Identity Theft and Cyber Fraud
Identity Theft and Cyber Fraud
Identity Theft and Cyber Fraud
The right to privacy of the person, freedom of expression and other rights are enshrined in the Canadian Charter of Rights and Freedoms. The government is charged with the responsibility of safeguarding these individual rights. Technological advancements have increased the use of the internet by Canadians and people all over the world. As a result, new legal problems have come up due to criminal activities perpetrated over the internet. Over the past two decades, several policies have been enacted to protect the internet and other information communication technology systems against identity theft and cyber fraud. Nevertheless, most of these policies are not properly defined and do not provide adequate mechanisms for law enforcement officers to combat the crimes. This paper explores the scope and impact of identity theft and cyber fraud in Canada, the legislation put in place to combat the crimes, the enforcement procedures, challenges faced by law enforcement officers in conducting investigations, and recommendations for improvement basing on a comparative analysis of the legislative developments in Canada and the United States.
Scope and Impact of Identity Theft and Cyber Fraud in Canada
Smyth and Carleton (2011) define cyber fraud as a dishonest or deceptive act which involves the use of technologies or the interne to defraud a person, an organization or the public out of property, service, valuable security or money. Cyber fraud may occur where the culprit transmits deceitful or misleading information online, misappropriates funds transmitted electronically, or fails to honor online contractual agreements. The greatest motivation for cyber fraud offenders is anonymity. Online contractual agreements are made between anonymous parties running their operations in whatever part of the world, thus enabling criminals to disguise their identities and intentions. Identity theft refers to an act where one accesses, obtains, possesses, uses and transfers another person’s information without obtaining consent of the identifiable person. The identifying information enables the culprit to hide his or her identity and to commit any crime including non-financial harm to reputation, fraud, or crime of financial nature. The costs associated with identity theft are quite high and they relate to societal costs, non-financial personal costs, individuals, the criminal justice system and financial costs to businesses.
In 2012, police services reported 9,084 incidents of cybercrime from 80% of Canada’s population (Symbol of Statistics Canada, 2014). According to the report, property violations ranked highest at 61% in terms of all cybercrime incidents, accounting for 5,544 incidents. Fraud had the greatest percentage accounting for 54% of all cybercrimes. Identity theft only accounted for 1% of all cybercrimes reported.
Nevertheless, the incidents of reporting are quite minimal compared to the actual identity theft and cyber fraud incidents affecting Canadians every day. According to Smith (2008), the major barriers which hinder victims of identity theft and cyber fraud from reporting include:
- Lack of evidence
- Some private businesses which incur losses from identity theft place their focus on reinstatement of their systems to prevent further financial losses
- Some law enforcement departments do not have capacity to handle identity theft and cyber fraud
- Some victims are never aware of the occurrence of victimization
- Some victims are unwilling to incur more expenses to pursue legal remedies
Over the past two decades, there have been a series of amendments to the Criminal Code to make provisions for identity theft and cybercrime. Section 342 of the Criminal Code criminalizes unauthorized use of computers and theft, falsification, or duplication of credit cards both online and offline. This provision was added to the Criminal Code in 2009 pursuant to the enactment of Bill S-4, An Act to Amend the Criminal Code (Identity Theft and Related Misconduct). The main focus of the Act was on the preparatory phases of identity theft by illegalizing the act of obtaining, possessing, transferring or selling another person’s identity documents. Sections 402 and 403 criminalize identity theft and identity fraud (Smyth & Carleton, 2011).
Section 184 of the Criminal Code criminalizes the interception of private communication by means of mechanical, acoustic or electro-magnetic device where the owner of the device has not granted consent for such interception. However, law enforcement officers are exempted from the provision if their interception of private communications is for purposes of identifying unauthorized transmissions or preventing unlawful acts.The legislature first adopted the provision empowering law enforcement to intercept private communications in 1974. Further amendments were made in the 1980s and 1990s with the aim of empowering law enforcement to search and seize computer systems. Parliament passed the Canadian Security Intelligence Service Act in 1984 to allow law enforcement officers to conduct lawful interceptions of private communications for purposes of defending national security.
The Personal Information Protection and Electronic Documents Act (PIPEDA) was enacted with the aim of reducing risks of identity theft and cyber fraud by regulating the manner in which commercial organizations collect, use, and disclose personal information. Under PIPEDA, commercial institutions need to put in place safeguards in regards to collection of personal information. The Act requires both public and private sector institutions to formulate and implement fraud control policies aimed at addressing risks associated with internet penetration in Canada.
In the United States, there are both state and federal legislation specifically focusing on prevention of identity theft and cyber fraud, assistance of victims and improvement of rates of prosecuting and convicting perpetrators. The major federal law on identity theft in the United States is the Identity Theft and Assumption of Deterrence Act of 1998, which was the first statute aimed a defining the scope of identity theft. The statute has a broad definition of identity theft as it covers government-issued identifiers such as biometric information, passport numbers, and Social Security numbers. States have also enacted their legislation on identity theft and cyber fraud. The California Penal Code has explicit provisions criminalizing identity theft and cyber fraud. The unique feature about the Penal Code is that it also has a broad definition of identity theft, including corporate identity theft which involves a public entity, limited liability company, corporation, company, business trust, partnership, organization, firm, or natural person. Under the California Penal Code, upon presentation of a police report, a victim can access information regarding any accounts opened in their name by identity thieves. Victims are also entitled to freeze security on their credit files and to request for a copy of police report on their cybercrime case.
Identity theft and cyber fraud have also resulted into new challenges for the international law community since these crimes can be perpetrated across borders. There is no entity that has control Internet operations. A major obstacle to international cooperation is the differences in jurisdictional and regulatory frameworks, as well as the complications presented by country’s competing priorities.
Enforcement of the Security Policies and Regulations
The Royal Canadian Mounted Police (RCMP) are charged with the responsibility of investigating all computer crime offences. RCMP tackles offences on individuals, offences on the government regardless of the source of the offender, and offences which involve organized crime or affect national interests. RCMP commercial crime sections operate within all major cities across Canada, with each city section allocated at least one investigator trained in computer crime investigations. The RCMP High-Tech Crime Forensics Unit in Ottawa supports the respective commercial crime sections with technical guidance and expertise in regards to computer and telecommunications crime investigations (Canadian Internet Policy and Public Interest Clinic, 2007).
Canadian law enforcement agencies have cited that the greatest challenge in enforcement of identity theft policies is identification of the suspect and the time, location and the manner in which the suspect compromised the identity of the victim. The challenge is brought about due to the anonymity of the Internet. In most cases, offenders conceal their identities and ‘weave’ or ‘loop’ their attacks through servers from multiple jurisdictions. Electronic impersonation also enables offenders to mask their identities, thus making it difficult for victims to know them. As a result, law enforcement officials find it very difficult to respond to identity theft and fraud due to the minimal chances of catching identity thieves and cyber fraudsters.
A special characteristic of cybercrime is the lack specific proximity in terms of the geographic distance between the identity thief and the victim(Canadian Internet Policy and Public Interest Clinic, 2007). In normal theft cases, it is possible for a law enforcement officer to track the whereabouts of the thief within the neighborhood. However, conventional methodologies do not apply when it comes to identity theft and cyber fraud cases. These internet crimes can be committed anywhere across international, regional, provincial or local boarders. Furthermore, atypical cyber fraud or identity theft involves at least three parties: the victim, the defrauded institution and the thief. In most cases, these parties are usually located in separate jurisdictions, thus placing law enforcement agencies in a difficult position of dealing with multiple jurisdictions with potentially different laws or legal systems. Most countries have entered in collaborative partnerships for purposes of combating cybercrime. However, the challenges facing such partnerships is the complications that arise in regards to striking the right balance between competing needs of supporting the growth of e-commerce and consumer protection.
One initiative for international cooperation in the fight against identity theft and cybercrime is the Council of Europe Convention on Cybercrime. The Convention focuses on fostering partnerships between countries to criminalize and prosecute cybercrime activities. It seeks to streamline the definition of computer crimes for purposes of promoting uniformity in enactment of national legislation, implementation of criminal procedure, and allocation of resources for international cooperation (Davis, 2003). In practice, the cooperation across borders in terms investigation of identity theft and cyber fraud is quite minimal. Some of the policing areas which cooperation has proven to be operational include such activities as child pornography, money laundering, and narcotics trafficking. The complicated procedures for conducting investigations across boarders pose a great challenge in the fight against cyber fraud. For instance, for a law enforcement agency to obtain evidence from another country, it must use Mutual Legal Assistance Treaties legal instruments, which usually take about two years to complete the process. Such a complex process may defeat the whole purpose of evidence when it comes to a cyber-fraud or identity theft case which only involves IP logs.
The police have also cited the increasing use of the internet by criminals to engage in commit crime and hide from law enforcement agencies due to the anonymity that they enjoy. The constant emergence of new technologies presents more challenges to law enforcement agencies in terms of identity theft and cyber fraud investigations. In addition, law enforcement are often confronted with challenges associated with information breeding and related crimes. A criminal is capable of using a single piece of personal information to forge documentation or obtain more pieces of information. Thus, it is possible for investigations of other crimes to be complicated by identity theft.
The law imposes limitations on law enforcement to access information for investigatory purposes. The Canadian Association of Chiefs of Police has raised concerns over their inability to fully access provincial and federal databanks to validate identification documents. A conflict exists between the safety demands on the law enforcement and the privacy laws which limit the sharing of information to law enforcement for purposes of protecting Canadians from potential abuse of their personally identifiable information (Davis, 2003).
Law enforcement agencies have also raised concerns over lack of resources for investigation of identity theft and cyber fraud. They are confronted by difficulties in obtaining needed resources as well as quantifying the allocation of the resources to investigation efforts. In addition, the officers also lack proper training for effective investigation of identity theft and cyber fraud crimes. For instance, there is lack of training of law enforcement in the exploitation of technology through the use malware and phishing which has been on the rise and is expected to become more widespread in the near future.
There is also a great challenge to law enforcement and researchers in regards to determining the actual number of identity thefts due to lack of reporting by many victims and organizations. In most cases, financial organizations are reluctant to cooperate with law enforcement agencies especially where the organization has only experienced meagre losses. The financial institutions only cooperate when they experience major financial losses due to identity theft or cyber fraud. According to Smith (2008), there is need for new policies on identity theft and cyber fraud and enhanced cooperation with private financial institutions. The policies should streamline the institutional framework for investigation of these cybercrimes.
As of now, it is very complicated to investigate an incident of identity duplication of procedures and wasting of expense, effort, and time (Smith, 2008). A victim of identity theft may choose to report to law enforcement department, regulatory body such as for accountants or lawyers, an association, ombudsman, a dedicated consumer complaint-handling body, or a private lawyer. Thus, without the knowledge of the right avenue to pursue and the procedures to follow, the process becomes complicated for everyone. Some of the current problems affecting law enforcement agencies in investigation of identity theft and fraud are due to lack of a clear policies outlining the scope of the police officers. Furthermore, there is no central reporting unit where all victims of identity theft and cybercrime can report. Most victims choose where to report depending on their convenience and the circumstances of the case. There is no official way in which the offences and repeat victimization are reported. In addition, since agencies are not allowed to share information with each other, it becomes difficult for law enforcement agencies to determine whether an identity theft claim is associated with a single incident or a series of other incidents.
In the United States, there is a standardized online portal where all victims of identity theft and cyber fraud do their reporting. Similarly, the United Kingdom has also established the “Identity Fraud Tsar” which is designed to coordinate efforts of law enforcement, government and private sector in combating identity fraud. In Canada, there is some progress with the Canadian Anti-Fraud Centre (CAFC), a central agency to collect information on identity theft complaints, internet fraud, and mass marketing (Canadian Anti-Fraud Centre, 2013). The CAFC supplies law enforcement agencies with valuable assistance in the identification of connections among seemingly unrelated incidents. Before the establishment of the CAFC, the mandate of combating fraud at the national level was discharged by Reporting Economic Crime Online (RECOL) and PhoneBusters. RCMP operated PhoneBusters, a national anti-fraud call unit, in collaboration with Ontario Provincial Police. RECOL, on the other hand, was a website designed for Canadians to report their complaints in regards to white-collar crimes such as identity theft and cyber fraud. CAFC was as a result of a merger between PhoneBusters and RECOL (Public Safety Canada, 2006). Even though, there is lack of public awareness regarding CAFC as victims of identity theft continue to pursue their own avenues of reporting thus resulting to loss of statistical data.
Recommendations and Conclusion
Smith (2008) proposes the enactment of policies to make it mandatory for victims of identity theft and cybercrime to report their cases. In addition, there is need to establish and maintain an effective, central unit for purposes of receiving reports from all sources and coordination of investigations by disseminating reports to appropriate agencies. In addition, it important to allocate adequate resources for creation of awareness to the public about the central reporting unit and for consistent training of law enforcement officials to keep pace with the ever evolving field of cybercrime. Canada should also explore more opportunities for cooperation with the international law community on the fight against identity theft and cyber fraud which are perpetrated across borders.
Canadian Anti-Fraud Centre. (2013). Statistics. Retrieved from http://www.antifraudcentre-centreantifraude.ca/english/statistics_statistics.html
Canadian Internet Policy and Public Interest Clinic. (2007). Enforcement of Identity Theft Laws. Retrieved from https://www.cippic.ca/sites/default/files/LawEnforcement.pdf
Davis, E.S. (2003). A World Wide Problem on the World Wide Web: International Responses to Transnational Identity Theft via the Internet. Journal of Law and Policy. 201(12), 201-227.
Robinson, N., Graux, H., Parrilli, D.M., Klautzer, L., & Valeri, L. (2011). Comparative Study on Legislative and Non Legislative Measures to Combat Identity Theft and Identity Related Crime. Retrieved from http://ec.europa.eu/dgs/home-affairs/elibrary/documents/policies/organized-crime-and-humantrafficking/cybercrime/docs/rand_study_tr-982-ec_en.pdf
Smith, R.G. (2008). Coordinating Individual and Organizational Responses to Fraud. Crime, Law, and Social Change.
Smyth, S., & Carleton, R. (2011). Measuring the extent of cyber-fraud: A discussion paper on potential methods and data sources.
Symbol of Statistics Canada. (2014). Police-reported cybercrime in Canada, 2012. The Daily. Retrieved from: https://www150.statcan.gc.ca/n1/daily-quotidien/140925/dq140925b-eng.htm
WE ARE THE LEADING ACADEMIC ASSIGNMENTS WRITING COMPANY, BUY THIS ASSIGNMENT OR ANY OTHER ASSIGNMENT FROM US AND WE WILL GUARANTEE AN A+ GRADE