- There is no consistently applied definition of identity theft in the United States.
- There are no documented instances tying identity theft in whatever form directly to genealogical data in an online family tree
- No matter what definition is used, the incidence of any type of identity theft is dramatically overstated in most references to the issue
If you read any article expressing the opinion that adding information to an online family tree will increase your risk of identity theft, you should make comments demanding that the writer justify his or her opinion with some verifiable documentation.
Do I really need to go through all the facts again? I guess so, as long as I continue to see comments in print on genealogy blogs handwringing over the threat of identity theft.
First, the definition. Let's start with 18 U.S. Code Section 1028. These are the sections added to the act by the ‘‘Identity Theft and Assumption Deterrence Act of 1998’’:
(7) knowingly transfers, possesses, or uses, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, or in connection with, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law; or
(8) knowingly traffics in false or actual authentication features for use in false identification documents, document-making implements, or means of identification;There is a lot more, but this is essentially the Federal law on the subject. I guess my question is how this statute applies to online family trees? Is an online family tree an "identification document?" Well, like most federal statutes there is a copious definition section. Here is the definition of an "identification document":
(3) the term “identification document” means a document made or issued by or under the authority of the United States Government, a State, political subdivision of a State, a sponsoring entity of an event designated as a special event of national significance, a foreign government, political subdivision of a foreign government, an international governmental or an international quasi-governmental organization which, when completed with information concerning a particular individual, is of a type intended or commonly accepted for the purpose of identification of individuals;In short, the Federal law deals with use of identification documents. Let's jump to the Federal Trade Commission (FTC) and see how they define identity theft. Their definition is a little simpler:
Identity theft happens when someone steals your personal information and uses it without your permission.Hmm. I don't think that definition gives me much to go on but it certainly excludes genealogical data in an online family tree. First of all, the information about dead people is not your personal information. Secondly, you can't steal information from a public family tree. This brings up the first rule putting information online:
If you want information to be private, don't put it online.
Oh by the way, the FTC is charged with reporting incidents of identity theft. All of the FTC's statistics are based on complaints. This is their assessment:
According to the ID Theft Data Clearinghouse, the most common types of identity theft are:I guess what I would say is where are the prosecuted cases and the statistics concerning prosecution for "identity theft?" Now what about each of the states? Here is the Identity Theft Resource Center, a compilation of the laws of the several states. Here is a sample. This is Arizona Revised Statutes 13-2008:
- using or opening a credit card account fraudulently
- opening telecommunications or utility accounts fraudulently
- passing bad checks or opening a new bank account
- getting loans in another person’s name
- working in another person’s name
A. A person commits taking the identity of another person or entity if the person knowingly takes, purchases, manufactures, records, possesses or uses any personal identifying information or entity identifying information of another person or entity, including a real or fictitious person or entity, without the consent of that other person or entity, with the intent to obtain or use the other person's or entity's identity for any unlawful purpose or to cause loss to a person or entity whether or not the person or entity actually suffers any economic loss as a result of the offense, or with the intent to obtain or continue employment.As you can see if you wade through this statute, Arizona is not concerned about you and your identity they are more concerned about illegal foreign nationals.
B. A person commits knowingly accepting the identity of another person if the person, in hiring an employee, knowingly does both of the following:
1. Accepts any personal identifying information of another person from an individual and knows that the individual is not the actual person identified by that information.
2. Uses that identity information for the purpose of determining whether the individual who presented that identity information has the legal right or authorization under federal law to work in the United States as described and determined under the processes and procedures under 8 United States Code section 1324a.
C. On the request of a person or entity, a peace officer in any jurisdiction in which an element of an offense under this section is committed, a result of an offense under this section occurs or the person or entity whose identity is taken or accepted resides or is located shall take a report. The peace officer may provide a copy of the report to any other law enforcement agency that is located in a jurisdiction in which a violation of this section occurred.
D. If a defendant is alleged to have committed multiple violations of this section within the same county, the prosecutor may file a complaint charging all of the violations and any related charges under other sections that have not been previously filed in any precinct in which a violation is alleged to have occurred. If a defendant is alleged to have committed multiple violations of this section within the state, the prosecutor may file a complaint charging all of the violations and any related charges under other sections that have not been previously filed in any county in which a violation is alleged to have occurred.
E. This section does not apply to a violation of section 4-241 by a person who is under twenty-one years of age.
F. Taking the identity of another person or entity or knowingly accepting the identity of another person is a class 4 felony.
Identity theft is very flexible. As a tag word, it can be used for a whole variety of political purposes.
Now, it is time to return to the question of criminal statistics. Here is the Federal Bureau of Investigation (FBI) assessment of the number of identity thefts:
The number of identity theft victims and total losses are probably much higher than what’s been reported. Because different law enforcement agencies may classify identity theft crimes differently, and because identity theft can also involve credit card fraud, Internet fraud, or mail theft—among other crimes—it’s difficult to provide a precise assessment. The FBI, however, has dedicated significant analytical resources to combating the identity theft problem and is working with other agencies to develop a system that will analyze large streams of identity theft data.We don't know what it is exactly, but we are allocation "significant analytical resources" to find out. This article goes on to state:
Since fiscal year 2008 through the middle of fiscal year 2013, the number of identity theft-related crimes investigated by the Bureau across all programs have resulted in more than 1,600 convictions, $78.6 billion in restitutions, $4.6 billion in recoveries, and $6.8 billion in fines.Here is an interesting statement from the Bureau of Justice Statistics:
- About 7% of persons age 16 or older were victims of identity theft in 2012.
- The majority of identity theft incidents (85%) involved the fraudulent use of existing account information, such as credit card or bank account information.
- Victims who had personal information used to open a new account or for other fraudulent purposes were more likely than victims of existing account fraud to experience financial, credit, and relationship problems and severe emotional distress.
- About 14% of identity theft victims experienced out-of-pocket losses of $1 or more. Of these victims, about half suffered losses of less than $100.
- Over half of identity theft victims who were able to resolve any associated problems did so in a day or less; among victims who had personal information used for fraudulent purposes, 29% spent a month or more resolving problems.
Like many such statistical citations, the numbers sort-of jump around. So only 14% of the identity theft victims suffered a financial loss of over $1.00 and of this 14%, half were less than $100. But notice that there are no actual numbers attached to these statistics.
If you keep digging, as I have time after time, you will find that there are no real statistics. Except for the FBI statement that there were 1,600 convictions over a six year period, or about 266 convictions a year, there are very few other statistics that help us to understand the real threat of identity theft. Oh, another interesting fact, in the United State's Attorneys' Annual Statistical Report on crimes in the Federal Courts for 2010, there were 81,934 defendants convicted in the Federal Courts. If we can depend on the round number of 1,600 convictions over six years from the FBI, it would appear that only approximately .3 of 1 percent of the convictions were from identity theft.
I am certain that those who wish to use "identity theft" as the modern bogey man, will continue to do so. I just had a young friend of mine who had his wallet stolen. The thief then used his debit card to buy some gas before the card was cancelled. This is identity theft today.