Interesting People mailing list archives
Re: Identity theft protection?
From: David Farber <dave () farber net>
Date: Sat, 16 May 2009 19:30:58 -0400
Begin forwarded message: From: "Ed Gerck, Ph.D." <egerck () nma com> Date: May 16, 2009 6:50:39 PM EDT To: dave () farber net Cc: ip <ip () v2 listbox com> Subject: Re: [IP] Identity theft protection? [Dave, for P if you wish] IP'ers, I feel that it is time to see real solutions to this problem, rather than let the discussion continue to be dominated by a special choice of language. The terminology itself deserves some attention first, before anyone considering to "buy protection". In fact, as discussed below, we should refuse to buy such "protection" and, instead demand that those holding or using our identifiers be held responsible for their misuse (as Calif. now does with medical records) -- not the victims. There is indeed a long-established and legal term, "impersonation fraud", which is wholly adequate to describe what is often called "identity theft". Was this just a change of fashion? Following an opinion by N. Bohm, who used to provide legal work for banks in London, I suggest that we need to take a good hard look before "buying protection" against "identity theft". "Impersonation fraud" as a term focuses attention on the fact that the criminal is deceiving someone in order to gain advantage by claiming to have some valuable characteristics or authorizations in fact belonging not to the criminal but to some other person. The person deceived is the primary victim in contemplation when this terminology is used. "Identity theft", by contrast, suggests that the victim is the person impersonated, because his or her "identity" has been "stolen". This way of looking at things implies that the losses which arise out of the impersonation fall on the person impersonated, rather than on the person deceived by the impersonation. "Identity theft" as a label is attractive to, for example, banks who may wish to suggest that losses must be carried by their customers because they failed to take proper care of their "identity". The use of the term "identity theft" by an organization trying to sell "protection" against it to the very victims should be illegal. At the very least, it should alert us to that organization trying to pass the blame and the loss to victim. Furthermore, the fact that people got used to talk in dumbed down soundbites such as "identity theft", instead of using well-established words like "impersonation fraud", does not mean that any legally relevant conclusions can be drawn from the misuse of technical terms like "theft" in the soundbite (as might be wrongly asked: If identity theft is a crime, mustn't identity be property?). Finally, "identity theft" is not a theft, and the victim may not even have been remotely at fault as in terms of negligence. BTW, Bohm and I are not alone in this opinion. Bruce Schneier [private comm.] also prefers to use "impersonation fraud". Cheers, Ed Gerck ------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- Identity theft protection? David Farber (May 16)
- <Possible follow-ups>
- Re: Identity theft protection? David Farber (May 16)
- Re: Identity theft protection? David Farber (May 16)
- Re: Identity theft protection? David Farber (May 17)
- Re: Identity theft protection? David Farber (May 18)