|ID-Theft Project overview|
In Norway, as in many other countries, there is an increasing problem related to identity theft both from citizens and businesses.
In long term the consumers may lose their confidence in relation to governmental systems for protection of personal information. Daily the media brings forward stories related to new incidents regarding theft of private information from both citizens and companies. There are also a lot of examples where private information is unintentionally presented public due to lack of security measures, routines and rules.
“Identity theft” is broadly defined as the unauthorized collection, possession, transfer, replication or other manipulation of another person’s personal information for the purpose of committing fraud or other crimes that involve the use of a false identity. Aided by the increase in digitization and online use of information, identity theft is rapidly becoming a major worldwide problem for companies, governments, and citizens.
Contact with countries around the world gives us the understanding of the need for action. I.e. Canada has systematically looked through the aspects regarding law questions, technical challenges, and consequences for the society and the consumer. Statistics and systematic overview helps to understand the volume. There is a lack of understanding of in Norway due to incomplete statistics or routines collecting information when enterprises and consumers report their incidents to the police, banks or other authorities. This situation results in uncoordinated and ineffective measures being introduced to late.
Experience from other countries indicates the necessity to review many different actions and methods to reduce the extents and consequences of Identity theft in Norway.
The main goal of the project is to become a national competence centre. This centre will aim to advices both proactively and when an incident has occurred. The project will also support companies in their effort to improve their systems and routines. An important activity will be to develop guidelines and continuously update and improve these. To be able to effectively meet the challenges we also need to have updated statistical data regarding volume, cost and consequences. An overview of the quantity will also give the government and private businesses the necessary understanding of the importance to act in a rapid manner.
· Introduction and background
· Different techniques used to steal private information
· Law aspects
· Forensics – experiences today
· Policy approach to identity theft
· Enforcement of laws and regulations
· Publication of research papers, articles and literature regarding the topics
· Establish website with Frequently Asked Questions (FAQ) to different target groups.
· International benchmarking
Through the project period, information will be published actively in media and on the project web-sites.
Project time frame
· Project period: 2009 – 2010
· Pre-project in 2008.
Development phases1. Pre study (till 15.4.2008):
Mapping, anchoring, organization, finance, concept development, planning, value propositions, Collect information and make a description of other nations preventable work and actions against ID theft.
2. Pre project (15.4.2008 – 31.10.2008):
Concept development, market strategy, communication strategy. The pre project will within the end of October deliver a report with recommendations regarding deliveries in the main project.
3. Main project (2009-10):
Content and deliveries will be decided in the pre project phase.
The project will be divided into four different working packages with the aim to clarify four areas within the area of ID-theft:
Network/relations and alliances
An important dimension in this work is to create, extend and use networks and alliances. The project plans will have a structured approach to this. It’s important to create both regional and national networks, but the international contacts and the possibilities to exchange experience and knowledge at the international arena is crucial.
Collaboration with Canada and CIPPIC/ORNEC
The Bluelight network visited The Canadian Internet Policy and Public Interest Clinic (CIPPIC ) in October 2007. Professor Philippa Lawson gave us a brief overview related to the ID Theft project they started two years earlier. Professor Lawson has confirmed her presence at our security conference at Gjøvik 8.-9. April 2008. Planning is ongoing to make use of her presence these days.
We will arrange a taskforce, together with Gjøvik University College (HiG), University of Oslo, Law section(AFIN) and the Norwegian Finance Organization (FNH). We will also use the opportunity to ask for a guest lecturer at HiG.
We plan for a revisit in Canada later on. It is important for the success of this project to learn by other countries experience. The Ontario Research Network for Electronic Commerce (ORNEC ) was the organization behind the main project in Canada and they have an open invitation for us to share their experience.
Gjøvik Science Park
(Operator for Security Valley)