in managing risk and preventing crime. But this responsibilization is far from perfect.
Rather than identity theft being
the fault of consumers’ poor
information-management practices, research suggests that the
greatest proportion of this risk
can be attributed to the careless
or negligent data-management
practices of major institutions.
More than 50 percent of stolen identities, for example, are
taken by employees or people
impersonating employees [ 2].
Other research has noted that
up to 70 percent of identity theft
can be traced to leaks within
organizations [ 3]. Yet statistics
such as these aren’t common
knowledge. When concerned
citizens ask their local police,
government, and corporate
authorities about identity theft,
they receive lists of tips on theft
prevention, and on what to do
once one has (seemingly inevitably) become a victim.
The process of reestablishing one’s identity is the greatest
source of frustration. The material costs of the initial fraud or
theft of data can pale in comparison with the frustrating and
time-consuming work required
to rectify the problem. These
frustrations are compounded by
the fact that victims encounter
a reverse onus; they are expected to provide appropriate documentary details in prescribed
forms and within a specified
timeline to prove their victimization (in duplicate, and by
registered mail). The investigation and resolution of their case
often depends on the speed and
the accuracy of the information
they provide.
There is a standardized four-step process for recovering from
identity theft. First, victims
should contact the police and
file a report—a requirement
that has almost nothing to do
with the prospect of effective
police assistance, but is instead
understood as a key component
in the documentation process.
Police reports are vital when
trying to prove victimization to
credit bureaus, account providers, and government authorities. Second, victims should
contact the three major credit
bureaus to acquire copies of
their credit report to examine
for discrepancies. A client can
also register a fraud alert—a
form of notification stored on
their file to caution agents that
someone has been manipulating
their data. Third, victims should
close any accounts where they
suspect involve identity theft
activity has occurred. Finally,
they should contact government
authorities to log their complaint
and provide statistical information to the relevant authorities.
Reclaiming identities involves
intense scrutiny of the bare
essences of a person’s life that
can resemble a Kafka-esque toil
with inscrutable organizational
routines and seemingly unending paperwork that on average can take up to 40 hours to
complete. Victims of extreme
instances of identity theft are
best situated to deal with their
case if they are familiar with
bureaucratic protocols and have
a heightened sensitivity to the
importance of documentation.
They also need perseverance,
and, above all, a plan.
Whereas most crime victims
are expected to do little more
than contact the police, great
weight is placed on identity
theft victims to rectify their
situation, through an expansive
program of self-documentation
and mediated communication
with social institutions. Indeed,
one of the paradoxes of identity
theft is that while the crime
itself raises questions about
institutional trust in documentary identities, this trust can
be reestablished only through
an elaborate frenzy of further
documentation. Ultimately, the
victim’s task is to return their
data double to the status of one
among millions of unremarkable transactions in a global
system of informational relays.
Curiously, the discourse on
identity theft is almost entirely
lacking in specific references
to criminals, beyond vague
references to hackers (even
though most identity theft
methods require very little computer skills). It appears to be
an almost criminal-less crime.
Instead of employing breathlessly moralized accounts of
evil criminals, institutions treat
the crime dispassionately, as
a simple risk to be managed.
One consequence of this lack of
a conspicuous criminal is that
the gaze of surveillance focuses
on the victim herself. In the
absence of identifiable perpetrators, victims become the
predominant object of statistical
knowledge, trend predictions,
risk profiling, and bureaucratic
“dataveillance.”
Victims are often treated
with suspicion and must do
considerable work to prove
their innocence. An extreme
example of this involves cases
in which a criminal provides
someone else’s personal details
when they are arrested for a
crime. In this case, the victim
must report to their nearest
[ 2] Jewkes, Yvonne.
“Policing the Net: Crime,
regulation and surveillance in cyberspace.”
In Dot.cons: Crime,
Deviance and Identity
on the Internet, edited
by Y. Jewkes, 15-35.
Cullompton, England:
Willan Publishing, 2002.
[ 3] Collins, Judith M.
and Sandra K. Hoffman.
Identity Theft Victims’
Assistance Guide: The
Process of Healing. New
York: Looseleaf Law
Publications, 2004.