Identity theft

As identity theft (including identity fraud , identity theft , English identity theft ) is the misuse of personal data ( identity ) of a natural person by a third party designated.

The term “identity theft” is very common, but does not apply to the situation as well as “identity misuse”, because in a typical theft something is stolen from the authorized person so that he no longer has it himself. In the case of identity theft, the authorized person can continue to use his or her identity.

Identity theft can aim to obtain a fraudulent financial gain or to discredit the rightful owner of the identity (rarely).

In the case of identity theft, in addition to the name, a range of personal data such as date of birth , address , driver's license or social security numbers , bank account or credit card numbers are used to evade or falsify the establishment of one's actual identity. The more matching data the abuser has, the more securely he will succeed in the pretense.

Data that has already been obtained can be used to determine further data. So z. For example, the insurance industry faced problems of explanation because a television station obtained the owner's insurance data - in particular the full address - via license plates that were randomly selected in traffic and the reporter then appeared at the door of the vehicle owner. Initially, an accident was alleged in the telephone calls, with which one can always get the name of the insurance company and the contract number via the central call of the car insurer. Then the determined insurance company was called with the contract number and z. B. claims that you have just moved and just want to check the correctness of the address. As a rule, the insurance company in question then gave the name of the owner and the address - in good faith that one was talking to the owner.

The improper use of someone else's identity can lead to indebtedness for the victims or - if criminal acts are carried out on behalf of the victim of identity theft - to unfair punishment . If the abuse is discovered, the perpetrator will not only be punished for the abuse himself, but must also bear the financial damage caused and assume the penalties for the acts committed on behalf of the victim.

Particularly in e-commerce , for example, when performing transactions via the Internet auction site eBay , which so far no legal identity checks carried out, can identity theft have a significant impact on the business partner. According to the rulings of the Cologne Higher Regional Court of September 6, 2002 and of the Erfurt District Court of September 14, 2001, when concluding a contract on the Internet, the seller must prove that the buyer is identical to the alleged account holder. After the crime becomes known, victims of identity theft can defend themselves most effectively by filing a criminal complaint (also against unknown persons) at a police station .

Illegally operating credit bureaus manipulate the computers of the respective target persons through phishing , pharming and spoofing and thus first obtain the identity (for example nickname in connection with a password ). With this stolen identity, they then gain access to data from online consultancies , contact portals , Internet auction houses and others ( information theft ) and market the data obtained to “interested parties” (criminals).

Nicknapping

Nicknapping (composed of nick , as an abbreviation for nickname and napping in allusion to kidnapping ) is a special form of identity theft : appearing on the Internet under the name or pseudonym of another discussion participant or user.

Since the Internet has also been used more and more in public, it is often possible to use any name instead of a real name. This applies to mailing lists as well as to Usenet and forums.

It is possible to use not only invented names, but also explicitly the names of real people who do not necessarily have to be aware of the use by third parties. For discussion platforms that require registration, it is necessary that the person concerned either does not yet have a user account himself or that double registration is possible. The use of pseudonyms in materially similar forums or portals is also a form of nicknapping, provided that the persons involved are not independent and the pseudonym is assigned to a known person in the relevant topic group, i.e. has a high recognition value .

The misuse of the real name and that of a nick is to be assessed differently under criminal law. While the use of a wrong name in connection with further data and facts about the person is always a criminal offense, the use of the same nickname can usually not be prosecuted because nicknames are not protected. Only artist names registered in the ID card are legally equivalent to the “civil name”.

Accounts

In particular on platforms such as XING or StudiVZ , the creation of accounts (or “profiles”) under the names of colleagues or fellow students has become a problematic matter for the people concerned. Since photos of the victims are usually also available, very realistic-looking profiles can be created, with the help of which false information can be passed on to third parties or information can be requested from third parties in good faith.

In this special case, real identity theft is conceivable, because on platforms that only allow one registration for the same data, the owner of the identity can no longer create an account if someone has misused his data to create an account.

Germany

Identity theft on the Internet is increasing massively. In Germany alone, 250,000 cases were registered in a quarter of a year. Some credit bureaus save data about stolen identities to prevent further abuse. This requires notification by the person concerned.

Legal situation in Germany

While the legislature has currently not standardized the misuse of personal data by private individuals as an offense in criminal law, the acquisition or use of the data can, depending on the individual case, fall under different criminal law norms. This primarily concerns the relevant norms of computer crime , such as those used in the Federal Criminal Police Office's cybercrime report, but also classic offenses such as fraud (Section 263 StGB) or blackmail (Section 253 StGB). Frequently relevant computer crimes are: computer fraud (§ 263a StGB), spying and interception of data and data theft (§§ 202a, 202b, 202c, 202d StGB), forgery of evidence-relevant data and deception in legal transactions (§§ 269, 270 StGB).

A particularly common form of data misuse is so-called product or service credit fraud . Here, orders are usually placed online or by phone, but also in shops, stating third-party personal and / or payment data, with the aim of obtaining the goods or services without paying for themselves or third parties.

With regard to the question of whether identity theft / misuse should be included as an independent criminal offense, the Scientific Service of the Bundestag expressed itself in a questionnaire about the situation in September 2014 as follows: " In the literature it is stated, among other things, that there are no gaps in criminal liability under current law that in this respect there is no need for a change in the law. It is admittedly conceded that a separate criminal offense could serve to highlight the specific injustice - but there is currently no need for this either. "

From a civil law point of view, there are different claims z. B. for omission or compensation against the person who misuses the data. Apart from relationship acts in which a (former) partner illegally uses the data, it is often not clear who is using the data, so that the enforcement of the claims is questionable.

United States

The most common types of identity theft are credit card fraud , bank account theft , and bank fraud ; In the USA, according to a study by the Federal Trade Commission (FTC) in 2002 , these crimes are said to have caused damage totaling around 37 billion US dollars - 33 billion US dollars for business customers and just under 4 billion US dollars for private households. An increase in the amount of damage was also noted - in 2005 it amounted to around US $ 57 billion.

Identity theft is one of the fastest growing forms of crime in high-tech countries. For example, the US Federal Trade Commission received 168,000 reports and 380,000 complaints of identity theft in 2002.

In 2007, the California city of Napa was the largest number of identity theft complaints in the United States with 300 complaints per 100,000 population .

In 2017, numerous comments with stolen identities were posted on the FCC website, speaking out against net neutrality - allegedly in order to distort public opinion .

1. ↑ OLG Cologne, judgment of September 6, 2002 , Az. 19 U 16/02, full text.
2. ^ AG Erfurt, judgment of September 14, 2001 , Az. 28 C 2354/01, full text.
3. ↑ Schufa now records identity theft , heise online from September 2, 2016
4. ↑ Marco Gercke: The criminal liability of "Phishing" and identity theft . In: Computer and Law . tape 21 , no. January 8 , 2005, ISSN  2194-4172 , doi : 10.9785 / ovs-cr-2005-606 . 
5. ↑ Bundeskriminalamt 65173 Wiesbaden (Ed.): Cybercrime. Federal situation report 2017 . Wiesbaden July 2018 ( bka.de ). 
6. ↑ WD 7: WD 7 - 3000 -183/14 - "Identity theft" on the Internet - overview and legal implications . Ed .: Scientific Service of the German Bundestag. Berlin, S. 5–6 ( bundestag.de [PDF]). 
7. ↑ silicon.de: Identity theft is spreading widely
8. ↑ Web only plays a small role in ID theft
9. ↑ FCC stonewalled investigation of net neutrality comment fraud, NY AG says - Ars Technica. In: arstechnica.com. Retrieved November 24, 2017 . 

Please note the information on legal issues!