Identity theft

About: Identity theft is a research topic. Over the lifetime, 2284 publications have been published within this topic receiving 31700 citations.

"Network Neutrality": the meme, its cost, its future

Abstract: In June 2011 I participated on a panel on network neutrality hosted at the June cybersecurity meeting of the DHS/SRI Infosec Technology Transition Council (ITTC), where "experts and leaders from the government, private, financial, IT, venture capitalist,and academia and science sectors came together to address the problem of identity theft and related criminal activity on the Internet." I recently wrote up some of my thoughts on that panel, including what network neutrality has to do with cybersecurity.

CallChain: Identity Authentication Based on Blockchain for Telephony Networks

Abstract: Telephony networks serve as a reliable communication channel, and phone numbers are usually used to authenticate users' identities in telephony networks. However, modern telephony networks does not provide end-to-end authentication for phone numbers, making it difficult for a receiver to confirm a caller's real identity. Moreover, due to the lack of effective authentication solutions for users, phone numbers are usually exploited to commit identity theft, credit card fraud, or telecom harassment by phone number spoofing a ttacks. I n t his paper, we propose a blockchain-based identity authentication system for telephony networks, CallChain. CallChain issues verifiable digital identities to users which bound a user to his/her phone number. Based on the digital identity, CallChain provides end-to-end identity authentication between the caller and receiver in the data channel without modifying the core technologies in telephony networks. In the proposed system, users first register decentralized identities (DIDs) and store them in the blockchain distributed ledger. Then Call Center issues verifiable PhoneNumber Credentials to users. And finally users conduct end-to-end identity authentication based on these PhoneNumber Credentials before the call is established. We implement a prototype as an App for Android-based phones based on an open source blockchain platform Hyperledger Indy. Moreover, we detect that CallChain only adds a worst-case 2.1 seconds call establishment overhead and can resist DDoS attacks effectively.

Identity Crisis: Seeking a Unified Approach to Plaintiff Standing for Data Security Breaches of Sensitive Personal Information

Abstract: Today, information is largely stored and transmitted electronically, raising novel concerns about data privacy and security This data frequently includes sensitive personally identifiable information that is vulnerable to theftand exposure through illegal hackingA breach of this data leaves victims at a heightened risk of future identity theft Victims seeking to recover damages related to emotional distress or money spent protecting their identities and finances are often denied Article III standing to pursue a claim against the entity charged with protecting that data While the US Court of Appeals for the Seventh Circuit in Pisciotta v Old National Bancorp and the US Court of Appeals for the Ninth Circuit in Krottner v Starbucks Corp recognized standing even when harm was limited to the increased risk of identity theft, the US Court of Appeals for the Third Circuit in Reilly v Ceridian Corp split with its sister courts and denied standing for data breach victims, citing a lack of injury-in-factThe Reilly court's application of the standing doctrine creates an unreasonable barrier for injured plaintiffs to reach the merits of their cases The circuit split should be resolved in favor of conferring standing for those who suffer a threat of future harm Data breach plaintiffs' standing should be recognized, just as the plaintiffs' standing in "latent harm" tort law cases is recognized, because the increased risk of future harm in defective medical device, toxic substance exposure, and environmental injury cases is logically analogous and applicable to the increased risk of harm in data breach cases In addition, the Supreme Court's original purpose of the standing doctrine supports acknowledging that the risk created by a data breach and the resulting expenses to protect against identity theftconstitute a real, present, particularized injury worthy of justiciabilityINTRODUCTION"We have built our future upon a capability that we have not learned how to protect"1 These words, spoken by former CIA Director George Tenet, acknowledge the critical vulnerabilities of information-age technology on which we rely in modern society Information in the modern world is increasingly stored and transmitted electronically, rapidly replacing the methods of the past2 While electronically storing data comes with extraordinary environmental and economic advantages,3 its use raises novel concerns about the privacy and security of digital data4Much of the electronic information stored in databases by corporations and organizations includes sensitive personal information, such as social security numbers, phone numbers, birthdates, addresses, financial records, and medical records5 Electronic data is uniquely vulnerable to theftand exposure on a catastrophic scale6 Private electronic data can be exposed through illegal hacking,7 employee theft,8 the loss of laptops and hard drives,9 and even through inadvertent exposure on the Internet10 It is clear that few entities that use online or electronic databases are impervious to data loss, given that between eighty to ninety percent of Fortune 500 companies and government agencies have experienced data breaches of some type11 Electronic data breaches have become a leading cybersecurity challenge for the private and public sectors alike12With the increased use of digital data storage, the frequency and severity of breaches of data security are on the rise,13 and correspondingly, litigation relating to the exposure of personal data has increased14 Some estimates put the number of records breached since 2005 at over 600 million15 A breach of personally identifying digital information leaves victims at a heightened risk of future identity theftand misuse of their private information16Victims whose private information has been exposed or compromised often bring legal claims despite a lack of actual fraudulent use of their information …

Lost Data: The Legal Challenges

Abstract: Another day, another data breach, another lawsuit. On September 22, 2006, a lawsuit was filed against America Online over AOL’s release of 19 million search requests affecting 650,000 subscribers. The suit was filed by three AOL subscribers as a class-action lawsuit where they would represent all of the victims of the release. The AOL data breach is not the first such incident. In the September issue of Information Today, Phillip Britt reported that over 190 data breaches had been reported between February 2005 and June 2006. In February 2005, ChoicePoint reported that information on over 160,000 persons was leaked to criminals posing as legitimate businesses. In May 2006, a laptop computer containing access to over 26 million veterans and military personnel data was stolen from a VA employee’s home. At least two class action lawsuits are pending over that data breach. This article explores how the law is responding to the expanding quandary of data breaches and identity theft.