Identity Theft? Identity Fraud? Busted either way…

The criminal code has recently been revised to include new identity-related offences — this courtesy of the most excellent

What first caught my eye were two solid definitions:

  • identity theft (new Code section 402.2(1)): knowingly obtaining or possessing “another person’s identity information in circumstances giving rise to a reasonable inference that the information is intended to be used to commit an indictable offence . . .”
  • identity fraud (revised Code section 403) : fraudulently personating another person for various improper purposes.
  • I like the clear distinction offered by these.  Theft is possession of another person’s identity information, fraud is doing bad things with that identity information.

    Perhaps these definitions will assist the press to more carefully describe crimes related to identity; I notice that they tend to call everything identity theft.

    I checked with the American author and thinker Jim Harper on these definitions, as the definitions in his book, Identity Crisis, are a bit different.  Jim was kind enough to respond:

    It’s probably a compromise with the popularity of the phrase “identity theft” that it appears at all, but I think it’s very helpful to refer to these crimes accurately, and these definitions do that well. Ordinary people will look at the law and understand better what it means, what it’s supposed to do, and what they can do to protect themselves.

    Also of interest are the examples of identity information that section 402.1 provides:

    • name
    • address
    • date of birth
    • written, electronic or digital signature
    • SIN, health insurance or driver’s license number
    • credit or debit card number
    • number of an account at a financial institution
    • passport number
    • user code
    • password
    • fingerprint or voice print
    • retina or iris image
    • DNA profile

    The new legislation recognizes that some of these items on their own represent uniquely identifying information (e.g. SIN) while others (e.g. address) would need to be combined with other attributes to arrive at a unique person.

    There’s more — if you are interested, check out the legislative summary.


    Canadian Identity Assertion

         <saml:Attribute Name="isAmerican">

    I am Canadiam

    Identity and Access Management in Canada is different.

    American identity issues are complicated by their obsession with national security.  British data and privacy laws are decidedly different than ours.  Identity and Access Management (IAM) implementations vary greatly from country to country.

    We need a ‘conversation’ about IAM in Canada.  Canadiam is that conversation.

    This blog has been established to discuss a range of issues, cross-link to resources, promote solutions and share IAM project information.

    Some ideas for what could could appear on these pages:

    • An ‘IAM Alert’ page where we provide a profile of new Canadian IAM implementations, and updates on existing ones.
    • A section with a collection of identity assurance stories, perhaps something like ‘How I got my drivers license in Whitehorse’ .
    • Any and all news as it relates to emerging technologies such as OpenID, Info Cards, new strong authentication solutions, new products and services, etc. — especially as they relate to life in Canada.

    Really, anything in the IAM field goes — the only catch is that there needs to be a Canadian spin to the info.

    How can this happen? With your help and support.

    We are recruiting Canadian (and ex-pat) IAM professionals as blog writers and other contributors to Canadiam.  Anyone want to run a Facebook group? Do a logo? Customize a WordPress theme? Take over the new LinkedIn Group? Have an idea for a Flickr collection perhaps a photo-stream of amusing identity signage? Want to create a mash-up using video of Paul Henderson’s winning goal, our national anthem and Dick Hardt Identity 2.0 sound bites?

    If so, please add a comment with your interest and contact info (I’ll moderate the posts so this info won’t be displayed).

    So why bother with all this? Well, it is simply because we ARE different.  Compared to the US, we have a very different systems of government, finance and health, different attitudes about privacy and different ‘sensitivities’ — yet almost all of our information on identity management originates from the US.  Understanding and discussing Canadian issues on a blog like this will help us to better understand how identity management can best be delivered in Canada.

    With all that out of the way, I give you Joe Canadiam, uh, Canadian…

    Mike Waddingham
    October, 2009