Criminal and procedural legal challenges of identity theft in the cyber and information age

• Jurisdiction: South Africa
• Citation: (2017) 30 SACJ 363
• Date: 24 May 2019
• Pages: 363-384
• Published date: 24 May 2019
• Author: Vinesh Basdeo

Criminal and procedural legal

challenges of identity theft in the

cyber and information age

VINESH BASDEO*

ABSTRACT

Criminal s have increasingly become involved in cyb er activities but

practitioners in the c riminal jus tice arena do not seem to be keeping pace

with crime in a c yber context. Being comfor table with the technology t hat

underpins the in formation age is a non-negotiable ski ll for those who have

to unravel and bring twent y-rst century c rimes to book. The bir th of the

cyber and the in formation era has create d new criminal and procedural law

challenges in the ght agai nst identity theft. Identity thef t imposes immense

hardships upon its vict ims. There is often t he false and misguided bel ief

that it’s only the careless, tr usting and naive that fall victim to the tr ickeries

of identity thieves. The evolution of tec hnology and the resultant i ncrease

in individuals t ransacting electron ically has presented new oppor tunities

for identity thieves to get hold of persona l information. The per petrators

of identity theft of ten use the stolen identities to comm it fraud and to

violate the law. This article exam ines the challenges of identit y theft and

the inadequacy of ex isting legislation to address t his scourge. This ar ticle

further exa mines the extent and ef cacy of South Afr ican laws to deal with

the challenges presented by identit y theft. It also analys es the rudimentar y

powers that exist in Sout h African cri minal procedure wit h regards to

identity theft, and it f urther exam ines legislative solutions introduced i n

South Africa, t he United States of America and the United Ki ngdom. Finally,

this article prop oses possible recommendations to cou nteract identity thef t.

1 Introduction

This article proceed s from the notion that identity theft is not

a recent phenomenon, but rather that the advent of the cyber and

information age has created new opport unities for identity thieves,

and new criminal a nd procedural law challenges for law enforcement

agencies. Identity theft continuously manifests it self as one of the

fastest growing crimes of the t wenty-rst century.1 Recent trends and

developments indicate that no country is ful ly immune to this highly

* NDip(Pol) (Technikon SA) BA(Pol) BA(Hons)(Pol) LLB LL M LLD (Unisa), Professor

of Law, Unisa. This ar ticle is based on work na ncially supported by t he National

Research Foundation.

1 N Van der Meulen The Challenge of Co untering Identity Theft: Rec ent Developments

in the United States, the Unit ed Kingdom, and the European Union (20 06) 1.

363

(2017) 30 SACJ 363

© Juta and Company (Pty) Ltd

complex crime .2 The development and growth of telecommunications

technology, which connects computers in networks and which enables

the transmission of in formation between computer systems, has

given impetus to the processing of personal i nformation.3 Netwo rks4

afford more users the opportun ity to have access to a wider range

of personal information, and enables th is information to be shared

across varied information technology platfor ms. The global economy

is dependent on the transfer of inform ation, including personal

information via global in formation networks.5 The collection of

information on individuals is a s old as civilisation itself.6 However the

development of information technology has inuenced the collection

and exploitation of personal in formation.7 Globally, the collection and

transfer of personal in formation has become an everyday occurrence.

Generally, individuals give out the information voluntari ly to social

service department s and on related networks, or as part of economic

and business transactions.8 However, sometimes personal in formation

is collected surreptitiously by means of tech nological inventions that

the data subje ct9 is not aware of, for example the use of cookies,10

radio frequency identication tags (RF ID tags) on consumer items;11

or the use of scanners with which in formation on a mobile device can

be collected.

2 MH Maras ‘Inter net of things: security and privac y implications’ (2015) 5 Internat’l

Data Privacy L 9 9.

3 DP Van der Merwe et al Information and Communications Technology Law 2ed

(2016) 3 63.

4 See M Watney ‘Identity thef t: the mirror re ects another face’ (20 04) 3 TSAR 51;

FCassim ‘Protect ing personal information in the e ra of identity theft: just how safe

is our personal i nformation from ident ity thieves?’ (2015) 18 PELJ 68; A Roos ‘D ata

protection: explai ning the international backdrop and eva luating the current South

African po sition’ (2007) 124 SALJ 40 0.

5 Ibid.

6 W Madsen Handbook of Per sonal Data Protection (19 92) 6.

7 Van der Merwe op cit (n3) 363.

8 AL Allen ‘An ethic al duty to protect one’s own in formation privac y?’ (2012) 64

Alabama LR 845 .

9 LA Bygrave ‘Automated proli ng: Minding the mach ine: Article 15 of the EC Dat a

Protection Dire ctive and automated proling’ (2001) 17 Computer Law and Se curity

17.

10 Van der Merwe op cit (n3) 364. A cookie is a s mall text le, usu ally a sequence of

numbers, which is sto red by a website on the computer of a user when v isiting the

particular website.

11 Information ab out a shopper’s preferences, where the shoppe r is shopping and

what he or she is buying, is collec ted and can be used in targeted adverti sements.

364 SACJ . (2017) 3

© Juta and Company (Pty) Ltd