What Facebook does while transfering emailadresses to their server is IDENTITY THEFT. Mister Zuckerberg has not yet seen the end of this story….
checked on Wikipedia:
Identity thef occurs when someone uses your personally identifying information, like your name, Social Security number, or credit card number, without your permission, to commit fraud or other crimes.
- Browsing social networking websites for personal details published by users, often using this information to appear more credible in subsequent social engineering activities
Regional legal responses
In Australia, each state has enacted laws that dealt with different aspects of identity or fraud issues. Some States have now amended relevant criminal laws to reflect crimes of identity theft, such as the Criminal Law Consolidation Act 1935 (SA), Crimes Amendment (Fraud, Identity and Forgery Offences) Act 2009 and also in Queensland under the Criminal Code 1899 (QLD). Other States and Territories are in states of development in respect of regulatory frameworks relating to identity theft such as Western Australia in respect of Criminal Code Amendment (Identity Crime) Bill 2009.
On the Commonwealth level, under the Criminal Code Amendment (Theft, Fraud, Bribery & Related Offences) Act 2000 which amended certain provisions within theCriminal Code Act 1995,
|“||135.1 General dishonesty(3) A person is guilty of an offence if: a) the person does anything with the intention of dishonestly causing a loss to another person; and b) the other person is a Commonwealth entity. Penalty: Imprisonment for 5 years.||”|
Likewise, each state has enacted their own privacy laws to prevent misuse of personal information and data. The Commonwealth Privacy Act is applicable only to Commonwealth and territory agencies, and to certain private sector bodies (where for example they deal with sensitive records, such as medical records, or they have more than $3 million turnover PA).
Under section 402.2 of the Criminal Code of Canada,
|“||Everyone commits an offence who knowingly obtains or possesses another person’s identity information in circumstances giving rise to a reasonable inference that the information is intended to be used to commit an indictable offence that includes fraud, deceit or falsehood as an element of the offence.is guilty of an indictable offence and liable to imprisonment for a term of not more than five years; or is guilty of an offence punishable on summary conviction.||”|
Under section 403 of the Criminal Code of Canada,
|“||(1) Everyone commits an offence who fraudulently personates another person, living or dead,(a) with intent to gain advantage for themselves or another person; (b) with intent to obtain any property or an interest in any property; (c) with intent to cause disadvantage to the person being personated or another person; or (d) with intent to avoid arrest or prosecution or to obstruct, pervert or defeat the course of justice. is guilty of an indictable offence and liable to imprisonment for a term of not more than 10 years; or guilty of an offence punishable on summary conviction.||”|
In Canada, Privacy Act (federal legislation) covers only federal government, agencies and crown corporations. Each province and territory has its own privacy law and privacy commissioners to limit the storage and use of personal data. For the private sector, the purpose of the Personal Information Protection and Electronic Documents Act ( 2000, c. 5 ) (known as PIPEDA) is to establish rules to govern the collection, use and disclosure of personal information; except for the provinces of Quebec, Ontario, Alberta and British Columbia where provincial laws have been deemed substantially similar.
Under HK Laws. Chap 210 Theft Ordinance, sec. 16A Fraud
|“||(1) If any person by any deceit (whether or not the deceit is the sole or main inducement) and with intent to defraud induces another person to commit an act or make an omission, which results either-(a) in benefit to any person other than the second-mentioned person; or (b) in prejudice or a substantial risk of prejudice to any person other than the first-mentioned person, the first-mentioned person commits the offense of fraud and is liable on conviction upon indictment to imprisonment for 14 years.||”|
Under the Personal Data (Privacy) Ordinance, it established the post of Privacy Commissioner for Personal Data and mandate how much personal information one can collect, retain and destruction. This legislation also provides citizens the right to request information held by businesses and government to the extent provided by this law.
Under the Information Technology Act 2000 Chapter IX Sec 66C
|“||SECTION 66CPUNISHMENT FOR IDENTITY THEFTWhoever, fraudulently or dishonestly makes use of the electronic signature, password or any other unique identification feature of any other person, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine with may extend to rupees one lakh.||”|
Social networking sites are one of the most famous spreader of posers in the online community, giving the users freedom to place any information they want without any verification that the account is being used by the real person.
Philippines, known as the 10th heavy users of Facebook and other social networking sites such as Twitter, Multiply and Tumblr has been known as source to various identity theft problems. Identity of those people who carelessy put personal information on their profiles can easily be stolen just by simple browsing. There are people who meet online, get to know each other through the free Facebook chat and exchange of messages that then leads to sharing of private information. Others get romantically involved with their online friends that they tend to give too much information such as their social security number, bank account and even personal basic information such as home address and company address.
This phenomena lead to the creation of Senate Bill 52: Cybercrime Prevention Act of 2010. Section 2 of this bill states that it recognizes the importance ofcommunication and multimedia for the development, exploitation and dissemination of information but violators will be punished by the law through imprisonment ofprision mayor or a fine ranging from Php200,000 and up, but not exceeding 1 million, or depending on the damage caused, or both (Section 7).
Sweden have had relatively little problems with identity theft. This is because only Swedish identity documents have been accepted for identity verification. Stolen documents are traceable by banks and some other institutions. The banks have the duty to check the identity of people withdrawing money or getting loans. If a bank gives money to someone using an identity document reported as stolen, the bank must take the loss. From 2008 any EU passport are valid in Sweden for identity check, and Swedish passports are valid all over the EU. This makes it harder to detect stolen documents, but still banks in Sweden must ensure that stolen documents are not accepted.
Other types of identity theft than over the bank desk have become more common in Sweden. One common example is ordering a credit card to someone who has an unlocked letterbox and is not home on daytime. The thief steals the letter with the credit card and then the letter with the code which typically arrives a few days later. Usage of a stolen credit card is hard in Sweden, since an identity document or a PIN code it is normally demanded. If the shop does not demand that, it must take the loss from stolen credit cards. The method of observing someone using the credit card PIN code, stealing the card or skimming it, and then use the card, has become more common.
Legally, Sweden is an open society. The Principle of Public Access says that all information kept by public authorities must be available for anyone except in certain cases. Specificially anyone’s address, income, taxes etc. are available to anyone. This makes fraud easier (the address is protected for certain people needing it).
In the United Kingdom personal data is protected by the Data Protection Act 1998. The Act covers all personal data which an organization may hold, including names, birthday and anniversary dates, addresses, telephone numbers, etc.
Under English law (which extends to Wales but not necessarily to Northern Ireland or Scotland), the deception offences under the Theft Act 1968 increasingly contend with identity theft situations. In R v Seward (2005) EWCA Crim 1941 the defendant was acting as the “front man” in the use of stolen credit cards and other documents to obtain goods. He obtained goods to the value of £10,000 for others who are unlikely ever to be identified. The Court of Appeal considered sentencing policy for deception offenses involving “identity theft” and concluded that a prison sentence was required. Henriques J. said at para 14:”Identity fraud is a particularly pernicious and prevalent form of dishonesty calling for, in our judgment, deterrent sentences.”
Increasingly, organizations, including Government bodies will be forced to take steps to better protect their users’ data.
Stats released by CIFAS – The UK’s Fraud Prevention Service show that there were 89,000 victims of identity theft in the UK 2010. This compared with 2009 where there were 85,000 victims. Men in their 30s and 40s are the most common UK victims and identity fraud now accounts for nearly half of all frauds recorded.
The increase in crimes of identity theft led to the drafting of the Identity Theft and Assumption Deterrence Act. In 1998, The Federal Trade Commission appeared before the United States Senate. The FTC discussed crimes which exploit consumer credit to commit loan fraud, mortgage fraud, lines-of-credit fraud, credit card fraud, commodities and services frauds. The Identity Theft Deterrence Act (2003)[ITADA] amended U.S. Code Title 18, § 1028 (“Fraud related to activity in connection with identification documents, authentication features, and information”). The statute now makes the possession of any “means of identification” to “knowingly transfer, possess, or use without lawful authority” a federal crime, alongside unlawful possession of identification documents. However, for federal jurisdiction to prosecute, the crime must include an “identification document” that either: (a) is purportedly issued by the United States, (b) is used or intended to defraud the United States, (c) is sent through the mail, or (d) is used in a manner that affects interstate or foreign commerce. See 18 U.S.C. § 1028(c). Punishment can be up to 5, 15, 20, or 30 years in federal prison, plus fines, depending on the underlying crime per 18 U.S.C. § 1028(b). In addition, punishments for the unlawful use of a “means of identification” were strengthened in § 1028A (“Aggravated Identity Theft”), allowing for a consecutive sentence under specific enumerated felony violations as defined in § 1028A(c)(1) through (11).
The Act also provides the Federal Trade Commission with authority to track the number of incidents and the dollar value of losses. Their figures relate mainly to consumer financial crimes and not the broader range of all identification-based crimes.
If charges are brought by state or local law enforcement agencies, different penalties apply depending on the state.
Six Federal agencies conducted a joint task force to increase the ability to detect identity theft. Their joint recommendation on “red flag” guidelines is a set of requirements on financial institutions and other entities which furnish credit data to credit reporting services to develop written plans for detecting identity theft. The FTC has determined that most medical practices are considered creditors and are subject to requirements to develop a plan to prevent and respond to patient identity theft. I These plans must be adopted by each organization’s Board of Directors and monitored by senior executives.
Identity theft complaints as a percentage of all fraud complaints decreased from 2004-2006. The Federal Trade Commission reported that fraud complaints in general were growing faster than ID theft complaints. The findings were similar in two other FTC studies done in 2003 and 2005. In 2003, 4.6 percent of the US population said they were a victim of ID theft. In 2005, that number had dropped to 3.7 percent of the population. The Commission’s 2003 estimate was that identity theft accounted for some $52.6 billion of losses in the preceding year alone and affected more than 9.91 million Americans; the figure comprises $47.6 billion lost by businesses and $5 billion lost by consumers.
According to the Federal Trade Commission (FTC), a report released in 2007 revealed that 8.3 million American adults, or 3.7 percent of all American adults, were victims of identity theft in 2005.
The latest report from the FTC showed that ID theft increased by 21% in 2008. However, credit card fraud, that crime which is most closely associated with the crime of ID theft, has been declining as a percentage of all ID theft. In 2002, 41% of all ID theft complaints involved a credit card. That percentage has dropped to 21% in 2008.
In Massachusetts in 2009-2010, Governor Deval Patrick made a commitment to balance consumer protection with the needs of small business owners. His Office of Consumer Affairs and Business Regulation announced certain adjustments to Massachusetts’ identity theft regulations that maintain protections and also allows flexibility in compliance. These updated regulations went into effect on March 1, 2010. The regulations are clear that their approach to data security is a risk-based approach important to small businesses and might not handle a lot of personal information about customers.
Most states followed California’s lead and enacted mandatory data breach notification laws. As a result, companies that report a data breach typically report it to all their customers.