Identity Theft and Assumption Deterrence Act of 1998

What you should know about the ITADA or the ITAD act

Blue Computer Hacker
••• Getty Images/Bill Hinton

The Identity Theft and Assumption Deterrence Act (ITADA) was passed into law in October 1998. This law was passed by Congress when identity theft rose dramatically in the 1990’s. Until its passing, law enforcement agents relied on various federal laws that protected specific information to prosecute identity thieves.

The Basics

This law created a very broad definition of identity theft including misuse of different forms of information, including name, Social Security number, account number, password, or other information linked to an individual other than the one providing it.

According to the Criminal Resource Manual online, there are 10 specific prohibitions included in the law:

  • Producing false identification;
  • Transferring identification that has been stolen or produced unlawfully;
  • Possessing five or more pieces of identification that are not your own;
  • Possessing five are more pieces of identification that are not your own with the intent to give them to someone else;
  • Assessing a false identification document with the intent to defraud the U.S.;
  • Possessing an identification document that you know was stolen;
  • Processing an identification document that looks official but you know was not provided from an authorized source;
  • Manufacturing, owning, or transferring a machine or device that can be used to produce false identification;
  • Manufacturing owning or transferring a machine or device that can be used to produce false identification with the intent that it will be used to make more of that device; and,
  • Attempting to do any of the above.


The ITADA also provides penalties for violation of these laws, which can vary greatly. For example, some offenses can result in prison terms up to three years, however if the criminal obtains more than $1,000 in goods or services during a one-year period through violating this law, they can be imprisoned for as long as 15 years. If a violation of this law occurs in connection with drug trafficking or a crime of violence, the jail term can be as high as 20 years, or 25 years if associated with an act of international terrorism.

Role of the FTC

This act also directs the Federal Trade Commission to receive complaints about identity theft. To accomplish this, the FTC set up the Consumer Sentinel Network. The act further empowers the FTC to help resolve issues surrounding identity theft, which could include coordinating efforts with law enforcement agencies.

The ITADA Isn't Without Flaws

Critics have voiced their concerns about the ITADA, however. First, an identity theft victim cannot sue directly but must convince a law enforcement agency to investigate the crime. This alone has proven to be difficult, as any victim of identity theft will tell you. Local law enforcement tends to see identity theft as a” victimless crime”, or a crime that only affects one person, who actually is not “harmed”. Seeing identity theft in this light, police officers and detectives will rarely prioritize it in their caseloads.

But the biggest problem with this law is that the victims of identity theft it identifies are not the consumers. A phrase in the law identifies the victims as those “directly and proximately harmed” by the infractions. This actually means banks and credit card companies -- not individual victims and private citizens. There is no relief provided for the actual victims to recover such expenses as attorneys’ fees and costs associated with correcting credit reports.

Regrettably, the ITADA creates almost as many loopholes as it does protections. This has forced the government to create additional laws to fill in the gaps, which in turn makes it that much more difficult to take care of the problem when it happens to you.