Canada to Criminalize Identity Theft

   While it may be somewhat premature to criticize the government on their
plans to criminalize identity theft, Justice Minister Rob Nicholson’s
recent announcement seems to demonstrate the government’s rather narrow
appreciation for the scope of the problem.  Based on a reading of the
press release provided by the Office of the Minister of Justice the
proposed legislation will seemingly focus solely on the collection,
possession and trafficking of identity information.  While a law
specifically targeting identity theft is long overdue and necessary in
today’s information society, a broader strategy is clearly necessary if
the government wants to show a real concern for the protection of identity
information.
          As it currently stands, Canadian law only deals with identity
fraud which can include offences such as impersonation and forgery.  What
it has failed to provide for is protection against the preparatory steps
of information gathering.  Therefore, while the government will certainly
provide the police with “the tools to better protect Canadians”(1) 
through this law, it has failed to take the opportunity to flesh out a
more robust strategy.  Such a strategy would have to include stronger
regulations on those organizations that collect information legitimately
and a more focused attack on the particular methods that these fraudsters
use to gather personal information.
          In a report presented to both Public Safety Canada and the
Attorney General of the U.S., a bi-national working group on Cross-Border
Mass Marketing Fraud recommended a number of initiatives to stem the tide
of identity theft in the two countries.  Beyond bolstering the legal
framework around identity theft, the group’s recommendations included:
                 - calls on the private sector to increase reporting of              
                 breaches of information security as well as reporting of actual 
                 incidents of identity theft, not only to the police and credit
                 bureaus, but to those individuals actually effected;
                 -  increased efforts on the part of the government to
                 inform and educate citizens about who to contact when cases of
                 identity theft arise;
                 - developing greater security in the issuance and
                 verification of personal information documents; and
                 - a recommendation for private sector entities to
                 continually review and revise their internal procedures and
                 policies regarding the collection and storing of personal 
                 information. (2)
  This 2004 report makes it quite clear that an effective strategy must take
a comprehensive approach that coordinates the efforts of law enforcement,
government agencies and the private sector.  The question must then be
asked why the government, in making this announcement, failed to address
any of the other issues raised by this report.  There are constant news
reports of seniors who are defrauded out of thousands of dollars by
telemarketing scams and nearly everyone has received at least one piece of
spam email in which the sender was clearly phishing for some sort of
personal information.  However, this announcement tells us nothing about
any effort to bring us in line with the rest of the G8 nations who all
have anti-spam legislation and it does nothing to push forward the
national ‘do not call list’ that has been in the works for a number of
years but has yet to be implemented.  
     In 2002, the Report of the Auditor General found that there were
approximately 5 million more Social Insurance Numbers in existence than
there were Canadians.  Combined with the finding that these SINs were
being used as de facto identifiers (3),  a legitimate cause for concern
had been raised.  To an extent, steps were taken to remedy this situation,
but the recent 2007 Report still found a “lack of clarity in the policies
on how federal departments may use the SIN.” (4)   But again, nowhere in
the announcement by the Justice Minister does he speak to how the
government plans to address this situation.
      Until a comprehensive approach (that takes into account the
aforementioned issues) is instituted, Canadians will have no better
protection against acts of identity fraud than their own personal
vigilance.  Certainly, individual Canadians have to take some
responsibility for the protection of their personal information and must
remain cautious in these changing times, but given that the government has
been aware of the steps necessary to provide better protection since at
least 2004, it is truly a shame that this is all that they can put forward
at this time.
  Works Cited:
  (1)  Department of Justice Canada.  Canada’s New Government to Tackle
Identity Theft (News Release) by Geneviève Breton (Ottawa: Department of
Justice).  Online: <http://www.justice.gc.ca/en/news/nr/2007/doc_32151.html>.
  (2)  Public Safety Canada.  Report on Identity Theft (Ottawa: Public
Safety Canada).  Online: <http://www.ps-sp.gc.ca/prg/le/bs/report-eng.aspx>.
  (3)  Office of the Auditor General of Canada.  Human Resources Development
Canada – The Integrity of the Social Insurance Number (Status Report -
2002) (Ottawa: Office of the Auditor General of Canada).  Online:
<http://www.oag-bvg.gc.ca/domino/reports.nsf/html/20020901ce.html/$file/200
20901ce.pdf>.
  (4)  Office of the Auditor General of Canada.  A Message from the Auditor
General of Canada – Status Report 2007 (News Release) (Ottawa: Office of
the Auditor General of Canada).  Online:
<http://www.oag-bvg.gc.ca/domino/reports.nsf/html/20070200ce.html>.