Identity theft: Fact and fiction

In Shakespeare's Othello, Iago laments that "he that filches from me my good name/Robs me of that which not enriches him/And makes me poor indeed." In the modern world, by contrast, filching someone else's good name through identity theft can significantly enrich the criminal and impoverish the victim.

Some federal cases within the last year suggest why identity theft has become one of the fastest-growing forms of white-collar crime:

• A man was indicted in Miami on identity theft-related charges relating to his alleged filing of false federal tax returns in the names of 614 Florida prisoners, seeking more than $3 million in fraudulent refunds.

• A woman was convicted in Seattle on various identity theft-related offenses involving at least $464,000 of fraud under false identities that the defendant and her co-conspirators had set up.

• A man was sentenced in Los Angeles to federal prison for managing an auto theft and identity theft ring, in which conspirators stole biographic and credit information from real people and used the data to buy luxury cars amounting to more than $200,000.

• A man pleaded guilty in Seattle to federal identity-theft and fraud charges, after using the names and Social Security numbers of other people to open several credit card accounts and make nearly $200,000 in fraudulent charges across the United States and in Italy.

Contrary to some views, identity theft is indeed about numbers and about money. A recent study by Meridian Research makes the projection that by 2006 the financial institution sector alone will lose $8 billion to identity theft. In addition, an estimated 500,000 to 700,000 people a year become victims of identity theft, and Federal Trade Commission data show that nearly 86,000 people filed identity theft complaints in 2001. Many of those people suffer significant financial loss. Furthermore, when terrorists exploit identity theft, the financial and human costs to society as a whole can be catastrophic.

Contrary to some views, identity theft is indeed about numbers and about money.

What's the proper response to identity theft? In a recent Perspectives column, David Holtzman properly notes that the nature of digital communications has helped to create an environment that facilitates identity theft. At the same time, he asserts that identity theft legislation will not effectively contain the problem, in part because "it's too difficult to enforce, let alone prove, for legal action to be an effective deterrent" and because "the basic ammo to load the judicial guns (for enforcement actions)--such as clear guidelines on identity--is not at hand."

In fact, law enforcement has both the ammunition and the firepower to combat identity theft effectively.

Under a 1998 federal criminal statute, for example, federal prosecutors can go after any knowing and unauthorized use or transfer of someone else's "means of identification," where the criminal intends to commit, or even aid and abet, any unlawful activity that constitutes a federal offense or a state or local felony.

The statute also clearly defines the term "means of identification" to include nearly every conceivable way we use to identify ourselves in everyday life: names, dates of birth, Social Security numbers, driver's license numbers, credit card numbers, codes, account numbers, and even unique biometric data, to name just a few.

Violations are punishable by up to 15 years imprisonment (25 years, if the crime is committed to facilitate international terrorism), and Congress is already considering a bill, S. 2541, to broaden its scope and increase identity theft sentences. At least 47 states also have legislation relating to identity theft, according to the Federal Trade Commission.

In fact, law enforcement has both the ammunition and the firepower to combat identity theft effectively.

Nor have prosecutors been shy about using these laws to go after identity theft. For example, in May 2002 Attorney General John Ashcroft announced a nationwide "sweep" of federal identity theft cases, in which 73 criminal prosecutions were brought against 135 individuals in 24 districts. The crimes alleged to be associated with these identity theft cases ranged from traditional fraud to the murder of a homeless man, where the criminal, already under indictment for counterfeiting, sought to fake his own death to avoid prosecution.

So where's the real problem in controlling identity theft?

Certainly no legislation by itself can effectively contain the identity theft problem, any more than the mere existence of laws against securities fraud, environmental pollution or public corruption can effectively contain those problems. The effectiveness of any law in controlling crime depends not only on public acceptance of the norms reflected in that law, but also on general recognition--by individuals, government and private sector entities--of how identity theft works and what roles they each need to play in identifying and reporting violations of that law.

That kind of general recognition, however, is still sorely lacking. Many well-educated and experienced professionals still need to learn some of the most basic facts about identity theft, such as:

• Identity theft can happen to anyone. Unlike other types of fraud, which depend on victims communicating directly with fraudsters, identity theft can start whenever a criminal gets unauthorized access to someone else's means of identification, regardless of whether the victim is aware of that access.

• Identity theft can harm victims for long periods of time before it is detected. In one case, two defendants allegedly used the names and Social Security numbers of recently deceased individuals that they found on various Web sites to get credit cards and credit accounts in the victims' names. They then used their real names and the victims' names to order credit reports so they could track the accounts they had fraudulently set up.

• Identity theft must be reported to law enforcement as soon as it's discovered. When people find that they've become identity theft victims, they need to report the crime promptly to law enforcement agencies, through the Federal Trade Commission's toll-free number (1-877-ID-THEFT) or online complaint form. Prompt reporting helps law enforcement to open investigations and pursue leads before the trail grows cold.

Identity theft, in short, isn't a problem that affects just the "wired generation," or that stems just from Internet access. People of all ages, whether technophiles or technophobes, need to become proactive in watching out for identity theft.

High-tech measures such as authentication technology, antivirus software and firewalls are fine for reducing the risks of unauthorized people getting improper access to PCs at home or work. But low-tech measures, like closely checking your credit-card bills every month and getting and reviewing a copy of your credit report at least once a year, also need to be part of every consumer's plan to reduce the risk of identity theft. (The Justice Department has an online quiz about identity theft that can help you figure out how else to reduce that risk.)

Ultimately, the real challenges of identity theft come from figuring out how to combine enforcement and prevention resources most effectively. The right combination could eliminate identity theft as a significant threat to both personal and homeland security.