With the increase of communication via the Internet and other new technologies, personal information has never been easier to collect, thus creating a lot of opportunity for identity theft. Identity thieves can now operate from a distance and access databases containing large amounts of personal information which can then be transmitted quickly around the world.
Identity theft techniques can range from relatively unsophisticated methods, such as dumpster diving, mail theft and pretexting (posing as someone who’s authorized to obtain information in order to get it), to more elaborate activities, such as skimming, phishing, pharming, vishing and hacking into large databases.1
In its current version, the Criminal Code of Canada (“CCC”) contains no general or specific identity theft offence to protect against the foregoing. With some exceptions, most of the CCC’s offences relating to property predate the computer and the Internet.
Bill S-4, An Act to amend the Criminal Code (identity theft and related misconduct), was introduced in the Senate on March 31st, 2009 to specifically address offences related to identity theft. The Bill contains essentially the same provisions as former Bill C-27, An Act to amend the Criminal Code (identity theft and related misconduct), which was introduced in the House of Commons on November 21st, 2007 but which later died when Parliament was dissolved on September 7th, 2008.
The provisions of Bill S-4 are set to come into force on January 8, 2010. Bill S-4 adds a new chapter to the CCC under the heading “Identity Theft and Identity Fraud.” “Identity theft” refers to the preliminary steps of an unauthorized collection and possession of another person’s identity information, whereas “identity fraud” constitutes the subsequent deceptive use of such information in connection with crimes like personation, fraud or abuse of credit card data.
Bill S-4 introduces a number of new offences as well as amends a number of existing offences, some of which are outlined below.
I. OFFENCES PUNISHABLE BY A TERM OF IMPRISONMENT NOT EXCEEDING FIVE (5) YEARS
Identity Theft: The new subsection 402.2(1) of the CCC stipulates that obtaining or possessing “another person’s identity information in circumstances giving rise to a reasonable inference that the information was intended to be used to commit an indictable offence that includes fraud, deceit or falsehood as an element of the offence” is an offence.
Trafficking in Identity Information: The new subsection 402.2(2) of the CCC provides that the transmission, making available, distribution, selling or offering the sale or possession of another’s person “identity information” is an offence.
“Identity information” is defined as “any information – including biological or physiological information – of a type that is commonly used, alone or in combination with other information, to identify or purport to identify an individual.” For example, name, address, date of birth, SIN, credit or debit card number, user code, password, number of an account at a financial institution, passport number, user code, password, fingerprint or voice print, retina or iris image, DNA profile, etc.
II. OFFENCE PUNISHABLE BY A TERM OF IMPRISONMENT NOT EXCEEDING TEN (10) YEARS
Unauthorized Use of Identity Information: Bill S-4 also institutes a new general offence concerning the unauthorized use of identity information, punishable by a term of imprisonment not exceeding ten (10) years. In fact, by an amendment to section 403 of the CCC, the Bill replaces the current offence of “personation with intent” (i.e. pretending to be another person to gain an advantage for oneself or cause a disadvantage to someone else) with “identity fraud”. Furthermore, the Bill adds as part of the offence at subsection 403(1)d) the act of pretending to be another person to avoid arrest or prosecution or to obstruct the course of justice.
Fraudulently possessing, using or trafficking in Credit Card Data: Amendments are brought to subsection 342(3) and (4) of the CCC, in order to add “personal authentification information” to the definition of “credit card data” thus taking into account any future identification technology. The expression “personal authentification information” is defined as “a personal identification number or any other password or information that a credit card holder creates or adopts to be used to authenticate his or her identity in relation to the credit card”.
IMPACT OF BILL S-4
The amendments brought to the CCC by Bill S-4 aim not only to prosecute and convict identity theft offences, but also to detect them. With the passing of Bill S-4 and its eventual coming into force, lawmakers will be able to target early stages of identity theft crimes and this will help lawmakers prevent identity theft before it actually happens.