IDENTITY FMUD THE CMOUFLAGE OF CHOICE: CONTROLLING THE CHAMELEON

Master of Arts (Criminal Intelligence) Charles Sturt University Faculty of Arts 20'" June 2007

Student: Bernadette Beard

Graduate Diploma of Criminal Intelligence Graduate Certificate in Applied Police Management TABLE OF CONTENTS

STATEMENT OF ORIGINALITY ...... 4

ACKNOWLEDGEMENTS ...... 5

ABSTRACT ...... 6

LIST OF GRAPHS AND TABLES ...... 9

CHAPTER 1...... 10

CHAPTER 1...... 10

INTRODUCTION ...... 10

CHAPTER 2 ...... 12

METHODOLOGY ...... 12

CHAPTER 3 ...... 15

HISTORICAL OVERVIEW...... 15

CHAPTER 4 ...... 20

CRIMINAL METHODOLOGY ...... 20

CHAPTER 5 ...... 25

COST AND MAGNITUDE ...... 25

CHAPTER 6 ...... 43

VICTIM ASSISTANCE AND PREVENTION...... 43

CHAPTER 7 ...... 60

FACILITATION OF TERRORISM ...... 60

CHAPTER 8 ...... 67

IDENTITY DOCUMENTS ...... 67

CHAPTER 9 ...... 83

BIOMETRICS...... 83

CHAPTER 10 ...... 101 LEGISLATIVE ANALYSIS ...... 101

CHAPTER 11 ...... I20

CONCLUSION ...... 120

REFERENCES...... 126 STATEMENT OF ORIGINmITY

I hereby declare that rhs subrmssioii is my own work and that, to the best of my knowledge and behef, ~t contams no matenal prev~ouslypubhshed or wrltten by another person nor lnatenal which to a substallual extent has been accepted for the award of any other degree or diploma at Charles Sturt 1Jniverslt~or any other educational msutuuon, except where duc acltnowledgement 1s made 111 the dissertation. Any contribuuon made to the research by colleagues with whom 1 have worlced at (Iharles Sturt IJniversity or elsewhere durlng my candidature 1s fully aclu~otvledgcd.

1 agree that this dissertation be accessible for the purpose of study and research in accordance wlth the normal conditions established by tbc 1i:xecutive llirector,

Library Services or nominee, for the care, loan and reproducuon of dissertat~on.

Bernadette Beard Many thanks to Patrick Walsh, my subject Coorbator for your guldancc and assistance throughout the completion of this &ssertatiotl.

In appreclauon of the understandng and paueilce of my huslx112d \v110 has supported me throughout this penod. Wlthout your asilstancc dl\ crting the attention of our nvln bables, I would stdl be comple~t~gthls dlssertatlon. Idenuty crme 1s one of the most msi&o~tsdevelopments of fraud, both as a stand alone actn-ity atid in its abd~tyto fachtate other htgh level crninal actnrities such as drug traffickmg, people smugghng, money laundesll~gand terrorism. 'I'hc first step in identifying the risk of identity crltnc to the tlustralian cornrnunlty is to quanu@ the extent of the problem. ?'here extsts a sul)stantx~linadecluacy in rncasurlng and understandmg the scope, extent and fiscal cost of 1dentit-y fraud wltllln thts country.

This paper is a qualitative research and analysis of a stglificant breadth of publislied and ulipublishcd literature inclu&ng documents, reports and a myrlad of mter-related pleccs of legislation relatlng to the issucs of identity wlme, l~eing both the 'stealing' of a person's idenuty and the creation of a. fictiaous iclentlty. In addition, a cornparatwe approach was adopted to examme mternational trends 111 tdcr~ttfyfraud 1n order to g~ugc,Iustralta's progrcss in dcaltng with these issues compared to other countries such as the I:1<, IS, and Western l i'uropean countries wit11 slmllar cultural and economic values. 'I'he autl?or also rel~edon industry expertise in the subject matter, as a senlor pohce officer responsible for the managerncnt of cr~i-ninaliritelhget~ce analpsls of fraud within New South

Wales. Onll- once the true extent and nature of 1denut-j crme m Xustralta 1s fully comprehended can the most appropnate treatment opuons, such as l>tometric

~dentlfiers,faclal recognition technology, or the mtroductton of tdentlty cards be tlioughtfullj7 considered. As such, ~twould be prudent for the ~mplementationof a centrahsed na~onaldatabase on incidents of 1denut-y crmie 'I he collection of thls mformatton would assist to fachtate an m-depth analysls as to the mat,mttude of ldenfity crune m Austraha.

Other recoinmendat~onsarising from ths paper include: the promc)tron of victlrn hardening strateges by gos-ernment and private sector organlsat~ons,the creatlon of a central reglster of stolen documents, promotmg the sharing of data l~etxvcen law enforcement and government agencies, u-nproving the mltlal aurhcntlc:ltlon of an m&vldual idenuty when issung documents and a standardtxed lcgisl:ltt\~e approach to ~den~tycrme through natIo11aUy consistent (:ommonwc;ilth and State legslation..

The lack of rehable quanutauve data available may arguably 11e the result of :i hstory of governments, and their respective departments, not comprehendmg thc significance of identlty theft and identity fraud, resulting m a fallure to proactivcly pursue strategic interdctlon polic~esalmed towards elevatmg the notlon of identity as a major personal and national security imperative Now however, there 1s enougl~nauonal and internauonal evldence to suggest that ths IS no longer thc case. The establ~shmentof a Commonwealth Government

1cd Cornmisston of lnyuiry into the prevalence of tdentq fraud wlthm Australia, 1s required In order to fac~lltateappropriate soluixons that balance security, accuracy, privacy, technolo~yand penalt) 50 as to proacuvely combat thts seaous orgarused cruntnal actl\,it-y. LIST OF GRAPHS AND TABLES

GRIPH 1 .USE OF FALSEIDENTITIES IN SERI()US FR,irrn (1. is~s...... 29

GRAPH2 .NULLBER OF ~O...JLTIPLE IDENTITIES USED BY CNTENDERS ...... 30

TABLE2 T~TEsOF NOiX MONET-IRY H_%F31.IS mP(IRTED 'I0'TI Ilk 1;'I'C

@-~I~EI\IBER1999 ~oSEPTE~IBER 2001) ...... 49

TABLE3 SULILL~RYOF GAO'S INTER\~IE\YSOF VIC'IIAIS...... 50

TABLE4: LIST OF 25 COUNTRIESHA%VING SUFFERED hIOST FK( )hi '1 IXR( )IUS'I

li'IT~+CI

INTRODUCTION

Idenuty crime is one of the most pervasive developments of fraud. It encompasses both identlty theft, whereby the ~dentityof an individual is 'stolen' and subsequently assumed by another, and Identity fraud which tnvolves elther the creatlon of a totally fict~tiousidentlty or usmg a comb~natlonof 'real7and fictltlous ldentlfiers to ultunatel~partake in an dlegal activity with the aim of remaLnlng undetected.

It is the enabling abhties of identity crime to fachtate other high level criminal actmities such as drug traffickmg, people smuggling, money laundcrlng and terrorism that is cause for siplficant concern, particularly when onc considers the ever increasing prevalence of identity crime.

.Is noted earher, thls paper is 21 qu:thtative research and analysis of a ssgnificant breadth of published and urlpublished hterature includsng documents, reports and a myriad of inter-related pieces of legislation relating to the issues of idcnuty crme, being both the 'stealing' of a person's rdcntity and the creatlon of a fictit~ous identity. This paper will focus on the following areas as they relate to identity crime; 9 The History of Identity Crime

3 Criminal Methodology

3 Cost and Magnitude

3 T7ictun Assistance and Prevention

P Facilitation of Terrorism

k Identity Documents

3 Biometries

3 Legislative Analysis

In addressmg tliese areas, an oaerview of ldentlty crmrne m ,lustralla and 1ts mplicauons wd be ascertamed, hlghhghmg Issues requlnllg further < ;ot cl-nrncnt and Non-Government i~itel~re~iuon. ,1 ?his research project has two key objectives:

1. To provide ail overview of identity fraud ii Australia and tts tmplicatlons;

2. To identify areas for f~~rtherinten-ention in order to counter identity fraud.

11 qualitative l2istorical approach using content analysis was, under the circumstances, considered the most appropriate research design to address the above two research objectives. .Two ltey strategres were selected for the qualitativc design for the study. Firstly, a content axlalysls of the relevant literature and of legislation was considered to effectively identify key Issues. Secondly, a coinparative approach was adopted to exatnine intcrnatiotial trends in idcnufy fraud in order to gauge Austraha's progress in dealing with these issues colmpared to other couiztnes such as the UIC, US, and Western Iiuropean countries.

(Ither research approaches were considcrcd illiually for example a q uantltactve study that ma) have lncluded surveys or structured interviews of ~ndustry profess~onalsworlung with~nboth the private and public sectors. 'P'his approach would have been useful in gaining greater understandng of thc currelit extciit of idenuty fraud. There exists a substalirial inadequacy m measuring and understanding the scope, extent and fiscal cost of idcnt~tyfraud withm this country. --it the commencement of ths paper, numerous mquwies were conducted w~th

industq representauves with both the private and pubhc sectors. &lowever,it

qucklj- becaine apparent that 1eglslatl~-erestrlcnons and pnvate sector reluctance

to Ax-ulge comrnerclally sensiare quanuraus-e data would be an lmpebent to

estabhshmg a quanutauve research based model to estlmate the cost of idcnttty

fraud to the Xustrahan community

Therefore, a qualitauve, hstoncal research model was adopted m order to

describe, contextuahse and analyse the broad gambit of ldenuty fraud hi5toqr,

methodology, counter-measures and the legal framework. G~venthe lack of

current and reliable data, ths model was also idei~ufiedas the most approprlatc, 50

that clear linkages between methodology, fraud counter-measures and the Impact

of the Austrahan legal fralneworli could be f~lllyexplored and co~~clusiol~s

developed. XdAuonallp, the researcher's deslre to analyse dfferences in legislauon

III iiustraha and mternatlonally was more appropriately addressed using a

quahtauve content analyucal approach.

In designing this research approach, the aurhor is aware that document analysis

does have its hitations. The literature contains potentially a diverse range of

biases. Firstly, there are the biases of the sources. Identity fraud is a sensitive issue

and it is possible, particularly in the case of private sector sources that the extent

of it or how it is described can be chfferent from public sector agencies, particularly in the government sector. Secondly, there are the author's own biases as a researcher and as a police officer workmg it1 the area of identity fraud. Such author based biases could include a bias toward law enforcement initiatives at the

13 expense of trachonal socletal freedoms, or a preponderance toward more serious penalties for those convicted of crlmes. To reduce the impact of bias the author used a wide range of sources to analyse smilar issues and this resulted In the author being able to provlde some balanced perspect~\-eson how to best counter lden~tyfraud m thc future.

111 summary, gtven that thcrc is a paucity of rellal~lequantitauve data derix-ed from public and prrvate sector mqulsles Into identity fraud in Australla, the author coilducted a quahtative research and analysis of a sigl~lficantbreadth of publlslicd and unpubllshcd hterature mclu&ng documents, reports and a myrlad of inter- related pleccs of legslation into the subject matter. The author also relied on

Industry expcrtlse 1n the subject matter, as a scmor police officer respotlsil~lcfor tlie management of crumal lntekgence analysis of fraud xv~thmNew South

Wales.

'I he i4ustralian culturc, political and economic psyche, 1s particularly vigorous and often vocal in preventmg the sharing of an mdiv~duals'private information both between govcrnmcnt agencies 2nd govcrrlrnent and non-governmetit agencies.

Hearlng this m mind, the author predominantly focused researcll towards other democracies that hold simllar culturaI and economic values. 'l'he conclusions and recommendations emanating from thls paper are the result of that rescarcli and analysls process. Chapter 3

HISTORICAE OVEWIEW

Identlty crne ts not a new phenomenon. The use of false identlues throughout

hlstory 1s both extensive and usterestmg. ~lttempungto assume the ~denuqof the

Son of God was not beyond some, whllst rlghtful hers to thrones have also been

contested. A classic example is the thu-ty or so mdviduals who clatmed to 11e

Dauphtne Louis, son of 1,ouis SVI, after his father the IGng ded. It 1s beheved that the 'real' Dauphe LOUISded m pnson durlng the French Revolution, however these nefarious self-proclarmed m&t~idualsdeclared that they

@roclammg to be Dauplne Lows) had escaped froin pnson. One of these tnd~v~dualswas of Negro appearance with 'fr~zzyban'. (Caslon Xnalyt~csn.d)

On hls death bed tn 1384, the fvst Czar of Russia, Ival? ISr or Ivan the '1 ernl~lc appointed Boris Godunov as his successor and guardan to hts sotls. It is lxlie~lcd that the murder of one of these sons, Dimitxi was attributed to C;odunov to ensure his continued rule. Ironically in 1604 an impostor claiming to be Dirmtri raked support and easily Invaded Russia,' re-clairmng' the throne. (Caslon Analytics 17.d)

The activities of individuals who perpetrate identity fraud have also been irnmortalised in film on numerous occasions. For example, the film 'Catch Me If

You Can' released in 2002 depicts the life of Frank hbagnale who posed as a lawyer, doctor and airline pilot. FIe spent $500,000 on clothes, hotels and meals and defrauded banks of another tsvo dondollars. He served heyears m US,

I:rench and Swehsh gaols and now lectures at the PI31 Academy in Quantico

Virginia on Fraud l'revention.

,I further example, is the French Vlllager blartnz Guerre case which 1s the 11asls of the film 1 he Man In the Iron Mask. C;uerre disappeared after going to war and returned m 1556. I-Le was hard working, and more popular, however property hsputes led to claims that hc was an Impostor. 'I'hese allegauons were subsecluentlq substant~aredwhen a one legged lnan entered the court clailmilg that he was the real Martln Guerrc. 'Ilne penalty for ldc~itltyfraud in this case was public execut_lon.(Caslon Analytics n.d)

WMst these exalnples are interesung, the significant imphcattoizs and consequences of idenuty crime 1s not ~solatedto those worthy of celluloid infatny or of noble blood. Identity crlme sign~ficantlyunpacts upon the economy, buslness and law enforcement. I Iowcver, it 1s the effect that identity crime has at the grass roots le~rclupon the ~n&vidualwho has had thelr ~dcntltystolen that must 1)e acknowledged.

Identlty crme generally and identity theft parucularly can have devastating consequences to the victim. In the short term this may result m countless l~ours spent closing bank accounts and opening new ones, convincing financial

~nstitutionsthat unauthonsed transactlons have taken place. 'I'he longer term effects can be far reaching. An erroneously acquired bad crecbt raang may result

16 In the derl~alof loans and rental proper? applications, the mabhty to connect

uthues and erren the prospect of bemg arrested for crmes not perpetrated 1)y the

rictun, but rather the person who assumed then idenuty.

_As Illustrated, crme has been around slnce the fist human tnteractlons. il

common thread entwlned through modern crme 1s the ~mpro\~ernentsto

technologies used and explotted by the crmnals themselves. (:rlm~nal\arc ahlc to perpetrate crunes on a much wlder scale than 1n tlie past, duphcaang records, estabhshmg ficuuous ldentlues and 'stealing' the personal ~nfor~n:lttonof 1cg1t1tn:~te citizens.

\Wst the tradtional 'con arust' has plied his/her trade for cenruncs, such pcoplc spent consldersable mie 1n estabhshlng a persona. Today, anybody wlth a ~~erson:~l computer, scanner, printer and/or card-reader can successfully fabncatc a f:tlsc idenuty.

The convergence of computing and co~nmu~llcationstechnologies has dramatic;llly changed the nature of most facets of our society. In particular, rcchnology improvements, have not only greatly influenced contemporary business and corporate activities, but has also facilitated one of the most sinister of critninal activities, terrorism. Business transactions, which are often the cornerstone of supporting ones identification have, in many instances, become faceless activit.ics, with the need for face to face interaction often eliminated. Additionally, the tradttional boundaries both in the corporate and criminal wc)rld, such as natiot~al

17 l~orders,have been removed through techtiological advances such as the mternet.

'I'he benefits of ~mprovedtechnologies are immense. However, like most thgs, it

has come at a price.

Historically, 21 1)usmess customer would attend the bus~ncsslocatlon and undertake

business activities 111 person. Both the husmess representative and customer

would opcrll) scc cacl~other, thereby reducing the hkelhood of fraudulent actnity.

Shoulct iome criminal nctn*it) occur, clther slde of the cuansacuon could provide

policc wlth 1iitltn:ltc I

the offender. I lowever, technology ~tnlprovemei~tscoupled with the increasingly

f:~celessnntut-c of l)usltless :~ndcorporate socicg- has elirmnated the phys~calabdity

to idelitify partlcipatits to a tr:~r~sactloti.'I his has mcant the need to properly and

thoroughly identify ;L person, such as a customer, is now of paramount

~mportancc.

'I'hc i:lmc tcclinologics t11:it have provided so many benefits to governments and

corporatc ioctct\ Iiavc also crc:~tcdenormous opportunities for crunrslals.

(:nnii~~:llsc:~n now communicate in secret, d14gutsc thelr identities and mall~pulate

clec(ron~csystems to 01)t ain ;L d~s~redoutconie (usually financial gain) Illegally.

1;or cxample, cr~iailaccounts can be set up with no verificauon of idenuty in

addition to the use of irlternet cafes by itid~viduaIsto further hamper being idetltificd. 'I'he use of false ldcntitles and documentation is not lirmted to the perceived white collar crime of fraud, but plays a slg~llficantrole in both the

funding and act-ua1is:~tlonof tcrronst activities. On the 11th September 2001, mneteen terrorists ht~ackedfour planes and cra5hed

&YO of the~nInto the twm towers of the World Trade Centre. (The 9/11

Commsslon Report).?wo of these terrorlsts were Abdul ,Vomar~and llhtned

Saleh Xlghaind~. In addtlon to thelr mvolvement in these terrorist act\, these rwo

terroslsts were also mvolved m denf fin- fraud. Aloman and 121gharnd~had obtamed false documentation mdcatmg that they had Vu-gmla restdences. 'I'hesc documents were used by them to board two of the 1.11fated planes. In addtt~ot~, five of the nineteen terrorlsts had also acqulred V~rgmlareside~lcp docutne~lts, whllst another five had ohtamed false social secunty numbers. Itlcldent.ally,

,"iornan and Xlghamcb cbd not assume an exlstmg persons' ~denfity,the) used their own names on thelr documentauon, however adopted false tdenttficrs w1t.h rcgwd to tlmr addresses and other documentafion (The 9/11 Comm~ss~onlieport) CRIMINAL METHODOLOGY

Obtaining personal mformaaon of individ~lalsto steal their ~dentity1s achtexred bj crinvnals uthsing both low and hlgh tech means. I'hese methods vary from the age old crlrne of 'plclc pocketmg' to technologically adt~anccdmethods of utiltsi~ig cosnputcr mi-uses to elicit information. Other methodology includes;

> 'Dumpster Divmg' - s11mpIy the psocess of rurnmaglilg through restdentla1

or business garbage for persona1 mforsnatloll. Pleces of information are

collected until there 1s enough to create an identlt-1. 'I hesc pieces may 11e

detalls from elivelopes, receipts, credit card sllps mith detalls stdl vls~ble,

old dnvcr's llccnces and cr.ed~t/debttc:vds.

'Stealing %l:ltll - ,In unsecured lcttcr l~oxis an invitation to an iden~t-y

thief. Agaln, vlta1 peces of tnfosmatlon are obtained that either

mdiv~duallyor collaboratlvely can be used to create an identity. In

addtion, there are some reported instances of cntmnals arsangng a re-

direction of thc v~ctim'smad to a new address. Subsequently mcrcaslng

the lag time between offence and detection. > 'Shoulder SurfUlg' - occurs when an u~&ndualliterally stands behind

or besldc rile 1-ictm when they are tralisacung at an _%utomatlcl'eUer

bIachme (-1ThI) an EFTI'OS transaction or conducting telephone

llanhg. The lntenuon belng to obtw elther the vlctms' Personal

Idenuficauon Number PIN) by rlewmg lt as it 1s entered m the lteypad of

an -4TLl or a telephone pad, or by hstenlng as the victm supplles details

over the telephone phone to book a hotel room or purchase a product.

). 'Card skunrmng' ulrolves hterally 'slumlmng' rnforma~onfrom the black

stnpe on the back of a cre&t/debit card A devlce may be attachcd to an

-5ThI and mvanably a camera 1s also attached wlth.1.11 a panel on the A'T'hl

or is dsgused as ad~erusmg (As dustrated a pin hole allows the offender

to record or remotely momtor the victtm entenng thelr personal

ldenuficauon number PIN)). In cornbinatlon the offender now has all the

lnfonnatlon reqwed to not only create a cloned card, but also access cash

through the use of the PIhl.

Alternatively, the data contained in the black stripe of a debit/cre&t card can also be retrieved through the use of a hand held device, such a device may be carried

2 1 on the belt of a retail sales person or a waiter in a restaurant, who vdl discreetly swipe the card without the customers knowledge.

k 'Card Cloning' - the informauon ohtalned uthslng the above method is

then transferred to a 'new' pla-c card that has been embossed wlth the

vlculns detalls. Crmnals are becolntng mcreaslizgly adept at a\ oihglaw

enforcement detectton by creaung 'back up' Identity documents in the

same nainc as the false cre&t card.

k '1)hishlilg7- Phlshers attempt to fraudulently acquire sensiuvc tnfortnatio~~,

such as passtvords ancl cre&t card detatls by masquerading as a trustworthy

person or busmess in an electrontc communlcahon. Phishlng is typlcallj

carried out using cmail or an Instant message, although law enforcement

xuthoriucs have received solnc reports of telephone contact betrlg used In

a number of instances.

k 'Trojai~Attacks' - a '1 rojan I-Iorsc is a program that unl~ltea virus, contatns

or Installs a tnalicious program while under the guise of being sornethtng

else. 'l'roja~~sarc also known to create a 'bacltdoor' on your computer that

gives malicious users access to your system, possibly allowing con fidcntlal

or personal mformation to be comproimsed. Compared to phlshrt~g,

Trojan attacks allow the crnmnal greater access to personal ~dentity

information includng passwords and account derads. The more technically minded cl-iminal may hack into computer systems to obtain employee, patient, client information or place 'trojans' or key logging software 012 computer systems to capture personal information. Such computer programs

(Trojans) allow the criminal to then review all data stored on the computer periodcally to ensure accurate and timely theft of informauon, includmg identity details of victims.

Usage It is obvious that indmiduals part take in identity crifne for the purposes of concealment. A fraudulent driver's licence is rarely used because the indvidual cannot pass a driving test. It may be used by a dsqualified driver to evade detection by law enforcement, though often LVLU be used as one form of identification for other transactions, such as opening bank accounts, applylilg for credit or other loans. The assuming of a false ldelluty will fachtate a nu~nl~erof activities includmg:

P Money laundering;

3 Tax evasion;

P Obtaining employment using falsified documentation in support of non-

exis tent qualifications;

3 Assist an Illegal immigrant who is avoidmg deportation;

3 People smugghg through the use of false travel documents;

3 Obtaining restricted items or privileges. The use of fraudulent crecht cards in the name of a stolen ldenuty allows crlrmnals

to purchase 'blg ttcket' Items that can be easdy and quickly re-sold for cash. In

lleu of crcatmg a hcuuous crecht card the crirnlnal has the abhq to open a

'legmate ' crccht account ~n the victuns name or apply for a loan to purchase, for

example, a portable asset such as a luxury motor vehlclc. With a stolen ident~tythe

cr~t-run:llcan also empty the leglumate bank accounts of the vlctlm by wrltlng

cheques or making withdrawals mth the 'copied' ~dcntllty,however there is generally a limited tune frame that the crkrunal has 1n which to act before l>elng

dctcctcd. Whilst internet banlung, for example, has opened opportunit~esfor

cnmlnals, it also allows victims to review accounts dad] and thcreb) detect

fr:iudulcnt or ~rrcgulilractlvlry m thelr accounts. Chapter 5

COST AND

There 1s paucln of accurate data concerning bot11 cost and rnagnltude of ldentlty

related crme m both lustraha and globally The cost and magnitude of ldentlty

crime 1s not eas~ly-quantifiable. A number of factors have contributed to the

uncertmr associated mth accuately analysmg the ~denutycrme landscape.

Invariably identity crime is a fachtator for other criminal activity. In New South

VCJales it is the 'other' criminal activity which is captured for statistical purposes for

the sllnple reason that there is no 'stand alone' offence of assuming a persons' identity. Wkilst a National Identity Fraud Registerhas been established by

Australian Crime Commission, the collection methods of this register are less than ideal. Information on identity crime is collected from State law cnforcernent agencies in an adhoc fashon, often due to the hited abhty of indvidual agencies to retrieve the required statistics.

In ad&tion, there is no centralised process to assist the commercial sector in reporting, if only for intelhgence pulToses, the incidents of fraudulent documentation. Ths coupled with perceived restrictions of the Privacy and

Personal Information Protection Act 1998 has further thwarted the collection of accurate statistics in regards to the prevalence of identity crime. L'nfortunatelj-, an accurate esurnate of idenuq crime will only occur when naaonal uniforrmty 1s achieved regarchg the offence of assurmng/creating a false ~dentlty.

However, in the interitn a number of publlc and prlvate sector agencles have attempted to quantifjr ths penTas1.i.e crmnal acuvity:

Australian Bureau of Sta tistics According to the Australian Bureau of Staastics, (1 996) it is estimated that the number of births, permanent new arrivals and long-term vtsitors will result in

400,000 to 500,000 new Australian residents per annum over the next few years.

Each of these people dlbe requstcd to prove thctr identity to a multitude of government and commercial orgailtsations if they wish to uthse the se17-tcesbeing offered.

The volume of personal idcntlfication checks rcqutred on a day to day l~asiscan 11c gauged by assessing the operations of selccted go.lrernrnent agencies. In 2000, the

Xusrralian Electoral C~ommisslonprocessed 2.46 mtllton enrollnent forms 2nd ainendments, the rlustralian laxation Office (X'lO) issued about 500,000 tax file numbers, Centrelink processed 4.4 m~lltonnew clalms o~ re-gras~tsand the

Department of Forelgn Affairs asld 'liade issued 1.4 ~dtonpassports. (Main and liobson, 2001). Whllst these figures would have exponentially tncreased slncc, they only represent a small percentage of the iilhons of proof of identtty transactmns conducted with commercial organlsations. The FederalHouse ofRepresentatives Standing Committee on Ec~~~~~~,Finance and PubLic Admhistrarjon The Federal House of Representaures Standulg Committee on Economics,

Finance and pubhc -~d&strat~on conducted a review of the Australian National

+iuditOffice (;ix-$O) Report No. 37 1998-99 on the Alanageinent of '1 ax File

numbers in 2000 entitled, 'Numbers on the liun'. The ANAO report fc)und that

there \t.ere 3.2 donmore tax flle nulnbers than the number of 12ustrahans at the

urne. The rex-lew highlighted the issue of identlt7: crime. Inchcations of the extent

of he problem noted by the comttee mcluded: Me eiflmu/e u/oi//d l9e I/IU/

approxznluttvj 2jper tewt o/ i*qort~~d.fiu~/dr70 t11e Al- 1' i/zuoi/~etile ar.r~./nzpfiowo/ juhe

ide~ztitie~.';that 'identity lats' consisting of a set of fabricated documents for a false

~dentityare 'increasing in avadabhty, particularly due to the al>hty of modern

technology to generate forged doculnents of 1-ery hgh quality'; '//)l//~d~if/i/j

do~zrne/zt~of 'variozf.~. t@ej are au~zi/ah/e,/orthejcyf~zent o/'mo~zey - ei;/her/u/;setl rjou/f~zeri./.~.or

~e~zuirzecto~?ment~ v~bz~h have bee12 stoien ond 0//7ena~~edealt WL//):lncludlng vla tllc

Internet; that m a pdot conducted by Westpac and the NSW Regrstry of 131rrhs,

Deaths and Marnages of a Ceruficate Valldauon Service, that In 'thc pal.il~~/ur

instatzce.~where a birth certiJicak waj /uili!ed lo the bank a.rpart of /he iden/~/iccr/ioiz

documentution, some 13 per cent were hund to be fulse'; Centrelink detected ';ll)out $1 2 donworth of fraud from identity' in 1999; and The National (;rirne ~Iuthority's

(r\l-CA) concern about the ease 'with which fiise identities may be e.stubiii.l~edand ~.sed/a

Jlin~iIitateorgunised cm?nina/ uctizii~:In addtion, the committee was "~~oizcc~izcd(A/ /he /uL;G:

OJ;?&zwes avaiIabIe on the extent and cost oj'ident'ig jiazid". (pg. 87) Of interest m the onginal report were comments made by Mr. Woods from the

Austrahan Bankers Association. I Ie hlghhglited the mterdependence between sectors for idenuficahon docuinents staung that thelr research on the types of docuinents produced by customers or potenual customers of financial mst~tuuons idenufied that at least 75 O/O of all identlty doculnents were government authority issued.

S~~n~larl),(:ommonwealth agencies are heavilj dependent on State and pnvate sector issued documents for Proof of Identity. Accoudng to thc 12N1110Report

'Numbers on the Run' referred to earher, the ATO provided statistical data on current usage of identity documents for new 'registrants. 'T'hls data showed that the

AT0 uses l~anls:accousit statements for 11 per cent of rcgistrasits and an iiustralian or overseas blrth certificate in 20 per cenr of cases; similarly for New

South Wales Centrelink regstratlons, 16 pcr cent involved a credit card as I'roof of

Identity, 15 per cent a driver's licence and 8 per cent a birth certlficatc.

Such mterdependence highlights the need for a holist~capproach to addressing the issue of identity cnme. Various agencies have argued that the docurnetits they produce, for example a dr~vershcence, are not ~ntendcdas a form of identity 17~1~ rather a Lccnsing or entitlement card. However, the fact that they are be~ngused and integrated mto the 100 polnt tdentificauon system requires those ,ag encles to itnplement security measures to address counterfeiting and to ensure the Integrity of the document. MC/ PRI&E WA TEWHOUSE COOPEBS SERIOUS FRAUD S!iTIDY (2003) The -iusu-aliall Institute of Critninology and PricewaterhouseCoopers conducted a

stud! of 155 serious fraud cases prosecuted in Australia and New Zealand ill 1998

and 1999. The stud\- identified that 24'10, almost one quarter of the cases, used a

fictitious identiw, whilst stolen identities were used in 13 5'0 of cases. Fifty-four of

the cases (3G0/o) involved the misuse of identity. Iiiforrnation on the use of false

identities was available in 152 of the files.

Graph 1 - Use ofFalse Identities in Serious Fraud Cases

Australian Institute of Criminology and PricewaterhouseCoopers (2003)

Use of False ldentities

160 ---.---.-----.---.....-~ m--.-..-.--.--.--.-.---.---- qe-..---

Used

Fictitious Stolen ldentities Names Changed Total Identities by Deed Poll Type of False ldentities

The use and aVailabhty of false identities has increased exponentially with greater

accessibihty and improvements to technology that assists in the replication of

proof of identity documents. This correlates with the rule of Moore's Law whcli

estimates that the power and abihty of computers doubles every 2 years. [Moore's

Law, 2006) It is the use of multiple identities by offenders that is of greatest concern.

Information relating to the number of false or identities used by offcnders was gleaned from forty- seven cases.

Graph 2 - Number OfMuItipIe Identities Used by Offenders

Australian Institute of Criminolo~yand Price wa terhouse Coopers (2003)

Number of Multiple Identities Used

1 More than 100 narnesl~dent~t~esused , I Y, .-Q) CI I .-+ 21 to 50 narnesl~dent~t~esused s Q) 9 -Q) .-a - 6 to 10 nameslidentities used s

Number of Files

It was ascertamed that thc rnajorltJ of cases exatmned used one or two false names or ~dcnuties,however one case ldentlfied an offendcr ustng 16 d~ffercntnames and

~denutles.I'hs example illustrates the vlgdance reclurcd when coUectlng 2nd collaung sta~stlcaldata, for example only collecting infonnatlon on the nuinbet- of

'identity fraud' offenders witliout considering thc number of identit~cstlzese offenders used would clearly rnmmse the apparent maptude of the problem. 27.27 PMGFm UD SUR J?EYZ004 'The IiPhlG Fraud Survey 2004 outbnes the inagnltude of fraud amongsr

orgatusaaons w~thXustraha and New Zealand. The questmnnae, sought

mformatlon about fraud mcldents durmg the perlod Aprll2002 to hfarch 2004,

with a total of 491 respondents. The major finhgs with regard to identity fraud included that:

'r Nine percent of respondents had been the ricum of 1denut-y fraud duruig

the survey penod;

>- Wlthm the financial senrices sector, services obtalned by false

documentation (includmg fraudulent loans), cre&t card fraud and cheque

forgery accounted for 72 percenr of total external party losses.

k Withln retail, the most costly form of external party fraud was sen-ices

obtamed by false documentation (at 94 percent) while for the economy

generally (excluhng retail and financial services sectors), false mvolclng

was the most costly form of fraud, accounting for more than 81 percent of

losses by value.

Of particular concern m thelr findngs was evidence that only 63 percent of major frauds were reported to police. Orgamsauons quoted "lack of emdence, concern about ad~rersepubhcity" and "concern about the resources reqwed to prepare the cc-)mylaint" as thclr main reasons for not reporting the matter to the police. 2006 Australian Computer &'me and Secun'ty Survey The Australian High Tech Crime Centre (XHTCC), the Australian Federal Police,

all State Law Enforcement Agencies and AUSCERT (who is the national computer emergency response team for .lustraha based at the Umversity of

Queensland) collaborated In producing the 2006 -1ustrahan Computer Crune and

Security Survey. Ths survey represents the findngs from a broad cross section of

,Australian industry, includmg both public and private sector organisations. The survey analyses computer network attacks, computer clime and access misuse in

Australla in the last 12 months

'l'he fitldlngs of particular significance to identlty crlrne mcluded:

P In the 12 month period from April 2005 to March 2006 AusCERT

handled over 2,000 online ID theft incidents involx~mgliosts used to

support l'hlshing and Trojan attacks. 'Ths represents a 27% Increase

compared to the prevlous 12 inonth pcr~od.

Tt- Increasingly, onhne 1D theft attacks have uthsed rootkits or trojans wlth

root kit-ltke functlonahty, wlilch males detecuon by the computer user

unlikely and their removal (lf detected), extremely chfficult.

9 The average loss relating to online identity Gaud is about $27,000 3 Whilst only 5'/0 of respondents attributed losses associated with online

identit). theft, the average monetaq value has Increased by 58%.

3 There 1s a contlnumg prevalence of Trojan attacks that seek to steal

Internet banlung and other passwords, personal ~nformatto~iand any form

data from SSL-protected sesslons as well as a steady growth 111 phtshlng

attacks.

Whdst the increased use of the of the internet to facilitate business transactions has many rewards such as improved efficiency and conrenie~~cethere are also negative consequences includmg increased vulnerabhty, potentially higher victim impact and possible international ramifications.

The subsequent cost of ldenuty crme m an era of ~nteracuve,~nterdependet~t computer technology has mcreased. I'rlor to the Internet era the ab&h of an offender to ~nfitratebuslness systems and steal customer data wa5 lunitcd. 'I he buslness owner must now address the issue of 'computer haclug' ui the same \Gal as they would loclr the door of thclr pretmses, both v~gtlantlyand regularly. 'I'here are associated costs related to a compromsed computer system ~ncludlng, replac~ngor upgraduig computer hardware and software, re-entem~gcornprotmsed or lost data coupled wlth the add~uonalman hours requed to complete the task.

In adduon, conslderauon map need to be g.tven to restoring any damage to busmess reputauon not only through addressing the ongmal securlty breach but ensurlng that public confidence is restored by incurring further costs associated wth advertismg the fact.

Crirmnal activity, and m articular Identity crme, 1s not encurnbcrcd 1)) geographcal &stance or borders. Whilst this paper docs not attempt to e?iplorc. III depth the Issue of identity crne on an International basis ~t 1s itnportant. to acknowledge the rnapltude and cost of ldcntlty crlrnc In other countrtcs wtth slrmlar jurisdtcuonal structures. f-lence, m this paper, we wtll exarrzlrlc cost estimates supplied by the Unlted 1.5ngdotns' I-Iomc Office.

The Home Office Identity Fraud Steerlng (:oinlulit tee esttmatcs thxt tdcnt lty ftaucl cost the economy of the tlnlted IClllgdom Ll.7 I~i1110t-1over the p:~srCIII-CC 11ca1.5.

(Cabmet Office, Ulllred Kingdom 2002). Whllst the ~al)leI~clow IS cl~~ltedct:11lec1 it 1s one of the most recent pubhcly available docutncnts tl7:lt I~rc:tl

ORGANISATION

ii number of insurers (representing approx 36% of the

industry) estimated that their financial loss in 2003 due

to identity fraud was L7.9m, which translates to E22tn

for the industry as a whole.

criminals pretending to be the rightful owner or by payments association criminals using a fictitious identity.

This figure comprises:

(i) Counterfeit (skimmed/cloned) cards Jl29.7m

(ii) Cards lost or stolen El 14.4m

(iii) Card not present E150.8m

(iv) Mail non-receipt E72.3m

(v) Fraudulent applications E13. lm

(vi) Account takeover E23.8m

udit Commission fraud (extrapolated from -Audit Commission National

Fraud Initiative figures).

50% of the industry responded to a survey and

estimated their financial loss due to ID fraud. The

BSA extrapolated figures for the sector as a whole and

estimate that this translates to approximately L3.lm

losses due to ID fraud over the past year.

sector. CIF-AS figures have only been included with raud Prevention respect to the retail sector. This avoids double-

counting on contnbu.tions made by other sectors

to a number of reasons including false information Constitutional Affairs being provided to the Police. Unpaid fines due to identity problems - i.e. many

people issued with fines do not turn up at courts to

verify the& alleged name and address. Given this,

courts flnd it diificult to enforce rhe payment of a fme

because they are not certain the identity on the fme is

a true identity (many fines get issued to fictitious

identities or identities with inaccurate spellings).

Depament for Wor

rises as a result of identity fraud (i.e. claiming benefit

prevent abuse of the driving licence in identity crime.

Estimated costs of ensuring that DSA is satisfied as to

the identity of candidates presenting for theory and

practical tests. The resultant enforcement activity in

preventing and detecting impersonations, ensuring

that only hose entitled can hold dtiving licences

reducing the ability to commit identity fraud.

FLA not included in 2002 study. This figure relates to

identity fraud arising from the provision of motor It is not possible to determine if the scale of this

problem has changed since 2002. The figure from the

original study has been included for illustrative

purposes to help estimate any comparative changes to

the overall cost of identity fraud since 2002.

HMRC has identified a number of fraudulent and

potentially fraudulent tax credit claims based on false

and stolen identities.

Some 6,800 fraudulent claims have been identified

based on stolen DWP staff identities, of which 4,100 were fulljr intercepted by HbRC before any payment.

The loss from this fraud is estimated at E2.7 don.

HMliC is currently subjecting around 30,000 potentially fraudulent tax cre&t claims to detded investigation includmg claims based on the stolen

D'CW staff identities and on stolen Network Rail staff identities. It is too eady to estimate the loss from this documents. These attempts have been successfully

detected and it believes the risk of identity fraud to be

ellforcement activity against individuals who may be

involved in some form of identity theft or identity

fraud, potentially involving document abuse.

Investigation Officers identified that L28,564 was specifically due to identity

fraud. However, most LAIOG members contacted

stated that as identity fraud was usually part of a larger

fraud, it would not necessarily be recorded.

known currently but is believed to be substantial. This

cannot be attributed to any single organisation.

No figures are available currently on the proportion of

money laundering that relies on identity fraud. It is not

possible to determine if the scale of this problem has

changed since 2002. The figure from the origLna1 study

has been included for illustrative purposes to help

estimate any comparative changes to the overall It is not possible to estimate the overall cost of

identity fraud to the Police Service. However, figures

show that last year Police Forces in England and

Wales spent 15,000 to 20,000 days deahgwith bogus

callers - a crime that relies heavily on false identides.

Cost of E1.73m is based on Police Forces in England

and Wales spending 17,500 days (midpoint of 15,000 -

20,000 days) at a daily cost of £99.19 (made up of

E82.19 per day per officer axid support costs of E17.00

per day per officer) to deal with bogus callers.

Telecommunications Telecoms not included in 2002 study.

The cost: of identity-related fraud is a substantial

component of the total £raud/revenue loss in the

telecoms sector.

fraud when processhig applications for UI< passports

issued in the UK. 1hls table represents the most complehenslr-e and hohsuc assessment of the cost of ~dentltyfraud. Kot only does ths assessment attempt to quanufy the fiscal unphcauons to busmess but also it addresses the subsequent cost of man hours as an adnunistratlre consequence.

It is an interesting interpretation taken when referencing the cost of identity crime to the Police Service. Initial thoughts when considering the cost of identity crirne would tend to focus on the lnan hours spent attempting to identify offenders of crimes. 'I'his survey however, focused the cost on the number of 'bogus' or what

New South Wales police would refer to as 'public misch~efcalls. This example, further illustrates the dfficulty in estimating the u-ue (and thorough) cost of identity crime.

The experiences of the Deparunent of C:onstitutional Affalrs relating to the issuance of fines to indviduals using fictitious names may soon be replicated in

New South Wales. The introduction of the Criminal Infringement Notice System in 2007 within the NSW Police does not require the mandatory fingerprinting of in&viduals for certain offences, the onus is on the Police Officer. The inhvidual may sirnply be issued a flne for the offence and, if paid on time, the offence wd not be recorded on the persons' criminal history record. In addtion, if false particulars were supplied, without fingerprint verification the fine wd remain unpaid and the offender will evade further police detection. Unfortunately there 1s lunited pubhc ~nforrnatmnavailable relaui~gto the sun e\

and methodology used m gathering the statlsacs used m the previously llstcd talde,

and whether m fact confidenuahry of informatlon was guaranteed to stakcholdcrs

prlor to parucipation. It is env~sagedthat strmlarly to the hustrallan economlc

enmronment, pnvate sector reluctance to dvulge commerciall~sensttnre

quanutauve data may have unpeded the collcctlon of accurate data. 'This 1s

demonstrated m part by the absence of contribuuon by the 13ntish I3anltcrs

Xssociatlon, ~iisteaddcferrlng to data obtamed from the United Kingdom

Payinents ilssoclatlo~i(AI'XCS) wluch clearly oi~lycaprures ~dcnutyfraud rcl:ltcd

to 'plasbc cards'. In additton the response mtes for some stakcholdcrs wcrc

omitted, such as the Local Authoritlcs lnvesugauons (lfficcrs <;roup (I .A I( I( ;), whilst low response rates of others such as the Assocratloil of Hrlt~shIrzsurcr-s

(360/0) further reduces the accuracy of stat~st~caldata. 'Thesc ciifficultlcs I.lowc~rer, sliould not be used as the rauonale by opponents a s~milarsLlrve) wlt1-11~1

Australia, any informatlon will be advantageous m cstirnatlng t.hc cstcnc of tllc problctn. Chapter 6

VICTIM ASSISTANCE AND PWVENTION

The impact of identity crime to a vlctim is far reachmg. linlilie a l,urgl;~ry,for

example, the 'continuation' of the crime can be long term. 'I'hc victim may not be

aware of the offence until the17 receive a debt collection notice, are declined a 1'me

of crecht with a fmancial institution or become aware of ;Ll~ad credit rating. 'l'he

effects of the criminal activity upon the indrvidual vicurn may continue for years

through fraudulently opened accounts and crecht purchases made 11). the offender.

To adequately address the issue of vlctirn assistance and preventlotl, ~tIS

unperatlve to look offshore to those countries who have recog~usedthe serious I I nature of identity crime, it's Impact and consequences and who ha\ c os are tn the

process of implemenang systems to further secure and protect the ident~tyof in&\-lduals .

There is no central reportmg agency in Australia for victllns of ldcntity cnrnc.

Initially the I-ictirn is required to report the matter to then respectlvc State law enforcement agency, in adchtion to contacung every financial inst~tutlonor company they have a current business relationshp to advlse of thc mcldcnt.

Unfortunately, they inust then be prepared to contmue this process each tlnx a new fmancial institu~onor business contacts them regardng any fraudulently opened accounts or loans opened in thex name. Whdst there is no accurate data

4 3 in ilustralia as a reference, research conducted by the United States General

Accounting Office (GrZO-02-363), estirnares a victim spends, on average 175 hours and $100 (not counting legal fees) to fuc lxs/her creclt rating.

X number of American Insurance coinpanles are now offering an 'Identity

Protecuon Sen-scc'. One such exavnple is a United States company Intehus, who offer a range of products including:

h 1dent1t-y lieports - that advise of your "Fmanclal, Pubhc and Profcsslonal

Identttj p~cture". 'I'he report outltrles a persons name and addresses

assigned to their Soctal Securlty Nutnl~er,their phone connectton and

utlliacs status, any enyulrles conducted 011 financial or credlt infortnatiot~,

current properq report and any comprotmsed credlt cards

> Ict Watch -- which protrldes email notlfic;~tto~ltf there arc any cliatzges

tnade assoclatcd wtth the persons Social Security Number, ilddt-ess,

I'honc, I'ropert-y Sales, New I,oans etc.

> lnsurancc (:overage and Recovery - this 1s a pl;u~that assists a person m

restoring their identity. It ~ncludcsassistance sn filing reports, sending

fraud alerts to credlt :lgencics and covering legal fecs. 7'hc total coverage IS

up to $25,000

'I he fact that this company offers such a commercially viable servlce is inclcative of how prolific tdentity crme is in the Z lnited States of America.

44 Whdst ldentlty crune is not new, ~t'sprohfera~on to date has been far grcaccr tn

other count~ies,to the extent that a response has been implemented. rlustrillla 1s

not Immune to the exponeilual mcrease m ths acuxrlty, axid as sucl~,gc~x~crnment

and law enforcement agencies should become conversant with stratcpes

implemented elsewhere. Conungencies lrnpleinented in countries of situtlar

economc and soclo-cultural makeup are sumrnarised below:

United Kingdom In the United IGngdom, The Home Office in collaboration with other government departments and private sector organisatio~lshas sct up the 1 Iotne

Office Identlry Fraud Steermg Comrmttee. The am of the committee 1s to lead :I programme to address identity theft and identity fraud.

"The Home Office Idenuty Fraud Steering Coininittee have listed a numl~crof lcey successes on its website, www. identity-thekorg.uk, these include:

3 Ahpgpenalues - Many orgamsauons use and drtx7ing ltccnces

to help establish idenuty. The mamnuin fme of &2,500 was no longer a

credble penalty for fraudulently obtainmg a driving hcence gtbcn the lcxrcl

of fraud that it can be used to perpetrate. The Crmnal Justice Act 200.3

changed the law to ahgn the penalty for fraudulently obtarning a dr~viiig

hcence with that for fraudulently obtaining a and made thcse

offences arrestable. Obtmgelther document fraudulently now incurs a

45 rnaxmuln penalty of two years imprisonment.

P New crimlnal offences - Organlsed crunlnals often use false identity

documents. The Identity Cards Act 2006 created new crmal offences of

bclng m possession or of controlhng false identlq documents, including

genuine documents that havc been unproperly obtained or were issued to

another persot?, ~v~thoutreasonable cause. These offences came into force

on 7 June 2006 and cover both UI< and foreign documents.

2- Ileveloping and sharing good pracuce - Identity Fraud - 'l'he UI< Manual

was produced and launched in June2003 it Includes examples of known

security features from 1J1< passports and driving licences and prov~dcs

guldance to organisations to help spot forger~cs

2- Identity and Passport- Senme (IPS) initlativcs - 115 has deployed a

database of lost and stolen passports that 1s being shared wltli hordcr

authortties and police worldwide to help prevent ~dentityfraud

'I'he National Identity Schernc - 'l'he C~overnment'sdeclsion to inti-oduce a

National Identity Scheme was announced sn the Queen's Speech on 17

May 2005.'l'he Identity Cards ,!cr 2006 has now passed all of its

I'arliatnental-y stages and received Royal Assent on 30 &larch 2006.'The

ldentity and Passport Scrvicc is responsil~lefor introducing a National

Identity Scheme that will provide people with a highly-secure means of protecting their identity. The National Identity Scheme will eventually

become compulsory. This means that all UI< residents over 16 will need to

have an ID card. Howel-er, it wdl not be compulsory to carry the Ill card

with you. It is expected that the &st cards wdl be issue from 2008/2009.

Netherlands

The Netherlands Police maintam a central database of lost or stolen idenuty

documents called the Verification of Identiry System PIS). In 2002 there were

aver SIX dondocuments held on the central database (Cabinet Office, July

2002, p 38). Detads of deaths are also recorded to prevent the stealing of a deceased person's ~dennty.

United States ofAmerica

In the United Stated there are three national consumer reporting agencies that have call-in centres for reporting identity fraud or theft; the Federal Trade

Commission (FTC),whch maintains a database of complaints concerning identity theft; the Social Security Administration and The Office of the Inspector General

(SSX/OIG), whch operates a hothe to receive allegations of Social Security

Number (SSN) misuse and program fraud; and Federal law enforcement agencies-Department of Justice components, Department of the Treasury components, and the Postal Inspection Service-responsible for investigating and prosecuting identity theft related cases. The Federal Trade Corntmsslon in Arnenca have a Dnrlsion of Pnvacy and ldcnuty Prntecuon, rt 1s the newest of the Bureau's dlvlslons and 01 ersees issues related to consumer prrvacy, credlt rcportmg, ldenuty theft, and lnforrnatlon securlty. In addltlon, tlie Di'i'lslon educates consumers and businesses about emerglng pnvacy, cre&t reportmg, and mformatlon securlty Issues, as well as

~dentlqtheft prevenuon and asststance.

7'he Iden~ty?'heft and Assumptron Deterrence Act of 1998 was the first ptece of federal legtslatlon to deal bectly w~th~dcntlt? theft. 'The Act reyuved the Federal

'Trade Corntmsslon (1

Clearinghouse. Law Enforcement Agencies who have rnembershlp to thc

Cleantlghouse have the ;il)ilt~to access the database to determine whether there are additional lrlctlrns or lnformat~onthat would be rclevant ro their current invcstig:rtrons. The Federal 'Trade Commission m collaboration wlth the United States General

Accounting Office has dlusrrated some of the non-fmanclal impacts to victims of

Identity Crime.

Table 2 Types ofNon Monetary Harm as Reported to the FTC

(R'ovember 1999 to Sep ternber 2001)

Criminal inves~gation,arrest,

Detui/ir andpemntages do not add zlp dxe to victim being szlbect fo more than one !)pe !f'i7arm

Sozm: GAO -02-363,56 In addtion the following table gives a sample of the activities committed by offenders and the subsequent consequences to the victim.

Table 3 Summary of GAO'S Interviews of Victims

vicain's name

Obtained lnousing

Obtained fraudulent

identification

Opened cell phone hours over 10

Made charges on a Obtained housing Could not claim

Purchased car

Wrote bad checks

owed back taxes

Attempted to obtain

Wrote bad checks

Obtained fraudulent

Opened cell phone o Wrote bad checks

hours over last

Filed tax return

Went to court

identifications

Attended college

Wrote bad checks

Made fraudulent

Used existing credit hours over 1.5

Arrested 3 times in

Car searched Purchased car

Used victims Evicted 3 times

Arrest mice in victim's name

The e.zperielzi,e qfti3ej.c 10 vicfinzs are not st~~?iifil.u/'rqre~cntativc ) o,/ ' u// ui~~tinz~

Soum: GAO-02-363,67, 58-60

The Xustrahan Consumers hssoclauon, CHOICE. have llsted a nurnber of

steps on their website (CHOICE.COM.AU) as gmdance lf you become a

vlculn of Identity fraud. If your 1dentlt)r has been stolen you may only find out

months later when you dscover a cre&t card bill 1s outstand~ngor when you're

denied credit because of a default on your credt Ieport.

Prevention

'Anounce oJ'pre~~entioni.i zvorjh a poknd of~xre'- this ancient proverb first recorded in

Latin, Henq De Bracton's De LEGIBUS (c. 1240) is certainly pcrtirlcrlt to

Identity Crime.

The effort and ume, not to mention frustrauon associated with re-establishing one's credt rating and good name can not be understated. In i\ustr:llia, as yet we do not have a central database or agency to assist victims of identity crunc. 11s such there is rnvariably a duplication of effort requlred of the victlm to convmce financial institutions, and other government and non-govcrnmcnt agencies of their plight. Acuons one can take to avoid becoming a victim of Identity crime include:

O Provide only necessary information about yourself. Sometimes

businesses request large amounts of information they don't need.

k Read the privacy policy before providing inforination to any business to

ensure you understand how protected pour data wlll be.

k Choose passwords that are difficult to guess. Use a combination of

letters and numbcrs. Change passwords from time to tlrne.

3 Use a number of different passwords for different lun~isof

transactions/accounts.

3 Limit the amount of credit you have in accounts. (;ol~sidcrusing a

separate credit card account with a low credtt lunlt fix onllnc trailsactions

and when overseas.

b Thoroughly check account statements.

k Don't leave personal documents in your car glove box such as

registratio11 papers

k Only carry personal documents with you if you really need them to

tninirnise the damage if your wallet gets stolen.

O Securely store personal information at ho~nc. P Destroy personal information such as bdls and account statements by

tearing, cutting up or shreddrng before throwing them away.

3 Lock your letterbox.

3 Check you've received all expected bills and statements. ,I missing

letter could inbcate a thef took it from your letterbox or changed your

bhgaddress.

3 Collect your new credit card and cheque books in person rather tlian

by mail - ask your bank. If that's not possible watch out for them and

contact your bank d they haven't arrived when expected.

3 Order a copy of your credit report about once a year, checlc it and ask

the credit reference agency to correct any mstalies. (;redtt reference

agencies should provide you with a free crecht report In ;I reasonable tme

(10 worlung days); most also offer an express selvice for a fee.

Baycorp also offers a cre&t monitoring service for a fee that nottfies J ou wherlcver a credt provider accesses )lour report. Include your full name, date of birth, driver's licence number, current/previous addresses, phone nutnbcr, your current/prev~ousemployers and the cre&t prov~deryou most recently applied to and contact "Baycorp Advantage' PO Box 964.North Sydney. Dhgence in &plementing the above checkbst will certainl~rreduce the chances of becoming a victim; however the following incidents are inbcators that a form of identity crime may have occurred:

3 Non receipt of bLUs or mail;

P Recelpt of crebt card accounts that you have not applied for;

i; Repossession of an unlmown vehicle;

> Eeing contacted bj debt collected for unknown goods or services;

;3. Being denied crebt for no apparent reason, ol- connection to utilities;

)i Being contacted bp police for alleged offences you did not commit.

I'reventlon 1s not only the concern of the mdiv~dual. l-"~..lai~c~allnstituuons and other organlsauons are also rcsearchlng and ilnplementlng prexrentlon strateges to coml~atthis crmnal actlvlty.

One such strategy is the introduction of 'chlp and pin' technology. The llnlted

IGngdorn has target hardened 'points of compromise7through the finplcmentation of ths technology. The 'chip and pin' card has a I'ersonal Idcntificauon Number O'IN) securely encnpted wtth a ckvp lnslde the card. 'Tlie consumer must enter

the11 PIX to make a transacuon. sundar PIX system 111 France has sceri an 80

per cent reducnon m fraud slnce ~tsmtroductlo~~ over 10 years ago. (Chq and /-'sn

21106)

The mplementatlon of chp and pm technology to the United IGngdom in 2005

has seen a reducuon of nearly L6Om m counterfelt and fraud on lost arid stolen

cards when compared to 2004. The PIN is securely encrypted (held m a secure

memory) \vltlun the chp, meanllig that ~t is extremely dfficult and ume

consumg for a crmal to access the PIhT ~fyour card 1s stolen, and they would

be hkely to destroy the card m the process. (Chzp and l'~;lz2006). As the chlp and

PIN programme 1s a worldwide lmtlatlve it is envisaged that commensurate results

will be experienced when the technology is fully ~rnplelnentedm Austraha.

It is the enabling abdrties of identity crime to facktate other hgh level criminal

activities such as drug traffickmg, people smuggling, money laundering and terrorism that is cause for significant concern. As discussed earlier, the use of false identities and documentation is not lusted to the perceived white collar crime of fraud. Information gleaned through United States Congressional Hearings and

Sentencing Commissions hghlight the sigmficant role that identity fraud plays in both the fundmg and actualisation of terrorist activities. &;h apter 7

FACILITATION OF TERRORISM

In February 1993, an explosion at the World Trade Centre Complex in New York

Clty lded six people and injured appromately one thousand others. Accorduzg to a report by the ZTn~tedStatcs Ileparunent of Justice's Office of the l~lspector

General (lieport No: 1-99-10, 1999):

'One of'the ~.on.pirafot-.sin /he Wor/d Trade Center bombin4 entered /he comnty on a

pho fo-s;rrb.rii/u/ed SwecIi.rh pu.s.po/.t it7 Stpteir7ber 1972. 771e .sz/~pe~fm.red a .Ywe~Ii.rh

pa.r~por/'eC~je~-t1;qg to pass un~halieqpedthrnuth the INS i~z.\pc~fionarea a/ New

firk k. Kennedy Ai$wrf-.rince an indi~jidz/u/beunnC4 u uuiid .I'~~di~.hp~z.r.por~d0e.r

not even need a vi.ra to enter fhe United .Ytute.r. ' IVjien /he fel-ronst urrived a/ ]uhn ti:

Kennedy Intemufionu/Ai~ol-/(JFIC), an 1N.Y in.\pec/or .~.u.pec/edfhai /he pa.l:por/ had

been aitered. A .rearch of'h2.r l~qg~gere~~ecealed in.stn/c./ional muiekucis fiir makiqq bombs;

the .sfi/ili;eel.~111a.s detained and .ren/e/z~z.dto .r.lc mon/h.l-' imp~.roonm/brpu.l-s~7or/ /?a~/d.

Ir? Mar~h1994 he 2au.r con~Iic/edfur hi.( role in [he World Tmde Center bombiqp and

.renten~.ed/a 240 yeur.s inpyiriron and (A ,f/f00,000/kt. "

A United States Sentencing Commission report (1 999), also relating to this incident noted that, 'The World Trade Centcr defendant used, and 7au.r in p0s.re.l-sZbu oj,' nz~mero?~.s~fulseidentiJ'icution document.^, such u.spho~ra~hi,bunk docxfnzents,medilzli hi.r~orie.r, and edmation record.\-jkom whk$ nuirzerozisja~~eidentz2ie.s cozild have been ~.reuied." In1;HI reprcsentati\-ea1 a Februaq 2002 congressional hearing stated

'"fiE7Vilsr/filNilr$g /121~th~d.r JSU~~ jkoirz the h&hiy .sophi~~ti~.utedto the ?zo.st ba.si~: There

i.i l~irtl/u//)'-.no ji,lunL$g method t17at US not ui some ltvel been ztti/iyed /erroti.st.r ur~d

t2r7-oiu;igrozqJ~.Trudifiona!/~~, their ffl0rf.r huz~ebeen uided considembly- by- the irise of

~urlr~ponde,itbunk a~x~ounf.s,ptimte bunking u~z.o~~nts,ofi.;hore .she// bunks, . . . bzdk

lush .rnizig/i,lg, identir2, thgi, '.redit card.fkutld, and other c~-imina/operuLiom.r .s~chu.s

il/ega/ iir~gtrufli~ki~lg. " (Lorrnel, 2002).

This xas a contribuung factor to the FBI beginning criminal financial

lllrestigations focusing on fraud schemes with a possible nexus to terrorist

financing.

The organisation Prix-acy International in their report 'Mistaken Identity;

Exploring the Relationshy Between National Identity Cards 81 the Prevention of

Terrorism', (2004, pg 5) refer to a list of 25 countries assessed by the Israel

Based International Policy Institute for Counter-terrorism as having suffered most

from terrorist attacks since 1986.

Privacy International acknowledge that the list is biased, highlighting that Sudan is not mentioned despite the US cruise missile attack in 1998, however they drew the following conclusion:

Eighpper cent a;i.'thesecozintries have long-standing identity curd systems, a third duhich contain a biometric szich us ajhgeprint. While it is impossible to ciaina Ithat terrorkt incidents ha~xbeen thwarted as a reszlt $an ID card, the above data establi~hesthat the cards are unable to eliminate terrorist incidents.'(hivacy International, 2004, pg.6)

6 1 Table 4: List of25 Countries having suffred most from terrorist attacks since 1986 The issue as to whether an identity card wdl thwart terrorism assumes that all terrorists are 'aliens' to the country being targeted. Privacy International asserts that 'IT IS mposslble to clam that terrorist mudents have been thwarted'. 'LWst the above data map establrsh that ldenuty cards do not ehrmnate terrorism the unltnown factor 1s whether they have rmnumsed the mcidents.

The Beslan School Massacre which occurred on 1st September 2004 Med 33 1 people, with Chechen rebels initially tahg more than 1000 people hostage. The rebels had crossed heavily-policed territosy to reach Beslan. Jeremy Page, a

Moscow Correspondent of The Times said: "Rel~ztir/esoj'~ji~~f"inz~. iliame both lo~zlland

/idem/ aulho~itzestor allowing hosiuge takers lo get acros.~.the ilorrier.~.." Investigations since the Massacre have failed to determine how the rebels passed through these

]>orders,however identify fraud has not been dscounted.

Opponents of identity card systerns refute claims that such a scheme will assist in fighting terrorism through the identification of indviduals using multiple or single false identities. Privacy International 111 thek report Mistaken Identity (2004) asserts that a biometric identity system assumes the following circumstances:

P 'The target terrorists will be entitled to an identity card;

)=. The target terrorists wdl apply for an identity card;

)=. 'Target terrorists who are entitled and moti~~atedto apply will do so using

their true identity;

P Measures \dbe in place to detect suspected persons who are living in the

UI< without an identity card;

P Data matclvng systems wdl reveal information that relates to a suspect. As Illustrated, there is an argument that hiting the abhues of indwiduals to

participate in identity fraud wdl not prevent terrorism. Ths may be true, as a

suicide bomber xvd invariably seek to hare their idenaty lrnown once they commit

such an act, to further what they believe wdl be adulauon from s~rmlarlyininded

indviduals. However, lulllung identity fraud wdl inhibit the abkty of individuals

and organisations to fund terrorism through false bank accounts and money

laundering schemes. 'The use of a fictitious idenuty provides an opportunity for

terrorists to travel fi.ee1.y without triggering name-based watch lists utilised by law

enforcement and federal agencies

siccording to Lonnel, (2001) terrorism is funded by tradtional fraud schemes such as credit card fraud, identity theft and insurance fraud. The abhty of terrorists and

their supporters to open bank accounts or obtain cue&t cards in fictitious names, coupled with the uulisation of the internet for added anonymity adds to the appcal of ths methodology. In his testimony before the U.S. House Committee on

Financial Senrices (3 October 2001) Dennis Lormel stated, "Cz~tti~zgofthe.. . /inundu/

Izjeblood oftbe indiuidz.~aisand organi~u2'ionsre~ponsible for the Sqtember I I ucts ?j'!erroril.;y/zis

/n viIu/ .c.!~pin di~.man!hzgfhe organi.yufionundpre~/enting~jitz~re levo?-isl uct.~"

On the 1" October 2001, Mr John Pistole, Assistant Director Counter Terrorism,

FBI coinmented on the use of fraudulent documentation and the implications to homeland security before the U.S House Select Committee on Homelalid Security. Inves~ga~onsand intervlews of detanees lilghhghted a number of Instances of the

use of fraudulent documents and false ldenuues related to terrorism matters.

lr- The use of stolen credjt cards and fictluous sales scains by an Al-Qa'ida

terrorist cell 111 Spain to make purchases for the cell. The use of false

passport and travel docuinents to open bank accounts to fachtate money

transfers for the mujahadin movement. In adchon to the use of stolen

telephone and credit cards to conduct anonymous cc-)mrnunications back

to Pakistan, Afglianistan, 1,ebanon and orher countries.

k A I'akistani who was a guard and doctor for the "I'altban was arrested at

John F Kennedy fluport for atternptlng to entcr thc I;ntted States on a

forged passport.

>- Iraq1 who was arrested in Turl

using a false ICloroccan passport, purchased for $1 50 in CIS currency.

k ri detalnee of Ycment cxtractlon who acyutred a false Yemeni passport

and was able to get a I'aklstani visa

Mr. Pistole stated in hstestimonj~ that whilst these i~ldividualsmay not thelnsclves be terrorists, proceeds from the= fraud schemes were directly or indirectly used to fund terrorist activities or groups. (T'~stole,2003) Chapter 8

IDENTITY DOCUMENTS

T'lie non-government organlsation 'Privacj- Internauonal' asserts that appromnately one hundred countries have officlal compulsory national identlty cards that are used for a variety of purposes In 1985 the Austrahan government proposed legislauon lntroduclng a nauonal ldenuty card. The bencfits of tlic card were then espoused to be the combating of welfare and taxatlon fraud. 'T'hc system was to Include a register to fachtate the sharmg of lllformauon about mdvlduals. There was a lot of opposluon to the proposal by both the opposition and the commumty. In 1987, a jomt situng of parhamerlt faded to pass thc leglslauon due to a techmcal flaw with regard to the constituuon.

ilt the same time in June 1985, seven E,uropean Union (EU) countries signed a treaty to remove all internal border check points; this became known as the

Schengen Agreement, named after a town in Luxembourg where the first agreements were signed. Prior to the agreement citizens of Western European co~~ntsiescould travel across neighbouring borders by showing their national identity card or passport, whilst nationals of some other countries were required to present separate visas for each country they were visiting. The result was an increase in traffic congesuon, delays at border checks whch inevitably cost both time and money to both visitors and commerce. Whilst these mo events may seem to be contradctory with regard to freedom of movement, the Schengen

Agreement was introduced to create consistency. (Schengen Visa, 2003)

The Schengen Agreement created uniformed rules as to the issuance of the

Schengen Vlsa. Vlsltors who are non-European Unlon (EL),non-European

l':conornlc Area (RIiLi) cluzens, staymg less than three months are reqwed to

satlsfy a number of con&tlons ~ncluhigthe purpose and conQnons of thelr stay,

thelr means of subststcnce and obviously a passport or travel doculnent which

cntltles the person to cross the border. The need for a separate vlsa for all the

(Schengen) t Suropcan countries has subsequently been ehrnmated.

A total of twenty SIX countries, incluhg all European Unlon States excluchg the

Republic of Ireland and the IJnited IGngdom have signed the agreement. 'I he fifteen countries who have ~rnplernentedthe Agreement are: rlustna, Belgium, l>cnrnarl<,I-inland, I"rancc, (;ercnany, I celancl, Italy, Greece, I ,uxembourg,

Nethci-lands, Norway, Portugal, Spain, Sweden, Norway and Iceland. The latter t-wo being external to the I1,uropcanIlnlon.

Central to the Schetlgen ilgreemcnt is the Schengen Inforrnatlon System (SIS), whlch 1s a centraliscd ~nformationsystem that allows member states to share

~nforrnatlorirelaung to indtviduals and vehicles of interest. On 27th May 2005 the

Schengen 111 Agreement was slgied by seven countries (Austr~a,Belglum, France,

Germany, J,uxembourg, Netherlands, and Spain) .vvluch may enable a greater exchange of information to include all biometric data such as fingerprints and

DNA. (Schengen TTisa2003)

The changes m the landscape of nauonal security smce the proposed Australla

Card and the onginal Schengen Informauon System m 1985 are considerable. 111

the aftermath of the terronst attacks of I lrh September, 2001, many countries

have fast tracked plans for the adopuon of a new passport standard that tvlll

Increase the security of travel docuinents m hewith tune frames stipulated 1,y thc

US when Congress passed The Patnot Act m 2002.

As a result of The I'atnot Act, 2002 ill cornblna~onwith the Enhanced Border

Security and Vlsa Entry Reform Act 2002, the Internabonal Clvil Aviauon

Organlzauon (ICAO) formulated the standard for the 'e-passport' in May 2003,

stalng

"By October 26, 2004, in orderjbr a county to renzain el&ii~leJurpurti~putionin [he

ui.su waiverprogmz it.rgot~erzmentmz!.rt certb that it /7as aproLfra??zto Z:lli..ueLo 2t.s

nationah machine-nadablepa.sJport.r that an tamper-re.ristant and u~hid)incoqomte

bioirzetric and az/thenticatiunidentgiers that sati~3the .rtundurlr. oj'lhe Inte~nationai

Ci~iiiAviution Opni2ation " (ICA0 , 200 6).

There are 27 countries in the visa-waiver programme that are now required to have a biometric in place by October 2006 if they are to fachtate visa-free travel to the US. Specifically, the standard specifies that all e-Passports are to contain a "photo" of the traveller in jpeg image format. This is a >al image format

compatible with facial recognition technology.

The lhropean Ilmon regulauons go further than that of the IJS supulatlng two

sets of blornctllc data - 'fitlgcrprmt ~tlinteroperable formats' and faclal scans. The

1'-l'assport Issued by the US will combine face recogmuon and contactless cliip

technology. 'The chlp wlU contaln the same mforrna~onas recorded on tradltlonal

passports name, date of blsth, gender, place of blrth, dates of passport lssuance

and explr:iaon, passport number, and photo Image of the bearcr. 'I'he passport wlll

also contaln an anti-sku-rrning dcvlce to mcrease security. It 1s anticipated that h,-

asspo ports ~vlllbecome an ltnporrant tool In prevcnung ~ndn-ldualsusing mulaplc dentlttes. (f: I'a.\.\port.~, l1.se.1 uud Iwjtlufifie~,200 5)

As ~llustratedvarious legislauons, agl-eetnents and pollcies have shaped the current status of ~dcntlt-yauthentication mter~iatzonally. 'I'hs 111 cornl~matlon1~1th l~istoncalsignificance of idcntlty documents, economlc wealth, and embracement of technology has determned the mportaace or otherwise thar a country places upon an identity.

'She following illustrates a sample of countries who have ilnplemented a form of idenuty card (list of Idenuty Cards by Country, 2006)

France France has had a national identity card since 1940. 'P'he card was comp~llsoryfor anyone over the age of 16. A ccntral record was also instituted; from 1942 krench

7 0 people of Jewish rehglon had the word "Jew" added to theu card in red, which

helped authoriues identify 76,000 people for deportauotl as part of the liolocaust.

In 1955 a re!-lsed non-compulsor~card was mtroduced and the central records

abandoned. The card included a photograph, surname, given name, date and place

of blrth and incurred a fee upon renewal. In 1995 die cards became machine- readable and 1r1 1998 they were issued free of charge.

The current French national iden~tycard (Carte nabonale d'identiti: sbcur~sCcor

CKIS) 1s an officlal non-compulsorp . It is a laminated plastic card bearmg the owners photograph, name and address.

In adchon to the card, the owner 1s requlred to supply a fingerprint which 1s stored In paper format. Access to the fmgerprlnt is only permitted by a judge under specific clrcurnstances. A central database holds the mforrnatlon cont:uncd on the idenbty cards, however strlct laws prevent the cbssetmnatlon of thts mformatton or the hhgof the records to any other database. '1 he cards ma) I)e used to venfj idenuty or can be used for travel ~vlthmthe l~uropcanlinion in lleu of a passport. The cards are wldely accepted when openmg bank accounts.

As the identity card is not compulsory laws were changed to enable in&vidu:lls to use any official and certified document (even if expired) issued by a public adrmnistration to verify identity. Law enforcement can also accept photocopies as proof of identity provided that the origmal is presented withn two weeks. 'This is an 'interesting' clause, if the individual is using a forged photocopy and then fails

7 1 to present the original wihtwo weeks, where do the law enforcement officers

locate the person?

Recently the French Government proposed a 'secure electronic nauonal ldentlty card', to be Implemented from around 2007. The proposal was for a crecht card style ldenuty card contavllng a fingerprint and photograpli on a chtp, whrch would be recorded on a central database. This proposal was opposed by human rights groups and the natlonal authortty and regulator 01.1 coinpuung systems and databases, the Cornmissto11 nauonale de l'itifortna~clueet des IlbertCs, (CNIL).

Another non-compulsory card is belng dscussed.

Germany Cotnpulsory registration of individuals was introduced under thc Iieich

Reg~stratio~iLaw of 1938, and ident~tycards were ~ntroducedin 1950. It is not compulsory to carry the German ident1t-y carti the, "l'crsotiala~~swd,however ~t

1s con~pulsor)to prove your identity to police ~f reyuestcd. (I,ist of Identity cards by country, 2006)

The card contams name, date and place of birth, nat~onality,address, height, eye colour, date of expiration, signature and photo. IJpoii change of address authoritxes must be notlfied with one week, addresses are not cot~sldered personal mformation. Addresses are changed by puttlllg a sticI<~roil thc old address, sndar to a New South Wales dnver's licencc. There is no central database of ~denutycard information. Sweden Sweden introduced a national identity card containing biometric data on the 1st

October 2005, however it is not compulsory and does not replace previous paper

based identit)- documents. The new id en ti^ card wdl fachtate travel within the

Schengen region and also complies with the ICAO standards. The card has a

cont.actless chtp contmmg a dg~talplcture of the cardholder and a traditional chlp

that wdl allow it to be used to access e-government sen-ices in the future.

Sweden also bas a nauolial populauon register, whereby everyone 1s issued with a

personal number at blrth wlvch was previously used for many offictal transactions.

'The mforrnauor~contained wlthln the register 1s not protected; anyone call look up

the personal detalls of another. Whilst the natlonal populauon regtster 1s wldely

accepted there has been opposluon on grounds of m&vidual rlghts to a hillcage

between the new ldetitlty card and the population reglster. Consequently tlie new card IS not lmked to the reglster and informauon 1s stored m the ch~pon the card.

Spain It is compulsory to carry the Documellto Nacional De Identidad (IINI) froin 14 years of age at all times. It may be issued earlier to fachtate travel to European countries, and is often photocopied by private and public organisations. Credit card purchases cannot be made without showing &IS identification. It is to be replaced by Electronic DNI, s111111ar in size to a crecht card it wdl contain an embedded microchip that wdl store the cardholders personal data in electronic format, a certified dgital signature, and two biometric identifiers (facial image and

fingerprint scans).

Brazil Brazhans have used identity cards since the beginning of the 20th century. -Also

compulsoly, the Brazilian identity card must be carried at all times. The card includes a photograph, full name, parents name, nauonal status, thumb print and

serial number. .

Each state in Hrazll 1s allowed to print its own ldentlty card, however the layout for each must be icienacal. In &o Ile Janelro the cards are fully dig~tisedwhch allow informauoii contamed wlthit? the card to be verlfied against ~tsowncr off-hne.

The bar code on the card encodes a colour photograph, a signature, two fmgerpnnts and other information. The technology was developed ~n2000 to improve the securlty of tlze Brazhan idenut) card.

In compliance with E-passport regulations, the Brazhan passport will contain sipaturc, photograph and ten rollcd fingerprints. Tl~cpassport contents and idcntity verification will be read electronically as the fingerprints and facial u-nagcs

WLU be avdable for automatic recognition. kinited Ki'ngdorn The intl-oduction of a National Identity Scheme was announced in the Queens

Speech on 17 Ma) 2005. The scheme will eventually become compulsory,

requirmg all UI< residents over 16 to hare an lden~tycard, however it wdl not he

t compulsory to carry the card. It is expected that the first cards wlll be issued from

'The idenuty card wlll ~ncludethe cardholders name, date of bu-th and address,

referred to by The liomc Office as a 'biographcal faotpnnt'. Thls inforlnauon

wdl be cross checked with other databases such as Nauonal Insurance or drrvlng

llccllce records. 'I he ~dentltycard vi-dl look sdarto a credlt card, however tt will

also contarn a chlp that contams your biograplvcal footprint, an Tdenuty

Registratton Nuinl~er(pru~tcd on the card) and blometnc data. I11 addtlon the

card uill also be enabled 1~1tha I'ersonal Identzficauon Number determined bj the

cardholder.

'lo rnlmnuse the chance of fargely the cardholder's detads are verlfied by using the

'~dentityvenficauon senrice' which will confirm the details contained an the card

with those held on the Natlonal Idenuty Repster. Basically the Identity

Verificat~onServtce operates oti the basls of confrrrmng only the mfor~nauonthat

1s recluircd, for example, proof of age, work visa status, crmal record checks etc.

A11 organtsations need to be accrehted to use the system and cardholder consent must be obtalned to conduct a venficauon. It 1s mterestlng to note that one of the nominated advantages to an Identity Card and Reg~sterby The Hotme Office 1s the use of lnforrnauon by pohce and security senrices to use the Nauonal Idenuty Reglster to compare fingeqnnts found at a crune scene that do not match exsstlng pohce records. (Idenuty and Passport

Sen-lce, IJI<. n.d.). '111e use of blometrlcs m ths arena has the potentla1 to provlde mvesugatlve leads to unsolved serious crsmei such as murder, rape and terronst incidents

Israel

'I'he use of biornetncs 111 ~dentltydocuinents 1s no better illustrated than 11.1 Israel where biomeuscs have heen used extensively for several ).ears. 'I'be border crossings from Israel to the Caza Strip and West Bank are controlled 1)y gates through which authoriscd 1)alesunians map enter. 'I housands of l'alest~n~anspass thro~~ghthese gates every day to worlt in Israel, at peak per~)dsmore than 15,000 people an hour pass through the gates, eacli person must have an tdcntitp card which 1s issucd 111 the Israeli Military. 'I'herc is a photograph pr~ntcdon the identity card. A d~gitalversion is then stored on the smart card chip of the card whlch also contains 1)tometric data of the c;udholder7sfingerprints, faclal gcornctry and hand georncrr) . (Jewish V~rtualI ,il)rary, 1909)

Australia l'here IS currently no official identit). document 111 ilustraha, however 1n the fi~anclalsector, the 1;inancial -1 ransaction Reports Act 1988 (Cth) regulates the manner in which identity is established when an account with a financial institution is opened. Th~sprocess is the benchmark that many other sectors use

to establish identin.. The points based system is created under the Financial

Transactions Reports Regulations 1990 (Cth). Documents submitted as proof of

identiw are each assigned a value dependmg upon their level of security and

importance. To open an account with a financial institution a total of 100 points

are required.

l!nder the Regulation documents are classified as either Primary or Secondary

documentation with the following points allocated to each: l~rirnarydocutnenrs

(which are allocated 70 points) include a current passport, bi+th certificate and a certificate of citizenshp. Secondary documents include a drivers licence (40 points), public emp1.opee or student ID card (40 points), crecht card (25 points), htedcare card (25 points) and local council rates notice (25 points).

The legislation creates various offences for breaching these regulations. It is an offence to open an account in a false name or to bsclose only one of two names by whlch a person is known. Ths carries a lnaxirnuln penalty of 2 years imprisonment (s. 24 Financial Transactions Reports Act 1988 (Cth). It is also an offence to knosvinglj7 or recklessly make a false or inisleading statement in advising a financial institution of a change of name. Tlis carries a maximum penalty of 4 years imprisonment (s. 21A Financial Transactions Reports Act 1988 (Cth).

The 100 points system is far from infallible. The abihty of offenders to submit forged or altered documents is dependent only upon the quality of the document.

77 The system relies solely on the abhty of the employee to verify the authenticity of

documents. There is no system or process in place to facllirate verification by the

issuing agency to confirm the detads supplied.

On 26th Aprd, 2006 the government a~inouncedthat ~thad 'deczded to~ro~eedztz princpie wz/h u znema uaesd curdjor lieuitl, and wc//urz..\e17)z~e.i, /hoyg/) 1Id mled o.ut rntrod~innqa

compzd/so?y~utzonu/tllD L~I-d.' (Media Release, J'rme >lmster, 26 Xprd 2006).

Accordmg to the Governtnent the purpose of the proposed card 1s to assist people

u obtalnlng Government l>enefits ui a "convenient and rehable' wa), with a

prn-nary functlon to tntnmse fraud and rrususe of pubhc funds.

The access card wd have the cardholder's name, a dlgltal photograph, tllcir

signature and card number. I11 addruon a rmcrochip within the card w~llstore a photograph, date of birth, address and details of chtldren or dependents. 'l'he proposed card wilI be designed to fachtate the voluntary ~nclusiot~of addit~onal inforrna~onmcluding emergency contact details, allcrg~es,health alerts, chronlc

~Unesses,irnrnulilsatlon informatron and organ donor status.

Inforrnauon contamed wlthln the card w~llalso be held wtthm a database, the

Secure Customer Reg~strat~onSystem (SC:IXS). 'The (>os~crnmentat th~sstage has only stated that inforrnatlon contained wlthin the database will only be ava~lableto authorxed persons". (Medra Release, Prime Mlnlster, 26 Aprll 2006). Additional information relaung to the card is hlted. The technolog~calarchitcct~~re of the proposed access card has not been released, subsequently mpedlng pubhc debate

78 alld hanganal\-sis of he system relating to securiv of information contained

with the SCRS.

The webslte of the Department of Human Sen~lces,wvw.humanservlces.go.i .au

supports the use of the proposed access card as a proof of ldentlty docurnel~t

outslde of those 111teracDons mit.h the Department of Veterans' Affa~rs,Medcarc

and Celitrehk, @emg the agencles for whch the access card 1s to be dcslglcd),

however the Gos-ernment has pubhclr- asserted that the access card 1s not an

~dentltycard.

The cost of establishing the access card is $1.09 bdhon over four years. An

independent assessment by I

IQMG Assessment, the Australian Bankers Association estimated. an identity card system would cost their mernbers over one hundred miLon dollars over ten years.

Total prix~atesector compliance costs were estimated at around one billion dollars annually. The official figure for tlie Australia card was $820 rm.lhon over seven years. The revised estimate includmg private sector and compliance costs, together with other factors, would amount to several times ths figure. (ICPMG, 2004)

Claims that an access card or even an identity card will reduce identlty fraud should be considered carefully. The quintessence of a secure system would include a tamper proof card that could not be replicated and a centralised database, which

7 9 would be imperative to authenticate an identity card that is impenetrable to criminals.

Opponents of the proposed 'access card' cite 'function creep' as one of the vehcles that T.Y& transform the ongit~alproposal into a nauonal idenut) card. One such group 1s the Electron~cFrontiers Austraha Inc., a non-profit national organisation representing the onllne freedom and rights of Internet users, who hare grave concerns about pnx7acyand secunty m relatlon to such proposals and considers the roll out of smart cards by government as hav1n.g an extremely hgh potenual to result In the equivalent of an Austraha Card, whctlier or not that 1s the government's intention at the outset. This potentla1 arises from a comb~nauonof factors mclu&ng the ease wid1 whch smart cuds can be used for two-way communication with a centralised database and the^ assertton that smart card technology is designed to fachtatc f~~nctioncreep. (llilectroi~icI2rontlers Austraha,

2007)

At the zlustral~aCard Summ~tin June 2005, the then Attorney-General, 'The

1lonoural)le I.'hfip Kuddock M.1) rejected the ~deaof a nat~onalidenury Card stating ~t '~*oz//dmTeuse /he n.rk of. ./ru~d hecu/i.\e on/y one do~z~fzen/1ao~/d need to be counke?-fezledto e.rlab/~~hzde?zfity.' Thrs statement 1s in keeping with the Governments' announcement referred to earher regarding the lntroductlon of an access card as opposed to a natlonal 1denut-y card. In hght of those countries who have fully embraced the concept of an '~dentq

card', such as Israel and those who are st111 assessmg the pros and corls, such as

Australla, one must achlowledge that the creauon of one card m Leu of exlstlng

inultlple proof of ~den~tydocuments, creates a trophy of sorts to any cr~mnally

imded person to attempt to access such data. In reahty, efforts are then centred

on 'hachg' into one database and rephcaung one card. Even w~thouttechnical

slull, there 1s alwavs the abhty of crmunals to lnflltrate and corrupt the 'holders of

the key' bemg those people 'authortsed' to access mforma~on.

The damage to the mdvtdual who has thelr identlty stolen when thelr community rehes solely on one '~dentlq-card' is rnapfied to that of a dverslfied tdei~tlty authenucauon system. The benefits of an ldenuty card nus st bc welghed against the dangers associated ~ththe Issuance of a fraudulently obta~nedcard and the consequences to, not only the vlctm of the stolen iden~ty,but the comtnunlty as a whole.

The inclusion of a biometric identifier has been touted as the solution to combating identity fraud. In theory, its inclusion WI.U ehnate the use of multiple identities by indviduals; however not necessarily elirmnate the ability to steal anothers identity who has not yet registered for such a system.

In May 2002, a Japanese cryptographer, Tsutomu Matsumoto, used gelatine to take a mould from a live fmger whch was used to fool fingerprint sensors. More remarkably was the experiment he conducted that involved the use of superglue to

8 1 rephcate fmgerpzmts from a glass. The superglue was thcn photog-raphcd wlth a dgital camera; the contrast of the fingerprint Image was then improved using a reacldy a~rallablesoftware system, Photoshop and printed onto transparency sheets. hlatsumoto thcn used a photo-sens1tl.r.e print clrcuit board (avallable in hobby stores) and the fingerprint transparency to etch the fingerprmt Into copper, malung it three-dlmenslonal. Thrs was the11 transposed onto a gelaun finger as explained earher. Both rnethods fooled fingerprint sensors 80% of the tune. (Schncier,

2002). 7hls example of subverting biometrlc securlty systems and recent legslat~vcarnendrnents tn the Unlted States and ri~lroperequing the lnclus~onof a blometr~cldenttficr m passports leads to the questlon of blometric rehablhty. Chapter 9

BIOMETRICS

Go\-emments and businesses are increasingly turning to tecl?nolofes to improve

their abh5- to positively identifj users of their services. Whilst 'smart cards' and

'personal identification codes' have become widely used, more recent technologcal

applications include the use/inclusion of personal 'biometric' data to assist in

establishing identity.

Biometries, such as fingerprints, have been used by law enforcetnent agencies and

other lunited government agencies for a significant period of the. 1-Iowever, an increasing need to secure governtnent information and services, and the acuvities of the corporate environment, has seen increased interest in the use of biometric data. As bscussed earlier, G.overnments are also implementing the use of biometric data for border control purposes. Business is seeking to identify acceptable biometric applications for fraud control, particularly in relation to credit cards. Both are seelung the use of biometric data as forms of access control to sensitive and/or restricted areas.

Whilst a great deal of excitement is being generated by the poten~alof sccuri~ improvements using bioinetric data, it is not (and should not be seen as) the panacea for preventing identity fraud and other crime. Many proponents of the use of biometric data cite privacy concerns, nrhilst others identify a lack of scientific acceptance of proposed 'standards'. From a fraud investigation prospective, an increased use of biometric data applications has both positive and negative connotations. Wstthe abihty to identifj: a legitimate person \dlassist in preventing crime or identif@g offenders, what happens when the biometric data of a person is 'stolen' or 'cloned'? Xdchtionally, the legal system within

Australia is historically consenrati\;re and suspicious of accepting new technologies unul they have been thoroughly and scientifically rested.

'Biometrics' 1s an ldenuficauon system based upon the physiological, biologtcal and/or behawoural aspects of a person. Woodward (2001, p.3) defines blotnetrics as the ': . .M.I~of aper~oilr~baru~Le)z~tz~.j orper~onul /mzi.c ici /deni+~/y,or uen/y [he ilarmed ldentzty of t/)ai z~zdvzdz/u/':Blometric indicator sj stems can provide fast and automauc ldentlficatlon of a person by con\Terttngthe biomctrtc ~i~dlcatol-Into a

&gital form, and then comparing ~t to infortnat~o~lstored on a data-base. 111 this way, fingerprmts, DNA%,fac~al characteristics, volces, eye clzaractertstlcs, hand geometry and signature dynarmcs are able to I>e used to asslst m tdenuficatlon and tdenuty authentlcatton.

Biometric technology enables the ineasuremcnt of parucular physlcal characterisucs or behav~ouraltralts to recognisc or verify the Identity of an mdividual. There are a number of bioinetric apphcat~ons11eing used or developed, includmg;

P Fingerprints P DNA

> Iris and retinal imaging

G Face recoption

% E-Iand geometry

% Voice recognition

G Signature dynamics verification

Russ & Jain (2004, pp.131-135) ~denufythat the use of blometrics applicauons has

four mportant modules:

Sensor module - whch acquires the raw blornetl-lc data of an indn~ldual

Feature extraction module - whch processes the acquired data to extract a

feature set that represents the biometric trait

Matching module - in which the extracted feature set is compared againsr the templates residmg in tl~edatabase through the generation of matching scores

Decision making module - in which the matchtng scores are used to either validate the user's claimed identity (verification) or determine identity

(identification)."

Grijpink (2001, p.155) suggests that the usef~llnessof biometric data applications is that it bect1-y hks a person to a data record by means of an unchangeable and non-transferable means: "Biometries derihes its sign$cance,from the person-related natgre oJ' the physical characteristics that serves UJ the point oj'ncognition. In compan.ron with the ~zstomuyno/z;penoi~-reluted merl7od.r to check someone's identity SUI'~ u.spzn ode^, pu.uwords. . .".

Biometxics has a wide range of uses. bfany of the biotnetric indrcators identtfied above are being itnpletrnented in one form or another in government and private sector environments.

Fingerprint Technology

An ind~v~dual'sfingerprint is formed as a foetus and expands unlfonnly as the body increases m size. Those fingerprints wdl rcinaln unchanged untll death, unless they become seriously altered by in~u~y,scarrmg or &ease. 14ingerprmt biometric mdcators havc been used by governments and law enforcement agencles for inore than a century. Onc of the frst records of the use of fingerprints as a hlolnetrrc mdrcator of ~dcntlty1s m July of 1858 when Str Wllharn

Herscel (1 833 -1 91 8) a Chlcf Magistrate m Incha requlred a palm prmt and later fmgerpruits on the back of contracts. Thts use of fmgerprtnts was based upon superstluon, believing that personal contact with a document made it more binding that just slrnply slgmng the document. (lioberts, 2005)

Fingerpnnt technology has evolved significantly since the early days of ink on paper. Modern techilology has allowed fingerprints to bc scanlled through electronic means. These advances have also allowed the technology to ex-olve to assist in providing a very accurate and quicldy &scemable biornetric indrcator.

Unlke comparison of ridges and furrows with ink print impressions, modern

86 scanmly create an Image of a fmgerprmt, then bgluse certain feature

extracaons ro psovlde a urnclue 'biomet~lccode'. The feature entractlon pmcess iden&hesmeasurements based on rldges and burlficatlons (ndge separations). It 1s

.d-us unique &gltal code whch 1s then stored on the database for future comparison purposes.

Wood (2002, p.47) suggests that, whilst not infalhble, fingerprint biotnetric applications are sufficiently accurate to make them a viable application for broader identification uses; " Wildsf fhi~./o/7~?of'biometn'c i.r ~otIhe ~~o.c.fa~.~wrnte afiaiLab/e, the chu+z~~e.soJ"a rievi',e irzaking u .fi2E/se a~qbt'ure exf~emelylod'. However, Wood ~naliesone collcession regarhg the accuracy of ths technology and extends that the scanning device can be calibrated to accept a lower number of positive matches of

'feature estraction points'. This lowering of the standard of identification has the potential to increase the likelrhood of a false comparison.

The main advantages of the finger~canlfin~erprintbiotnetric application include:

> Non-invasive nature;

3 Rapid speed of comparison;

> Cost effective technology;

P Scientific and legal examination/acceptance of accuracy.

Fingerprint technology has become widely accepted wihl law enforcement and the wider community as a means of positively identifying a person. This general acceptance is well founded with a plethora of scientific research. It is also assisted by popular use of fmgerprint biornetrics in novels, movies and other fictional entertainment medums. The fxst author accredted with the popularisation of the use of fingerprinting is Mark Twain in hs 1883 novel 'Life an the hfississippi', in which a murderer was identified with fingerprint identification.

Xustrahan law enforcement agencies have been using fingerpmt matchlng teclznology for many decades. In 1986, the National Automated Fltlgerprint

Identification Systetn (NAFIS) was mplemented. Ths system is currently managed by Crun'Trac, a Commonwealth governtnent led collaboration of law enforcement agencies from each Statc and Terntory wtth~nAustraka. The NAIiIS database 1s reported to hold m excess of 2.4 imdbon records and 1s installed In over

30 locations around hustraha (xw~~.crrnt~ac.go~.au/finge~rmts).If a comparison inatch behvcen a sample and the data-base is ~dcnufied,a fingerprint examination expert is sull requ~edto rnan~lalljrconfirm that the cotnpanson is a correct match.

The acceptance of the accuracy and apphcatlon of fingerprint biometnc data by the broader community may also provlde the Impetus for resistance to ~ts apphcauon m private sector appllcauons, such as banlung and credt cards. Some pnx-acy advocates suggest that, should government fingerprmt records be cross matched with prlvate sector fuigerprlnt records, then personal mfi>rrnatlotl (such as a rmnor crmalconvicuon decades ago) may be provided to an employer, finance company, insurance company, etc Whdst suggesuon 15 made that the private sector can solely rely upon talung the~rown fingerprmt hiometrlc data du-ectly from customers, ths information tvdl stdl ultimately need to be verified

(by one method or another) to government records

Facial Recognition Technology

'Facial Recognition Z3echnolog)-'is a comparatively new biometric application when compared with fingerprint analysis. WMst it is true that people have made assessments as to identity through matchlg a face with that of a person previously seen or known (such as recopsing a friend or conducting a police idetltification parade with a victim of crime), it sigiificantly &ffers as it applies to the analysis of digitised measurable characteristics, such as &stance between the eyes. This is somewhat sdarto that of dgitised fmgelprint biornetric analysis. Clurrent applications of facial recognition technology perform the task of identifying a person through their facial features by using geometrical analysis, thermal pattern imaging, line detection or a combinatiorl of these applications. E-Iubble (2002) suggests that the most cornrnon application of facial recoptlon utilises geometrical analysis, measuring &stances between facial features and using comparison algorirhins to differentiate between digitised database records.

Facial recogmaon technology 1s increasingly being constdered as a vlable, non- mtvuslve and passive biometric appllcauon by law enforcement, governments and the pr~~atesector. NSW Police have mplernented the 'Phototrac' system to record offender photographs (under controlled con&uons) and use those photographs to match agamst sumelllance tapes installed in hotels, banks, etc. The

Phototrac system IS also currently matchg offender photographs with other offender photographs of sdarphys~cal character~stlcs to unprove the integntj of pohce photographic idenufica~on'he-ups'. It 1s reported that NSW Pohce have m excess of 350,000 photographs available on a data-base (NSW I'ohce Weekly,

2003, Vol 15). Pohce m Tampa, Florlda, reportedly u-ialled faclal recognition technology upon the crowd at a sporung event (NFL Superbowl). Whdst no arrests %.el-e made (as it was a trial only), the system used is reported to have ldenufied several persons recorded on the local police offender database. (Pearce,

2004)

Other government agencies, mcludmg Austrahan Customs Service, have been triahg faclal recogmuon biometric technology for border control purposes. This brometric system is one of the systems bemg considered to meet IJS Ciovernment passport mprovement requrements. Sdarto otlzer biometric systctns, private sector apphcauons may also include cred~tcard venficauon and banlilng set-vices identlficauon.

However, IQishnan (2004, p.5) identifies that facial recognition technology is not as effective and acceptable (at this stage) as other biometric applications. Citing results from the U.S. Government "Defence Advanced Research Projects

Agency", during the 'Face Relzrgni~ionl'endoor Ted 2002 V77 :it i.1. noted thus re-suits

on4 inclzlded concb4.rive positive compariJon rate of ' '85%Jor u du!ubu.se uf '800 peoplc, 83 % /ir

1LOO, and 73%jor a data-base oj'3 7,437 people." Subsequently, the reported accuracy rates suggest that facial recoption

technology has scope for further development before being ~rnplelnentcdas a f~~lly

automated and stand alone or single use biometric idenuficatlon/verificauon

system.

Applications for Biomerric Indicators

Many mdustrics, government agencles and financlal lnsututlons have long been

grapplmg alth the quesuon of how to confirm ~denuty,'Yde~f~~~~~~peo~le ~n/l/h

'ertuz/z/y zu both a tzme-~on~~/w7gul~dLOJ~/) u~tz;l/zfy." (S~mth, 2003) The rnerc possession

of an tdenuficatlon card (sucl~as Medcare card), a passport or even a personal

ldenuilcatlon number (PIN) or password does not conflrm or \-ahdate a clalmed

~dentlty.

Tliose same ~ndusmes,government agencles, law enforcement agenclcs and

financlal lnsurutrons have rmplemented blometrrc mdcator systems to deal wlth

some of the~rsecunty and busmess Issues. With the exception of blometric acces$ contl-ol systems, such as fingerprint door access scanners, ~t 1s suggested that the most prevalent usc of blometrlc technology has been the law enforcement sector.

Some law enforcement appllcatmns of blometric technology mcludes:

P Identifyhig criminals through fuigerprint rnatclvng technolog~es;

P DNA analysis of convicted and suspected offenders;

> Illegal immigration matters;

G Use of facial recognition technology to assist in identieing suspects. The storage and use of these blometnc indicators by law enforcement agencles are

slpficantly restricted. Pohce wdgenerally only possess the fingerprmt records of

crn-rulials and persons elnploycd m specrally regulated ~ndustries(such as pohcmg, gammg, secunty and mtelhgence professions) The breadth of data 1s therefore l~rmtedand does not Include the general population. rld&uonally, the access to use ths mformauon IS hlghlp restr~ctedto leglt~matclaw enforcement purposes, and lxometr~cdata may not be provlded to a th~dparty, such as a bank or other prlvate busmess. In many instances, tlie blo~netricmformatlon cannot even be provlded to other government agcncles.

W~ththe mcreasing need for sccunty in pmrate sector apphcat~ons,such as banking and frtlal~claltransactions, businesses are seelung tlie development and impleinentatlon of effecuvc I)lornetric md~cators.Such applications ma) lncludc ldentlty \-erificatlon usmg blomctrics n1 credlt card applicatlons/usage and personal loans.

Limitations in the use of Biometries

'T'he ability of both government agencies and the pnvatc sector to irnplerncnt a truly useful bioinetric ldentificauon system 1s problematic. Both requirc the collection of rdentification through current tradtional ~nethodsbefore ~t can be ahped to a sample of blometric data also bang provlded. In the case of government agencies, unless the provider of that b~otnetr~cdata has previously provided biometnc data, such as a coiirr~ctedcrrrmnal having been fingerprinted

9 2 (or the person is very well known), it is possible for a fictitious or stolen identity to

be provided at the time of pros~ihgthe biometric. Whilst ths could mean that a

criminal could legitimise a false or stolen identity through the implementation of a

new biometric identification system, it is also acknowledged that it means the

indwidual w~llbe hnited to that particular identity wMst remaining within that

countq/jurisdicuon (such as Australia). The only possible solution to tliis

conundrum is for the government to obtain biometric data at birth.

The configuration of the system used wdl also have a dmct bearing on the limitations of the biometric data. IQishnan, (2004) identifies isvo dsunctly dfferent bioinetric systerns:

One to many comparison - where a persons' blometrlc l~lfortnauon1s stored 011 a central database and companson 1s made by the person to that database (such as a finger-scan system at a shop hked to a central computer to confu-m thc ldcntlty of a credt card user.

One to one comparison - where a person's biometric inforination (such as a fingerprint) is stored on a smart card and comparison is made between the pcrson presenung the card and the information contained on it.

The question of centralised or decentralised storage is important. The storage of biometric detail on a 'smart-card' (decentralised) it1 the possession of the pcrson who provided the biometric data allows for the determination as to whether the card holder is entitled to use that card. However, hswdl not establish whether that person has fraudulently obtained other 'smart-cards' using hfferent identity

93 details (such as with another bank). Opponents of ths system argue that if biometric inforrnatlon can be stored on tlie 'smart-card', then it WLU oilly be a matter of time before criminals can clone these cards or manipulate the data svithln them to change the biometric information to their own (as is the case with current cloning of inforination on a crecht card magnetic strip).

At the other end of the spectrum (ceiitraltsed), should a person's biometric detail be stored withln a central database, it would allow for an mrnedlate deter~lvnauon as to whether the person has previously registered uslng a dfferent idenuty.

However, thls system may also ralse s~gnificar~tprivacy and security concerns.

Opponents of thls system also suggest that, unless slpficant security measures are developed, it may also be prone to cotnputer hackers wlio could steal or srrnllarly maqulate the database for crunuial put-poses.

Apart froin the integrity of the initial record or sample of blotnetric data, hmltations 1n the ~isefultlessto law enforcement and government/pris~atesector apphcatlons of blomctrics can be categoriscd lnto two 11road groups:

>- I ,cgal Issues

);: I'rivacy Issues

Legal Issues:

Dissemination of government biometric information: - Government agencies are currently strictly controlled in the collection and/or dtsserination of the per sons^ information of ci&ens ivihAustralia. The conuol of tlGs information

is by means of legislatil~eprocess, includmg Commonwealth, State & Territoq

pnr-acF In essence, government agencies (includmg police) cannot

dsseminate the personal information held on government databases except for

legitimate law enforcement purposes and only to prescribed authorities, such as

Australian Taxation Office and Workcover. As an example, at present the

personal information regardmg a driver's licence is stored, both on a government

data-base and on a licence in the possession of the person. Should the person

proi-ide a drirers licence to a private sector organisation as proof of identity, it is

un&eI\- that the private organisation can be colnpletely satisfied that the licence,

and identity of the person, is completely legitimate as they cannot cross reference

against the government (RTA) database. Therefore, dependmg upon whether

Commonxvealth and/or State governments uase a centralised, whole-of-

government database or implement localised indx~idualsystems, the biometric

information in the possession of the government may not be disseminated to thc

pnx-ate sector organisation under current legislation (except if the localised

database also records biometric data on a device such as a smart-card, as a

replacement for a driver's licence).

In effect, thts means that, irrespective of government awareness of the identity of an indvidual, private sector organisations may not be in a position to verify or authenticate the identity of a person any Inore conclusively than present procedures (such as the 100 point identification regime). As a post-script, it is suggested that any move to an integrated private/public sector database or data- sharing program would drastically increase citizen objection based on privacy concerns.

Self-Incrimination: - 'l'he judicial system used in ,2usu.alia rehes upon the long estabhshed right of an ~ndividualagalnst self-mcrrminauon. Legal ob~ecuonmay artsc if :LIT ~tldtvldualis not afforded that right durmg a process to collect biometric data, sucl? as 21 credlt card apphcat~on.There is currently no legislauon or case law

In rlustrah:~relating to the use of blornetric data collected by a private orgafiisa~on that has sul~seclucntly1)eert used 111 the crirmnal lnvesugauon and prosecuuon ofa person for an ofkncc. I;or example, fa person lnust provide a bank with a fingerprint to est:iblish tdcnt~tyto obtain a csc&t card (and that person has never bee11 fing-crprintecl 1)y poltce previously), then has that same person been afforded the right against self incnmmatlon ~f the police obtaln that fingel-prlnt from the

I,anl< d;~tal)xscfor thc purposes of investigating an offence?

Acctxracy/Expcrt Status: - 3 he long htstory of fingel-pnnt analysis wlth111 law cnforccincnt h:~s et~aljledpollce to for~nulatcand benchmark acceptable standards, upon whtch expert cvidence may he adtnittcd to a Court regarding ~dentificatlon.

'I'h14 process has I~ecn1-clcnclcssly tested in the (:ourts to define those acceptable standards. In both (:omtnonweaIth and State ev~dcncelegislation, the abhty to provide 'espcrt sclcntltic cvldetlce' is governed by rcspecuve Iivldence Acts and recluircs ;L st rtct rcgirnr of estal~ltshmgthe level of expertise of the provider of that c\rldcncc. I'spcrt .;tatus is established w~t-hconsldelations such as training, experience and cxposure to tl~crclative field. I-lowever, the same rigorous legal scrutiny has not yet been established for automated biometlric applications

(includmg fmgeqrint and facial recognition). Tlus map affect the abhty of

government authorities to provide evidence based upon an automated biometric

comparison, without resorting to tradtional 'expert' evidence. Whilst this is not

problematic for fingerprint evidence or facial recoption, it may be for other

biometric applications such as iris scanning, which has a much more limited depth

of scientific and legal scrutiny.

Evidence continuity - A slpficant legal prlllciple in the Austrahan jud~cial

system 1s the reqwement of the prosecuting autlionty to estabhsh, "bcpond

reasonable doubt", all elements of an offence (and on the balance of pr-obablhtles

for ~1~1.1proceedngs). In thls respect, the prosecutonal obhgauon often ~ncludesa

liecess~tyto estabhsh the contmuuty of evidence. Ths may be parucularly d~fficult

1n the use of a person's bioinett.ic data that has been collected for pnvate sector purposes of ~denut~/venficauon.The pr~vatesector may not pnontlsc potentially remote ulves~gatlon/evidenccconcerns over commercial concerns, such as

customer servlce and marketuig. In esseizce, a lack of definable contmulty of biometric records may render that evidence useless for lnvestlgatlve purposes, should a private sector system be compromsed by cnrmnals.

Pn'vacy Issues

Privacy concerns have been raised in relation to the introduction and application of biometric identification/verification systems. Those concerns include: ?9 Surreptitious use of personal biometric information;

Discrimination of persons as a result of the misuse of biometric

information;

3 Control over the 'tlzird-party' or unauthorised dssemination of biometric

information.

Concern may be rased regardulg the potenhal far blomet~~csto reveal more lnformauon than orignally mtcnded. Tlus concern 1s extended to the potential for the rmsuse of that inforrnauon by prlvate and pubhc sectors aUe. Icrishnan (2004, p. 3) notes that

caw ~e?~ta/heuiih. 'I-hisi~~/omza/ion, if'avaiLabb to un emp/oycr, may rt~u/tin improper

use and ~ouLdre.su/~ in de~i.i.iotz.rbased 072 the '%x/m"in/br~?zutlicin /he biumet~lil:r

prouide. 7%2smay resz~liin people fhm ~,ertaii?,qfv~p.c heAg cut-jtted, and /nuy ~e.r.v//in

deniul o/'.rem~ice.rand other en~bat~zl~.si~;g.silfi/ulion.r. "

Rees (et al; 2004, p.4) suggests that one of the more sinister prit~acyissues regarhng the misuse of biometrlc data is 'function creep', whereby the bioinetrlc data collected for one specific purpose rnay subsequently be used for another unintended or unauthonsed pu~pox".An example of 'funcfion creep' could include an insurance company that collects biometric information for identification/verification purposes, then uses that information to determine potential health risks for future health insurance purposes. The same principles and concerns apply to the unintended dlsseininatiotl and use of biometric data by 98 'thud parties', such as law enforcement agencies following the cormnission, or

suspected commission, of an offence.

Gridjpink (2001) notes that one of the fundamental pdars of the protection of

privacy is that data from one sector cannot automatically be used in another

sector. Dependent upon the biornetric system and application, it also may be

possible for 'smart-card' technology and facial recoption technology to be

integrated and misused, whereby remote scanners could correlate 'smart-card'

(simply containing a fingerprint) with photographs to surreptitiously establish a

inore broader profde of a person. Prior to the broad implementation of biotnetric

systems, definitive legislative controls need to be established to regulate the use and misuse of such technology - 'Xppiil.ufionsmuifb a ~.~@m-~e~;toralchamcter call fbr

e-y+dil.itpuDii~upprovul became the imp/iCLlfiO/z~.for the pro/ection of $.Z'II~LY ~o~tldDe~.ome apparent on4 gradz/a//y and over a wider area than people muy itzitiully ha~xmz/i~~$ated //1 rty/ution ky Luw z,.oald .rapply the ne~~essapuppro~~ai. " (Gridjpink, 200 1, p. 4).

Technology has drastically altered the way society carries out business. However, those same technologcal advances have spawned their own problems, not least of whch is 'identity fraud'. 'The impersonal nature of many business and government transactions makes anonymity in the digtal environment somewhat easier. Whilst law enforcement agencies have used fingerprint biometrics for many decades, it is envisaged that broader biornetric applications will be increasinglj~of great significance to the prevention of crime through identity verification and/or authentication. The use of biornetric based applications is growing as governments, corporations and the general public place increasii~gemphasis on

security, includung personal idenuty security, and security from crime/terrorism.

The design and choice of a biometric application involves a large number of implicit choices that wdl determine the effectiveness of the application, both in terms of security, fraud prevention and the consequences for personal privacy.

Biomet-ric technologies that enable the automated verification of identity will be a

cornerstone in rninirnising crime involving stolen or manufactured idenuties.

However, compreliensive accuracy, legal, security and privacy issues need to be examined before the true potential of biolnetric applications in the government and private sectors can be realised. Chapter N

LECISEATIW ANALYSIS

Leglslatlon in Austraha relevant to ~denutytheft and/or fraud 1s cisent~;~ll);umcd

towards three specific areas.

1. I'rohtbltmg particular activities, such a5 impcrsonatlng 21 person

with some form of legal defi~itlon(such as solic~tor,pol~cc officer

or doctor); obtwga valuable Item through ~mpcr\otiatlt111; (11. thc

manufacture and presentat1011 of fraudulent documents \vlthlli :ill

intention to obtm an item, a service or iluthor~\attonto conduct

some other form of regulated function (such :IS dn\llllg ;I ccrt:~~~i

class of motor vehcle).

2. Leg~slauonto asslst persons who may become thc victli~iiof

ldenuty related cruxes, such as certaln powers to ;lccc\\ tlcccs\:lr)

informauon

3. Statutory obligations upon organisa~onsto protect the 1~ctson;rl

information collected or entrusted to them.

WMst poinr 2 is of sipficant importance, the legislative impact of poirits 1 :~lld3 requires a closer analysis. Why? Because any legislative framcworl< to assist

101 victiins of identity theft is very much reliant upon what is specifically proscribed in legslation and regulations pertaining to the 'theft' of idenuty and the protection of lawfully acquired personal inforlnation. Point 1 is also specifically relevant to the prevention of manufactured or fictitious identities.

Pr~orto exam.mliig Austrahan and international leglslauon, ~t is prudent to note that under currcnt Austrahan legislauve parameters, st is legally impossible to 'steal' a person's legltltnatc idenuty. Steahng or Larceny can on1)- occur for a tanglble object and identlt! 1s nclther 'tanglble' nor an object. It 1s however possible to fraudulcntlq: assume the ldentlty of a natural person, or to purport oneself as bemg ldcntical to that of anotlier natural person. Naturally, ~t1s also posslble to create or lnanufacture an enurely ficutious ideriufy, or any part thereof (such as inerely chang~ngthe year of birth in order to mcrease or decrease age).

The historical legislative framework in Australia

'7dtntiiy. ./rui!/d in its own @gh/ ir a nebu/oz/.r //iiq. We oyghi to be /ooki/g at the

~//i~y/a/eu-i;v/~e thut is ~,omirzitted,not ne~a.r~arijyIhe me/bodolqp of'~-oirz~li~;ling il. Thuf

is, zfjo~. - have de/ra;iia'ed /he Cbmmonu/eu//h oj'upaf-tl;l~iLaiur.rz:cm o/';rjlzone);,w6uL ozgh1! to

be o/'ir:s~fcto 1i.r ir fhut you have dejruuded Ihe Cbmmonzz,t'u/II~ofthe money, not so

m//;l;IIwhether you did it hy identi!y./jzrvd, by .sti~'king~yoi!~rhand thm~gba window or

by whatever method. " (T7edemiAgen"tIF"i~zson - A~~stiuruku~z.F7edeml Poli~*t~.,

RA!AO Rfif'OK7"No. 37) Because "identlv theft 1s typ~callynot a stand alone crme" (G130-02-363),

crrnnalla\~m ilustraha has predormnantly been reactwe and very narrowly

focussed towards the concept of 'Identity' as only belng a inechamsm of the

overall deception to obtain certain valuable tfungs, services or resu-~cted 1

authortsatlons. 'The Idea that '~dentlty'Itself may be a valuable commodity, or at

the very least a kghly spec~ahsedcnrmnal tool, does not appear to have heen

understood or adequately addressed 113 crmunal leglslahon. A gpical example of how the crrmnal law has been traduonally narrowly focussed 111 thls regard may be viewed m the Western Austrahan Cr~rmnalCode (Secuon 51 0).

Criminal Code (W.A.)

Section 510 - Personation in general

A ~y person who, with intent to dejkaud uyperson, julre& rep;re.ren/.r hifiz.ret'to /~c.romc I / I otherperson iiuzqp or dead, irgz~ilty$an o/jince which IL~J~JTotbenaise .~.tuted,i.r (I I misdemeanour; and be is Liable to imprisotznze/ztfor 3 yeam.

vthe ripresentation is that the ojinder is aperson entilled by wi/i or opem/iotz (ll'iuzz,/o

any .PIebey and he commits the ojence with intent to obtain .r.z/chproperty, or

possession thereg,. he isgzlilp oJ'a cnme, and is liabh to impn~ro/zme/z!/or 14 yeur.1.

Similarly, Section 184 of the Crimes Act, 1900 (NSW) creates the offence of

Fraudulent Personation. Crimes Act 1900 (NSW)

Section 184 - Fraudulent Persona tion

W/)o.soever-.ju/selypersonate.s, orpretend.r to be, some ofherperson, with inten[ fiafi~d.v/e~zfbto obtuilz uny propet-ty, shaN be liable to inqrir.onment.jor .relien yeurs.

Nothing in this .wction sba//prez.venta;rzyper.son so persoizaiting, orprelending,jkm be* pro~eededq~ain.z.ri iiz ?*e.pecfo/'.sz/~,b ad, orpretenc.~,under ai!y ofher enuctment or a/ Cbmmon

La121.

Both Secuon 510 of the Western Austraha Cnininal Code and Section 184 of the

New South Wales Crimes Act are typical of crirmnal law in all Stares and

Territories w~thinAustraha. The legislation lias hstorically been predominantly focussed towards financial fraud related offences. The legislation has a requuement for the prosecuuon to prove, beyond a reasonable doubt, that the accused person assumed the iden~tyof another person 1~1ththe 'men.\ red' (guilty mlnd) of an intcnuon to defraud. The use of a stolen or fictiuous Identity is merely vtewcd as the vehicle by whlch another crme, such as fil~anclalor credit fraud, may be coi-nm~tted.

The effectof Births, Deaths & Marriages legislation. 'I'he subordnate context of identity in Australian criminal legislation may have been fachtated by an acknowledgement that identity of ilustralian citizens is not absolute. Each State and Tersito.t-y in Australia has virtually identical legislation regarding changes of name. Particularly, each State and Territory has enshrined In

104 legislation hat a person has a right to change their name either through an

amendment to the respectis-e State register or by way of "repute or usage".

Births, Deaths & Marriages Registration Act 1995 (NSW)

Section 32 - Change ofname may stid be established by repute or usage

32. C/7ange o/ nume mu)/ ~tz//be estabh~hedb~ repztle or wage

rrt7z~f36zrt doe noiprewnt a chunge oJ nume hy rtprtfe or ~~qge.

Essentially, the nght of clazens to be reg~stercdas one idenuty, yet frcelq use an) number of other idelztltles through "repute or usage" 1s absolute 7he effect of

Secuon 32 of the B~ths,Deaths & Marriages Act 1995 pSVV) is that there 1s no legslatme reqmement for any person to mamtaln usage of their identitj a5 reg~steredwith the respecusre State or Territory Keglstrar of B~rths,Deaths and hfarnages. WMst the LnserBon of tlus type of Secaon may have been a11 acceptance of the Austrahan cultural psyche of shortening names (c.8. I larold to

'Henry', or Catherme to 'Cathy'), ~t potentllally creates a strong legal argument that it may also render Inoperable other pieces of leg~slatlonwhch spcclfically \eel<\ to ldenufy a person - such as requements ~n obtamng a drisrer's Lcel-rce.

Wstit is a legally 'grey7 area, soine pieces of legislation may attempt to limit a person from assuming a new identity, by reason of "repute or usage". One such example is the group of offences prescribed 111 Section 307 of the Crlmes Act 1900 o.Particularly, Section 307B creates an offence for a person to provide false

or misleadng information.

Crimes Act 1900 (NSW)

Section 307B - False or misleading information

(1) A pe~soni.s g~/i//y. o/.a?z. o/]in~z$

(a) /be person ,gi?/e.s injuv?zu/iorz to another penof?,and

0/he per.son n'oe.1. .so k~roMqgfhaf the i12fumzation:

(i) i~./u/~eor /7~is/eading, or

fig omits any matter or thiq z~i/huzttUJ~ZI;C) /he infivzation ii. mi.s/eadi~g,a~d

(ij any o/l'the-jo//owing .r~/bpurugra/)h.sapply:

6) lhe i~z/urmulioni.sgiven lo apz/h/-il al//hotily,

fig /he in/bmzatioton iscg;;l~ento upenvn who is e.wni.iiqy orpedirmiqg any

poi~er,a~//hority, dzdy . or/i/nctiun. mnder, or ifz ~.o;rzne~;'zonwith, a law o/'the

.Slale,

(2) .Tz~i?.~ecrion(I) does no/ apply a.r a re.suh o/'.s/.nbse~'tion(I) Q7) 6) ifthe information is not

/ui.se or mir/eadin,

(3) .S'ub.section (1) does not apply us a rcsz4lt of sr,~hse~tioion(1) (b) (ii) {/'/heinjom/zufion did not omi/ any mailer or /hiq ja~i/ho/'~/whi6.h the in/ormation is nzisleadiny in u nzatem'alpurh;?nla~

106 (4) J'ubsec;tio?z (1) d0e.i not ajply us u re.i~f/to/'.ri~b.sectzbiz (1) fij (i) if,'. before. he infurmution wa.!

'@en i?l, upecron to thepz4hlil.uifti~ot-ity, he pub/ic a~~ti~on~ydid not take ~-e~~so~zub/e.riep.r to

iizjbi-m [heperson oj'ti7e e.~i.r/enl.eoj'the o$ince ugain.st .iubsei.tion (I).

(5) Swb.cection (I) d0e.r tzot upp/j us a n.sz~/toj'~~zib.se~~tiotz (1) (I/i (ii) zj;. befire. /he in/or~~uiio~z

WUJ.gi~~en hy u jerzco n (the '~irrtper.sonl~to the peit:son mei2fioized in that .r~/bparqgrah(d7e

".~~e~~orzdper:sonr~,tine se~~ondperson did not take rea.so;rzab/[email protected] to in/bv~zthe fin/ //er.i.onof '[he

e.?iist~in~.eoff he ofleiz~,euguii?.rt .r~~b.se~~iotz (I).

(6) The b~frdeno,+'e.stab/i.shiq~ a matter r+rred to in sz~bsec/io/z(Z), (31, (4) or. (5) /ie.s otr [he

u~~lw.edpersoiz.

(7) For the p~/tpxeso/'.w(?.ie~'tion.r (4) and (5),it is szgi~ientf'ti7e fol/o~i

used:

LVhllst Secaon 307B of the Crmes Act 1900 (NSW), and the other group of

offences contamed with111 Secuon 307 of that Act, seek to prosecute persons who

may provlde false or m~sleadmginforlnatlon, legal uncertamty st111 rcrn:uns as to

whether a person who provldes a name othew than the tdentity reg~steredwlth the

Regstrar of Brths, Deaths & Marr~ages(or contuned m a passport for a non-

cltlzen) is crmnallp culpable ~fthat (other) name falls w~thmthe parameters of

L L repute or usage". There 1s currently a pauclty of case law regardmg the lnteracuon and effect of the provisions of the Births, Deaths & Marr~agcs'2ct

1995 (NSW) upon other relevant Acts. ISowever at best, the varlous pieces of leg~slaaonare ambiguous and provlde legal uncertamty. Why is the 'repute and usage' parameter, as reciprocated in 'Births, Deaths &

Marriages Register' legislation throughout Australia, potentially so important to the issue of false identity?

3 It provides a legal mechanism for an argument that people may udse a

name other than that which is contained on the official register of births in

tliis country (or passport information for non-citizens).

P It renders ambiguous other legislation aimed at ensuring correct identity

details are recorded in registers for rest~ictedactivities (such as obtaining a

driver's licence).

For the long-term critninally minded, it would provide an avenue for the

legitimate establishment of multiple identities, potentially inclucbng

manufactured identities or the assuming of another person's identiq.

> It fails to counter the cultural norms of other countries, such as nations

from the Middle East and South American regions, where the use of

valying and multiple prefixes is accepted and legtimate, yet which would

allow such a person in Australia to obtain muluple identities. I'refixes such

as 'Bin', 'el' and 'al' contained with and between names are, in some

cultures, interchangeable, yet witlin Australia would enable sufficient

cbfference to legally differentiate a person from others. The reciprocal of

that cbfferentiation is that a person could legally obtain multiple forms of

identification (such as multiple driver's licences) with those slight

cbfferences. For example, a person inay legitimately be lcnown as

Mahrnoud a1 sahbin Mohammad. Ths person could legtirnately obtaii~

identification in the names: 1. l\Jahmoud a1 sahn bin hlohammad

2. hlahmoud salirn hlohammad

3. nfahmoud a1 sah&lohammad

3. hlahmoud a1 salun

5, hfahmoud Mohatnmad

7. hlahmoud bin Mohammad

'The cultural umqueness of some reg~omsmay thereby provtde lawful

avenue for an mdtvldual to obtaln tnultlple forms of identlficatton ln :it

least seven bffermg name stlucturcs. Thls 1s not Illntted to Islatmc or

nauons from the Mlddle East. Predotmantly Chrtstlan South Xrncrtcan

nauons often allow mdnrtduals to have both names conststmg of a first

name and farmly name, m addtuon to the adopuon of a stnglc narne

(such as well-known soccer idenuues 'Ronaldhmo' and 'l'ele'). 'I h~s

slngle name may have no hteraq connection wlth their first name or

famdy name.

P It may provide a longer period of tune between the acquiring of

documentation containing a false identlty to that of detection by law

enforcement agencies. This latter point is particularly salient in

circumstances where the fraudulent identity has been used for purposes

other than fraud related activities (such as establishing bank accounts to

transfer monies from Australia for terrorist purposes, or the hiring of a

vehicle to be used in connection with a terrorist incident). Tlie lil~lringof the 'other (false) identity' to tlie person's true or regstered identity may

take law enforcement agencies significantly greater time and resources to

acheve.

Penaliy Disparity and the use ofpenalties to discourage false iden tities

Another factor of particular note In revtewtng ~denutyrelated leglsla~onis the penalty dspanty between crmnal legrslation and leglslatlon duectly relaung to hcensmg & entstlcmcnt cards. As ldenufied above, the NSW Crvnes Act (Sec~on

107 A-C) provldcs signtficant penalty of 2 years or 200 penalty unlts. At the present rlme, a penalty unlt 1s equivalent to AliD$110. Therefore, a penal9 for provldng false or msleadmg 1nforrnat;lon is 2 J ear5 or rZl?'D$22,000~f crmally prosecuted.

I lowever, specific legslatlon rcgardlng the provision of false or mtslcading inforn~atlon,such as identity, 1n the accluisition of a drtver's llcence m NSW only attracts a penalty of "20 penalty units" or A01)$2200.

Road Transport (Driver Licensing) Act 1998 (NSW)

Section 22 - Obtaining driver licence by false statements

(u) by u.fi~l.re.sluiement or azy zy7z.sr~re.sen~utionor other ~ii.sbone.simean.(, obhin o~

utfenpl /o ob;ain u d~uerhence or /he reneu)ui of u driurr licence, or

110 (/I) I.iifhailt/u2pfjL/ awt!iio?$Jor ehhI'z/i.!.e,)o.l?w!. u dnnlier/i~,enc.e obtained or re4ewi.d z//.riq

tho.lr 0lemz.s.

;\ll~uTin2z/~~pena/~~:20 penuky $/nits.

(2) _.,I dIil,er/jcerlL.e .so obtuined or retzewed i~.noid, uud Aj/thorify. muy- u/ter /he

r/n'/,eriil.erz',e regi~~teruuordjfgb.

(3) J~b.(e&~(1) doe.( no/ upp!) fo u dril'er /j~.en~erece$t ir:rued ~JJanother j~/r%~'di~i'iow.

Not\t7ithstanhg the ambiguity regarding the use of an ideiitity that is provided by

wa? of "repute or usage", there is little alignment of penalties regarding criminal

legslation and that of legislation pertaining specifically to persons fraudulently

acquiring licensing or entitlement cards. Corninon law in Australia dctatcs that

the most appropriate indctrnent should be pursued, particularly where an

indctrnent is enacted for a specific set of circumstances. In this reglrd, tl~ereis

little &sincentive for critilinals to use fraudulent identity information in acquiring a

driver's licence as they would be most likely to receive an insignificant fine.

The issue of penalty parity is particularly poignant in respect to a driver's ltcencc, as this is one of the more significant foniis of identification which is also commonly used as the primary identifier in applications for other goods and services (such as bank accounts, passports and restricted goods such as chemicals). An argument for legal reform in Australia and Overseas

There is growing evidence that the notion of identity theft or illicit identity

lnanufacture as only being 'a vehcle for other crnnes7is largely reactive and may

be somewhat outdated. Some may view the lvstorical perspective as ahto only

prosecuting armed robbers following a robbery and not proactively seeking to

legislatively restrict access to fuearrns before they can be used in a crime.

The speed at whch criminal activi.t-4.may now be committed, with the use of progressive tech~iologes,may establish a legitimate necessity for governments to proactively proscribe legislative reinedes. Ad&tionally, identity 'theft' and identity

'manufacture' is no longer the sole domain of financial fraud related activities.

Stolen or othelnvise false identification may also be used to procure or fachtatc the acquisition of items that are prohibited to the general comunity, such as ammonia nitrate based ferasers.

Assumed or manufactured identities may also mask the true identity of a purchaser of various non-restricted items, such as liexamine, hydrochloric acid, cl~lorine, castor beans or any other legitimate and innocuous substances that inay ultinarely be used in the manufacture and detoiiation of an improvised explosive device, poison or used for another ter~orisimrelated purpose.

Recognition of the importance of identity as a legal issue in its own right has seen some legislative reform in Australia. For example, the South Australia's Crinilnal Law Consolidation (Identity Theft) Amendment Act 2004 specifically

concerns identity theft. It provides that assuming a false identity of another

person - living or dead, real or fictional, natural or corporate - maltes a 'false

pretence', even if the person acts with the consent of the person whose identity

is falsely assumed. Making a false pretence with the intention of committing or

facilitating the commission of a serious criminal offence is in itself an offence, whether or not that crime occurs. The 2004 Act also encompasses product~o~lor possession of material (including personal identification information) that enables a person to assume a false identity.

Criminal Law Consolidation Act 1935 (S.A.)

Section 144B - False identity etc (I) A penon who-

(h) .fa/~.eLy pretends-

(2) to bar~eparticular ql~alzji~zltions;or

(ti) to hur~e,or to be entitled to act in, aparfi~.ularcqady,

(2) A person rvho as.sume.s ajdse idenfig makes u false pretence which ~hir.section upp/ic.s

even tho.uCpbthe persol? acts u~itbthe consent $the person whose idefzfipis .jul.se/y . a.r.s14~zed

(3) A per.ron who Bakes ajalse pr-etenn to which ith2.s section applie.~intending, by doinq .la, 10

~,ommit,orjuditate the conzmission oij; a serioz~ckmi;nal oJince i.rguilty-. o/'un oflin6.e and

liable to the penalty appropriate to an attempt to commit the ~.erioascnhinal ofjinte.

113 Whdst the provisions of the South Australian offences relating to false or assumed identities may not completely nuLfSr arguments einanating froin the 'repute or usage' provisions of the respective State Births, Deaths & Marriages Acts (or the cultural use of prefixes), it is nonetheless recognition that an identity is itself a cornmodlty that requires closer legislative scrutiny and protection. It is also recognition that the fraudulent use of an identity (whether assumed or manufactured) is not restricted to finallcia1 fraudulent acuvity.

Kecognltion of thls phenomenon and the impact of techno1og)r on identity as an

Issue in its own right have seen some other countries create legslatlon prohlbltlng the manufacture or possession of stolen or fraudulent ~denuficationas an offence.

Sucl~legislauon is seen to be a preventative measure hcfore a person then uscs that stolen/fraudulent identlty to cotnmit a crime. For example, the IISh has enacted the 'Identity I'heft and rissumption Ileterrencc Act, 1998', which focuses spcclfically on tdentity fraud, in recopltion of the growth of such offences at different levels of government-. IIssentlally, 'Idet~uty'l'heft and Assumpuon

Deterrence Xct, 1998' 6i.S.) cstabhshes, as a I>ederaloffcncc, thc ass~lrnptlonof another persons' idenuty. ?'he Act also pscov~desslgnlficant penalty both imprisonment and financial penalty) -

"ThuAct makes the thy2 dpersonaL injuirrmution wit11 the inLent Lo ~~onzmzLan

zn/uwfhL ad a /idem/ c?im-e in the United Sta/e.s qAmen>a, with penaltiei. btl, fojifjeen

years zmprisoznzenf afzd a maxi~numfine of ,f250,000.Thi.r Ad treals /be issue of' idtNfi(2.. - and jiu~dmore .r&n$i~zlnf/ythan c~/r-rcw/fl?~.rt~a/ian .s/ate /<@.r/a/ion': ?29 (:lN-iO REPORT No. 37)

b* The vIuted Ibgdom has also estabhshed the Idenuty Cards Act 2006, which seeks to estabhsh the producuon and use of a ilauonal ldenuq card system noted earher. Irrespecu\-e of the arguments for and agalnst the mtroduct~onof such a nauonal lden~tymechanism, the leglslat~onalso treats the nouon of dent-lt) as that of a substanuve issue. Adchuonally, the leg~slatloncreates two categone5 of offences for the acqusl~on,possession and use of fraudulent idcntlty docurnctlt:,

1. The possession of an identity document or document making cquipmcnt

with an mtention to use it for the purpose of establishing registral~lcfacts.

2. The possession of an identity document or docurnent tmaling eyuipincilt

without lawful excuse.

Identity Cards Act 2006

Section 25 - Possession offalse identity documents etc.

(I) It is an ofence for upe~sonwith the ~eyz/i.riteinfen/ion LO have in ijiirpo~:se.r.rio~~or

.under hir ~~ontrol-

(a) un identi!y docz~mentthat is jahe and that be knows or be/ief/e.rdo bc /idre;

(b) an identzty doczlment tha~was improperly obta~nedand /hat he know.^ or belzcve.~

to ha11e been improper4 obtarned; or

(4 an identi0 docziment that relutes to someone else.

(2) The reqaisite intentionjor thep~posm.of^s~dveclion (I) is- (a) the intention of'z~singthe dotztmentjor establiJ.hing regis2ruble jach abed hi;;rzse& or

(b) the intention o/'a//owinCgor indztkng another to use it fir estubli.rhing, asce?fuin@

or ve?ifiing registrable facts abozit himselj'or abor~ta~fy otherperson (u1iti7 the

exception, in the case oj'u do~r/me?ztu~itbi~zpuru~rapb (l;i ofthat szb~.ection,ojf'tbe

indi?/idua/to whom it I-e/ute.d.

3 I/ isan oiyk/z~ejbr ape~sonwith the reyz;ti.si!e infentioiz to make, or to huve iiz his

po.~:se.l:siovi or ztnchr his ~vniml-

(u) u?y appumt~/slahi~h, io hi^. k~.rnowle&c,ii. or hus been ~pe~ia//yde.s&tzed or

adupted lor the makin;: oj'fuhe identify docz/ment.s; 01-

(b) my article or material which, fo hzj knozvle~ije,is or has been .pecia(/y de.sz2ned or

adupted to be ~sedin the muki!n,o o/.ya/se identity doiolr/ment.r.

(4) The reqzci.szte inientio;"~fur the pzqboses ~'mbse~tion(3) is ihe inlention-

(cnj that he or another udmake a /.st identity do~-~/ment;and

07) /ha! the doczfment ud?be used by .i~omebody'yJbre.stabLishing, us~,ertaixi/zcpor

?)en/yiqqr

(5) If il un o//eiz~lor u/her.roiz to /)a~,ein hi1 po.~.se.s.sion or ztndtr his ~ontrol,u~ztilo~~!

reasonable excri.r e-

(a) an ideniicy doc~~rnentthui is/'he;

(b) an zdent~tydoutment tbuf um i/z)ro)erjy obtuined;

(~jan identip do~;lnmentthat re/utes to someone eLse; or in') Lqpg~uf~n.r,urticLe or muten>/ W/7i~.h,to hU. knowledge, is or hu.i been .ipeciu(/y

i/'rJ.i,oileijor. adapted for the muking o/.'/"i/.ieidentity do~~.unzent.ror to be $/.red in the

r)zakii,g ?f'~;l/~i'idou4ment.s.

(6 a1pefionglnllt) uiz ojence znwder .ii.ti?.ie~tzon(1) or (3) .ihuN be l~crble,on ~o7zrn~t~on

012 ~lzd~'imewt,io zmpmsonme~z[/ora term, not e-zi~eed~~gten yearn or to u /itze, or to

both.

(a) on ~~oiz~~i~~tionon indi~fment, to zhzprironment for a /em? /zot e.~acdiqtwo yeu7.i. or

to a jhe, or to both;

(b) 012 sunzrnu,p ~.ot~llil~tzbnZil England and Wu/e.r, to i~nprirocinmentfir fetvz not

ex.eedi~gtwelve months or to u.j-ine not ex~.eedi%gthe .rtutz~toryirzuxiiy/zurn, or to bo/h;

term not exceeding si.~moi;zf/?s or to u line not ex~.eedingihe .stufi//ory muxihz~/m,or /o

both:

The relevant leg~slatloncontalned wlthn the lJnited IGngdotn Idcntrtj Cards Act

2006 has a shght and umque dfference to leg~slauonm AustraLa concerning the possession of false ldenuficatlon documents. Whllst Aus~ahanlegrslatlon, such as

Sectlon 302 - Crunes Act 1900 (NSW prohibits the custody of a false Instrument

(such as an ldenuty document), lt requtres the prosecuuon to prove an mtentton to use that false mstrument rn order that a person may:

(a) . . . accept the instrument usgenzine, und (b) becazise oj'tbat acceptance, to do or not do some acL to ihat otberpen.onj; or

to anotherperson 'J; prq~ddice.

Whdst subsections 1-3 of Section 25 of the Identity Cards Act 2005 has similar 'intention' requirements, it additionally has a parameter to prosecute a person in possession of a false identification document "without reasonable excuse" (Section 25, subsection 5). Ths allows the prosecution of a person who is found in possession of a false document, without requiring the prosecution to prove an 'intenuon'.

At the furthest end of the ldenuty card spectrum is the example Instituted in the

Iicpubllc of South Afrlca, which has also enacted provisions prohlblting the creauon of a false ~dcntqor the assutnptlon of another person's ~dentlt).sn the

Identificauon Act 1997 (K.S.A.). A penalty of five years mprisonrne~lt1s prescribed In Chapter 4, Secuon 18, whtch prohb~tsany person from:

* Providing false particulars in the identification register or on an

identification card;

Possessing an iden~q-card of another person;

hssertmg any Incorrect mformatlon on an idenuty card as being correct.

In addtion to a wequirennent for all nationals over the age of sixteen years to obtain and carry an identity card, the Government of the Republic of South Africa has included a biometric identifier on both a central database and the identity card.

The bioinetric identifier used in this instance is a fingerprint. T'hc recordmg of biornetwic data, both on the card and a centralised data-base, inay assist in hting Instances of ~dentltyfraud - particularly by the norice crmnal. Whllst lt may not

completely ehmnate sdenuty theft or fraud, such a dual blornetrlc chechng

rnechanlsm map ulurnately be reqwed to enhance the securq of the tnfc)rmatton.

Hotverer, just hke the 100 point ~dentltysystem used In Australta, the accuracq of

stored 1dentl.t~snformatlon is Lunlted by the lnlual data supphed. Thc lrnplelnentatlon of such a system in Australia would also requlre major

al-nendinents to Xustrahai~prlvacy legsslatlon to cnsure private sector organisat~ons

could cornparc data ernbedded 1n an ~dentltycard mtcrochp wtth mformation contamed urlthm a government cenurahsed database. Chapter 21

CONCLUSION

'Yozr have no clzde who I um, und I cuzddqi~xyoz ny jhge?;bri~~tand yoz/ di/I 2voi~Ldz'f k~ow who I m...&ghr now, your best it$~-mation thut 1 um who I say I uilirz is u~hai:I know."

(Wayman; 2003)

This thesis sought to provide an ovenriew of identity fraud in Australia, its implications and co identify areas for further intervention in order to combat identity fraud. iZ content analysis of the relevant literature was conducted to idenufy key issues resulting in a comparison of international trends to gauge

Australia's performance with other countries of similar econoinic and socio- cultural makeup such as the United States, Western European Countries and the

United IGngdom. The results have been the exploration of linkages between metliodology, identity fraud counter measures and the ability of the Australian legal framework and government policy in addressing one of the most pervasive of criminal activities, identity fraud.

Countering identity theft and identity fraud \VLU require an overarching strategy to make the issue of documents used as evidence of identity and the issue of unique identifying numbers more secure. This will assist autl~o~itiesto counter the use of counterfeit and stolen documents and to detect and prosecute criminals engaged m identity crime. Significant results in combating identity crime wLU not be realised b) tacfing just one of these areas. WMst ~denutycrme maj nex er be cotnpletely

&mnated, there 1s much that can be done to syglficantly Increase the dfficult?l for the organlsed crmal or the opportumst. Tightenmg the processes used for the Issue of documents cormnonly used as ex~ldenceof ldenuty (such as passport and drlvmg hcences) could make ~denutycrme sgmficantly harder to cotnunlt. rZ more thorough checlung of ~denutyat po111t of use would be both posslble and desirable. rlddltlonally, the collaboratton of counter-fraud actlviq, 1~1thwtthln government and between government and the prlrate sector, can also make idenuty cruxes easier to detect and to punish.

There eslsts a d~sturbmglack of rehable quantttauve data regarding the icopc, extent and cost of~denutjtheft and ldenutp fraud xv~thini\u$tralta 'I his lack of knowledge may arguably be the result of a hstory of governments, and thcir respectme departments, not comprehend~ngthe slLpficanceof theft and identity fraud. The result of thls has been a fallure to proacuvely pursue strategic interd~cuonpohcles amed towards elevaung the notlon of idetltlt-y as a major personal and nattonal secunty unperaus-e.

The flrst step m ldenufjllng the risk of Identity crme to the 14ustrahan community

IS to quanufy the extent of the problem. Only once the true extent and nature of ldenuty cnme m hustraha is fully comprehended can the most appropriate treatment opuons, such as biomemc ldenufiers, faclal recognluon technologj, or the mtroductlon of ldenaty cards be thoughtfully considered. As sucl~,~t would be prudent for the lmplementa~onof a centrahsed nauonal database on mcrdents of identity crime. The collection of this information would assist to fachtate an in- depth analysis as to the maptude of identity crime in Australia. Further research into the fachtation of other criminal ac~vitiesthrough identity crime would also be beneficial. I-Iowever, given the extensive research conducted internationally, particul.arly the United IGngdom Home Office Idenuty Fraud Steering Committee, which has comprehensix~elyidentified significant fiscal consequences of identih crime in the 1!.1<., it is also highly probable that identity crime is a major financial burden in Australia. Additionally, it must be understood that identity crime may also be a facilitator for non-fmancial, yet arguably more devastating crimes such as terrorism offences.

However, such research should nut only inwardly focus upon the extent and cost of idenuty crlrne to Austraha, but also outwardly focus upon international counter- crme initlatlves. It would be prudent for such researcli to ldenufy best practice in other countries wlth slrmlar economic, pohtical and cultural values. Issues such as appmpriate levels of mfosmatton shanng intra-gox7erninentand govcrnmcnt to private sccror; how the rsght to privacy has been balanced or othenvisc with thc right to safety of others; mformatlon secunty, technology and legislative remcdy to victms would all be highly relevant.

Adhtionally, further comprehensive research should encompass the use of identtty cards in other internauoiial jurishctlons 1n order to identify the strengths and weaknesses of thew systems and processes. Whllst some countnes use ~dcnt~ty cards as part of their counter-identity crme strategies, an Identity card is only as secure as the processes used to issue it and the safeguards employed against its

counterfeiting and theft.

The Issue of ~denutycards must therefore be analysed m conlunctlon with that of

the accurac) and effecuveaess of bio~net~~c~dentifiers. The concept of a blometxic

marker on key documents used as ev~detice of idenuty ostensiblq has many

attxactlons However, with the exception of fmgei-print anal~sis, blotnernc

technolog) has yet to be proven on any sizeable populauon and the mtroductlon

of a technologically secure system would carry sipficant rlsks and costs to rhc

entlre cornrnuntty. In thlr regard, blornetrlcs III lsolauon should not 11c .i.iewed as

the panacea for ~dcntltr;crune Issues. LJnless the true Identity of a person has already been estabhshed through other con-irentlonalmethods, provid~ng1)tomctric

data may merely legimse a false ~denuq.Although, ~t 1s also aclrnowledged that the provision of biometr~cdata m a centrally-controlled government iystern would

Lulllt the number of tunes that a person could fraudulently leglt~mlse a false idenuty to lust one mstance.

Ultnnatel-y, there are a number of cost effectrve strategies that may 1)e employed to elther reduce the mcidence of identity crime, or to hitthe effect of such crunes upon both m&\-idual victims and the wider community:

Promotion of victitn hardening strateges by government and private

sector organisations, such as banks and post-offices providmg a document

shredder for customer use withn their premises. k il central register of stolen documents (such as passports, driving hcences

and crccht cards) would reduce the value of such goods m the market. The

central register would also asslst mdvidual vicmns of such crimes to

amend government and private databases to reflect thew status as a v~cm

(such as drivmg records, credrt reference agency records and bank

records)

2. I'rronotlng the sharlng of data between law enforcement and government

agencies, such as the RTA and Health Insurance Commission. The

current nouon that mchvidual government agencies remalt? strictly

autonornous, and do not share or venfy inforinanon between them, is

arguably a failure of government as a whole in cornbating identity crune.

2- Improving the initial aurhenucanon of an mdvidual ~dentirywhen issullig

documents, parucularly those endorsed as part of the 100 point system

(such as a drivers' licence). This could include allowing a llrmted abhty for

financial mstltutlons to authenticate idenuty docurncnts with Statutory

i"\thoritles (such as a bank verlfyrng the legitmacy of a drivers' hcence

with the KI A before openlilg an account).

2- Nationally consistent Coininonwealth and State legslation to provide a

more standardsed legislatl~reapproach to identity crme. Such

enhancelnents could include a more precise definition of identlty for

government issued identifier doculnents (such as restricting identity to that

124 whch is registered xvlt11 Butlls, Deaths 8r b'larriages or passport ~f a fore~gn

nauonal); the estabhshment of an offence to possess a documei~t

contaming a false idenuty xvlthout a lawful excuse; and panty ahg~lmcntof

penalues between various pleces of leg~slationto reflect the seriousness of

ldentltv crme.

Wlulst the paucity of mformauon pestamg to the current levels of idcntlty- related crune m --lustraha may currently prevent informed declsioiis regarding how the Issue could best be prevented, there is sufficient nauonal and rnternatior1;11 evidence to suggest that idenuty crme 1s mcreaslngly becotnlng a major criimc problem. The community should be rightly outraged at the lack of rcllal~lc quanutauve data Into the extent and cost idenuty theft and fraud. It is thcrefol-e mcumbent upon all who requu-e personal idenufiers 111 connectloll with thclr actlrriues to seek the estabhshment of a Colnmonwealth Government lcd

Comssion of Inqqinto the prevalence of idenaty fraud wlthirl rlustralia, ITI order to fachtate appropriate soluuons that balance security, accuracy, prrvac), technology and penalty so as to proacuvely combat tbrs u~sldlousand scnous orgamsed cr~rmnalacumty-. Australian Bureau of Crimnal InteUlgence (ABCI), (2002). ldenfity Fi-utfdK

hus.tralian Rurcau of Statistics (XBS)(n.d) Remeved 8"' September 2006 from ht~://wtvw.a't1s.~ov.au/,2usstats/abs%4O.nsf

Xustralasian Ccntrc for I'ohcing licsearch, (2002). I~le///~/yCjznze.~ .Yi.opiqq l'uper ilustralaslan Centrc for I'ohcing Research, Adclalde.

/lustralaslan C:entre for Policlng liescat.ch, ,/I~~~ru/u.~?unlde'eiz/ity Cizme l'o//~iqr(,I/rnf(g o/ 1l)e I'o//~e (,on~m~i.rioner.~'(,'on/ereil~e I3/e~/ronz~ Cnnle Sfeteenng Commi/tee 2003 -200 5, hdclatde

i\ustralian (:otnputer 1:mcrgency Response 'I'eam rZUSCf 311'1, (20C)G). Ait~/m/ia~7

(,on/pi~lrr<,kr und ,l'e~i,n/y,I /.r~,ey.Iietricvcd 8"' Septetnber 2006 from h ttp: / / www.auscert.org.au/itnagcs/i2(~C~SS20O6.~~df rl~lstralasianInstitute of Crw101og)- and Pncewaterhouse Coopers (2003). .Senoz[r

I ruud /n /I~/~fra/zuund,\'ew Zeulund, Iiesearch and Public Pohcy Serles No. 48, r2ustr:~han Instttute of Crmmology and PrlcewaterhouseCoopeus, Canberra.

ilustralia, I'arhament, I-louse of Representatives Stanhng Cornrmttee on lJcor~oinics,1 inalice and 1)ubhc Adrrunlstrauon, (2000). hn19iler~on tlic I

(:anl)crr:i, 2000, Sectlon 6 "Identi5 Fraud and Proof of Idenuty lJrocesses".

ljecr, Ii. (2002). ~\ssist;~ntSecretary of State for International Narcotics and 1,aw

I:nforcernent iIff:urs, Department of State, at a heanng on "A'artn-'l'et-ror: 7'l)e

LJ~'oI-ICII.~N~/~~~(IIZ~ICLIL~II /hiween IIU<$.Iuizd 'l'errom.~n/,"before the Subcominlttce on

'I cchnolog)?,'I essoristi~and Chvernment Informahon, Senate Cornmlttec on tl~c j~idlc1;~ry(Mas. 13, 2002). Ketrleved 20'" ~ul~2006 from ht 1-p://\vww.~ao.~o~~/11c~~~iteins/d0283Ot.pdf

(:al)inct C)fficc, I!i?itcd IGngdom. (2002). Ident$y Fraud: a S~udy.Retrieved 2211d

Jut~e,2003, from: l~ttp://w.imv.horneoffice.gov.uk/docs/~d~fraud-repc~si.pdf

(;:~ldwc.ll,13. (2003). '13~uy/~e/rl~:1in uviutzon - on fie ve~eof takzng dK Securtty Oz hlagannc, 1'01. 25, Sept/Oct 2003, Austraha. Caslon Analytics (ad) ., Cu~joonAnalyti~'.cprojii: ident* theJ, identi!y-fraud, Retrieved

16'h November 2005 from http://www.caslon.com.au/idthef~~ofdel.hun

Cavoukin, 1.(1999). Priva~yund BionzetriLx A paper presented to 21" International

Conference on Privacy and Personal Data Protection, Wong ICong, 13 September.

Chip uzd Pi/z (2006) Iietrieved on 1OL1' October 2006 from: http://wvvw.ch~pandp~~.co.uk/cons~~~ner/index.h~nl

Choice (2006). Idenfz'fyTh@ -profe~;tyour.j.eYYY Retrieved 10'" October 2006, from: http://mv.choice.com.au/viewvhrti~1e.aspx?id3051 18&catId= 100569&tid=100

008&p=3&title=Identiq+ theft+0/oe2%800/093+protect+yourself)

Cuganesan, S. &Lacey, D. (2003). 'Idtntzt~~ETra//d In A/~sfru/iu:An E w/ciuiio/z oJ i/~

~Vaiztre,Co~f and Exte~zl'.Standards Australia lnternauonal Ltd, SJdncy

Dean, L. (2004). 'ChuqgzngJuL-~ oj/~~,i~s~ru/iun 1'u.r.r;hort.r'; C;ovcrnment News 'Crol.24

No: 1, Feb 2004, Australia.

Electronic Frontiers Australia (2007). A~u.\sCard/J"\iutionu/ 111 Grd . Iietrieved 011 sthMay 2007 from: http://www.efa.org.au/lssues/Pr~~~a~~/a~~e~~~ar~~.html E -1)u.i~pol-tjC'.,~J, Lmrtairon.r and Impali olz ,Frmfi/~/yzn'~I'U.IJ encger 7i-u~ieiInrf~ufi~)e i (200.5)

Retrieved 20"' Sovetnber 2005 froin

http://~~~'~~v.nauonalb~ometnc.org/pub~

General Accounung Office GXO-02-363 @larch 2002). Idenfdy The//: l'relieiinw~e ctrid

Co~tuppeur to he Crowzig. Remeved September 2006 from IJKI,:

htt1)://~~~1~.gao.go~~/new.1terns/d02363.pdf

General Accounting Office Gh0-02-766 (June 2002). Ide~~t~ty'I%+: Cr/~~~tor q

Alaul-enei.1 and I1.r e of F,,~i.it~tigDutu are h eeded. Retrieved 1 '' Sep tctnl~er2006 fsc )In

I GhddonJ. (2001). The jice race'; The Bulletin 1'01. 1 19, July 2001 , ,I IJS'I'II/I I .I \.

3

Graycar, A. & Srmth, R. (2002), (Identifyr~gund re~~ondiqqfo ~zrtporule /rulid i~ //lo 2 I ' Y

cenft/r).' rlustrahan Insutute of Crmiology, Canberra, A ustsalia. I

Green, W. (2004). 13zome/rils and (he law :uihui /UW??Lawyers Weeltlp Vol. 192 A~:LJ,

Australia.

Gridjpink, 1. (2001). (I'rifx~cyLAW :Niome/ric.s und 1'm'~~cy';(:omputer Law and

Security Report, Vol. 17 No: 3, The Netliel-lands. Hubble, S.(2002). 'Facial re~u~nitiontechnology'; Security Ox Magazine Vol. 14

Nov/Jan, Australia.

Identity Passport Service U.I< (n.d) What are the De)zdiz'.r ofthe Naaona/ Ide~zti!y.Y~.hevze?

Retrieved on 6"' June 2006 from http://~~~w.identi~cards.gor.uk/benefits.asp

International Civd hvlattori iluthority, (2006). Ala~hineReadable 'fi-uuel Dolz/nzen?s.

Rctrievcd 10"' iZugust 2006 from http://mrtd.lcao.mt

Iy er, V. (2005). Be.(-/at2iVIa.~~utre kozld bu~iebeen preveenfed: lierricved on 12"' September

2006 from htt1)://wwcv.~nesonhe.co.uk/article/O,,l3509-1961489,00.hml

Jewish Virtual 121t)rary(1999) I'rotocol concerning safe Passage between the West

Rank and the Gaza Strip Retrieved on 27th June 2006 from http: / /~vww.jew~shv~rt~a~hbraq-.or~/jsource/Peace/safepro.httnl

IGishnan, K. (2004), 'Developing a pobce per~peciiveand e~plot?ngfhe use of biomebm'c~.~nd ofhe+eme?gi~zg tetec6nologi~ UJ- an in~e.st&u~iv~~toolin idenfig cnh~u:' Australasian Centre for

Policing Research, Australia.

I<13MG Fraud Survey (2004) i~,i01 ~~/~~~i~i~ cod,bj CONN~~I(2006). Ret.r~ec-ed on 20thJuly 2006 from:

htrp:/ /eri.~v~k~~e&a.or~/~'~-&/Li~t-~f-ldentl~-cards-b~country

Idormel, D. Chief, Flnanclal Crunes Secuon, FBI, Statement for the Record I~eforc

the Subcommttee on Orersight and In\-estigattons, Ilouse (:omrmttec on

Fmanclal Se~~~ces(Feb. 12, 2002). Remeaed 20"' July 2006 from htrp:/,/\i~t~~.gao.~o~~/new.items/d02830t.pdf

Lormel, D.. Chef, Fmanclal Crunes Secuon, FBI, Testrmony before the 1 iouse

Commtree on Flnanclal Senrice (October 3. 2901) Cz/ffzqq ofl [he I+~/zani/a/I~/e/)/oocl of TerroniJt~.Retrlered on 17"' May 2007 fsom http://tmmv.fDi.gov/congress/congressOl/losrne1100301 .htm

Lozusic, K. (2003). 'Fraud and zhntzly thtjj'; New South Wales 1'arliarncnt.arq

Research Service, Retnel-ed on 1" hlay 2006 from: http:l/~~t?rj.parlrament.nsw.~ov.au/~rod/web/PWelCntent.~sf/IIl'ages/Iie seaschBf082003

Ahores Lw,2006 Retrieved: 1" tMay 2006 from http://en.wikipedia.org/'iyiki/~oore's-law. Mam, G. & Kobson, B.(2001). Scoprng Identzty F~uudAn Abmdged Ve~rionoj a Keporf on Idennty Fruwd Kzsk~rn Cot~zmonwea/thflgen~ze~, Attorney Generals Department,

Austraha. Ketneved: l't Map 2006 from http: //www.ag.gor.au/agd/~~~?~/mpattach.nsf/V~\P/(03995EABC73F94816C2 rZIi4AX2645824B) -Scopmg+Idcnut)r+Fraud.doc/Sfi1e/Scopli~g+Iden~~+Fraud. doc.

Mawson, J . (2004). 7'he ase oJ ilro/~~efn~xin homeiuncl se~cdnty'; Homeland Security & lies~enceLIonitor Vol. 3 5, June 2004 / Royal L'mted Services Institute for

Ilcfence and Security Studies (lilJSI), ITSA, UI<, ?LUSTIWLIA. Retrieved 16"'

Novetnber 2005 from ht~://w~.v1v.jat1es.corn

Mayhew, P. (2003) 'Co?tntzng the Co.~fr.o/ &me zn A7~~fmhu'mTrends and Issues m

Cmne and Crm~alJusucc, No. 243, Austrahatl Insutute of Crumnology,

Canberra.

Newswisc, (2003). 7 )o~lo~-u/.s//ichiz/ de~~cloprrgnew /uciu/ n~ognz/~o?z{y~tem'; Ketrleved:

16"' November 2005 from http://mv.ncwswise.corn/a~ucles/view/?1d500150.

T'earce, 11.(2004). Body 1)art.r'; Security Electronic Magazirle, Feb 2004, No. 242, pp.

48-50, Australia. Plstole, J .jsslstant Drector, Counterterrorism Dlt~islon,FBI, Testunonj before tlie House Select Comrmttee on Homeland Secur~ty(October 1, 3003) t;ra~/~iz//tnt ldenf@~if~onDo~n/nenf~ onti i/,e inlpirrufiofl~jor HomeLnd Serztng Remetred on 17"' hlay

2007 from http://t~~v~~.~~.gov/congress/congress03/p~stolelOO103.hm

Prir-acy Internauonal Interlln Report, (2004). Il/l~.rfuketfIdenfzfy; Enp/oiz/-g [lie

Kelutioizshlp Bei?pee/f 1Yutzonai Ident~ltyCurd.\ dwthe Preue/zi~onof 'li~~-ipon.~m/2+9)7/ 2004

Retrieved on 12 September 2006 from http://t~n~i~~.~ri~~acv~nternat~onal.org/lssues/~dcard/uk/~d-terror~sm.

<- 0tteen.s Speech 1 7 Muy 2005 Retrieved on 15'" November 2005 frotn http://mvw.numberl O.gov.ulr/output/Pa~.asp-

Rees, A. (2000). Technology enuironment stun ' Australasian Centre for I'olicing

Research, Australia

Rees, P.(2003). 'Kurd toput. yourfinger . on :bulancing bzbnzetrilx andp~ir~a~y.Computers and Law Vol. 14 October/November, United Ihgdorn.

Rees, P. & Hughes, M. (2004); Bzbmefn'I.~and border czvztroi'; New Law Journal No:

154 August, United IGngdom. Roberts, C.(2005) ; Bionzetlics Retlrieved on 17'~May 2007 from: www.ccip.govt.nz/ccip-publications/ccip-reports/Biome~ics.pdf

Russ, A. & Jain, A.(2004). 8jo;i;zetric sensor interopelzrbili~: A use stzld3, jfz jingelpriizt~-'

LNCS, Vol. 3087, May 2004.

Schneier, B.(2002).Crypto-Gram Newsletter, Retrieved on 18th August 2006 from http://www.schneier.co~n/crypto-gram-02.

Schengen Visa 2003 Retrieved on 15th November 2006 from http://www. eurovisa.info/SchengenCountries.htm

Slosarik, I<. (2002). 'Identi0 Thej :An overview q"theprob/em ' The Justice

Professional, Vol. 15(4), pp 329-343, USA.

Stnlth, R. (2003). Xddre~.nagidciitzg-re/utedjrazdd'; Australian Ins~tuteof

(:rnn~nology,Cards liustralasla 2003, hlelbourne Convention Centre; Retrieved

16"' November 2005 from htrp://~~~~.a1c.~ov.au/conferences/other/smth~russe~/2003-09-iden~~.h~1 Limted States Sentencing Comrmsslon, Econornlc Crlrnes Pohcy '1 earn, Identlt)

Theft Fmal Report (Washngton, D.C.: Dec. 15,1999). Ketrtrved on 20'" july 2000

from http://lt,t-w.ussc.p/~denuq/ldentlqhtm

Unlted States Department of Justice, Office of the Inspector General, 'l'lie l'/iiefl/icAl

for F;l.u~/daizd I15S ? EJ"/i,ri~to I3edm.e the Kz.sk.1 of he I/iJ.u Wa~ver1'~loi I'lqi,rufiz,

InspectLon Report Number 1-99-10&far. 1999). Retrieved on 20"' j uljr 2006 from

htrp://~mvvv.usdo~.gov/oig/reports/INS/e9910/1991Oresults.htrn#'l crrorlsts

LJnknown, The 7/ 1 1 C:onzrnza.~onRepol-r, The 9/1 1 Com~mss~otl,( 'SA

Waters, N. (2002). From Wee WUU/o h1orj%lkI~Iand (untl lyeyond?) : I/oI~~~tury/iz'oni,/et~/~

te~i'ztzgjorcnrnznulzzn~~e~tzgu~~on~. '; Pr~vacy l.,aw and Pollcy Kcportcr 1'01. 9 ( >ctol)er,

Austraha.

Wayman (2003) New Scientist, How do 1 kno~~who you are Retrieved on 27th .June

2006 from ~.t'ww.newscientist.corn.

W~peda(n.d) Biornetril.5 Retrieved on 27th Julie 2006 from htrp://en.wihpe&a.org/wiki/~iometric WIkipeba (n.d) French National Idenuty Card Retrieved on 271h~une 2006 from: http:/ /en.wdupe&a.org/wih/French-national-identiv-card

Wood, R. (2002). 7;ingepizzt vet-iJi~.at-iorztSecurity Oz Magazine Vol. 18 Aug/Sept

2002, Australia.

Wood, R.(2003); 'Getkirg zzcarded: biometric mark curds'; Security Oz Magazine Vol. 21

Feblhlarch, Australia

Wood, R. (2003); 'Body

Magazine Vol. 23 June/July, Australia

Woodward, J. (2001). Biomel'rics - Facing ~p to terrorism'; Rand Arroyo Centre,

California, USA.

LEGISLATION

Births, Deatlis & Marriages Regstration Act 1995 (NSW) Retrieved on 12"' March

2007 from wwtv.austh.edu.au

Births, Deaths & Marriages Registration Act 2003 (QLD) Retrieved on 12'" March

2007 from mi.iv.austhi.edu.au Blrths. Uearhs & hlarriages Reg~strat~onAct 1996 (VIC) Ketrlcved on 12"' ?.l:irch

2007 from wxm-.austlu.edu.au

Births, Deaths & hlarriages Registsation Act 1996 (SA) Retrieved ~1112"' [i.lnrch

2007 from xvtv.austlu.edu.au

Births, Deaths & blarriages Registration Act 1998 WA) Rctrievcd on 12"' hlercl~

2007 from ~m.austlu.edu.au

Blrths, Deaths & Marriages Registrauon Act 1999 (T'AS) Ketl:icvctl on 11" h1;irch

2007 from mm.aust1u.edu.a~

Crmes Act 1900 (NSW) Remeved on 10"'Marc11 2007 from www.aust l~~.cdu.:lu

Crimes Act 1958 (VIC) Retrieved on lot"March 2007 from www.austll~.cdu.;\~~

Criminal Law Consolidation Act 1935 (SA) Retrieved on 10'" Marc11 2007 frcm

\mr.austlu. edu.au

Criminal Code Act (W'i4) Retrieved on 10'" March 2007 from www.austlii.ctiu.:~~~ Criminal Code Act 1899 (QLD) Retriered on 10'" March 2007 from www.austh.edu.au

Road Transport (Drivers Licensing) Act 1998 (NSW Retrieved on 10t" March

2007 from www.austh.edu.au

Transport Operations (Road Use hlanagement) Act 1995 (QLD) Retrieved on loLh

March 2007 from www.austh.edu.au

Road Safety Act 1986 (VIC) Retrieved on lot" March 2007 from www.austh.edu.au

Road Traffic Act 196 1 (Sh) Retrie~redon 10"' March 2007 from ~.vw?v.austb.edu.a~~

Road Traffic Act 1974 PA)Retrieved on 10'" March 2007 from

\vww.austh.edu.au

Identification Act 1997 (Republic of South Africa) Retrieved on 12"' March 2007 from www.austh.edu.au

Identity Cards Act 2006 (United IGngdom) Retrieved on 12'" March 2007 from

~m.austh.edu.au Identq Theft & .issumpuon Deterrence Act 1998 (LTnites States of ,itnertca)

Iietrieved on 12"' March 2007 from tvww.austk.edu.au