Although identity theft is a significant public concern, a new audit report by the U.S. Department of Justice Office of the Inspector General indicates that it has become less of a priority instead of more of one over the past few years. Noting that the President’s Identity Theft Task Force (created in May 2006 by Executive Order) had neither convened nor done anything since its September 2008 report, the audit summarized their findings:
Overall we found that DOJ components responsible for combating identity theft have undertaken various efforts to fight this widespread crime. Several of the initiatives were in response to recommendations made by the President’s Task Force, while others were undertaken by the components before the Task Force was established. Although some of these efforts have had success, in other instances the components did not address the recommendations of the President’s Task Force. We also found that to some degree identity theft initiatives have faded as priorities.
In addition, we found that DOJ has not developed a coordinated plan to combat identity theft separate from the recommendations of the President’s Task Force. Representatives from every DOJ component involved in this review told us that they have not received guidance from DOJ’s leadership since the Task Force concluded its work. Further, DOJ did not assign any person or office with the responsibility to coordinate DOJ’s efforts to combat identity theft and to ensure that DOJ components further implement the recommendations of the President’s Task Force where appropriate. We believe the DOJ needs to ensure that its efforts to combat identity theft are coordinated and are given sufficient priority.
The report (pdf) provides some data provided by the Executive Office for United States Attorneys. Interestingly, the number of defendants charged per year somewhat corresponds to data breach analyses that indicate that 2008 was a record year for number of breaches reported in the media:
2 The number of convictions obtained is not a subset of the number of defendants charged during the particular fiscal year because cases charged in one year may be resolved with a conviction in a subsequent fiscal year. Further, convictions obtained are for identity theft and aggravated identity theft only. Instances where a defendant was charged with identity theft or aggravated identity theft and convicted of other charges are not reflected in the conviction totals.
3 The totals reflected in this table eliminate double counting of defendants who were charged with or convicted of both identity theft and aggravated identity theft.
The report contains 14 recommendations for relevant federal agencies:
For the Department of Justice:
- Coordinate its identity theft efforts based on a review of the President’s Task Force’s strategic plan and consultation with the relevant components involved in identity theft issues. DOJ should also monitor compliance with the President’s Task Force recommendations and ensure further implementation where appropriate.
- Designate a DOJ official or office as the individual or entity responsible for coordinating DOJ’s identity theft efforts. DOJ should also direct each relevant component to designate an individual or office responsible for monitoring their agency’s efforts and communicating their efforts to DOJ as requested.
- Conduct periodic meetings with the components’ newly designated identity theft coordinators to ensure that the DOJ’s approach to identity theft remains viable and that adjustments are made to DOJ’s approach when necessary.
For the Department of Justice and Criminal Division:
- Expand the scope of the Identity Theft Enforcement Interagency Working Group to more regularly include identity theft-related topics previously covered by the other subgroups of the President’s Identity Theft Task Force, such as education and outreach, data protection, and identity theft victims’ issues.
- Formalize the identity theft training group currently being led by the Criminal Division and consider ways to expand its reach to state, local, and tribal law enforcement agencies.
For the Department of Justice and EOUSA:
- Transmit a memorandum to all USAOs [United States Attorney’s Offices] requiring each office to report on its current identity theft efforts, including the status of its efforts related to the implementation of the President’s Task Force recommendations. USAOs should also report on the steps taken by the district to ensure that its case management data and attorney time allocation data on identity theft is fully and accurately reported.
- Perform a comprehensive assessment of NICLE [National Identity Crime Law Enforcement network] to determine whether it should be housed in DOJ and expanded nationally.
For the FBI:
- Reassess its intelligence collection requirements for identity theft and conduct periodic comprehensive assessments on the identity theft threat.
- Maintain statistics on identity theft investigations, including cases with ancillary identity theft elements.
- Perform an evaluation of the NCIC Identity Theft File to determine its continued viability. If the FBI determines that the NCIC Identity Theft File is still viable, the FBI should ensure that appropriate FBI personnel are trained on its use.
For the Department of Justice, Criminal Division, EOUSA, and FBI:
- Review relevant laws and Attorney General Guidelines for Victim and Witness Assistance and issue clear guidance to all DOJ components to ensure compliance with the law and Guidelines and that uniform steps are taken by DOJ personnel to identify and notify victims of identity theft.
For the Department of Justice, Office of Justice Programs, and Bureau of Justice Statistics:
- Ensure that identity theft statistics gathered through the National Crime Victimization Survey are reported in a timely manner.
- Evaluate the feasibility of regularly collecting identity theft data for individual victims instead of households.
For the Office of Justice Programs:
- Ensure that its Identity Theft Working Group continues to meet regularly to make certain that each office and bureau is appropriately considering future identity theft-related initiatives.
Full Report: The Department of Justice’s Efforts to Combat Identity Theft, Audit Report 10-21, March 2010