Under-resourced police can’t track down your identity thief.
So how do we make it harder for hackers to steal your identity?
Sorin Toma’s NSW 2018 Budget Submission proposes a path forward.
Cyber identity theft is increasing in NSW. In the June 2018 Budget, the NSW Government should commit significant funding to the NSW Police for the purposes of clamping down on the growing problem of cyber identity theft. Police cybercrime faculties are under resourced and unable to adequately investigate and prosecute cyber identity theft perpetrated on the general public.
Background – Instances of cyber identity theft are increasing in NSW
The incidence of Identity Theft is booming. Unfortunately very few criminals are caught and prosecuted.
Diagram below from report by Attorney General and Australian Institute of Criminology “Identity crime and misuse in Australia 2016”:
Estimated number of identity crimes in 2014-15, compared to those that were prosecuted
According to the same report the annual cost of identity crime in Australia is $2.2b.
The report goes on to state that:
- In a 2016 survey, the Australian Institute of Criminology (AIC) found that 8.5% of respondents experienced some form of misuse of their personal information in the previous 12 months, with 4.9% of all respondents incurring out-of-pocket losses as a result of this misuse.
- An Australian Bureau of Statistics (ABS) survey found that around 6.4% of the Australian population aged 15 years and over reported being victims of identity fraud1 in 2014-15. This is greater than the 4% noted in the 2010-11 ABS survey.
- This makes identity crime more common than other forms of personal and household theft related crimes. Unsurprisingly, identity crime continues to be of concern to Australians, with 96% of respondents to the AIC surveys perceiving misuse of personal information to be either a ‘very serious’ or ‘somewhat serious’ issue.
Why are the authorities so far behind in fighting cyber identity theft?
- The NSW Government has made some advances in the area of combatting cyber identity theft, primarily by appointing a Deputy Commissioner for Cyber Crime and have funded projects under the Fraud and Cyber Crime Squad.
- However, the police in NSW still have limited resources to follow up incidents of identity theft and cyber fraud.
From a legal perspective, the police have to walk a very fine line in pursuing individuals suspected of committing cyber identity thief, due to strict State and Federal privacy legislation. In NSW, police are unable to track infringe your legal rights (or anyone else’s for that matter including the criminals) to privacy. Many of the details that cyber criminals steal are protected by confidentiality agreements e.g. details of telco accounts, credit cards, bank accounts can only be accessed by the owners of those accounts. This exponentially increases the workload for police in chasing cyber thieves. It’s the equivalent of ‘swimming with their hands tied behind their backs’.
- An unofficial survey of five police stations on Sydney’s North Shore and Eastern suburbs asking NSW Police “At what level in dollar amount terms, does an identity theft potential crime reported become top priority?” Three commands quoted $50,000 and the other two said $100,000. This was the level where extensive reporting was undertaken, the alleged crime is centrally recorded in the NSW Police database and formal investigations are initiated. This threshold is unacceptably high.(i)
- Below this threshold criminals can operate quite openly and with impunity especially during public holidays and outside normal operating hours. They do so because they understand that the likelihood of being caught is remote.
Does funding equal results – Case Study: Strike Force Ravens
- Increased funding for NSW Police Operations translates into reduction in niche crimes and an increase in prosecutions.
- In August 2016, the NSW Government committed $536,000 to Strike Force Ravens , to crack down on green-slip insurance fraud. As a result of the operation, as of September 2017 there had been 16 arrests and 120 charges for frauds valued at $11 million .
- The NSW Police estimate that each arrest results in 200 fewer claims being lodged .
NSW Government should fund a special NSW Police unit/operation to tackle cyber identity theft
As part of the 2018 Budget, the NSW Government should commit significant ongoing resources in the range of $5-10 million, to empower the NSW Police Fraud and Cyber Crime Squad to implement a crackdown on cyber identity theft perpetrated against residents of NSW.
Key aspects of the unit/operation should include:
- a 24/7 public access line for reporting incidents of identity theft, and to provide information on initial steps to recover and restore stolen information;
- an automatic centralised database of reported incidents of identity theft collected in real time from all business and organisations;
- the facilitation of collaboration and data exchange between Australian jurisdictions;
- employment of cyber/IT specialists to investigate, track, gather evidence on and ultimately arrest perpetrators of cyber identity theft.
- Cyber identity theft in NSW is booming because perpetrators know they can get away relatively unscathed – the risk of being caught is very low.
- The NSW Government as well as NSW Police should make a public commitment to tackle the growing threat of cyber identity fraud. This commitment should mandate that all cyber identity fraud will be pursued and investigated to the full extent of the law.
As part of the commitment the Government should mandate:
- heftier fines with assets of perpetrators obtained through cyber identity theft
- longer prison terms.
Background on Xpotentia
Xpotentia was started mid-2008 to help organisations deal with critical technology challenges still emerging at that time. Back then the “Software As A Service” (SAAS) or Cloud paradigm was embryonic. Cyber Security was just a function of Information technology department, as businesses reengineered their operations and shopfronts using online software to take advantage of the World Wide Web or the Internet.
Hacking had been with us ever since the Internet was invented. Spam emails, phishing emails, malware, viruses and other such threats had also been with us since the early 1990’s when Windows 3.1 was first developed by Microsoft. But the threats were manageable and had not yet evolved into the tsunami of sophisticated attacks that we have to deal with today.
By 2008 mobile phones had been with us for just over a decade. Smart phones only just appeared when Apple transformed the iPod into the iPhone and suddenly Blackberries were passé. Tablet computers such as Apple’s iPad appeared soon after. The world has been completely transformed since then.
Many industries such as transportation (think Uber and driverless cars), newspaper publishing, travel (accommodation and airlines), book publishing, media and entertainment, manufacturing, government and healthcare have had their basic business models disrupted and changed since then.
Much more is still to come as IoT (Internet of Things), AI (Artificial Intelligence), robotics and technology merge to create solutions that necessitate new business models, new strategies for marketing, distribution, logistics and new approaches to technology, business and operational efficiency. Those organisations that fail to transform will see their efficiency and productivity eroded, their markets obliterated as their customers move on to better offerings from smarter competitors.
Those organisations that fail to protect their data and technology assets will see their competitive advantage eroded to nothing, their intellectual property stolen, their best employees leaving and their customers fleeing because of broken trust.
Xpotentia’s Mission is simple: “We help our clients achieve business success”.
Our Vision: “To help protect, defend and transform your business through business and technology innovation, increased flexibility and agility, and the creation of sustainable competitive advantage”
i Survey conducted by Xpotentia, March 2018
The views expressed here are those of the author Sorin Toma; they are not the views of any client of Xpotentia or any other organisation that either Mr Toma or Xpotentia have any association with.
Download the research briefing here.