scispace - formally typeset
Search or ask a question
Topic

Identity theft

About: Identity theft is a research topic. Over the lifetime, 2284 publications have been published within this topic receiving 31700 citations.


Papers
More filters
Journal Article
TL;DR: In this article, the authors argue that these delay provisions threaten consumer welfare by needlessly leaving consumers unable to protect themselves against the dangers stemming from such leaks, and they propose improving the effectiveness of phone record breach notification by modeling new regulations or legislation after existing state laws and proposed federal laws for protection of sensitive personal information implicating identity theft.
Abstract: In 2006, news of the ready availability of individuals’ private telephone records through online investigation services highlighted the need for privacy regulation to combat pretexting, a practice by which data brokers sought and obtained confidential customer information by fraudulently posing as the target customer. Amid congressional efforts aimed at protecting consumer privacy, the Federal Communications Commission (FCC) implemented heightened restrictions on the disclosure of call records through new regulations for telecommunications carriers. In requiring customer notice of unauthorized phone record disclosures, the new FCC regulations attempt to balance the ultimate goal of consumer protection against the investigative needs of law enforcement entities by prioritizing notice to enforcement agencies upon discovery of a security breach while delaying notice to affected consumers. This Note argues that these delay provisions threaten consumer welfare by needlessly leaving consumers unable to protect themselves against the dangers stemming from such leaks. In lieu of the current FCC breach notification provisions, this Note proposes improving the effectiveness of phonerecord breach notification by modeling new regulations or legislation after existing state laws and proposed federal laws for protection of sensitive personal information implicating identity theft.

1 citations

Journal Article
TL;DR: In this article, a survey of professionals in the legal system was conducted to evaluate the current state and effectiveness of laws to identify and deter computer crime. And the results generally show that legal professionals believe potential jurors have minimal knowledge of computer crime issues and that judges have little knowledge or experience.
Abstract: This paper asked professionals in the legal system to evaluate the current state and effectiveness of laws to identify and deter computer crime. Responses were evaluated with a formal structural equation model. The results generally show that legal professionals believe potential jurors have minimal knowledge of computer crime issues. More importantly, they also believe that judges have little knowledge or experience. A similar lack of knowledge by defense attorneys indicates that it could be difficult for a person accused of computer related infractions to find adequate representation. On the other hand, more experienced participants do not believe computer laws present an effective deterrent to computer crime. The bottom line is that all levels of the legal profession will need more education and training in aspects of computer security laws. INTRODUCTION Computer security topics within the literature have traditionally focused on technical issues, see Bidgoli (2003) and Opara and Marchewka (2006). These issues are important and relatively complex. However, computer usage and security exist within a society, where the framework is defined by laws and the judicial system. Ultimately, computer security requires both technical and legal solutions. The oft-criticized Digital Millennium Copyright Act (DMCA) presents a classic case. Prior to its enactment, copyright law made it illegal to steal satellite shows and other content. Broadcasters used encryption and other technical methods to protect the content from casual theft. However, it was legal for people to sell technology that could decrypt the signals. Possession and sale of this technology could not be stopped, and it was difficult and expensive to detect and enforce copyright laws on a person-by-person basis. Implementation of the DMCA makes it easier to curtail the distribution of the tools used to steal the satellite signals. Whether DMCA goes too far or has undesirable consequences is not the point here. The case highlights the importance of the judicial system in providing a remedy with respect to technology issues. The judicial system encompasses three main aspects: (1) Creation of laws, (2) Investigation of potential crimes, and (3) a trial phase which involves prosecutors, defense attorneys, judges, and sometimes jurors. A broader definition would also include punishment issues, involving prison sentences and fines, but these issues remain constant regardless of the type of law or crime, and these concerns have been covered extensively in other literature. Civil complaints and trials can also become important tools in dealing with computer security topics, but many of the circumstances will be similar to criminal cases, although the various roles will be handled by different organizations. A primary question posed here is whether the current U.S. judicial system needs to be improved to be able to handle computer security cases. In particular, the federal government has passed several new laws in the past few years that relate to computer and technology issues. However, are the supporting parts of the judicial system able to handle these new laws? What changes or support might need to be added? To begin to address these questions, a survey of legal professionals was undertaken to evaluate current conditions and highlight aspects of the judicial process that need to be improved. The simple answer to the main question is that most participants do not feel the system is prepared to handle complex technical cases. The most pressing need is for education and training of the various levels of judicial participants. The degree of shortfall and the details are explored in this paper. G. V. Post & A. Kagan 2007 Volume 16, Number 2 2 RELEVANT LITERATURE The literature on computer security and crime is increasingly diverse, and there is not sufficient space to summarize all of it here. As E-commerce applications continues to expand the online business model, firms are attempting to determine fair information usage practices and the legal dynamics as part of an overall policy, as explained by Ryker, Khurrum and Bhutta (2006). Prior research has attempted to characterize the diverse nature of computer crime and judicial involvement. Dowland et al (1999) found that the public in the UK was aware that computer crime and security are concerns in the general case but they lack knowledge as to how the two most prominent laws available at that time were effective in deterring computer crime. In fact many respondents were unfamiliar with the concept of computer crime and effective legislation. Carr and Willams (2000) compare the implementation of computer crime laws in the UK, Malaysia and Singapore to gauge the effectiveness as deterrents. The conclusion is that these laws have not led to any large amount of prosecutions due to a series of factors. The factors localize themselves into a lack of firm level participation in the investigation and reporting process, an absence of sufficient training by members of the legal establishment and that the basis of the legislation centers upon economic positioning (punishment) as opposed to security deterrence. In a response to the increase in computer related security and crime occurrences, the Hong Kong government has passed a series of legislative acts to address this problem. Kennedy (2001) reports on the actions of the Interdepartmental Working Group on Computer Related Crime in strengthening existing legislation to more effectively to deter computer security outbreaks in Hong Kong. Caelli (2002) argues that the original design of the personal computer fostered a culture of non security, in that systems were designed with minimal security controls. As the use of the PC and distributed systems increased, the need for governmental intervention as a catalyst for protection was necessitated. Government involvement in the contemporary information environment should be twofold. The first level supports the idea that government must structure acceptable legislative actions to address the validity of electronic transactions and enforce a floor level of minimum security standards. Caelli’s second view of legislation is for the government to define a set of “professional qualifications as well as a process to support accreditation of information security professionals.” In other words determine educational and regulatory standards for security practitioners. Walden (2004) presents the case that countries need to structure laws to combat computer security crimes given the complex nature of the infractions and the cross jurisdictional entanglements these cases contain. With many computer crimes occurring in country A while the perpetrators may be in country B, the rules of evidence, legal procedures and investigative prerogatives all vary. This causes the system of legislation to be less than effective as a deterrent. Walden suggests a set of legislation modeled upon the UK’s Computer Misuse Act of 1990. Gerard, Hillison and Pacini (2004) discuss how the US government has made a pronounced effort to gain the upper hand on identity theft issues. Various laws have been enacted to help alleviate the problem. A similar approach would be required to handle the issue of computer security with one important caveat—business organizations must ramp up their awareness and internal controls with respect to security. The business controls will augment the role of the legal system in addressing computer security concerns. As the broad and pervasive nature of computer crime and security threats continues to increase, the judicial system must respond through the effective design and implementation of legislation. The following section provides a brief discussion concerning computer laws.

1 citations

Book ChapterDOI
25 Sep 2013
TL;DR: This research approaches privacy management in OSNs as an access control problem, proposing a fine-grained, formal Attribute-Based Access Control (ABAC) language; SocACL (Social Access Control Language).
Abstract: Online Social Networks (OSNs), such as Facebook, encourage their users to disclose significant amounts of personal information to facilitate connecting and sharing content with other users. This has resulted in some OSNs holding vast amounts of information about their users; all of which is readily available via their profile page. As such, OSNs are particularly vulnerable to privacy breach attacks. With the impact these breaches varying from simply embarrassing the user, to negatively influencing the decision of a potential employer, identity theft and even physical harm it is important that these breaches are addressed. In this research we approach privacy management in OSNs as an access control problem, proposing a fine-grained, formal Attribute-Based Access Control (ABAC) language; SocACL (Social Access Control Language). SocACL is based on Answer Set Programming (ASP) and allows for policy specification using the most abundant sources of information available in OSNs; user attributes and relationships.

1 citations


Network Information
Related Topics (5)
The Internet
213.2K papers, 3.8M citations
76% related
Social network
42.9K papers, 1.5M citations
74% related
Service provider
55.1K papers, 894.3K citations
74% related
Authentication
74.7K papers, 867.1K citations
73% related
Information technology
53.9K papers, 894.1K citations
73% related
Performance
Metrics
No. of papers in the topic in previous years
YearPapers
202384
2022165
202178
2020107
2019108
2018112