Identity theft is a burden on the victim

The long view of security strategies for your network.

One of the most influential e-mail series I have ever had the privilege of receiving was a course entitled “Cyberspace Law for Non-Lawyers” created by Professors Lawrence Lessig, David Post and Eugene Volokh and still available (although significantly out of date) on the Web. I credit these fine people with stimulating a long-lasting interest in cyberlaw and cybercrime.

Now, although I am not a lawyer and I _never_ dispense legal advice (because one can go to jail for so doing without being an attorney), today I’m continuing an occasional series on cyberlaw and cybercrime based on the “Cyberlaw & Cybercrime” course that I have taught at Norwich University since August 2002. I’ve had the pleasure of collaborating with colleagues Professor Jan Tower-Pierce and Peter R. Stephenson on this course and am looking forward to continuing our collaboration next fall.

All our course materials including PowerPoint files that may be useful to people preparing their own lectures are freely available on my Web site for non-commercial use by anyone. We have already incorporated suggestions for improvements and updates and are grateful for (and explicitly acknowledge) help from readers and colleagues.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

One of the most influential e-mail series I have ever had the privilege of receiving was a course entitled “Cyberspace Law for Non-Lawyers” created by Professors Lawrence Lessig, David Post and Eugene Volokh and still available (although significantly out of date) on the Web. I credit these fine people with stimulating a long-lasting interest in cyberlaw and cybercrime.

Now, although I am not a lawyer and I _never_ dispense legal advice (because one can go to jail for so doing without being an attorney), today I’m continuing an occasional series on cyberlaw and cybercrime based on the “Cyberlaw & Cybercrime” course that I have taught at Norwich University since August 2002. I’ve had the pleasure of collaborating with colleagues Professor Jan Tower-Pierce and Peter R. Stephenson on this course and am looking forward to continuing our collaboration next fall.

All our course materials including PowerPoint files that may be useful to people preparing their own lectures are freely available on my Web site for non-commercial use by anyone. We have already incorporated suggestions for improvements and updates and are grateful for (and explicitly acknowledge) help from readers and colleagues.

* * *

Today I’ll start with a review of identity theft, which has been a topic over the years in this column because of its growing importance as an economic crime in the U.S. and around the world.

Identity theft is the fastest growing form of fraud today. Criminals use Social Security numbers and other information gleaned from public records to establish lines of credit in the victim’s name and then assign their debts to the unsuspecting victim.

One of the greatest difficulties is that identity theft reverses the burden of proof to the victim, who effectively has to prove innocence in clearing credit records and avoiding potentially huge debts. Identity theft is a felony in the U.S. under the Identity Theft and Assumption Deterrence Act.

The National Crime Victimization Survey (NCVS) of the U.S. Department of Justice Bureau of Justice Statistics (BJS) includes surveys dating back to 1973. Currently the random sample includes 77,200 households with 134,000 in all, who are contacted every six months and followed for three years. The results are available from the BJS Web site as PDF reports and as ZIP files containing spreadsheets for further analysis. 

The latest survey I could find as of this writing is the report from 2005 by Katrina Baum, which tells us that about 6.4 million households (5.5% of all the households in the U.S.) have been affected by some form of identity theft (defined as theft of credit cards, thefts from existing bank accounts, misuse of personal information or multiple types of theft at same time).

Losses from credit-card theft averaged $980 per household; across all type of theft, the average was $1,620/household; and for misuse of personal information the losses averaged $4,850/household. The most likely victim households were headed by people between 18 and 24 years of age; households with family incomes above $75,000 were twice as likely to be victimized as those where annual income was less than $50,000.

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services and teaching. He is Chief Technical Officer of Adaptive Cyber Security Instruments, Inc. and Associate Professor of Information Assurance in the School of Business and Management at Norwich University. Visit his Web site for white papers and course materials.