Identity theft

About: Identity theft is a research topic. Over the lifetime, 2284 publications have been published within this topic receiving 31700 citations.

Identity loan: The moral economy of migrant document exchange in California's Central Valley

Abstract: “Identity loan” is common among U.S. farmworkers. In contrast to “identity theft,” it is a voluntary exchange in which citizens and legal permanent residents lend unauthorized migrants their identity documents so that the latter may obtain a job. Drawing on nine months of ethnographic fieldwork and interviews with 45 migrant farmworkers in California's Central Valley, I show that federal and state policies have encouraged identity loan as a mode of reciprocal gift-giving in resource- and document-poor migrant communities. Document exchange benefits “identity donors” by increasing their unemployment payments and directly depositing deductions from unauthorized migrants’ wages into their Social Security accounts. While many scholars theorize that unauthorized status serves as a hidden subsidy for the state, this study illuminates the microprocesses through which ordinary citizens and residents agentively vie to divert this “profit reserve” into their own pockets.

Risks of the CardSpace Protocol

Abstract: Microsoft has designed a user-centric identity metasystem encompassing a suite of various protocols for identity management. CardSpace is based on open standards, so that various applications can make use of the identity metasystem, including, for example, Microsoft Internet Explorer or Firefox (with some add-on). We therefore expect Microsoft's identity metasystem to become widely deployed on the Internet and a popular target to attack. We examine the security of CardSpace against today's Internet threats and identify risks and attacks. The browser-based CardSpace protocol does not prevent against replay of security tokens. Users can be impersonated and are potential victims of identity theft. We demonstrate the practicability of the flaw by presenting a proof of concept attack. Finally, we suggest several areas of improvement.

Protecting the Inner Environment: What Privacy Regulation Can Learn from Environmental Law

Abstract: The Information Economy produces a host of new injuries to personal privacy. These include damage from data mining, data spills, identity theft, the tracking of online activity, and spam. Policymakers are currently searching for a framework with which to think about the governance of these pressing problems. This article argues that environmental law can serve as a useful model. Environmental law is promising for two reasons. First, privacy injuries and environmental damage share a common conceptual structure. Both are negative externalities. Moreover, in the absence of regulation, both will produce a tragedy of the commons - privacy injuries will create such a tragedy in the online environment, while environmental damage will produce one in the natural world. These structural similarities suggest that environmental policy has been dealing with problems that are comparable to those that privacy regulation now faces, and so may be an appropriate model for it. Second, environmental law and policy has been the focal point of a decades-long, highly productive discussion about governance. The intensity of this debate, and the regulatory innovations that it has produced, have made environmental policy the hub of creative thinking about regulation. The article identifies four contemporary regulatory strategies, pioneered in the environmental field, that could serve as particularly good models for privacy regulation. They are: emission fees, pollution transfer and release registries, regulatory covenants, and government support for environmental management systems. The article describes each of these environmental policies in some detail. It then explains how policymakers might productively adapt them for use in protecting privacy. The author initially discussed these ideas in a brief book chapter that he posted on SSRN. This article explores the topic in far greater depth than that earlier publication.

Cybercrime and you: How criminals attack and the human factors that they seek to exploit

Abstract: Cybercrime is a significant challenge to society, but it can be particularly harmful to the individuals who become victims. This chapter engages in a comprehensive and topical analysis of the cybercrimes that target individuals. It also examines the motivation of criminals that perpetrate such attacks and the key human factors and psychological aspects that help to make cybercriminals successful. Key areas assessed include social engineering (e.g., phishing, romance scams, catfishing), online harassment (e.g., cyberbullying, trolling, revenge porn, hate crimes), identity-related crimes (e.g., identity theft, doxing), hacking (e.g., malware, cryptojacking, account hacking), and denial-of-service crimes. As a part of its contribution, the chapter introduces a summary taxonomy of cybercrimes against individuals and a case for why they will continue to occur if concerted interdisciplinary efforts are not pursued.

Generating an Identity Theft Score

Abstract: A system for generating an identity theft score is disclosed. The system may identify consumers who have experienced identity theft during a historical time period, generate an identity theft risk model based upon the plurality of consumers who have experienced identity theft, and generate an identity theft score for an individual consumer based upon the identity theft risk model and data associated with the individual consumer. The identity theft risk model may comprise a regression model, and the identity theft score may represent a probability that the individual consumer will experience identity theft during a future time period.