The Law and Justice Legislation Amendment (Identity Crimes and Other Measures) Bill 2010  is a significant piece of legislation that contains amendments to a raft of measures relating to the administration of justice in Australia. The bill inserts new offences into the Criminal Code on identity crime, it corrects a drafting error in the Criminal Code, it includes the Victorian Office of Police Integrity in the definition of an enforcement body in the Privacy Act, it allows for the delegation of powers and duties to certain persons and provides legal immunity for the director and staff to carry out the functions under the DPP Act, it streamlines the process of alcohol and drug testing under the AFP Act, it expands the range of conduct for which the AFP commissioner may make awards, it improves the operation of the Anti-Money Laundering and Counter-Terrorism Financing Act, it establishes a more consistent approach to the restrictions placed on the disclosure of sensitive AUSTRAC information and it reframes the administration of justice offences in part III of the Crimes Act to bring them in line with the Criminal Code. It is quite an in-depth bill, as that probably outlines, and it covers a vast array of areas.
Today, I want to focus on the identity theft provisions of this legislation because it seeks to implement the identity crime offences recommended by the Model Criminal Law Officers Committee. This committee identified deficiencies in the current approach to identity crime, and this is what this bill aims to address. It seeks to create three new offences and provide some relief to the victims of identity crime through the creation of victim certificates. Identity crime and identity theft are not new. The assumption of an identity, real or fictitious, to gain financial or other criminal benefit has been around for centuries, if not thousands of years. In fact, the earliest legislation on identity crime was in England, dates back to 1870 and dealt with the creation of fake stock certificates. I found that information from just a quick search and I am sure there is legislation or some form of governance on this issue dating back hundreds and hundreds of years.
However, with the rise in modern communications and technology and with the expanded use of electronic and online databases, identity crime is a real and growing concern. One of the increasing types of criminal activity is called phishing. Phishing occurs when a criminal sends a fake email purporting to be from a trusted organisation, mostly a bank. These emails entice the receiver to a well-designed fake website and ask them to verify their details, at which point their information is captured and funds are withdrawn. I was a victim of this some time ago when I was applying for a visa. I was told by my travel agent that I had to get a visa to go to the States. I was surprised that I had to because I thought we had agreements that, for short stays, we did not have to obtain visas. I got on the site, applied for the visa, paid my $60 and got what looked like an ID code which gave me something I could show to the customs officials. Lo and behold, when I got to the US there was no need for the visa, so it was a completely spurious thing. The US Embassy got in touch with me and the girlfriend I went with and we are in the process of trying to track down the money, but I am not confident.
Last year, my father-in-law was also a victim of phishing. What really made it worse was the fact that it occurred in the wake of the death of my mother-in-law in August. My father-in-law is an intelligent man and very computer savvy for someone who is in his mid-80s. But at that time, just after Mary’s death, he was in the midst of reconciling and closing down bank accounts, he was advising government agencies and community organisations of her death and, at the same time, trying to come to terms with the loss of the woman he had loved for more than 50 years. In his grief, he thought the request for bank information was just one of the many administrative processes he had to go through at the time. There was a pile of paperwork and it was just another thing he had to do. He only discovered too late that he had become a victim of identity crime.
Since being elected last year I have had a number of calls and letters from people in my electorate who have been targeted for this sort of crime in addition to the stock market scam and the Nigerian letter scam that seems to have been going on for about 20 years. What has alarmed me most is that most of these people have been over 70 years of age. In an attempt to help them I am using my website as a one-stop shop for information on a range of government and non-government services. As part of that I will be including an issues page where I will cover some of these matters to help people out. It will be like a virtual online office. One of the issues I will cover is scams. I will be linking to the Australian Competition and Consumer Commission’s SCAMwatch website. The site covers everything from phishing and card skimming to lottery and sweepstakes scams to small business directory schemes. It provides a wealth of information as well as stories of the victims of crime and identity crime and how to report a scam in your state or territory. I commend the site to my colleagues here today.
Identity crime also occurs through key-logging devices and the theft of information from computer databases. But probably one of the areas of most concern is social networking sites, as others have mentioned today, which are increasingly being used as a means to steal identities. Seventy per cent of users of these services divulge some sort of personal information. Quite often it can just be your mother’s maiden name. That is cross-fertilised, and then all sorts of things can happen, sometimes to an extent that allows the theft of identity. The AFP, in its submission on this issue to the committee, said that ‘identity crime is the fastest growing criminal type, possibly running close to 30 percent growth.’ One 2003 study estimated the cost to the Australian economy at $1.1 billion, with $420 million being directly lost and $626 million spent on resources that respond to identity crime. That equates to about $4 billion in 2010.
What we need to remember is that this figure is only an estimate of the cost of fraud-based identity crime. It does not cover the full implications of other types of identity crime. It is equally important to remember that identity crime is committed not just for the purposes of defrauding people of money. It is also used to facilitate people-smuggling, drug trafficking, money laundering, paedophilia, murder and terrorism. A 2005 French Senate report noted that terrorist networks had systematically used false identity documents to obtain employment, fund their activities and avoid detection. The September 11 bombers used false US Social Security numbers to facilitate their crime.
The effects of identity crime and theft on victims can be traumatic. Aside from the direct financial impact, which is often substantial, victims also suffer indirect consequences, including loss of reputation, damage to their credit rating and everyone’s worst nightmare—the creation of criminal records. Dealing with the effects of identity crime requires the victim to expend time and effort to correct the records and restore their good name. This is often made more difficult because the victim is not aware for some time of the fact that their identity has been taken. Identity crime strikes at the very core of self. It attacks our individuality, it attacks our reputation, it attacks who we are. Finding out that someone has been masquerading as you or a loved one can have a deep emotional and psychological impact, and there is often no easy fix. This is especially the case for those families who have had the identities of their dead children stolen, which is just appalling.
Identity crime is something about which the Australian public is becoming increasingly concerned, and I am really grateful for that. I met with some officials from the Attorney-General’s Department recently to talk to them about what they are doing on cybersecurity, particularly in the civilian area. I was really heartened by the range of activities they are involved in there. A 2007 Newspoll survey found that 62 per cent of Australians are very or extremely concerned about the unauthorised use of their personal information, which is why they must protect their personal and network computers against viruses and hackers. This is the key message I got from the Attorney-General’s Department when I spoke to them, and it is something I would like to reinforce today. People must be aware of the scams out there. It is a case of buyer beware—or person beware—of scammers. It is frightening, and people need to have their computers protected and also be alert to what could actually happen. In another survey, nine per cent of Australians claimed to be victims of identity crime, which is an extraordinary figure.
Given the rapid nature of the crime and the technology used to commit it, the legislative process has not always been quick enough to respond, to keep up. As Microsoft said in its submission to the Model Criminal Law Officers Committee: Identity theft effectively creates a new class of victim that has not been adequately catered for within Australasian legislative and policing mechanisms to date. This legislation seeks to address those concerns. It will create three new offences.
First, this bill will make it illegal for a person to make, supply or use identification information with the intention of passing themselves off as someone else for the purposes of committing or facilitating an indictable offence. This offence is important because current elements of the Criminal Code such as fraud, theft and forgery do not adequately cover the rapidly emerging types of identity crimes. This offence will be punishable by up to five years in prison.
Secondly, this bill will make it an offence to possess identification information with the intention of using that information to engage in conduct that would constitute an offence under the conditions I have already mentioned. It is important to note that the prosecution must prove not only that a person held someone’s ID information but also that they intended to use it to facilitate crime. This is to protect innocent parties from the many innocuous reasons why someone would have another person’s ID, such as holding their wallet while they were having a swim at the beach. This offence will carry a penalty of up to three years. Finally, this bill will make it an offence to possess equipment needed for the creation of ID documentation where the person intends to use or allows the equipment to be used to engage in illegal conduct. The definition of ‘equipment’ has been kept deliberately broad to avoid the provision becoming outdated by the advances in new technology which are happening every day, as has also been mentioned today.
This bill also—and this is a really important development—creates a victims’ certificate, to provide some remedy to the victims of ID crime. This is an important and welcome initiative, and I congratulate the minister for that. This new provision will allow a person to approach a magistrate for a certificate that will state the matter in which the ID information was used. The certificate will help the victims of ID crime in negotiating with financial institutions when it comes to re-establishing their credit rating or getting a new credit card—really important and really helpful.
This bill is a timely, relevant and responsible response to the ever-increasing problem of ID crime, and these new provisions have broad support from Australia’s law enforcement, banking and IT sectors. I commend the bill to the Committee.