TABLE OF CONTENTS I. INTRODUCTION II. THE SCOPE AND EXTENT OF IDENTITY-RELATED CRIME A. Background 1. Volume of Noncash Payments 2. Communication Technologies 3. Critical Vulnerabilities in Noncash Payment Methods and Communication Technologies B. The Incidence and Prevalence of Identity-Related Crime 1. General Survey Data 2. Regional and Country Data i. North America ii. Europe iii. Other Regions C. Methods and Techniques of Identity-Related Crime 1. Acquisition of Physical Items or Data 2. Initial Transfer of Acquired Physical Items or Data 3. Manipulation of Physical Items or Data 4. Transfer of Manipulated Items or Data 5. Use of Acquired Items or Data D. Effects of Identity-Related Crime E. Victims and Criminals III. TOWARD AN INTERNATIONAL LEGAL REGIME FOR IDENTITY-RELATED CRIME A. Identification of International Legal Norms 1. International Conventions i. Council of Europe Cybercrime Convention ii. United Nations Convention Against Transnational Organized Crime iii. United Nations Convention Against Corruption 2. National Statutory Regimes i. Criminal Codes ii. Civil Statutes and Mechanisms 3. Other Actions by Multilateral Organizations i. United Nations Economic and Social Council ii. European Union iii. G8 Roma/Lyon Group B. Reification of International Legal Norms 1. Application of Existing International Conventions i. Council of Europe Cybercrime Convention ii. United Nations Convention Against Transnational Organized Crime iii. United Nations Convention Against Corruption 2. Development and Coordination of National Strategies on Identity-Related Crime IV. CONCLUSION I. INTRODUCTION
So will I turn her virtue into pitch, And out of her own goodness make the net That shall enmesh them all. (1) Pity Iago. Confined as he was to the setting of sixteenth century Venice, and the culture and technology appropriate to that time and place, Iago could carry out his scheme to deceive Othello and others only by using the most rudimentary techniques of psychological manipulation. Repetitive exhortations to Roderigo to "put money in thy purse" (2) for Iago's benefit, (3) elaborate verbal characterizations of Cassio's and Desdemona's behavior to arouse the Moor to draw false inferences, (4) staging of conversations and interactions that deepened Othello's commitment to those inferences (5)--all of these actions required considerable planning and effort over a period of several weeks, in multiple locations, for Iago to gain the benefits he sought.
By contrast, had Othello been set in the twenty-first century, Iago could have exploited modern business and computing technology to destroy the Moor's financial status, reputation, and relationship with Desdemona swiftly and profit handsomely in the bargain. Hacking of Desdemona's online bank account to transfer money to Cassio's account, (6) posting of defamatory statements about Desdemona's sexual preferences, (7) digital alteration of photographs to depict Cassio and Desdemona falsely in intimate relations, (8) and use of a "backdoor" (9) program in Roderigo's computer to transfer funds from Roderigo's Banca di Roma (10) account could have taken barely a single scene to enact.
Today, vast numbers of people and businesses around the world are discovering that they have become victims of identity-related crime (11)--often suffering substantial financial and indirect harms that they cannot easily foresee or control. (12) The costs of such crime can be measured in the tens of billions of dollars each year. (13) This Article will analyze, and offer a coherent response to, the increasingly global problem of identity-related crime. It will first explore the nature and extent of the problem, focusing on four principal issues: (1) the scope and extent of identity-related crime, including its incidence and prevalence; (2) the methods that criminals use during the five phases of identity-related crime, (14) including exploitation of digital data, computers, and the Internet; (3) the effects of identity-related crime on persons, businesses, and government; and (4) the people who commit the crime and the people victimized by such crime. It will then propose an approach to developing an international legal regime to combat identity-related crime, by identifying legal norms pertinent to identity-related crime that are reflected in existing international conventions, national criminal and civil codes, and other sources of authority, and by explaining how to reify those norms through international conventions, national statutes, and other measures.
THE SCOPE AND EXTENT OF IDENTITY-RELATED CRIME
Identity-related crime--sometimes known as "identity theft" or "identity fraud" (15)--has deep roots in human history and various cultures. Just as Jacob obtained his brother Esau's birthright by mimicking his brother's hairy arms to deceive their blind father, (16) there have always been people who seek to obtain a financial advantage or avoid harm by pretending to be someone other than themselves. (17) For most of human history, the ability to engage in identity-related crime was limited. In pre-industrial cultures, the man who was born in a village generally lived, worked, and died in that village, and was personally known to everyone there.
If the growth of cities and mechanized transportation enabled more people to commit identity-related crimes away from their birthplaces, the phenomenon of identity-related crime reached full flower only in the last decade of the twentieth century. Three related trends coincided to make identity-related crime more feasible and profitable than ever before: (1) increases in the volume and ubiquity of noncash payment methods, whether for purchases or other benefits (e.g., goods and services), that were available to people in many countries, especially for remote transactions; (2) the growth of communications technologies permitting the remote use of those noncash payment methods, including computer technologies and the Internet, throughout the world; and (3) criminals' increasing identification of critical vulnerabilities in those noncash payment methods and communications technologies.
Volume of Noncash Payments (18)
Globally, the World Payments Report 2010 stated that in 2008 there were 269 billion worldwide noncash transactions (compared with 154 billion worldwide noncash transactions in 2001)--a growth rate of 8.4% per year since 2001. (19) The report also noted that while North America and the mature economies of Europe and Asia-Pacific accounted for a combined 77% of non-cash payments volumes in 2008, "the rate of growth in non-cash payments volumes was faster in developing economies, especially the BRIC (Brazil, Russia, India, China) nations, in which economic activity remained robust relative to more developed nations." (20) In the United States, the U.S. Federal Reserve System recently estimated that in 2009 alone, there were more than 108.9 billion noncash payments in the United States--including (1) electronic payments via automated clearinghouse and credit, debit, and prepaid cards, and (2) checks--with a value of $72.3 trillion. (21) An estimated $30 trillion of that value comes from transactions flowing across the Automated Clearing House (ACH) network. (22) Moreover, during the period 2006 to 2009, electronic payments grew 9.3% per year to constitute more than 75% of all noncash payments by number and more than 50% of all noncash payments by value. (23)
Within the past several years, the Internet has expanded to almost unimaginable global proportions. Among other dimensions of the Internet's growth, there are more than 1.96 billion Internet users worldwide; (24) 205.3 million domain name registrations across all Top Level Domains; (25) more than 255 million websites; (26) and an estimated 2.9 billion email accounts and nearly 2.4 billion Instant Messaging accounts. (27)
The growth of Internet-based communications has also made possible a vast global expansion of commercial activities. For example, in North America a 2011 report by Forrester Research estimated that U.S. online retail sales grew 12.6% in 2010 to reach $176.2 billion, and is expected to reach $278.9 billion in 2015. (28) In Mexico, the Asociacion Mexicana de Internet (AMIPCI) estimated that as of the end of 2007, Mexican online commerce accounted for MX $955 million--78% greater than the preceding year. (29)
Mobile communications, too, offer new dimensions in global access to services. In 2010, there were reportedly more than 5 billion mobile phone connections worldwide, with more than 100% penetration in many regions. (30) Notably, the International Telecommunications Union estimated that by the end of 2010, developing nations' mobile cellular penetration rates would reach 68%, mainly driven by the Asia and Pacific region, (31) even though only 21% of developing nations' populations are online. (32) For instance, Kenya's M-Pesa system has become the largest phone banking platform in the world, with more than 13 million active customers. (33) Particularly noteworthy is the fact that mobile phone users are increasingly likely to use mobile devices for e-commerce. A 2011 survey by Accenture found that 45% of the most active mobile device users in 11 countries would welcome the opportunity to pay for goods and services using their mobile phones. (34)
Critical Vulnerabilities in Noncash Payment Methods and Communications Technologies
When noncash payment methods and digital communications are ubiquitous, so are the vulnerabilities that identity thieves can exploit. Computer security experts have identified a variety of critical vulnerabilities that facilitate identity-related crime on a multinational scale.
In 2009, the SANS Institute, a leading information security research and training organization, issued a report that identified two key digital vulnerabilities. The first is unpatched client-side software. The SANS report noted that targeted email...