1) Identity Theft Was Built for a Different Era

Traditional identity theft law evolved to address impersonation-based harms: stolen credit cards, forged signatures, hijacked accounts, and false representations made to obtain money, goods, or access. The legal injury was clear because the perpetrator pretended to be the victim.

Statutory frameworks and criminal doctrines therefore centered on deception, fraud, and unauthorized access to identifying credentials. Identity itself was treated as a means of representation, not a productive asset.

Identity theft law assumed that harm required impersonation. That assumption no longer holds.

2) Digital Identity Has Become Economically Productive

Modern digital identity is not limited to names or account credentials. It is a composite of behavioral signals, contextual attributes, inferred characteristics, and probabilistic models generated across platforms and systems.

This identity is:

• persistent across time and services,
• distributed rather than centralized,
• continuously enriched through inference,
• and monetized without the need for impersonation.

Value is extracted not by pretending to be an individual, but by using what that individual’s identity produces.

3) From Identity as Representation to Identity as Asset

Once digital identity is recognized as a source of value creation, it enters the domain of assets rather than credentials.

In other areas of law, unauthorized use of value-producing intangibles is routinely treated as misappropriation even without impersonation:

• trade secret misuse,
• unauthorized exploitation of likeness or persona,
• conversion of electronic records,
• unjust enrichment from proprietary inputs.

The absence of impersonation does not defeat these claims. What matters is unauthorized use of something owned.

4) Why Privacy Law Cannot Resolve Unauthorized Identity Use

Privacy law governs how personal data may be collected and processed. It is focused on consent, disclosure, limitation, and protection.

Privacy does not determine:

• who owns downstream value,
• whether inferred identity attributes are proprietary,
• or whether economic exploitation constitutes a taking.

5) Ownership Is the Legal Prerequisite to Theft Analysis

Courts cannot evaluate theft or misappropriation without a defined interest. Historically, individuals lacked the ability to:

• originate ownership posture over identity-derived value,
• define scope and exclusions,
• establish priority,
• place users on formal notice,
• and produce admissible evidence.

Without these elements, unauthorized use of identity remained legally invisible— even when economically significant.

6) PDAOS Makes Unauthorized Identity Use Legally Legible

The Personal Data Asset Origination System (PDAOS) does not declare that all use of identity is theft. Instead, it creates the legal prerequisites for evaluation.

Once ownership posture and notice exist, a new question becomes possible:

Was identity-derived value used after notice, outside authorized permissions, without transfer or license?

That question belongs to asset law, not privacy policy.

7) When Unauthorized Use May Constitute Identity Theft

Unauthorized use of digital identity may rise to identity theft–like misappropriation when:

1. identity-derived value is attributable to a human originator,
2. ownership posture is established and recorded,
3. formal notice has been provided,
4. use exceeds granted permissions,
5. economic or decision-making value is extracted.

At that point, the conduct resembles:

• misappropriation of identity,
• conversion of an intangible asset,
• unjust enrichment,
• or unfair competition.

8) AI Accelerates the Identity Theft Boundary

AI systems rely heavily on identity-derived inputs: behavioral traces, preference signals, inferred traits, and embeddings.

These systems often monetize identity-derived value repeatedly, long after initial collection, and without individual visibility.

As attribution improves and ownership posture becomes provable, what was once dismissed as “data exhaust” begins to resemble appropriated identity capital.

9) This Is Not About Criminalizing Technology

Recognizing unauthorized identity use does not imply that all data use is theft or that innovation must stop.

It asserts something narrower and more durable:

When identity-derived value is owned, defined, and noticed, unauthorized use must be evaluated under property and misappropriation principles.

10) The Emerging Frontier

The future of identity law will not be decided by privacy notices alone. It will be shaped by origination systems, evidence layers, and courts applying established doctrines to new forms of value.

PDAOS positions digital identity where it has always belonged: as a legally legible source of value capable of ownership, misuse, and remedy.