Economics of Identity Theft: Avoidance, Causes and Possible Cures

Keywords Identity theft, Economics, Fraud, Risk, Identity management, Biometrics

This book is primarily concerned with the interplay between identity management technologies and their associated economic impact. It argues that adopting a near‐term view that cheap (and therefore technologically flawed) systems is short sighted and that there may be better potential alternatives.

The book opens with a consideration of the differences between the physical world and the digital networked environment. It discusses the links between authentication documents and the individual and introduces the elements of identity itself. Here, however, the book seems to offer conflicting definitions of what is actually meant by the term “identity theft”. It first states that “identity theft is the misuse of private authenticating information to steal money”. This is quite a narrow definition, which restricts the ambit of “identity theft” to the realm of financial fraud. Such financial fraud may, of course, simply be covered (in the UK) by the new offences within the Fraud Act 2006, particularly that of “fraud by false representation”. This offence is satisfied by dishonestly making a false representation (note that any false representation will suffice here, not just one relating to identity or the veracity of authenticating documentation) with an intention to make a gain or cause loss or risk of loss. There is nothing “special” (in legal terms) about the identity‐related component of such activity. Five pages on, the book broadens its definition: “Identity theft is the misuse of information to masquerade as someone else to obtain resources or avoid risks”. Here, the book recognises that identity theft may require more than just financial fraud. This definition would encompass, for instance, assuming another's identity to abandon one's own criminal past and make a “fresh start” in society. Later still, the book states that “‘Identity theft’ actually refers to misuse of social security numbers by criminals to construct and utilize an alias that cascades through the financial systems”. This narrows the definition beyond that first proffered, locating “identity theft” within the US (where social security numbers are the ubiquitous unique identifier) as well as re‐restricting it to financial impropriety. Given that the central premise of the book concerns the “economics of identity theft”, the fact that the key term “identity theft” suffers from a great degree of contextual malleability and inconsistency may understandably leave the reader somewhat confused.

The book then moves on to consider some identity theft avoidance best practices and evaluates the risks to individuals posed by identity theft. It is clear from this section (as one might expect from the title of the book) that the focus here is on financial risk and financial costs. It then moves up a technological gear to discuss some of the underlying technologies of identity management including digital signatures and the public key infrastructure, credential (identity) cryptography, biometrics and peer‐to‐peer reputation systems. It closes with four potential future realities: ubiquitous anonymity (in which financial transactions and information requests can be made entirely anonymously); universal national identifier (a national ID being a single recognised credential); sets of attributes (where each individual had multiple identifiers stored in a series of devices) and ubiquitous identity theft (where identity swapping on the Internet is as common as file‐swapping today). These scenarios are provided by four different contributors and do not always tie up as closely to the remainder of the text as they might.

Overall, this book provides an interesting oversight of the economics of privacy and an overview of a range of identity management technologies in an economic context. Its potential views of the future offer much food for thought. This book does not require an in‐depth knowledge of law, economics or technology for the reader to grasp the points being made. It is certainly worthy of perusal, provided that its significant US bias and inconsistency in what is actually meant by “identity theft” are recognised from the outset.