Articles in the UK and US press describe fraudsters who used public document registries to steal entire houses, using forged documents to list the houses for sale, transferring title to them, and disappearing (or attempting to) with a lot of money in their pockets.

Both articles focus on the cybercrime dimension. The fraudsters were able to commit their crimes because there were online repositories that made it easy to get the houses' owners addresses, ID numbers, signatures, etc, and from there, it was trivial to forge the necessary paperwork to complete the sale.

But neither article discusses the underlying economic and technical contexts, and that's a shame, because that's where the meat of the story is.

It's not a coincidence that fraudulent house theft is occurring in places where there's a lot of property speculation: New York, London, Detroit. Detroit, especially, has been the locus of house theft since the crash, through robosigning foreclosure mills, through which giant, too-big-to-fail, bailed-out banks employed armies of petty criminals to do exactly what the thieves in these articles did: forge documents to allow them to take houses away from people who owned them.


All three cities are places in which people have been encouraged to buy houses as investments. Rich people have always bought and sold property, but this century has seen an explosion in normal people speculating on property. Part of that was easy subprime lending, but the other part is the collapse of employer-backed guaranteed pensions in favor of stock-market-based pensions, in which normal people, without any particular financial expertise, bet their entire future on their choose to hire a money manager (who almost certainly performs below random chance) to try and wring gains out of a market dominated by multi-billion-dollar funds that use high-speed, high-volume trading algorithms, designed by virtually all the PhD math and physics grads from Oxbridge, the Big 10, and the Ivies who've graduated this century.

Property seems to have an honesty and a legibility that stocks lack. You can see a house, see the neighborhood, see the rents being advertised. You know where it is. When something bad happens to it, you can see it without having to read through a shareholder disclosure form.

But property isn't just property: it's shelter. Number two on the Maslow Hierarchy, right there above food. The widespread conversion of shelter from a human right to an asset class that the dwindling middle-class relies upon as their sole hope of dignity in old age eases the elimination of tenants rights — rent controls, limits on evictions — driving up the value of the asset, and the precarity of the necessity.

The viciousness of this cycle is especially pointed across the generations. The parental need to stay solvent (and not dependent on their kids) in old age means that your kids are never going to be able to afford a house and will be the tenants of some other set of desperate parents who have to decide between being decent humans to their tenants and being a burden on their kids as they age. Given that their kids are barely holding onto shelter themselves and have no wiggle-room to accommodate their aging parents, it's a no-brainer.

But this isn't bad news for everyone. The participation of the middle class in the property speculation market has inflated property prices all over the world (because when there's a shortage in a fundamental human necessity, being on the sell-side of that market is a sweet, Immortan-Joe-grade deal). So our cities' buildings are being remade as safe-deposit boxes in the sky for corrupt offshore millionaires who can be assured that their investments will appreciate ahead of inflation because of all those scrambling middle-class speculators who're inflating the bubble with every gasping breath.

That's the economic story, and it's terrible. But when it meets technology, it gets a lot worse.

Our identity information is paradoxically awful. On the one hand, it's easier than ever to clone someone's identity and rip them off. Every service wants you to generate a password and leave behind a payment method to ease future transactions. Most of them handle our data really badly, and face little to no liability for breaches.

On the other hand, identity information is collected, handled and retained as though it were worthless.

In the USA, virtually every merchant I deal with wants to make a copy of my ID. Not one of them has ever been able to show me their data-handling practices. My daughter's martial art studio wanted a copy of my fingerprints to sign her up for after-school classes. Social Security Numbers are used as identifiers and authentication tokens by phone companies and banks, and can be trivially derived from public data sources. The public school system wants to give your home address to private contractors and the US military. You can't open an account with a public utility or a private mailbox without handing over copies of your ID and your home address.

Most services you authenticate to want to use a "security question" for password recovery. These security questions — date of birth, mother's maiden name, etc — are matters of public record and things you can't change when they breach.

All of this is retained indefinitely and secured indifferently. What's more, a savvy fraudster can build from one or two pieces of this information into a takeover of some of your accounts. Once they're inside your phone, they can use that to leverage a takeover of something harder, like your utilities. From there, they can get the paper statements used to interact with the government or the banks.

Schools are another locus of this. When I do author visits, the schools routinely require scans of my identification, and never, ever, ever know what their data-handling practice is. I feel like a dick making a big deal out of this, but I do it anyway, because when you do get the school board's CTO on the phone, find out who the supplier is who stores those scans, and discover what their privacy policy and data-handling practices are, the inevitable outcome is, "We store everything forever, and badly. You indemnify us for all losses arising from our negligence. We can sell this data. We can show it to anyone we want to."

Migrants get all of this and more. We have to deal with private government contractors who routinely require us to transmit all this information, along with things like copies of our passports, long-form birth certificates, biometric identifiers, all using low-to-no-security methods, for retention by yet more third parties whose own data-handling practices are no better than anyone else's, which is to say, fucking awful.

Everyone knows that these procedures are terrible, and no one gives a shit. It's above everyone's paygrade. The major risk analysis undertaken by firms isn't "Will we destroy someone's life?" It's "Are we indemnified or insured?" The UK story is telling: a woman rented her income property to a tenant who then listed it for sale with a fat-commission-taking real estate broker called Foxtons, who stand out in a field known for sleaze and misery as particularly terrible. Foxtons let this person sell someone else's house without any checking even though the sale was so dodgy its badness could be seen from orbit.

There is structural, society-level, existential risk in this calculus, and I think it's probably worse than the risks that led up to the 2007 crash. We are approaching an era of automatable, mass-scale attacks of the sort presently used to gain access to things like your online dating profiles or home security cameras, except these ones will piece together multiple forms of compromise and direct them to automated attacks on your whole bank balance, your home, and your retirement funds.

If you're thinking about getting into a life of crime, you should definitely become an identity thief and steal houses. It has never been easier, and it will get easier still, every day, for the foreseeable future.


(Image: Cotton-Ropkey House for sale, Nyttend, Public Domain)