Even though we all know what identity theft is, I thought I’d revisit some important definitions including federal law.

Federal Trade Commission (ftc.gov):
"Identity theft occurs when someone uses your personal information without your permission to commit fraud or other crimes."

U.S. Department of Justice, Criminal Division, Fraud Section (usdoj.gov):
"Identity theft and identity fraud are terms used to refer to all types of crime in which someone wrongfully obtains and uses another person's personal data in some way that involves fraud or deception, typically for economic gain."
 
Identity Theft and Assumption Deterrence Act of 1998, Title 18 Part 1 Chapter 47 US Code §1028(a)(7):
"Identity theft is a criminal offense. It occurs when a person knowingly transfers or uses, without lawful authority, a means of identification of another person with the intent to commit or to aid or abet any unlawful activity that constitutes a violation of federal law or that constitutes a felony under any applicable state or local law."

California Penal Code section 530.5:
"It is a felony in California to use the personal identifying information of another person without the authorization of that person for any unlawful purpose including to obtain credit, goods, services, or medical information."

Fair and Accurate Credit Transactions Act of 2003 (FACTA), Title 15 Chapter 41 Subchapter III US Code §1681a(q)(3):
The term “identity theft” means a fraud committed using the identifying information of another person, subject to such further definition as the [Federal Trade Commission] may prescribe, by regulation.

Pursuant to FACTA, the Federal Trade Commission (FTC) has recently proposed this more specific definition:
(a) The term “identity theft” means a fraud committed or attempted using the identifying information of another person without lawful authority.
(b) The term “identifying information” means any name or number that may be used, alone or in conjunction with any other information, to identify a specific individual, including any-
        (1) Name, social security number, date of birth, official State or government issued driver's license or identification number, alien registration number, government passport number, employer or taxpayer identification number;
        (2) Unique biometric data, such as fingerprint, voice print, retina or iris image, or other unique physical representation;
        (3) Unique electronic identification number, address, or routing code; or
        (4) Telecommunication identifying information or access device.

This is a beaut. A prisoner runs an ID theft fraud ring on the inside. ConsumerAffairs.com has more.

An inmate at the Hiawatha Correctional Facility in Kinross, Michigan, was sentenced to 5 to 20 years in the Chippewa County Circuit Court by 50th Circuit Court Judge Nicholas Lambros, according to Michigan Attorney General Mike Cox.

Dale Morris, 42, was convicted of maintaining a sophisticated criminal enterprise that he orchestrated from his Michigan prison cell. Morris' scheme enlisted the help of two fellow Michigan inmates, Darius Moye and Richard Custer, their mothers, Mary Moye of Georgia and Linda Custer of Detroit, David Bullard of Inkster, and Sherry Drake of Detroit.

I wrote a post about this in April of 2004 on my first identity theft blog, scamsafe.com. You can find the pretext article here.

The AARP released a staudy called Into the Breach: Security Breaches and Identity Theft. I don’t have time to analyze it in depth right now. However, I did note that 29% of breaches (1/1/05 – 5/26/06) were the result of physical theft (mostly laptop theft). Which is the #2 reason, just behind hackers (33%).

This one, I can hardly believe. Did you know that if you call the Oregon state DMV, the person you speak with there might be a convicted felon? And they would have access to your sensitive personal information (DMV data is some of the most sensitive information you can imagine). But wait, good news. The Oregon DMV reassures us that while you may speak with a rapist or killer, don’t worry, because they won’t let someone convicted of identity theft man the phones. Well then, no worries!

David House,  a spokesman for the Oregon DMV said, "Yes, there can be murderers, rapists, drug possession, but if they were convicted of identity theft, they wouldn't be able to work for us."

Do they realize how easy it is to commit identity theft? All you need to do is see a SSN, write it down, and give it to someone else to commit fraud. This story was reported back in 2005 by KATU 2 - Portland, Oregon, but I just happened upon it recently. 

Your tax dollars are primed and ready. The credit reporting agencies now are drooling, waiting for the next huge data breach anywhere within the government. When it happens—ka-ching. FCW has more.

Three firms received blanket purchase agreements Aug. 14 to give agencies credit-monitoring services following several thefts or losses of federal employees’ laptop computers containing personal information.

The General Services Administration awarded the BPAs to Equifax, Experian Consumer Direct and Bearak Reports, a small, woman-owned firm, according to the agency.

This bill SB1390 was introduced by Sen. Chuck Poochigian (R- Fresno). It passed the Senate in May and the Assembly in August and was signed into state law today. The entire bill is 33 words long! It requires the CA Department of Justice to include data on identity theft crimes statistics in their annual report. Here’s the bill text from the California Senate web site.

SECTION 1. Section 13012.6 is added to the Penal Code, to read:
13012.6. The annual report published by the department under Section 13010 shall include information concerning arrests for violations of Section 530.5.

Have you ever seen an employment verification from Choicepoint?  This is something that a prospective employer might use to confirm that your employment background is as you told them. I have one in my hands right now. It has the person’s full name, social security number, and date of birth. It arrived in the mail today.

I assume that Choicepoint does over a million of these a year. I don’t know how many are mailed to former employers, but I bet it’s in the hundreds of thousands.

This is another example of how your sensitive data flies around, unprotected, all the time. The counter point is this: What if the former employer is large and needs your SSN and DOB to confirm it has the correct person? But couldn’t they just send the SSN with all but 4 digits redacted? And give the recipient the option of confirming the SSN by telephone. Why is the default always to send our SSN? Because it’s easier.

More on the Florida DOT laptop theft I reported a couple weeks ago. Through a blog posts by Brian at About.com, it appears that the laptop data was not encrypted after they originally said it was, and, two laptops have been stolen from the FL Transportation Department, not one. Good times.

NJ.com has a Q&A pulled from Liz Pulliam Weston about how one can easily steal the identities of family members and the strife it can cause. For example, in order to deal with ID theft in many cases you need to send a creditor a police report. If you file a police report, the police are required to investigate which could land a family member into a heap of trouble. One good word of advice from the column via my friend Linda at the ITRC (where I volunteer):

Occasionally lenders will let a victim off the hook without such a report if the thief admits the deed, commits to making payments and has the means to do so, said Linda Foley.