You are here: Resources > FIDIS Deliverables > Forensic Implications > D5.2b: ID-related Crime: Towards a Common Ground for Interdisciplinary Research > 

D5.2b: ID-related Crime: Towards a Common Ground for Interdisciplinary Research

Towards a typology of rearrangements of identity linkage  Title:
 "Identity Fraud"


Identity change – definition and types

Identity collision, which occurs unintentionally, can be distinguished from intentional changes of identity, which we will call the identity change. We understand identity change and the related subcategories from the perspective of the person that actively performs the identity change. This could be the original identity bearer, the non-original identity bearer, a third party, or combinations thereof. The perspective of the subject whose identity is affected (the original identity bearer; if there is malicious intent: the victim) is much more complicated. We describe subjects behaving passively to the identity change as targets. Various types of identity change can lead to one or more targets for the performed identity change.


We can distinguish between four, closely related, types of identity change:

  1. identity takeover 

  2. identity delegation

  3. identity exchange 

  4. identity creation 


Identity takeover characterises taking an existing identity of another person without this person’s consent. Typically the identity taker (i.e. the non-original identity bearer) uses the identity of one party (one side) in an already established relationship in which those involved have justified expectations with respect to the workflow and its results. A typical example of this kind of identity usurpation is the adoption of an existing client’s identity in relation to an organisation. The identity taker can take an identifier, such as the social security number, a credit card number or the login of the existing person to impersonate this client. In cases such as these, either the authentication phase of the victim has already passed, or it can be handled easily because of the identity token. In each case, the operatively accessible characteristic features of the usurpated identity are accepted by all the parties in the interaction. By this acceptance, a certain course is determined to which both sides adjust their expectations deliberately. An identity taker thus practically takes over one side of an already existing communication relationship, or joins in on the communication without the victim’s (initial) awareness.

There are always two targets in cases of identity takeover. Target 1 is the person whose identity is taken, the original identity bearer. Target 2 is the person who was tricked into believing that the identity taker is the person he impersonates.

Identity takeover does not always have to be illegal in a strict sense, e.g. in public sketch situations (practical jokes with a hidden camera etc.). The sketch is often based on an actor assuming (simulating) the role of a function bearer or an official (Target 1, identity capture) and starting a communication with citizens (Target 2) in a role-specific but excessive way. 

Based on the proposed definition of identity takeover, dissociation is possible, too. According to this definition, third-party logging of user data, e.g. for the purpose of generating profiles, is clearly no identity takeover. Partly, there may be unique identifiers (e.g. globally unique identifiers; GUID) collected and stored in connection with user data of Target 1. However, these data are not used to impersonate Target 1 in an already established communication relationship between Target 1 and others (possible target 2’s). The use of these data takes place either internally related to one’s own communication relationship with Target 1 and in cases of transmission of profile data to third parties in other communication relationships of Target 1, or in new communication relationships in which the phase of authentication has not been completed yet. 

In the following, we use the term identity delegation for situations where the person whose identity is taken over (Target 1; the original identity bearer) has consented in the takeover. Therefore, this type is the mirror case of identity takeover as identity takeover lacks target 1’s consent. A typical example of identity delegation is lending one’s credit card and PIN to one’s spouse to enable them to withdraw money from Target 1’s account. Usually, an identity delegation is bound to a limited period and a purpose. It can be observed in interactional systems but is also used in organisational systems, e.g. with deputising actions (such as e-mail forwarding).

A special case of identity delegation is represented by identities (more precisely: partial identities that can be used as identifiers) that are made available to a group of persons. Since linking these identities with specific persons within this group is no longer possible. This scheme allows for anonymity. A number of internet anonymity services (AN.ON, Tor etc.) use this principle.  

Another case that resembles identity takeover is identity exchange. This typically happens in existing, stellate (e.g. 1:n-)communications, for instance in communication between an organisation and their customers. Within such a relationship, two bearers of the same role (e.g. customers) exchange their identity actively towards the other communication partner (e.g. the organisation).

Identity exchange is used by, for instance, CookieCooker, which exchanges cookies related to a website randomly between different CookieCooker users. In this way, the site owners’ possibility to generate usable profiles on the basis of the cookies is evaded. Identity exchange in this example is characterised by the fact that it happens with approval and only for a particular purpose (namely the covering-up of profiles). 

The above-described types of the use of already existing identities can principally be distinguished from the creation or construction of a new identity that proves (concerning the method already used in the past) to be able to pass an authentication procedure. In the following, we use the term identity creation for this. In this perspective, the culprit has to understand and master the authentication phase as a valid identity (token) has to be created. An example of identity creation is the construction of a credit card number that passes the validity test (see note ), although not too many people will be fooled by this, as additional checks on name, expiration date and the validation number will usually be carried out.

Identity creation does not need to be the result of criminal motives, the use of pseudonyms and "virtual identities" in the sphere of avatars are perfectly legal examples of identity creation. These partial identities in artificial (and also virtual) environments are deliberately not (to be) linked with their holder’s real identity and their "Core I". 

Identity creation and identity takeover may collapse from an observer’s point of view. A newly created ID from the perspective of its creator may well already exist in the sphere of the observer. This frequently happens when one is to create a user name for a service. Even identities that may appear highly improbable sometimes turn out to exist already, hence these services are frequented by people whose ID is something like Jones123. When noticed by the identity creator the identity collision can be repaired. If not, the result may turn out to be identity takeover.  

Identity deletion

From the social perspective deleting a (partial) identity means that the communication of the person via this identifier terminates and that the person thus no longer is not connected to the related social systems. Identity deletion can be performed accidentally or can be intentionally. In addition, identity deletion can (like authentication) be actively performed by the original identity bearer, or caused passively by someone else. As performed by someone else, passive identity deletion can have severe consequences for the person whose identity is deleted. Identity deletion without the subject’s consent is not necessarily undesirable. If a member leaves the organization (for example when an employee changes employer), partial identities, such as the link form the person to an internal functional addresses, or the deletion of an internal telephone number, are usually passively deleted. This erasure of records within the organization often does not involve the subject’s consent. 

As identity deletion is a case of unlinking an identity, instead of relinking (or linking in the case of identity creation) an existing identity, with different kinds of consequences, we treat identity deletion as a separate category instead of a subtype of identity change.  


Following this definition, many cases that are discussed to be identity deletion, such as e.g. the abolishment of ID documents by illegal immigrants, are no identity deletion. These cases can be best be understood as the first step towards identity creation; illegal immigrants want to live in a new country with a new personal identity, and hence enter the social system of the new country, instead of leaving it, as would be the case in with identity deletion. From the perspective of the refugee’s former country of residence, it is a case of identity deletion, but that is not the perspective in which this kind of abolishment of ID documents is usually addressed. 

In accordance with this definition the revocation of a digital signature certificate by the owner is active identity deletion. The declaration of the death of a person in a newspaper or towards public authorities is passive identity deletion. As long as the person is really dead this is a legal procedure e.g. performed by close relatives. In cases of malicious intent, passive identity deletion in this example is a personal offence.


Identity restoration

Related to identity deletion is identity restoration. We understand identity restoration as the reintroduction of a partial identifier that was previously deleted for some reason, for instance by accident. Identity restoration usually is intended. Successful restoration results in an identifier that can be reused again to its full extent in the appropriate social context. Identity restoration, like identity deletion, can be performed actively by the person who originally was linked to that identity or passively by a third party.  

Identity restoration collapses with identity takeover if done without the subject’s consent. 


Towards a typology of rearrangements of identity linkage  fidis-wp5-del5.2b.ID-related_crime_03.sxw  "Identity Fraud"
Denis Royer 20 / 44