Identity theft occurs when someone illegally obtains and uses another person’s personal information—such as social security numbers, credit card details, or other identifying information—without their consent, typically for financial gain or other fraudulent purposes. This crime can devastate victims, leading to ruined credit, drained bank accounts, and significant financial loss. In recent decades, the advent of the internet and digital communication has significantly increased both the scale and frequency of identity theft, making it a major concern for law enforcement, businesses, and individuals alike.
In criminal law, identity theft is governed by both state and federal statutes, which define and criminalize the unauthorized use of another person’s identifying information. To secure a conviction for identity theft, prosecutors must establish the traditional elements of a crime: actus reus (the criminal act) and mens rea (the criminal intent). Actus reus in identity theft generally involves obtaining and using another person’s personal information without authorization. Mens rea typically requires proof that the defendant intentionally and knowingly used the stolen information to commit fraud or another crime.
Federal Statutes Governing Identity Theft
At the federal level, the Identity Theft and Assumption Deterrence Act (18 U.S.C. § 1028) is the primary law used to prosecute identity theft. Enacted in 1998, the law criminalizes the knowing use, transfer, or possession of another person’s identifying information without lawful authority, with the intent to commit, aid, or abet unlawful activity. This statute covers a wide range of identity theft offenses, from using stolen social security numbers to obtain fraudulent loans to using someone else’s credit card information to make unauthorized purchases.
In addition to this, the Aggravated Identity Theft Statute (18 U.S.C. § 1028A) imposes mandatory two-year prison sentences for individuals convicted of using another person’s identity during the commission of certain felony crimes, such as bank fraud, mail fraud, and wire fraud. This law aims to deter more serious cases of identity theft, where the stolen information is used to commit larger financial crimes.
The Federal Trade Commission (FTC) also plays a key role in enforcing laws related to identity theft. The FTC provides resources for victims and works with other federal agencies to investigate large-scale identity theft schemes. Identity theft is often prosecuted alongside other crimes, such as credit card fraud, wire fraud, and computer crimes, using statutes like the Wire Fraud Statute (18 U.S.C. § 1343) and the Computer Fraud and Abuse Act (CFAA) (18 U.S.C. § 1030).
Types of Identity Theft
There are various forms of identity theft, ranging from personal identity theft, where an individual’s personal details are stolen and used to commit fraud, to more sophisticated forms like synthetic identity theft and medical identity theft. Each type of identity theft involves the unauthorized use of another person’s personal information, but the methods and consequences can differ widely.
Personal Identity Theft involves the theft and use of someone’s personal identifiers, such as their social security number, driver’s license number, or bank account information. Criminals often use this information to open new lines of credit, make unauthorized purchases, or commit other types of fraud. Victims of personal identity theft often suffer long-term financial consequences, as they may be held responsible for debts incurred in their name or face damaged credit histories.
Synthetic Identity Theft is a growing and particularly challenging form of identity theft. In synthetic identity theft, criminals combine real and fake information to create a new identity. For example, a fraudster might use a legitimate social security number (often belonging to a child or deceased individual) with a fabricated name and date of birth to apply for credit or loans. Because synthetic identities are partly fictitious, they can go undetected for longer periods, making it more difficult for victims to identify the theft and recover their stolen information.
Medical Identity Theft occurs when a criminal uses someone else’s personal information to obtain medical services, drugs, or insurance benefits. This type of identity theft can have serious health and financial consequences for victims, as incorrect medical records can lead to improper treatment or billing for services the victim never received.
Actus Reus and Mens Rea in Identity Theft
In identity theft cases, actus reus involves obtaining and using another person’s identifying information without their consent. This can occur in a variety of ways, such as phishing, hacking, or simply stealing physical documents containing sensitive information. For example, if a thief obtains a person’s social security number and uses it to open a bank account, the act of using that stolen information to impersonate the victim fulfills the actus reus requirement for identity theft.
The mens rea element in identity theft requires proving that the defendant knowingly and intentionally used the stolen information to commit a crime or to gain financial or other benefits. In many cases, the prosecution must show that the defendant had the intent to commit fraud or other illegal acts by using the victim’s identity. For example, if a defendant uses stolen credit card information to make unauthorized purchases, the intent to defraud the cardholder and the retailer can satisfy the mens rea requirement.
Aggravated Identity Theft and Sentencing
In more serious cases, defendants can be charged under the Aggravated Identity Theft Statute (18 U.S.C. § 1028A). This law imposes mandatory additional prison time when identity theft is committed in connection with certain felony offenses, such as bank fraud, wire fraud, or immigration fraud. The key difference between regular identity theft and aggravated identity theft is that the latter requires the stolen identity to be used in the commission of another serious crime.
A notable example is United States v. Abdelshafi (2011), where the defendant used stolen Medicare beneficiary information to file fraudulent claims and receive reimbursements. Abdelshafi was convicted of both identity theft and aggravated identity theft. The court found that his use of stolen personal information to commit health care fraud met the criteria for aggravated identity theft, resulting in a mandatory two-year prison sentence in addition to his other penalties. The actus reus in this case was the act of filing the fraudulent claims using stolen identities, and the mens rea was the intent to deceive Medicare and profit from the fraud.
Cybercrime and Identity Theft
In the digital age, identity theft is often carried out online, where criminals can exploit vulnerabilities in databases, online payment systems, or social media accounts to steal personal information. Cybercriminals use techniques such as phishing, malware, and data breaches to obtain vast amounts of personal information from individuals and corporations. Once this data is stolen, it is often sold on the black market or used to commit further crimes, such as credit card fraud, tax fraud, or financial scams.
Large-scale data breaches are a significant source of identity theft. One of the most infamous examples is the 2017 Equifax Data Breach, where hackers stole the personal information of approximately 147 million people, including names, social security numbers, birth dates, and addresses. The Equifax breach led to widespread identity theft, as the stolen data was used by criminals to open fraudulent credit accounts and commit other types of financial fraud. Following the breach, Equifax faced multiple lawsuits, and federal agencies like the Federal Trade Commission (FTC) launched investigations into the company’s failure to protect consumer data.
In such cases, the actus reus involves hacking into the company’s systems and stealing personal data, while the mens rea focuses on the hacker’s intent to use or sell the stolen information for financial gain or to commit further fraud.
Legal Protections for Victims of Identity Theft
To help protect victims of identity theft and reduce its long-term impacts, both federal and state laws offer certain protections. The Fair Credit Reporting Act (FCRA) allows victims to dispute inaccurate information on their credit reports and requires credit reporting agencies to remove fraudulent accounts or transactions. Additionally, under the Identity Theft and Assumption Deterrence Act, victims can file affidavits with the Federal Trade Commission, which can help them recover losses and restore their financial standing.
States have also enacted their own identity theft laws, many of which complement federal statutes. For example, California’s Identity Theft Statute (Penal Code Section 530.5) makes it a crime to willfully obtain and use another person’s personal identifying information for fraudulent purposes. Many states allow victims to freeze their credit, which prevents identity thieves from opening new accounts in the victim’s name.
Case Example: United States v. Jones (2016)
In United States v. Jones (2016), the defendant, Melvin Jones, was convicted of identity theft after using stolen social security numbers and personal information to file fraudulent tax returns. Jones stole the identities of numerous victims and used the information to submit fake tax filings, receiving refunds under the victims’ names. Jones was convicted under the Identity Theft and Assumption Deterrence Act as well as aggravated identity theft for using the stolen information to commit federal tax fraud.
In this case, the actus reus was the act of filing fraudulent tax returns using stolen identities, while the mens rea was Jones’ clear intent to deceive the IRS and receive tax refunds illegally. His conviction under aggravated identity theft resulted in an enhanced sentence, underscoring the severe penalties for using stolen identities to commit additional crimes.
Conclusion
Identity theft is a serious and widespread crime that can cause significant harm to individuals and businesses alike. Federal laws such as the Identity Theft and Assumption Deterrence Act and the Aggravated Identity Theft Statute provide important tools for prosecuting those who steal and misuse personal information. As technology continues to evolve and more personal data is stored and transmitted online, both the legal system and individuals must remain vigilant in combating identity theft. Proving actus reus—the unauthorized use of personal information—and mens rea—the intent to commit fraud or other crimes—is crucial in successfully prosecuting identity theft cases and ensuring that offenders are held accountable.
Key Terms
References and Further Reading
Modification History File Created: 07/17/2018 Last Modified: 10/21/2024
This work is licensed under an Open Educational Resource-Quality Master Source (OER-QMS) License.
