be in very serious trouble. He analyzes some of the usual methods of ID theft, but some that may not be so apparent. ID thieves can rummage through a garbage pail and find gold. Tossing out those offers of credit along with any other personal information is a recipe for disaster. Lost or stolen wallets are another simple way of attaining enough information to ruin a person. Statistics are plentiful and growing in the area of Identity Theft. The Department of Justice tracks the costs of ID theft and one of these costs is in the criminal justice system itself. The extremely difficult nature of not only prosecuting Identity Theft criminals, but even discovering these crimes is enormous. (Cost of Identity Theft, 2008) In fact many people simply choose to try to get their lives back on track and often do not pursue criminal prosecution in the courts because of the almost insurmountable difficulties involved. (Federal Trade Commission, 2007) Historically, what we know as ID theft today came with the dawning of the age of credit cards and plastic money. Not only did create a rise in fraud and ID theft, but a totally different consciousness regarding money and how it is spent (Manning 2000). Originally called charge plates, Credit Cards are one of the most vulnerable areas of ID theft. (History of Credit 2008) now, several levels of security are in place to help prevent the online use of stolen credit card numbers such as require special ID codes and answers to security questions. Also, there are services in place to minimize the damage a stolen credit card can cause. (Holmes, 2007) Electronic Fund Transfers, or EFT’s are another area of potential risk. Any transfer of funds that does not require the physical presence of the customer always has a potentially higher risk of fraud and theft. (Guttman, 2003) There is also the problem that has been termed Negligent Enablement that has occurred when Identity Thieves create bogus accounts at store that do not have the victim as a real customer. Many businesses refused to take any action on the victim’s behalf, or even so much as talk to them to help them clear up this fraudulent activity. (Howard, 2005) Now there is in place legal precedence for making corporations ultimately responsible for ascertaining the true identity of their customers as well as assisting victim of Identity theft with adequate resolutions and remedies. In the criminal justice system computer crimes especially identity theft is often linked with computer crimes, or at least has some connection with the Internet and the tremendous access to information as well as banking and credit card transactions. This became even more difficult when the nature of legal jurisdiction became involved. A high percentage of the time the victim and the criminal an in entirely geographically different locations, often outside the United State, bring to beat extradition difficulties and other legal problems. (Jacobson & Green, 2002) of The Fair And Accurate Credit Transactions Act Of 2003 or FACTA was an important step in helping to ameliorate the difficulties involved in prosecuting Identity theft criminals. (Linnhoff & Langenderfer, 2004) There are also concerns for privacy, both for Identity Theft Victim as well as the consumer who has not been affected, but may have some of their privacy rights eased due to the need of government monitoring of some of the Internet’s more vulnerable areas. This is now a concern of the ACLU and of the organizations trying to balance citizens’ rights and the laws that protect them from ID theft. (Thierer & Crews, 2003) Computer Crime in general has been notoriously hard to detect as well as prosecute. Many companies often do not reveal the extent of on outside intrusion into their data network, not wanting to let the public know of their security inadequacies. (Yang & Hoffstadt, 2007) This has until recently been a major stumbling block to law enforcement, but is slowly giving way to greater due diligence and transparency to the public. Up until 2004 these number were on the rise, but thanks to law enforcement and better legal remedies the situation has come under some control. But this due diligence has to extend to a public that is often too willing or unmindful of their own responsibility regarding their identity. (Svoern, 2004) There always new and more efficient techniques for thieves to steal identity, like phising and other nefarious Internet tools (Stafford, 2004). However the only remedy is for not only the government and corporations to have heightened security and better fact checking protocols, but for the consumer to keep a watchful eye on their wallets, their e-mails and their credit scores. Other forms of Identity Theft are bank fraud, phone & utilities fraud, job related misrepresentation, consumer fraud, government documents and benefits fraud. Medicare, Medicaid and other health insurance related fraud is also on the increase. (Alt, 2007, p. 68) Furthermore, once someone has stolen an Identity, the victim usually experiences more than one type of fraud regarding their personal information as figure 1 illustrates. The areas of overlap indicate multiple intrusions of identity theft. Furthermore, 58.9% of all victims experienced the misuse of an existing credit card. A total of 48.6% of victims experienced the misuse of existing accounts other than existing credit card accounts and 21.9% of victims had their personal information used to open a new account or commit some other kind of fraud. 38.1% of all victims the misuse of an existing credit card was the only form of ID theft suffered, and approximately one-third of victims who experienced the misuse of an existing credit card also experienced another type of ID theft. (Federal Trade Commission, 2007 13) Another issue in identity theft is the problem of the time to discovery of the crime. In many cases the crimes may not be discovered until a great deal of damage has been done. The following chart illustrates the different types of fraud and their subsequent discovery times: Nearly 40% of all ID theft victims discovered the misuse of their information within one week of the start of the misuse. However, the discovery period was significantly different depending on the type of fraud experienced. Victims in the Existing Credit Cards only (22%) and the Existing Non-Credit Card Accounts (21%) categories were about twice as likely as those in the New Accounts & Other Frauds (10%) category to find out about the misuse the day it started. Nearly one-quarter (24%) of New Accounts & Other Frauds victims did not find out about the misuse of their information until at least 6 months after it started – compared to just 3% of Existing Credit Cards Only and Existing Non-Credit Card Accounts victims. Where discovery of the misuse occurred more quickly, victims reported lower out-of-pocket losses and thieves obtained less. (Federal Trade Commission, 2007 p. 23-24) Until recently Identity Theft was difficult to prosecute for a number of reasons. One of the biggest problems is that large companies often refuse to publicize their involvement when someone has hacked into their system and stolen data or damaged programs and information. By Assets ($ billion) Citicorp $700 BankAmerica $572 Chase Manhattan $367 J. P. Morgan $281 Banc One $246 First Union $229 Wells Fargo $186 Bankers Trust $173 Fleet Financial $101 National City $81 revealing that their systems have been compromised a company may subject itself to a loss of consumer confidence and potentially loose many clients, depending on the product or service they offer. The company may also be subjected to lawsuits from clients who claim that there was no due diligence preformed as regards the security of their information. It is estimated that between twenty-five and fifty percent of all business have experienced some sort of intrusion or breach of security of their computer networks. (Yang & Hoffstadt, 2007, p. 208). One of the largest issues facing both the prevention and detection of identity theft is the fact that for more than half of the victims of identity theft it is unknown how the information was at first obtained. The following pie chart in figure 4 represents this data. Here, interestingly enough, although 56% of the victims did not know how their information was found out, of the 44% that did know, the largest percentage was from people they did know personally at 16%. A more recent entrant in the identity theft genre is phishing. Compromising 1% of the total category, “Phishing occurs when fraudulent e-mails are sent to online users by impersonating Internet service providers (ISPs), merchants, and banks, in an attempt to steal financial information” (Stafford, 2004, p. 201) Another issue for victims of identity theft was the lack of a satisfactory remedy. If you are the customer of a company that has had a security breach and parceled out your personal information you have some recourse in both the form of statutory as well as common law claims. However, individuals who never intended to become the company’s customers or perhaps were never even aware of the company existence lack similar support because a business generally does not owe a non-customer the same duty of care. (Howard, 2005, p. 1264) The Fair Credit Reporting Act (FCRA) was written into legislation in 1970 and has been amended almost yearly up to 2003. This was the first attempt by the government to address the problem of Identity Theft. The FCRA provides consumers with a private right of action for a credit reporting agency's willful or negligent noncompliance with any of the duties imposed by the FCRA. Under this FCRA provision, consumers may recover their actual damages, attorney fees, and costs; when the credit reporting agency has acted willfully, the consumer may also recover punitive damages. Another statutory enactment, the Identity Theft and Assumption Deterrence Act makes identity theft a federal offense and gives victims rights and means to be compensated for their losses. (Howard, 2005, p. 1267) It is estimated that approximately 3.2 million consumers had become victims of identity theft in 2007. Thieves who opened new accounts in their names, obtained new identification documents or took other steps to impersonate their victims targeted them. Another 6.6 million were victims of credit fraud, in which thieves who gained access to account numbers raided credit card or bank accounts. (Sovern, 2004, p. 236) While more and more government regulations and penalties are being put into place, these measures are like closing the barn door after the horses got out. Consumers need to be more aware of their information and safeguard their credit history by maintaining a heightened level of vigilance. Consumers must not rely on governments or corporations to protect them completely if they are randomly giving out their information over the Internet whether accidentally or intentionally. The information age is a two-edge sword, making knowledge readily accessible with the touch of a few keystrokes and the click of a mouse, but have you ever tried googling yourself. You might be surprised by what comes up! References Jacobson, H., & Green, R. (2002). Computer Crimes. American Criminal Law Review, 39(2), 273-278. Alt, B. L., & Wells, S. K. (2007). Fleecing Grandma and Grandpa: Protecting against Scams, Cons, and Frauds. Westport, CT: Praeger. “Cost of Identity Theft.” (2008) United States Department of Justice. National Institute of Justice. The Research, Development, and Evaluation Agency of the U.S. Department of Justice. Retrieved on February 25, 2009 from Dutta, S. (2007, October). IDENTITY THEFT : A Crime of Modern Times. World and I, 18, 290. Federal Trade Commission 2006 Identity Theft Survey. (2007). Federal Trade Commission FTC.gov Retrieved on February 25, 2009 from http://www.ftc.gov/os/2007/11/SynovateFinalReportIDTheft2006.pdf A History of Credit Cards. (2008). CreditCard.com. Retrieved on February 25, 2009 from http://www.creditcards.com/history-of-credit-cards.php Holmes, T. E. (2007, September). Is Your Credit Card Number Safe Online? New Technology Offers Consumers Added Protection. Black Enterprise, 37, 163. Jacobson, H., & Green, R. (2002). Computer Crimes. American Criminal Law Review, 39(2), 273-278. Howard, H. M. (2005). The Negligent Enablement of Imposter Fraud: A Common-Sense Common Law Claim. Duke Law Journal, 54(5), 1263-1279 Identity Theft. (2007). In The Columbia Encyclopedia (6th ed.). New York: Columbia University Press. Jacobson, H., & Green, R. (2002). Computer Crimes. American Criminal Law Review.39(2) 273-278. Linnhoff, S., & Langenderfer, J. (2004). Identity Theft Legislation: The Fair and Accurate Credit Transactions Act of 2003 and the Road Not Taken. Journal of Consumer Affairs, 38(2), 204- 211. Manning, R. D. (2000). Credit Card Nation: The Consequences of America's Addiction to Credit. New York: Basic Books. Sovern, J. (2004). Stopping Identity Theft. Journal of Consumer Affairs, 38(2), 233+. Stafford, M. R. (2004). Identity Theft: Laws, Crimes, and Victims. Journal of Consumer Affairs, 38(2), 201+. Thierer, A. & Crews, C. W. (Eds.). (2003). Who Rules the Net? Internet Governance and Jurisdiction. Washington, DC: Cato Institute. Vatis, M. (2006). The Next Battlefield: The Reality of Virtual Threats. Harvard International Review, 28(3), 56-59. Wible, B. (2003). A Site Where Hackers Are Welcome: Using Hack-In Contests to Shape Preferences and Deter Computer Crime. Yale Law Journal, 112(6), 1577- 1583. Yang, D. W., & Hoffstadt, B. M. (2006). Countering the Computer-Crime Threat. American Criminal Law Review, 43(2), 201-212. Read More