Identity TheftCongressional Initiatives and Legislative FailuresJohnny J. Yeh12 December 2003CPSC 457: Sensitive Information in a Wired World0Professor Joan FeigenbaumI. IntroductionOver the last few decades, the world has witnessed a global revolution, unleashed by technological innovations and catalyzed by market forces. Yet even as technology hasmade the world more efficient, it has also made the world vulnerable to the threats posed by malicious actors. These actors have perpetrated innumerable crimes and the government struggles to combat these modern criminals. One threat stands out as particularly frightening: identity theft. The ability of a criminal to completely co-opt the identity of another person strikes at the very core of individuality. No longer can the victim be assured that his place in the world is singular and unique, dependent on his actions alone; rather, he is subject to sudden and dramatic changes, all at the behest of an actor who he – in all likelihood – does not even know. Noting the progressing trends of identify theft crimes in the last few years, Congress has begun to combat ID theft, hoping to drive it to extinction. Yet the progress so far is discouraging. Modern statutes suffer the weakness of inadequacy, often relying upon traditional methods to engage a new and fundamentally different form of crime. The same problem afflicts most of the legislative proposals currently under Congressional consideration. And to make matters even worse,the few proposed bills that might be effective face a likely death at the hands of a Republican dominated Congress. Ultimately, Congress lacks the innovation and understanding to combat identity theft, leading to incoherent policies that do little to curb this new epidemic.II. A Short History1Before identify theft laws were passed, Congress could only rely on fraud statutesto prosecute identity thieves. Before 1998, government officials interested in prosecutingunder federal jurisdiction relied heavily on United States Code, Section 1028 of Title 18, which explicitly dealt with “Fraud and related activity in connection with identification documents and information.”1 If individuals used false documents to commit identity theft then they could be charged under this federal statute. The weakness of Title 18, however, was its complete emphasis on fraudulent documentation. As Barry Finkelstein writes, “Previously, under 18 U.S.C. [section] 1028, only the production or possession of false identification documents was prohibited. Now because of the rapid expansion of information technology, criminals may not require actual documents to assume an identity.”2 With the surge in internet use and with the growing reliance on personal identifying information such as social security and credit card numbers, the use of forged documentation declined and criminals shifted away from traditional fraud tactics. Police,in contrast, did not make a similar shift, lacking a clear, codified conception of fraud in its derivative forms. Before 1998, “There [was] no one universally accepted definition ofidentity fraud,” a fact which complicated both the enforcement and prosecution of this new crime.3 Preliminary attempts to shoehorn the problem into Title 18 proved cumbersome at best and burdened the government with new legal wrangles.1 United States. Congress. United States Code: Title 18, Section 1028. Found at: http://uscode.house.gov/uscode-cgi/fastweb.exe?getdoc+uscview+t17t20+588+1++%28%29%20%20AND%20%28%2818%29%20ADJ%20USC%29%3ACITE%20AND%20%28USC%20w%2F10%20%281028\%29%29%3ACITE%20%20%20%20%20%20%20%20%202 United States. Internal Revenue Service. Barry Finkelstein. Memorandum for Assistant Regional Counsel.Washington, D.C.: IRS, 1998. 1. Found at: http://www.unclefed.com/ForTaxProfs/irs-wd/1999/9911041.pdf3 United States General Accounting Office. Identity Fraud: Information on Prevalence, Cost, and Internet Impact is Limited. Washington, D.C.: GAO, 1998. 11. Found at: http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=gao&docid=f:gg98100b.pdf2By 1998, the state of legislation had changed dramatically. The General Accounting Office (GAO) had compiled a report, Identity Fraud: Information on Prevalence, Cost, and Internet Impact is Limited, which included information from a variety of public and private sources. Overall, the report “documented the increasing riseof identity fraud in the United States, as well as the severe financial impact upon the victims of the crime and the national economy.”4 Moreover, it functioned as a catalyst foridentity theft legislation, catapulting Senator Jon Kyl’s 1997 identity theft bill to the forefront of the Congressional agenda and assisting greatly in its passage in the House and Senate.5 Thus did Kyl’s Identity Theft and Assumption Deterrence Act of 1998 become the first piece of substantive law dealing specifically with identity theft. In particular, it amended the United States Code to include identity theft as a unique crime:Whomever… knowingly transfers or uses, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law… shall be punished.6 The definition of the crime created a broad-based solution to the problem, electing to widen rather than narrow the scope of crimes that fell under this new statute. Yet the Act touched on more than definitions. It set down certain punishments for identity theft depending on the context of the crime. It also helped to shift the focus of a ‘victim’ from defrauded corporations to the individuals whose credit and history were ruined by identity thieves. Perhaps this act’s most interesting innovation was the creation of an infrastructure to combat identity theft. This not only initiated a consumer education campaign and a hotline for victims to contact the Federal Trade Commission (FTC), it 4 United States. Memorandum for Assistant Regional Counsel. 3. 5 United States. Memorandum for Assistant Regional Counsel. 2 – 3.6 United States. Congress. Senator Jon Kyl. Identity Theft and Assumption Deterrence Act. 1998. Found at: http://www.ftc.gov/os/statutes/itada/itadact.htm3also led to the construction of a complaint database to help the government monitor identity theft cases.7 However, Kyl’s