Introduction
Previously, identity theft was considered a personal crime requiring criminals to have some form of contact with the victim. In this research paper, identity theft reflects unauthorized gathering and deceitful use of other individuals’ personal information. Today, however, identity theft has changed completely since it can be conducted as close as next door or as far away as across the world. It is quite difficult to imagine that at this moment an identity theft criminal might be engaged in writing one’s name, address and Social Security Number (SSN) on credit card applications and intends to charge thousands of dollars worth of items on those credit cards or use them to steal personal savings. Identity theft is even worse because one cannot simple know when it is happening to them. In fact, millions of consumers have been victims of identity theft, but they never found out immediately. Instead, they only realize after substantial amounts of money have been siphoned by criminals through their personal information. This implies that identity theft is a deadly act of crime that has impacts on extremely many unsuspecting people and, therefore, lawmakers and law enforcement agencies need to enact and apply stricter regulations to help in curbing identity theft.
The relevance of the topic
Identity theft is quickly becoming one of the, if not, rapidly increasing and most costly crimes in the US (Hedayati, 2012). It is generally acknowledged that identity theft causes terrific fiscal and mental impacts on affected individuals. Some reports have claimed that proceeds from identity theft are used to support terrorism activities and lifestyles of individuals who would rather have others support their needs. Unfortunately, identity theft has posed serious challenges to investigators because it is difficult to track and prove. This implies that majorities of identity criminals are hardly arrested and sentenced. In the year 2002, for instance, it is estimated that the crime caused a combined loss amounting to $55 billion for both individuals and corporations. In the following year, the FTC reported that identity theft had resulted in business losses of $48 billion while the largest identity theft case in the US history involving $13 million stolen between July and September in 2011 was reported in 2012 (Compton, 2012).
The problem of identity theft is so widespread and intricate. For instance, Amar Singh involved another group of 111 people, who were involved in manufacturing of fake IDs and going on shopping sprees across the US (Compton, 2012). The Congress passed “the Identity Theft and Assumption Deterrence Act in 1988 making identity theft a federal crime with a punishment of up to 15 years in prison” (Finklea, 2014, p. 4). Overall, identity theft impacts persons, corporations, and community as a whole, which result in enhanced prices of commodities, as well as costs of operating businesses.
Identity Theft Case Law
The US has large volumes of jurisprudence at its federal and state levels to handle cases of identity theft. Few cases can be explored to provide critical aspects of identity theft in the US. Before evaluating case law involving identity theft, it is imperative to first assess relevant studies focusing on the ‘crime of the new millennium’ (Copes, Kerley, Huff, & Kane, 2010). Most works available are published by various agencies, newspapers journals and victims who wished to share their experiences with identity theft.
In the US, the Federal Trade Commission (FTC) is the federal agency responsible for gathering information related to identity theft. Since the enactment of the Identity Theft and Assumption Deterrence Act (1998), the Congress has insisted that the FTC should have accurate information and complaints made by Americans on all issues regarding the use of illegal identities. More importantly, the FCT is the only body that provides recent national data collected on identity theft.
The records from the agency reflect that cases of new identity theft have increased significantly in spite of the law available to curb the crime (Hedayati, 2012). As such, the FTC has provided some instances of case law on identity theft for public knowledge.
Federal Trade Commission cases
Most cases investigated by the agency often result in settlement outside the normal legal process. Nevertheless, some cases are litigated. In these cases, for instance, there was no direct involvement in identity theft, but the companies accused were engaged in developing of software products with malware and spyware that could steal private, confidential information (CIPPIC, 2007). It is imperative to recognize that malicious software applications form critical elements in identity theft. Such software applications rely on vulnerabilities of users and users’ systems to facilitate identity theft by gaining partial or full control of their computers secretly from remote locations. Criminals using such applications do not require technical knowledge to steal identities.
Based on the perceived violation of the Section 5(a) of the Federal Trade Commission Act – 15 U.S.C. § 45(a), the agency initiated a legal proceeding against Odysseus Marketing Inc in the court case, FTC v. Odysseus Marketing, Inc., No. 05-CV-330-SM (2006). The Court made its decision in the public interest. The injunction resulted in the prohibition of Odysseus from the following activities (CIPPIC, 2007). First, the company was not allowed to publish or distribute any software or content that would exploit system vulnerability of other users. Second, the Court barred Odysseus from renting, selling, leasing, transferring, or sharing any information obtained through its malicious applications that could be used to identify individuals personally. Third, it was also illegal for Odysseus to benefit from personally identifiable information of any individuals it had collected through its Web site. The company was also barred from further collecting any personally identifiable data of any individuals while further restrictions were placed on misrepresentation of the software that it involved anonymous file sharing processes between users. Finally, the Court also prohibited the company from distributing or making consumers to install its software based on advertisement, intentions to gather personal data and passwords. The company was required to demonstrate what effects downloading and installing such applications would have on users. The Court further insisted that the company had to offer reasonable, effective means of uninstalling such applications from their computers.
In another case, FTC v. Seismic Entertainment, Inc., No. 04-377-JD, U.S. Dist. (2004), the judge issued permanent injunction against Seismic. The FTC had sued Seismic for violation of the Section 5 of the Federal Trade Commission Act, 15 U.S.C. § 45(a) based on marketing and distribution of spy software to consumers. It was observed that the practice involved marketing and downloading of software referred to as ‘Spy Wiper’ and ‘Spy Deleter’ to other users’ computers. Seismic distributed these applications as ‘anti-spyware’ applications. Instead, the company utilized the software in question to exploit security failures found in Microsoft’s Internet Explorer Web browser (CIPPIC, 2007). Seismic used its software applications to entice innocent consumers to its several Web sites through banners and pop-ups and other Internet advertisement techniques that would directly redirect users to the company’s Web sites once they clicked these advertisements. The software used by Seismic had abilities to ‘hi-jack’ and change settings of home page of consumers and browser’s default settings to redirect to Seismic controlled Web sites. Software provided by Seismic could create problems to users, and the company directed consumers to purchase its software to resolve the issue immediately. In fact, consumers had to spend $30 or spend huge amounts elsewhere to repair their computers. The software exploited numerous vulnerability points to lure consumers to download malicious code. In addition, Seismic further generated over $4 million in revenue from exploitation of users.
The Court ordered Seismic to pay the FTC all the revenues ($4,089,550.48) it had earned through such practices. The Court further directed the agency to spend the funds on consumer redress and consumer education, the so-called equitable relief. Additionally, the company was prohibited from distributing or publishing software applications or codes that rendered users’ vulnerable. The Court further enjoined it from downloading users’ information without consents, redirecting users to other Web sites or tampering with default home Web browsers of consumers. The FTC was allowed to monitor activities of the company and compliance with the ruling.
Criminal cases have also been noted in identity theft. For instance, in United States v. Montejo, No. 05-4143 (4th Cir., Mar. 29 2006), the defendant was convicted under (18 U.S.C. § 1028A(a)(1) because of identity theft. Before the conviction, the defendant had pleaded guilty of fraud involving immigration and identity theft of Social Security Number based on knowingly, illegally obtained and used forged Alien Registration and Social Security cards to secure employment. Montejo appealed, based on the 1028A that users require to know that he did not know that the numbers actually belonged to another person. Only the numbers on the cards were faked, but other details were genuine. The defendant had bought those cards for $60, and he knew they were forged but proceeded to secure employment with them. On appeal, however, Montejo argued that he did not know that those numbers were actually signed to other individuals. This implies that Montejo had not deliberately used these numbers as “a means of identification of another person” (CIPPIC, 2007, p. 95). The Court of Appeal interpreted the law that Montejo need not be aware of other existing assignment of the numbers to other persons to have committed a crime, and the previous ruling by the District Court was affirmed.
In a civil case, for instance, it is sometimes difficult to deal with the consequences of identity theft. In most instances, victims may take legal action against individuals or entities responsible for the theft. The case, Westra v. Credit Control of Pinellas, No. 04-3139 (7th Cir., May 27, 2005), the complainant argued, under Fair Credit Reporting Act (FCRA), 15 U.S.C. § 1681, that Credit Control had failed to conduct a proper investigation as provided by 15 U.S.C. §1681s-2(b). Consequently, the complainant could not get credit and missed an opportunity to get refinance for mortgage at a lesser rate. The defendant, Credit Control opted for a summary judgment. In this case, Westra was the victim of identity theft when multiple accounts were opened using his details. Westra was able to resolve some issues involving these accounts successfully, but it was not until 2002 when he got a notice referring to an account given to Credit Control to collect on behalf of Pasco Emergency Medical Services (CIPPIC, 2007). Westra informed Trans Union that it was not his account with all the necessary information on fraud and identity theft. In turn, Trans Union informed Credit Union but it failed to refer to identity theft and fraud and failed to include documents sent by Westra. The subsequent report from Trans Union to Westra still had the account related to Credit Union. Westra reacted by sending another letter to Trans Union and one directly to Credit Union, which led to eventual deletion of the account by Credit Union. The Court of Appeal generally based the case on “a factual question, and summary judgment is useful when the defendant is reasonable beyond questions” (CIPPIC, 2007, p. 98). In this regard, Trans Union provided little information to Credit Union and, the Court ruled that Credit Union conducted reasonable investigation. The complainant also reasoned that Credit Control could have contacted him directly, but the Court did not agree because such action was deemed as horribly inefficient and not authorized by the FCRA.
It is expected that there should be none, if at all, few cases of identity theft in government agencies. However, administrative cases involving identity thefts have been reported. For instance, in the case, Ferm v. United States Trustee, No. 97-16653 (9th Cir., Oct. 7, 1999), Ferm was fined $800 because he had deliberately failed to include his Social Security Number (SSN) for the concerns of identity theft emanating from the availability of his personal data on court records he had prepared in the Bankruptcy Court applications. Ferm was required by the law to include his SSN whenever he helped an applicant with the application. The records would then end up in the public domain. It is imperative to note that Ferm never rejected the inclusion of the SSN based on the Section 11(c). Fern however did object the possible consequences of including his SSN. That is, it would be available to the public as required by another provision in the law. Ferm considered the issue of identity theft and applied for exemption from the court.
The Supreme Court identified at least two issues of constitutional interests based on the privacy provisions. First was the personal interest in shunning revelation of personal matters, and then the government interest in autonomy of making some forms of important decisions.
The Court however argued that individuals did not have an ‘absolute’ control over information privacy. Instead, information privacy was a conditional right, which the government could contravene when it had sufficient interest.
At the same time, the Court also considered that the awful outcomes of identity theft against the possibility of its actual occurrence. The Court maintained that the government had a critical vital constitutional role involving the public provision that required the inclusion of SSN in the records of the court.
Common elements
These case laws on identity theft present some common elements. In most cases, defendants often agree to have committed the crime. This implies that the law enforcement agencies can only press for charges when the evidence is strong enough for conviction. For instance, in the case of Amar Singh and Neha Punjani-Singh, these identity criminals had to plead guilty for the largest identity theft in the US history (Compton, 2012).
Sentences involving identity theft are often lenient. Amar Singh, for example, faced up to 250 years in prison for the crime, but was only sentenced to “5 1/3 to 10 2/3 years in prison for the charges while Punjani-Singh, pleaded guilty to petty larceny and was dismissed with a conditional discharge sentence” (Compton, 2012). Such leniency noted in sentencing for the largest identity theft only serves to show how the criminal justice system is not serious about identity theft, which impacts millions of lives and billions of dollars globally. Therefore, it is most unlikely that such mild sentencing would deter criminals from engaging in identity theft in the US. The fact that the law enforcement agencies must have strong evidence to press for charges just shows how difficult it is to resolve cases of identity theft and even how harder for the victims to get justice.
The knowledge element is also critical in identity theft. For instance, in the case of United States v. Montejo, the issue of knowledge featured prominently. The Court of Appeal interpreted the law and argued that good practice needed that ‘knowingly’ had to be closely linked with words such as uses, transfers or possesses. The word ‘knowingly’ is critical in cases of identity theft. The Courts have argued that one must possess the knowledge that the means of identification used belonged to another person (Finklea, 2014). That is, the defendant must also possess, use and transfer the means of identification of someone else. Hence, the element of knowledge is critical in identity theft cases.
These cases also reveal that identity theft involves different techniques, and these diverse wide ranges of techniques require different interpretation of the law based on a case-by-case basis. Insider theft, forgery, fraud, physical theft of computers and other digitally aided theft have rocked the legal landscape involving identity theft.
The law enforcement agencies face challenges because of the nature of identity theft, which is completely different from regular crimes. Identity theft lacks physical evidence and perhaps witnesses. In fact, it could take place in other locations while the perpetrators reside in a different jurisdiction.
Conclusion
There is no question about the rapid growth of identity theft, and all factors point out that it would continue to increase significantly with serious consequences beyond the imagined levels globally. Fortunately, the US has robust laws and statutes to assist with the prosecution of such cases. Despite the fact that identity theft is a growing crime with both policy and social ramifications, the courts have continued to issue mild sentencing – not quite effective in deterrence of possible future crimes. The courts therefore should consider severe sentences for identity thieves.
In all the cases, the courts have often convicted offenders because of the difficulty nature of such cases in which the defendants must plead guilty. Hence, evidence needed must be strong enough to secure conviction. In addition, certain elements such as knowledge and techniques have proved challenging. For instance, criminals have devised different techniques to steal identities while they may argue that they did not ‘know’ that such identities belonged to other persons. The courts therefore must prove the issue of knowingly and transfer, possess and use. Only sufficient laws alongside interpretation of the law, as well as stiff penalties will deter identity theft.
References
CIPPIC. (2007). Caselaw on Identity Theft. CIPPIC Working Paper No.4 (ID Theft Series). Ottawa: Canadian Internet Policy and Public Interest Clinic.
Compton, A. (2012). Largest Identity Theft Case In U.S. History: Amar Singh And Wife, Neha Punjani-Singh, Plead Guilty To Massive Fraud. Huffington Post. Web.
Copes, H., Kerley, K. R., Huff, R., & Kane, J. (2010). Differentiating identity theft: An exploratory study of victims using a national victimization survey. Journal of Criminal Justice, 38, 1045-1052. Web.
Finklea, K. (2014). Identity Theft: Trends and Issues. Web.
Hedayati, A. (2012). An analysis of identity theft: Motives, related frauds, techniques and prevention. Journal of Law and Conflict Resolution, 4(1), 1-12. Web.