Source: Identity Theft: Inventory of Applicable Legislation (DRAFT), Canadian Internet Privacy and Public Interest Clinic, University of Ottawa, June 16, 2006
As a term that has become widely accepted, "Identity Theft" is not defined, or legislated, in the Criminal Code. The misappropriated use of someone's personal identifiers for criminal purposes results in the commission of a variety of criminal code offences. The nature of the crime is dependent upon the circumstances. Offences include:
Back to Terminology Case File - Identity Theft
Source: Canada (Department of Justice) (2006). Identity Theft: Consultation on Proposals to Amend the Criminal Code, prepared by Criminal Law Policy Section, Department of Justice
Many activities involved in the collection and possession of personal information are not currently criminal offences in Canada. Proposed identity theft legislation deals with three distinct activities, the “taking, possessing and transferring of identity information” (emphasis added).
While there are many legal ways that someone can obtain another person’s personal information, the draft legislation proposes that wrongful acquisition occurs when personal information is obtained:
As well as “wrongful” acquisition, the intent behind the acquisition of personal information must contain an element of “identity deception” and not other “informational” uses of personal information.
Back to Terminology Case File - Identity Theft
The Identity Theft and Assumption Deterrence Act [1998] - Amendments to Title 18, Chapter 47 of the U.S. Code
Source: U.S. Public Law 105-318
S. 1028 (a) states, "Whoever, in a circumstance described in subsection (c) of this section— :
(7)…knowingly transfers or uses, without lawful authority, a means of identification of another person with the intent to commit, or otherwise promote, carry on, or facilitate any unlawful activity that constitutes a violation of federal law, or that constitutes a felony under any applicable state or local law." (emphasis added)
The "means of identification" are defined in s. 1028 (d):
"(7) the term “means of identification” means any name or number that may be used, alone or in conjunction with any other information, to identify a specific individual, including any—
Background
The "Identity Theft and Assumption Deterrence Act [1998]" - H.R. 4151, is a Bill passed by the U.S. Congress making amendments to Part I, Title 18 of U.S. Code are to Chapter 47 - Fraud and False Statements.
The Act also provides the Federal Trade Commission with the mandate of a centralized complaint and consumer education service for victims of "Identity Theft".
In his prepared testimony before the Subcommittee on Technology, Terrorism and Government Information [May 20, 1998], David Medine, Associate Director of Credit Practices, Bureau of Consumer Protection, Federal Trade commission stated: "The consumer protection mission of the FTC is to promote the efficient functioning of the marketplace by protecting consumers from unfair or deceptive acts or practices and increasing consumer choice by ensuring vigorous competition."
The Identity Theft and Assumption
Deterrence Act was enacted under authority of Article 1, Section
8 of the U.S. Constitution. Article 1, Section 8 provides
Congress with authority to, among other things, provide for
the general "welfare" of the United States. Welfare in this
context means: "health, happiness, or prosperity; well-being."
The specific clause cited as the authority for this Act is the
power of the Congress, "to regulate commerce with foreign
nations, and among the several states, and with the Indian
tribes".
This amendment to Title
18, Chapter 47 s. 1028 makes the unlawful use of "means of
identification" a federal crime alongside the unlawful use
of identification documents. While the Act
creates a new offense under the "fraud" banner, Its supporters continue to
point to s. 1028 as "identity theft" legislation.
Identity Theft Penalty Enhancement Act, 18 U.S.C § 1001
Source: Public Law 108-275
"This Act establishes penalties for aggravated identity theft. Aggravated identity theft is committed when an individual “knowingly transfers, possesses, or uses, without lawful authority, a means of identification of another person” while committing or in relation to the commission of another felony. Aggravated identity theft is also committed if the related felony is a terrorism felony.
This statute also requires that sentencing guidelines for “offences in which the defendant exceeds or abuses the authority of his or her position in order to obtain unlawfully or use without authority any means of identification” be reviewed to appropriately punish identity theft committed by insiders. "
Source: CIPPIC, Identity Theft: Inventory of Applicable Legislation (DRAFT), 2006
Fair and Accurate Credit Transactions Act (FACTA), U.S.C. § 1681
Source: The Fair Credit Reporting Act
"When consumers contest information in
their credit report, this Act imposes a duty on credit
bureaus to indicate that fact in credit reports which
contain the disputed information.
This Act also limits credit card information which can be
printed on receipts given to the consumer at the point of
sale. Only the last five digits or the expiration date can
be electronically printed on receipts. This provision does
not apply to “manual” paper transactions.
This Act imposes a duty on credit bureaus to notify credit report requestors of significant discrepancies between the consumer address in the request and the consumer address in the credit bureau’s file.
This Act also imposes a duty on credit bureaus to place a “fraud alert” on the consumer’s file when a consumer asserts in good faith a suspicion that the consumer has been or is about to become a victim of fraud or related crime, including identity theft. Under these circumstances, the fraud alert must remain for 90 days. The duty also requires the credit bureau to notify the other credit bureaus. When placing a “fraud alert” on a consumer file, the credit bureau must notify the consumer that he or she may request a free copy of their file.
This Act also imposes a duty to place an extended “fraud alert” on a consumer file when a consumer submits an identity theft report. To invoke this provision a victim must have a police report. An extended fraud alert can remain up to seven years on a consumer’s file. It also prohibits credit bureaus from providing the consumer’s information in lists of consumers prepared by the consumer reporting agency and provided to any third party to offer credit or insurance. A notice of the extended “fraud alert” must also be provided to the other credit reporting agencies. A consumer who gets an extended “fraud alert” placed on his or her file can get two free copies of his or her file in the following twelve months.
When credit grantor (user) receives a credit report containing a “fraud alert”, it must not extend new credit unless the user utilizes reasonable policies and procedures to form a reasonable belief that the user knows the identity of the person making the request.
This Act also prohibits credit reporting agencies from including any information in credit reports which the consumer has identified as consequences of identity theft. To get information removed, the consumer must provide a copy of an identity theft report obtained from local law enforcement.
This Act also imposes a duty on consumer reporting agencies to make a reasonable effort to verify the identity of a new prospective user and the uses certified by such prospective user prior to furnishing such user a consumer report. No consumer reporting agency may furnish a consumer report to any person if it has reasonable grounds for believing that the consumer report will not be used for a permitted purpose.
This Act makes it an offence to knowingly and wilfully obtain information on a consumer from a consumer reporting agency under false pretences and makes it an offence for an employee of a credit reporting agency to knowingly and wilfully provide information to a person not authorized to receive it.
This Act requires consumer reporting agencies to provide to an individual his or her credit report free of charge, at least once in every 12 month period.
This Act also requires that any person who maintains or otherwise possesses consumer information, or any compilation of consumer information, derived from consumer reports for a business purpose, properly dispose of any such information or compilation. The requirement for the proper disposal of records is implemented in the FTC Rule Disposal of Consumer Report Information and Records."
Source: CIPPIC, Identity Theft: Inventory of Applicable Legislation (DRAFT), 2006
1. It is interesting to note that with reference to our conceptual model, the proposed Canadian legislation covers activities in the "collection of personal information" and "identity development" constructs. In this way, the Canadian legislation defines identity theft as a precursor to other crimes, rather than as a crime in and of itself. This is consistent with our recommended usage of the term. See the Discussion: Usage of the terms identity theft and identity fraud.
The U.S. law would seem to cover activities in the "identity development", namely any transfer or use to develop a false identity. It requires that there be intent to commit a "traditional" violation or felony as a subsequent crime, corresponding to our "crimes enabled by a false identity". There is no mention of the collection of personal information as a criminal offence.
2. The term "identity theft" is a misnomer. Identification documents may be stolen. Someone's legal attribution [personal identifiers registered with government] may not. A person's legal attribution does not appear to fit within the framework of the existing interpretation of property under Part IX of the Criminal Code.
Back to Terminology Case File - Identity Theft
| Home | Literature and Links | Defining Identity Theft | Measuring Identity Theft in Canada | Glossary |