![Sample our Social Sciences journals, sign in here to start your FREE access for 14 days]({"type":"image" , "src" : "/sda/110822/TOC-Subject-Sample-2021-Social-Sciences.jpg"})
Abstract
Identification is ever more important in the online world, and identity-related crime is a growing problem related to this. This new category of crime is not restricted to high-profile instances of identity ‘theft’ or identity fraud; it is wide-ranging and complex, ranging from identity deletion to unlawful identity creation and identity ‘theft’. Commonly accepted definitions are lacking, thus blurring available statistics, and policies to combat this new crime are piecemeal at best. To assess the real nature and magnitude of identity-related crime, and to be able to discuss how it can be combated, identity-related crime should be understood in all its aspects. As a first key step, this article introduces a typology of identity-related crime, consisting of conceptual, technical and legal categories, that can be used as a comprehensive framework for future research, countermeasures and policies related to identity-related crime.
Notes
This article is the result of co-operative work in the European FP6 Network of Excellence FIDIS (The Future of Identity in the Information Society, http://www.fidis.net) EU Project No. 507512. The authors thank Sabine Delaitre (IPTS, Sevilla) and two anonymous reviewers for their comments on an earlier version of this article.
According to the White House in the press release that accompanied the installation of the President's Identity Theft Task Force. See http://www.whitehouse.gov/news/releases/2006/05/20060510-6.html (22 November 2007).
Phishing amounts to trying to obtain financial and other personal data of users by trying to lure them to websites that impersonate real websites of, for instance a bank, through cleverly concocted emails. See, for instance, http://www.msnbc.msn.com/id/5184077.
Identity ‘theft’, for instance, plays a significant role in discussions on the introduction of national ID cards (e.g. in the United Kingdom, see LSE Citation2005). More generally, the very nature of the issues at hand – crime, vulnerability, threats and hence fear – fuels an entire industry that benefits from inflating the terms and accompanying figures to play on public fears; see, for instance, http://www.timesonline.co.uk/tol/news/politics/article725687.ece (22 November 2007).
An introduction in categorization and its potential consequences is given by Bowker and Star Citation(2000).
See also http://www.business.mcmaster.ca/IDTDefinition/defining.htm (22 November 2007), where their conceptual model is further developed.
For a do-it-yourself guide, consult http://www.ccc.de/biometrie/fingerabdruck_kopieren.xml?language=en. See also Geradts & Sommer (Citation2006, pp. 28–69).
Sometimes, also the when, why and what of communications are relevant, but for identity-related crime these are less relevant.
See art. 4 of the Council of Europe's Convention on Cybercrime, http://conventions.coe.int/Treaty/EN/Treaties/Html/185.htm: ‘the intentional damaging, deletion, deterioration, alteration, or suppression of computer data without right’.
A dramatized account of identity deletion was portrayed in Irwin Winkler's movie The Net (1995) featuring Sandra Bullock as the victim.
Cf. the definition of computer-related fraud in art. 8 Convention on Cybercrime: ‘causing … a loss of property to another person … with fraudulent or dishonest intent of procuring, without right, an economic benefit for oneself or for another person’ (italics added).
This is actually a problem in Dutch prisons, see Grijpink Citation(2006).
According to a recent report, 7 per cent of the convicts in Dutch prisons are not who they claim to be (Grijpink Citation2006, p. 45).
Like the La Salle Bank backup tapes that went missing in December 2005. See http://securitypronews.com/insiderreports/insider/spn-49-200512222005TheYearInIDFraud.html
US Identity Theft and Assumption Deterrence Act, Public Law 105-318, 112 STAT. 3010, 30 October 1998, codified at 18 USC. § 1028(a)(7).
Supra, note 9.
Council Framework Decision 2005/222/JHA of 24 February 2005 on attacks against information systems, Official Journal, L 69/67, 16.3.2005.
See, for instance, articles 347–350 Estonian Criminal Code, as mentioned in the FIDIS ID Law Survey http://idls.law.uvt.nl.
See, for example, http://md.hudora.de/jura/rechtstatsachen/node31.html, http://en.wikipedia.org/wiki/Man_in_the_middle_attack, and Schneier (1996).
California Financial Information Privacy Act (2003). California Civil Code § 1798.29; California Security Breach Information Act (2003). California Civil Code § 1798.82.