This article was downloaded by: [University of Auckland Library]On: 09 November 2014, At: 14:06Publisher: RoutledgeInforma Ltd Registered in England and Wales Registered Number: 1072954 Registeredoffice: Mortimer House, 37-41 Mortimer Street, London W1T 3JH, UK

International Review of Law,Computers & TechnologyPublication details, including instructions for authors andsubscription information:http://www.tandfonline.com/loi/cirl20

Is identity theft really theft?Clare Sullivan a ba Law School, Ligertwood Building, University of Adelaide ,Adelaide, South Australiab International Graduate School of Business, City West Campus,University of South Australia , Adelaide, South AustraliaPublished online: 18 Nov 2010.

To cite this article: Clare Sullivan (2009) Is identity theft really theft?, International Review of Law,Computers & Technology, 23:1-2, 77-87, DOI: 10.1080/13600860902742596

To link to this article: http://dx.doi.org/10.1080/13600860902742596

PLEASE SCROLL DOWN FOR ARTICLE

Taylor & Francis makes every effort to ensure the accuracy of all the information (the“Content”) contained in the publications on our platform. However, Taylor & Francis,our agents, and our licensors make no representations or warranties whatsoever as tothe accuracy, completeness, or suitability for any purpose of the Content. Any opinionsand views expressed in this publication are the opinions and views of the authors,and are not the views of or endorsed by Taylor & Francis. The accuracy of the Contentshould not be relied upon and should be independently verified with primary sourcesof information. Taylor and Francis shall not be liable for any losses, actions, claims,proceedings, demands, costs, expenses, damages, and other liabilities whatsoever orhowsoever caused arising directly or indirectly in connection with, in relation to or arisingout of the use of the Content.

This article may be used for research, teaching, and private study purposes. Anysubstantial or systematic reproduction, redistribution, reselling, loan, sub-licensing,systematic supply, or distribution in any form to anyone is expressly forbidden. Terms &Conditions of access and use can be found at http://www.tandfonline.com/page/terms-and-conditions

Is identity theft really theft?

Clare Sullivan�

Law School, Ligertwood Building, University of Adelaide, Adelaide, South Australia andInternational Graduate School of Business, City West Campus, University of South Australia,

Adelaide, South Australia

This article continues the examination of the emergent legal concept of identity nowclearly evident in the UK as a result of the Identity Cards Act 2006 (UK) and itsconsequences. In ‘Conceptualising Identity’ (International Review of Law, Computersand Technology 2, no. 3 (2007): 237), the author asserted that identity is emerging asa distinct, new legal concept and considered the composition and legal function of thenew concept. This article builds on that study and uses the emergent concept ofidentity, particularly token identity, to analyse the nature and consequences of identitytheft. Identity theft is defined using the concept of identity now evident in the UKand the article examines misuse by a person of another individual’s registered tokenidentity for a transaction. The article considers whether an individual’s identity isproperty that is capable of being the subject of theft, having regard to the nature andfunction of the emergent concept of identity.

Keywords: identity; property; theft

Introduction

The earlier article entitled ‘Conceptualising Identity’ examined the new legal concept ofidentity now evident in the UK as a consequence of the Identity Cards Act 2006 (UK)(‘Identity Cards Act’) and the National Identity Scheme (‘NIS’).1 In summary, the newconcept consists of two components – database identity and token identity.

Database identity is all the information2 recorded about an individual in the databasesaccessible under the NIS. Token identity is a subset of the information which comprisesdatabase identity. Token identity consists of name, gender, date and place of birth, dateof death and ‘identifying information’,3 i.e. signature, photograph and biometrics. Thebiometrics include a face scan, two iris scans and ten fingerprints.

Token identity does more than just identify. The token identity presented at the time oftransaction, singles out an individual from the rest of the population and authorises thesystem to deal with that identity. Token identity is therefore the set of information thatconstitutes an individual’s identity for transactional purposes4 and it is the informationwhich is most useful to an identity thief.

Use of another individual’s registered token identity is made possible by the verificationprocess whereby the required token identity information as presented, must match therecord in the National Identity Register (‘NIR’) to enable the transaction. Not all the

ISSN 1360-0869 print/ISSN 1364-6885 online

# 2009 Taylor & FrancisDOI: 10.1080/13600860902742596

http://www.informaworld.com

�Emails: clare.sullivan@adelaide.edu.au and clare.sullivan@unisa.edu.au

International Review of Law, Computers & TechnologyVol. 23, Nos. 1–2, March–July 2009, 77–87

Dow

nloa

ded

by [

Uni

vers

ity o

f A

uckl

and

Lib

rary

] at

14:

06 0

9 N

ovem

ber

2014

registered token identity information will necessarily be used to verify identity at the time ofa transaction. The token identity information required will depend on the nature of thetransaction and the requirements of the transacting entity. Usually name, gender, dateand place of birth and one piece of the ‘identifying information’ will be required. Depend-ing on the transaction, the ‘identifying information’ can be appearance in comparisonwith the photograph, handwritten signature and/or comparison of one or more biometrics.Routine transactions conducted in-person will usually require a match with the photo-graph, or a signature. Use of biometrics makes misuse more difficult (although not imposs-ible) but biometrics will only be used for significant transactions.5 Some transactions,most notably remote transactions conducted by telephone or using the internet, may notuse any of the ‘identifying information’. Answers to pre-designated questions may beused to check ‘identity’,6 but their purpose is really to check that the token identity is inthe right hands.

Misusing another individual’s registered identity

Registration and the verification process under the NIS transforms the information whichconstitutes token identity, so that as a set, it becomes the individual’s transactional identity.Misuse of an individual’s registered token identity infringes that individual’s ability to berecognised, and to transact, as a unique person. The use infringes his/her fundamentalhuman right to identity, which includes the right of an individual to an accurate, fully func-tional token identity and to its exclusive use.

Unlike the individual pieces of information that comprise it, token identity has theessential characteristics of intangible property. Its misuse by another person not onlyinfringes the individual’s personal right to identity, it infringes the individual’s proprietaryrights in his/her registered identity, particularly in token identity.

When another person misuses an individual’s registered token identity, he/she is usingthe set of information that constitutes the individual’s transactional identity, as the perpetra-tor’s own. The act is more than fraud. It is a misappropriation of the individual’s transac-tional ‘key’. The perpetrator is using the ‘key’ that enables the transaction and which isnotionally connected to the individual through the ‘identifying information’, i.e. signature,photo, finger prints, face scan and iris scans, as recorded in the NIR. The perpetrator uses tohis/her advantage, the implicit presumption that the person presenting the token identity isthe individual to whom it is linked in the register. In doing so, the perpetrator acts dishon-estly, but the essence of the crime is the misappropriation of another person’s transactionalidentity, which infringes that person’s rights in that his/her registered identity. This is a finedistinction, but an important one.

Under the NIS, identity is verified for the purposes of a transaction when the systemmatches the token identity as presented, with the information recorded in the NIR. Thetransaction is actually between the transacting entity and the token identity. Token identityis the legal person in the transaction, not the individual to whom it is connected in theregister, nor the person who presents the token identity.

So, if B presents A’s token identity as his/her own, A is the primary victim of the crime.The transacting entity C will seek to enforce that transaction as against A as the individualwho is linked to that token identity by the ‘identifying information’ – a link which exits as aresult of the scheme and the registration process. The evidential burden then falls on A toestablish that he/she did not use the token identity for that transaction. Considering thenature of the wrong and the harm, the use by B of A’s token identity is clearly more thanjust fraud, especially from A’s perspective.

78 C. Sullivan

Dow

nloa

ded

by [

Uni

vers

ity o

f A

uckl

and

Lib

rary

] at

14:

06 0

9 N

ovem

ber

2014

Is identity theft really theft?

This question has been given new currency in Australia because the Model Criminal LawOfficers Committee in its Final Report on Identity Crime does not consider that anindividual’s identity can be the subject of theft:

The phrase ‘identity theft’ is a misnomer, as identity theft does not actually deprive a person oftheir identity. The offence of theft or larceny traditionally involves an appropriation of the per-sonal property of another with the intention to deprive him or her of that property permanently.Wrongfully accessing and using a person’s personal information or forging proof of identitydocuments, without taking any physical document or thing, would not deprive the person ofthe ability to use that information.

The Committee instead conceptualised ‘identity theft’ as fraud or deceit and recommendedthat new Model Identity Crime offences to cover dealing in, or possessing, identificationinformation with the intention of committing, or facilitating the commission of, an indict-able offence.

The Committee’s view is based on the long-held assumption that information is justinformation and that it can not be the subject of theft because its appropriation does notcause permanent deprivation. However, an individual’s transactional identity under theNIS is more than just information. Registration under the scheme gives it the characteristicsof property that is capable of being misappropriated.

Dishonest use by a perpetrator of an individual’s token identity will not be noticed bythe individual in the same way that an individual is likely to notice that his/her wallet oridentity card is missing, for example. Initially, the misuse will not necessarily preventthe individual using his/her token identity for other transactions, but when misuse is sus-pected, the individual’s use will be disrupted and the incident will be included as part of theinformation that makes up the individual’s database identity.

The individual ‘gets back’ the token identity when his/her proprietary rights arerestored, i.e. when another person is prevented from using it. The enduring nature of theinformation that constitutes token identity means that it cannot be restored to the individualwithout substantial impairment in its value. Another person is only prevented from usingthe token identity if the individual uses a new token identity, if there is a name changefor example, or alternatively, if protection is provided by requiring a PIN or answers toadditional questions at the time of a transaction. If a change of name is necessary as aconsequence of the misappropriation, it illustrates the substantial impairment of the valueof the original token identity. Similarly, the use of designated questions at the time of thetransaction to provide additional protection, illustrates the impairment in integrity of thetoken identity. The impact of the appropriation is therefore fundamental and enduringand in that sense there is a substantial impairment of value from the perspective of theindividual and the broader community.

While Alex Steel maintains that ‘nothing of practical value is gained by extendingtheft to include intangible property; and that misuse of intangible property is best dealtwith either by fraud or sui generis offences’, dishonest use of an individual’s token identityby another person is clearly more than fraud.7 It is a misappropriation of the individual’stransactional identity, not just dishonest use of identity information. Moreover, the criminaldamage offence in the UK and computer offences under the Computer Misuse Act 1990(UK) have limited application to the types of misuse which can be expected in thecontext of the NIS. Even the new offences in the Identity Cards Act do not apply to thedishonest use by another person of an individual’s registered token identity.

International Review of Law, Computers & Technology 79

Dow

nloa

ded

by [

Uni

vers

ity o

f A

uckl

and

Lib

rary

] at

14:

06 0

9 N

ovem

ber

2014

Identity theft is theft

Section 1(1) of the Theft Act 1968 (UK) sets out the basic definition of theft which is gen-erally followed in the Australian jurisdictions:

A person is guilty of theft if he dishonestly appropriates property belonging to another with theintention of permanently depriving the other of it; and ‘thief’ and ‘steal’ shall be construedaccordingly.

If a person uses the identity of another individual, or even just some parts of it, to obtaintangible property such as money, the elements of the theft offence are usually easilymade out. However, the wrong and the harm arise when another person dishonestly usesan individual’s token identity for a transaction. Dishonest use of an individual’s transac-tional identity should be an offence; and the nature of that offence is essentially appropria-tion. When the elements of the offence are considered, it is clear that an individual’sregistered token identity is property that is capable of being stolen.

Token identity is property

Section 4(1) of the Theft Act defines ‘property’ as ‘any property whether real or personalincluding things in action and other intangible property’. Section 5(1) states that:

Property shall be regarded as belonging to any person having possession or control of it, orhaving in it any proprietary right or interest (not being an equitable interest arising onlyfrom an agreement to transfer or grant an interest).

When considered separately, the components of token identity do not have the character-istics of property, nor do they invariably identify an individual. An individual uses his/her name and date and place of birth for example but he/she does not own them. Even jur-isdictions that protect some of the components, do not regard them as property, nor do theyregard the individual as their owner. The right to publicity recognised in the USA forinstance, protects the unauthorised use of a celebrity’s name, image and even voice.8

When considered separately these components can identify the individual because, as aconsequence of the celebrity’s public profile, the name, image or voice is distinctive. Never-theless, the right is essentially personal, not proprietary.

On registration under the NIS, however, the information that makes up token identitytakes on a different legal character. As a collective it assumes the essential characteristicof property, i.e. it becomes a ‘thing’ that is the subject of ownership rights, which aregenerally enforceable. It is capable of being controlled and of being misappropriated,and token identity is considered to ‘belong’ as defined in Section 5(1) of the TheftAct to the individual whose ‘identifying information’, primarily the biometrics, arerecorded in the NIR. That individual has control of and proprietary rights in the registeredidentity.

Tony Honore considers that ownership is determined by looking at the rights a personhas to use the thing in the future.9 He considers that the ‘incident of residuarity’distinguishes possession from ownership, i.e. an owner has a superior right to possessionand this reversionary interest characterises property. In other words, a person can possesssomething without owning it. Possession is a temporary right compared to the more endur-ing, reversionary right of ownership. While Honore’s comments apply to tangible ratherthan intangible property, the reasoning can be extrapolated to token identity. Given thenature of token identity and its relationship to the individual under the Scheme, the

80 C. Sullivan

Dow

nloa

ded

by [

Uni

vers

ity o

f A

uckl

and

Lib

rary

] at

14:

06 0

9 N

ovem

ber

2014

individual can be considered to have a residual right to his/her token identity. There is nodifference in the fundamentals, except that token identity is intangible property.

Honore’s list specifies the right to possess the property, the right to use the property, theright to manage how the property is used, the right to income from the property, to securityfrom interference with the right to the property and the right to transmit that right tosuccessors.10 Most of these rights are part of the broader right to database identity includingtoken identity. All (with the possible theoretical exception of the right to possess, if thetraditional interpretation is applied) are relevant to the relationship between an individualand his/her token identity, as is clear when the infringement of these rights is consideredin relation to appropriation.

In all these respects, token identity is fundamentally different to the confidentialinformation in the proof of an examination paper which was held in Oxford v. Moss11

not to be intangible property that is capable of being stolen.12 Token identity is alsofundamentally different from the other more detailed information that makes up therest of an individual’s database identity. Like the examination paper in Oxfordv. Moss,13 the other Schedule 1 information is just information. Depending on thecircumstances, unauthorised access to the other information, which makes up databaseidentity, can be an offence under the Computer Misuse Act 1990 (UK), but it is notproperty that can be the subject of theft. Unlike the other information that makes up anindividual’s database identity, however, the nature of token identity, its functionsunder the scheme and its contingent connection to an individual, give token identitythe characteristics of property that is capable of being stolen.

Alienability is often assumed to be a distinguishing feature. Indeed, in National Provin-cial Bank v. Ainsworth, Lord Wilberforce stated that property ‘must be definable, identifi-able by third parties, capable in its nature of assumption by third parties, and have somedegree of permanence or stability’.14 However, ‘assumption by third parties’ is not anessential feature as Kitto J of the High Court of Australia pointed out in National TrusteesExecutors & Agency Co of Australasia Ltd v. FCT: ‘It may be said categorically that alien-ability is not an indispensable attribute of a right of property according to the general sensewhich the word ‘property’ bears in the law’.15 Alienability is certainly not a feature ofrecently recognised concepts of property. The property rights recognised by the HighCourt of Australia in Mabo No. 2 for example, do not include alienability.16

The NIS is based on the premise of ‘one person – one identity’, so there is necessarily ageneral duty on other members of society not to interfere with an individual’s token identity,or its exclusive use by the individual, which is in line with Hans Kelsen’s view that:

The typical right to a thing (or real right) . . . is the property right. Traditional science of lawdefines it as the exclusive dominion of a person over a thing and thereby distinguishes thisright from the right to claim, which is the basis only of personal legal relations. This distinction,so important for civil law, has an outspoken ideological character.

Since the law as a social order regulates the behavior of individuals in their direct or indirectrelations to other individuals, property too, can legally consist only in a certain relation betweenone individual and other individuals. The obligation of these other individuals not to disturbthe first one in his disposition over a certain thing. What is described as the exclusive‘dominion’ of an individual over a thing is the legally stipulated exclusion of all others fromthe disposition over this thing. The dominion of the one is legally merely the reflex of theexclusion of all others.17

Kelsen’s views echo Charles Reich’s views that protection of the private sphere derives itsmoral force from the liberal ideal of autonomy and particularly the protection of an

International Review of Law, Computers & Technology 81

Dow

nloa

ded

by [

Uni

vers

ity o

f A

uckl

and

Lib

rary

] at

14:

06 0

9 N

ovem

ber

2014

individual’s self-determination from interference.18 Any interference with an individual’sself-determination, impacts on the autonomy of society as a collective and on the valuesthat underpin democracy. In this context, it is autonomy in the sense of being recognisedas an individual and having transactional autonomy. Under the NIS, an individual musthave ‘exclusive dominion’ over his/her registered token identity; and to maintain the integ-rity of the scheme, an individual’s dominion over his/her registered token identity must berespected by others and protected from interference or disturbance.

Like Kelsen, Morris Cohen maintains that a ‘property right is a relation not between anowner and a thing but between an owner and other individuals in reference to things. A rightis always against one or more individuals’.19 While that is undoubtedly true in relation torecognition of the property rights of an individual by others, there is also a relationshipbetween the individual and the property. In Yanner v. Eaton the High Court consideredthis relationship and the importance of exclusivity and control:

‘Property does not refer to a thing; it is a description of a legal relationship with a thing. It refersto a degree of power that is recognised in law as power permissibly exercised over the thing.The concept of “property” may be elusive. Usually it is treated as a “bundle of rights”. But eventhis may have its limits as an analytical tool or accurate description, and it may be, as ProfessorGray has said, that ‘the ultimate fact about property is that it does not really exist: it is mereillusion.’ Considering whether, or to what extent, there can be property in knowledge or infor-mation or property in human tissue may illustrate some of the difficulties in deciding what ismeant by ‘property’ in a subject matter . . . . Nevertheless, as Professor Gray also says, ‘Anextensive frame of reference is created by the notion that “property” consists primarily incontrol over access. Much of our false thinking about property stems from the residual percep-tion that “property” is itself a thing or resource rather than a legally endorsed concentration ofpower over things and resources.’ . . . Because ‘property’ is a comprehensive term it can beused to describe all or any of many different kinds of relationship between a person and asubject matter.20

The important consideration therefore, is the relationship. There is a relationship betweenthe individual and his/her registered token identity that necessarily requires the controland exclusivity recognised as property in Yanner v. Eaton. There is also the broaderrelationship between the individual and others, whereby the relationship between an indi-vidual and his/her token identity is recognised and respected. Under both these approaches,and the bundle of rights approach; token identity is property.

Appropriating token identity

‘Appropriation’ is defined in Section 3(1) of the Theft Act which states that: ‘Any assump-tion by a person of the rights of an owner amounts to an appropriation, and this includes,where he has come by the property (innocently or not) without stealing it, any later assump-tion of a right to it by keeping or dealing with it as owner’. Section 1(2) states that ‘It isimmaterial whether the appropriation is made with a view to gain, or is made for thethief’s own benefit’.

Appropriation for the purposes of the law of theft requires that the thief acts as thoughhe owns the property. In R v. Morris (‘Morris’) the House of Lords found that assumption ofa single right of the owner can amount to appropriation.21 Although Lord Roskill con-sidered that a combination of acts by the defendant (as occurred in Morris) may amountto an appropriation, the subsequent decisions of the House of Lords in R v. Gomez(‘Gomez’) and R v. Hinks rejected that requirement and confirmed that assumption ofany one of the rights of the owner is sufficient to constitute an appropriation.22 As Alex

82 C. Sullivan

Dow

nloa

ded

by [

Uni

vers

ity o

f A

uckl

and

Lib

rary

] at

14:

06 0

9 N

ovem

ber

2014

Steel observes ‘This leaves appropriation as a very broad term which requires only theassumption of any one property right associated with the victim’.23

In the context of the NIS, an appropriation or dealing occurs when a person uses an indi-vidual’s token identity as his/her own for transaction. When the perpetrator uses the tokenidentity, he/she clearly assumes at least one of the ownership rights of the individual,specifically the right to exclusive use of the token identity. The assumption of that rightis sufficient to constitute an appropriation within Sections 1 and 3 of the Theft Act butin using the individual’s token identity, the perpetrator assumes most of the individual’sownership rights listed by Honore.24

The perpetrator infringes the individual’s right to security from interference with both thetoken identity and the individual’s use of it, as well as the right to transmit that right to theindividual’s successors because the right to database identity including token identity, sur-vives the individual’s death and can be enforced by his/her executors and survivors. Inusing the token identity the perpetrator also infringes, then assumes, the individual’s rightto manage how his/her token identity is used. In dishonestly using the information that con-stitutes an individual’s identity for a particular transaction, a perpetrator acts as though he/she owns that identity and assumes the proprietary rights that are exclusive to the individual.

Intention to permanently deprive the owner of his/her token identity

Section 6(1) of the Theft Act states that:

A person appropriating property belonging to another without meaning the other to perma-nently to lose the thing itself is nevertheless to be regarded as having the intention of perma-nently depriving the other of it if his intention is to treat the thing as his own to dispose ofregardless of the others rights; and a borrowing or lending of it may amount to so treating itif, but only if, the borrowing or lending is for a period and in circumstances making it equiv-alent to an outright taking or disposal.

In R v. Lloyd the court cited the opinion of Edmund Davies LJ in R v. Warner that ‘Section 6. . . gives illustrations, as it were, of what can amount to the dishonest intention demandedby Section 1(1). But it is a misconception to interpret the section as watering down Section1.’ ‘We should try to interpret the section in such a way as to ensure that nothing is con-strued as an intention to permanently deprive which would not prior to the 1968 Acthave been so construed.’25 However, JC Smith comments that ‘before and since Lloydcourts have given the words of the section its wider ordinary meaning’ (sic). Section6(1) of the Theft Act was apparently intended to cover the situation in R v. Hall wherethe defendant took the owner’s property and pretended that it was his own so he couldsell it to the owner.26 The defendant did not change the property in any way, nor did heremove it from the possession of the owner but he presented the property as his own.

Smith argues that the intention to use the property as one’s own is not sufficient toamount to theft:

It adds nothing to ‘appropriates’ since appropriation consists in an assumption of the right ofthe owner. The words, ‘dispose of’, are crucial and are, it is submitted, not used in a sensein which a general might ‘dispose of’ his forces but rather the meaning given by the ShorterOxford Dictionary: ‘To deal with definitely; to get rid of; to get done with, finish. To makeover by way of sale or bargain, sell.’27

However, in R v. Lavender (‘Lavender’) in considering Section 6 of the Theft Act the courtconsidered that the focus on the words ‘to dispose of’ and applying a dictionary definition

International Review of Law, Computers & Technology 83

Dow

nloa

ded

by [

Uni

vers

ity o

f A

uckl

and

Lib

rary

] at

14:

06 0

9 N

ovem

ber

2014

to them was too narrow an approach and that the words ‘if his intention is to treat the thingas his own to dispose of regardless of the other’s rights’ have to be read together. The courtfollowing what the statements of the Privy Council in Chan Man-sin v. Regina, consideredthat a disposal in the sense used in Section 6 includes dealing.28

In Lavender a tenant secretly took two doors from his landlord’s premises to replace thedamaged doors in his rented flat. The tenant’s intention was to leave the doors in the flatafter his lease terminated in about a year. Applying the second limb of Section 6, thecourt stated:

So we think the question in the instant case is did the respondent intend to treat the doors as hisown in dealing with the council regardless of their rights? The answer to this question must beyes. There can be no doubt that what the respondent did was regardless of the council’s right.Those rights included the right not to have the doors at 25 Royce Road removed, and to requirethe tenant at 37 Royce Road to replace or pay for the damaged doors. In dealing with the doorsregardless of those rights, when he consciously did, the respondent manifested an intention totreat them as his own.29

The common factor in R v. Hall, which is continued in Lavender, is that the defendant wasconsidered to have stolen the property even though it was not removed from the possessionof the owner and its nature was not altered by the offender’s use.30 Both cases involved tan-gible property but the basic principles also apply to intangible property like token identity.The crucial factor is that in each of these cases, the defendant exerted control over the prop-erty, and in doing so, usurped the owner’s rights of control and exclusive use. Similarly, aperson who dishonestly uses another person’s token identity for a transaction exerts controlover the token identity and thereby, usurps the owner’s rights.

Dishonestly appropriating token identity

If the other elements of the offence are established, then it is a question of whether the mis-appropriation was dishonest. Edward Griew points out that ‘dishonestly’ ‘has a negativefunction – as meaning ‘otherwise than honestly’ ‘in much the same way as ‘unlawful or‘without lawful excuse’ is used.31 Steel similarly observes that: ‘In fact in England,whether an action amounts to theft will in practical terms depend on whether the personis dishonest’.32

The legislation does not define ‘dishonesty’ but in R v. Feely (‘Feely’) the Court ofAppeal held that dishonesty does involve ‘moral obloquy’ and whether the accused isdishonest is a question of fact for the jury, applying ‘current standards of ordinarydecent people’.33 This approach was modified by the Court of Appeal in R v. Ghosh(‘Ghosh’).34 In Ghosh the Court of Appeal rejected the distinction between theft and con-spiracy to defraud in relation to the test for dishonesty and emphasised that dishonestyrefers to the knowledge and belief of the accused. The court doubted whether the courtin Feely intended to establish an objective test and it reframed it as a two step test:

In determining whether the prosecution has proved that the defendant was acting dishonestly, ajury must first of all decide whether according to the ordinary standards of reasonable andhonest people what was done was dishonest. If it was not dishonest by those standards, thatis the end of the matter and the prosecution fails.

If it was dishonest by those standards, then the jury must consider whether the defendanthimself must have realised that what he was doing was by those standards dishonest. Inmost cases, where the actions are obviously dishonest by ordinary standards, there will

84 C. Sullivan

Dow

nloa

ded

by [

Uni

vers

ity o

f A

uckl

and

Lib

rary

] at

14:

06 0

9 N

ovem

ber

2014

be no doubt about it. It will be obvious that the defendant himself knew that he was actingdishonestly. It is dishonest for a defendant to act in a way which he knows ordinary peopleconsider to be dishonest, even if he asserts or genuinely believes that he is morally justifiedin acting as he did.35

The belief of the defendant must be genuine. It need not be reasonable although that is afactor which is a relevant consideration in determining whether the belief is genuine. In thecontext of the NIS, use of an individual’s registered token identity by another person willusually clearly be dishonest under this test.

Section 2(1) of the Theft Act sets out three situations in which appropriation of propertyis not to be regarded as dishonest, based on the defendant’s belief. Under part (a) of Section2(1), theft is not committed if a person appropriates the property believing that he/she hasthe legal right to deprive the owner of that property. Under part (b) if the accused believesthat he/she has consent if the owner knew of the appropriation and circumstances, the use isnot theft; and similarly the use is not theft under part (c) if the accused believes ‘that theperson to whom the property belongs cannot be discovered by taking reasonable steps’.

It is difficult to imagine how part (c) can apply to an appropriation of an individual’stoken identity by another person, but part (b) can apply when a friend or family memberuses an individual’s token identity of for a transaction. Part (b) is most likely to arisewhen control of an individual’s token identity is assumed by another person, in the eventof the individual’s incapacitation due to injury, ill heath or old age. In these situations,the appropriation is not theft. However, the use by another person of an individual’stoken identity undermines the underlying assumptions of the Scheme so it should notgenerally be lawful, although the new offence provisions in the Identity Cards Act donot apply to this situation.

Of course, special arrangements are needed in the case of incapacity, but thosearrangements should not include use of another person’s token identity. It is possible forexample, to design a system which links the token identity of specific people such asnext of kin or a designated carer, with that of the individual, but which does not involvea person using another person’s token identity, so as to uphold the presumption onwhich the scheme is founded.

Apart from use by family, friends, or a carer, the other most likely situation in thecontext of a national identity scheme, is where an individual is able to use anotherperson’s token identity as a result of system malfunction. At this time, it is difficult to visu-alise the circumstances of such a case, but it is conceivable that the appropriation may notclearly be within any of the exceptions in Section 2(1) of the Theft Act. In that event, theappropriation can still be held to be dishonest based on the defendant’s genuinely heldbelief and the jury’s assessment of that belief, applying the standards of ordinary people,so that ‘dishonestly’ operates as a safety net to prevent a possible miscarriage of justice.

Conclusion

Registration under the NIS transforms the components of token identity from informationinto a collective which assumes the basic characteristics of property and dishonest use of anindividual’s token identity fits surprisingly well within the requirements of the offenceunder Section 1 of the Theft Act.

Theft accurately describes the wrongdoing and differentiates it from other offences,especially fraud. Identity theft is fundamentally different to identity fraud in nature; andin terms of the wrong and the enduring harm it causes. Dishonest use of an individual’stoken identity by another person is a denial of the individual’s right to the exclusive use

International Review of Law, Computers & Technology 85

Dow

nloa

ded

by [

Uni

vers

ity o

f A

uckl

and

Lib

rary

] at

14:

06 0

9 N

ovem

ber

2014

of his/her transactional identity, and its use by another person fundamentally damages theintegrity of the individual’s token identity. To use Jeremy Horder’s words, labelling the dis-honest use by a person of another individual’s transactional identity as theft ‘captures themoral essence of the wrong in question, by reference to the best moral conception of thatessence in society as it is today’.36

Notes1. Clare Sullivan, ‘Conceptualising Identity’, International Review of Law, Computers and

Technology 21, no. 3 (2007): 237.2. In this paper ‘information’ includes ‘data’, unless otherwise indicated.3. Schedule 1, Identity Cards Act.4. ‘Transaction’ is used to describe any dealing, whether in person (i.e. face to face) or using

remote communication (such as a telephone, the internet or a computer network), for whichan individual is required to identify himself/herself. A transaction or dealing may bebetween an individual and a government department or agency or with a private sectorentity, and can range from an enquiry to a contract. ‘Transaction’ does not include transactionsand dealings of a non-business nature such as domestic and social interaction.

5. Biometrics will be required for relatively large financial transactions.6. Questions can include address and mother’s maiden name, for example.7. Alex Steel, ‘Intangible Property as Theft’, Sydney Law Review; 30 (2008): 575.8. The law in some European jurisdictions provides similar protection to persons who do not have

a public profile but as a personal, not a proprietary right.9. Tony Honore, ‘Ownership’, in Oxford Essays in Jurisprudence, ed. A.G. Guest (Oxford, Oxford

University Press, 1967), 113.,edn/publ 1960.10. In examining the concept of ownership evident in most legal systems, Honore found 11

elements consisting of nine rights, one duty and one liability, which are necessary for ownershipof property. The duty is the duty to prevent harm. The liability is the liability to execution (seeHonore, Ownership).

11. Oxford v. Moss, 68 Criminal Appeal Reports 183. In this case a student dishonestly obtained theproof of an examination paper, read it and then returned it.

12. Although that decision was stated by the Court to turn on the question of whether information isproperty, rather than determining that question, the reasoning concentrates on whether infor-mation can be stolen. Oxford v. Moss (note 11 above) was really decided on the basis thatthe unauthorised reading of the proof of an exam paper by a student was not an appropriationof intangible property with intent to permanently deprive. In reading the proof, the student didnot remove or change the information it contained (but arguably it did lessen its value as anassessment tool), so the defendant was not guilty of theft. Although not articulated by theCourt, there is also a question a criminal conviction for theft was justified in thesecircumstances.

13. Oxford v. Moss, see note 11.14. National Provincial Bank v. Ainsworth (1965) AC 1175.15. National Trustees Executors & Agency Co of Australasia Ltd v. FCT (1954) 91CLR 540, 583.16. Mabo No. 2 (1992)175 CLR 1.17. Hans Kelsen, Pure Theory of Law, trans. Max Knight (Berkeley: University of California Press,

1970), 131.18. Ibid.; Charles Reich, ‘The Individual Sector’, Yale Law Journal 100, no. 128 (1991): 1409.19. Kelsen, see note 17; Morris Cohen, ‘Property and Sovereignty’, Cornell Law Quarterly 13

(1927): 12.20. Yanner v. Eaton (1999) 201 CLR 351, para 17–20.21. R v. Morris (1984) AC 320. This interpretation has been criticised, particularly by A.T.H. Smith,

as being an incorrect reading of Section 3(1). In Smith’s view the right referred to in that sectionis ‘a right “to it” i.e. the thing being stolen, which in context means the whole thing and all therights in it’. Smith maintains that Section 3(1) and (2), which were relied upon by the Court inMorris, only show that ‘the violation of a single right . . . might be sufficient to constitute anappropriation if it is accompanied by (as) an assumption of all the rights’(sic). See A.T.H.Smith, Property Offences (London: Sweet and Maxwell, 1994), 148, 149.

86 C. Sullivan

Dow

nloa

ded

by [

Uni

vers

ity o

f A

uckl

and

Lib

rary

] at

14:

06 0

9 N

ovem

ber

2014

22. R v. Gomez (1993) AC 442; R v. Hinks (2001) AC 24123. Steel, ‘Intangible Property as Theft’.24. Honore, ‘Ownership’.25. R v. Lloyd (1985) QB 829; R v. Warner (1970) 55 Cr App R 93.26. J.C. Smith, The Law of Theft, 8th ed. (London: Butterworths, 1997). 77, 80; R v. Hall (1849) 1

Den 381.27. Smith, The Law of Theft.28. R v. Lavender (1994) Crim LR 297; Chan Man-sin v. Regina (1998) 1 WLR 196.29. R v. Lavender, see note 28.30. R v. Hall, see note 26.31. Edward Griew, The Theft Acts, 7th ed. (London: Sweet and Maxwell, 1995), 70.32. Steele, ‘Intangible Property as Theft’.33. R v. Feely (1973) 1 QB 530, 538.34. R v. Ghosh (1982) QB 1053, 1064.35. Ibid.36. Jeremy Horder, ‘Re-thinking Non Fatal Offences Against the Person’, Oxford Journal of Legal

Studies 14, no. 3 (1994): 335, citing J.C. Smith and Brian Hogan, Criminal Law, 7th ed.(London: Butterworths, 1992), 350.

International Review of Law, Computers & Technology 87

Dow

nloa

ded

by [

Uni

vers

ity o

f A

uckl

and

Lib

rary

] at

14:

06 0

9 N

ovem

ber

2014