Identity theft statutes: which will protect Americans the most?

• Author: Pastrikos, Catherine

INTRODUCTION

Imagine opening up your mail and finding a credit card statement demanding the payment of thousands of dollars for items you never bought. Or, imagine getting pulled over on a neighborhood street for traveling a couple of miles over the speed limit only to end up getting arrested, strip searched, and taken to jail due to an outstanding arrest warrant for drugs and gun charges that someone else committed in your name. Unfortunately, for too many Americans, these nightmarish scenarios have become a reality. As the crime of identity theft has swept the nation, thousands of victims have been left with damaged credit, a criminal record, and emotional distress. (1)

With the advent of the Internet, personal information travels across the globe at lightning speed. (2) Identity thieves use personal information--such as names, social security numbers, and birth dates--to commit frauds or crimes in someone else's name. As a result, state and federal governments have passed laws in an attempt to punish the perpetrators and to deter others from committing these crimes in the future. Each law is different, and each law takes a different approach to combat the problem. This Comment compares and contrasts four different identity theft statutes, and ultimately proposes an alternative statute that combines the strengths of the existing statutes. This proposed alternative statute includes additional provisions which provide more effective solutions to the identity theft problem in America.

1. ARIZONA'S IDENTITY THEFT STATUTE

   The earliest identity theft statute adopted was in 1996 by the State of Arizona. (3) This statute made it unlawful for a person to "knowingly take[] or use[] any personal identifying information of another person, without the consent of that other person." (4) To violate the statute, the identity thief must have "the intent to obtain or use the other person's identity for any unlawful purpose or to cause loss to a person." (5) Finally, the statute states that a victim is the person "whose personal identifying information is taken or used without consent, whether or not the victim actually suffers any economic loss as a result of the offense." (6)

   In codifying the identity theft statute, the Arizona Legislature sought to warn criminals of the serious nature of this offense by labeling it a Class 4 felony. (7) This classification translates into a sentence of between one-and-one-half and three years in prison for first time offenders (8) and between three and twelve years for repeat offenders. (9)

   The statute's simple language and relatively short provisions address most acts that could be considered identity theft crimes. First, the term "personal identifying information" (10) is extremely broad and, although never interpreted by the courts of Arizona, could be used to include most government issued items. Second, the statute criminalizes any attempt to obtain a person's personal identifying information, whether or not the victim actually suffers economic loss. (11) This provision serves a two-fold purpose: it broadens the class of people susceptible to prosecution, and serves as a deterrent to those considering committing the crime of identity theft.

   Finally, it is important to note that the statute specifically limits the class of victims of identity theft to persons whose personal identifying information was taken or used. (12) The Arizona statute does not include banks or businesses that suffer financial loss as a result of the fraudulent transaction. (13) This limitation is both a strength and a weakness. By limiting the victims of identity theft to individuals, the provision creates a private cause of action only for individuals whose personal identifying information was stolen. The status of identity theft victim, as defined by the statute, may give a person more credibility with credit-reporting agencies when attempting to clear their credit. However, this provision hinders the strength of this statute because it does not create a cause of action for banks and businesses, which are also frequently harmed by an identity theft. Banks and businesses suffering from this crime also want to recover for their losses, but the statute offers them no protection or remedy. (14)

2. THE FEDERAL IDENTITY THEFT & ASSUMPTION DETERRENCE ACT

   Following Arizona's lead, in 1998 the United States Congress enacted the Identity Theft and Assumption Deterrence Act. (15) Under the statute, a person is guilty of identity theft if he or she:

   knowingly and without lawful authority produces an identification document or a false identification document; knowingly transfers an identification document or a false identification document knowing that such document was stolen or produced without lawful authority; knowingly possesses with intent to use unlawfully or transfer unlawfully five or more identification documents (other than those issued lawfully for the use of the possessor) or false identification documents; knowingly possesses an identification document (other than one issued lawfully for the use of the possessor) or a false identification document, with the intent such document be used to defraud the United States; knowingly produces, transfers, or possesses a document-making implement with the intent such document-making implement will be used in the production of a false identification document or another document-making implement which will be so used; knowingly possesses an identification document that is or appears to be an identification document of the United States which is stolen or produced without lawful authority knowing that such document was stolen or produced without such authority; or knowingly transfers or uses, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law. (16) This statute possesses many strengths, the first being that the use of both public and non-public information is criminalized. Section (d) of the statute sets forth definitions of the terms used in the statute. For instance, "identification document" is defined as "a document made or issued by or under the authority of the United States Government, a State, political subdivision of a State, [or] a foreign government ... which, ... is of a type intended or commonly accepted for the purpose of identification of individuals." (17) The statute goes on to define "means of identification," which includes "any name or number that may be used ... to identify a specific individual, including any ... unique biometric data, such as [a] fingerprint, voice print, retina or iris image, or other unique physical representation." (18) Thus, the federal identity theft statute covers a variety of individual identification information that exists today or that could be created in the future based on advances in technology.

   As a result of its expansive definitions, the federal identity theft statute is clearer and more elaborate than the Arizona statute. Because the Arizona statute lacks a section defining the intricacies of the crime and the Arizona court system has not yet interpreted the statutory language, the scope of the Arizona statute is unclear.

   Although it appears that including a definition section in an identity theft statute is beneficial, it may serve as a weakness for the federal statute in the future. For example, the Arizona courts may choose to interpret the phrase "personal identifying information" (19) broadly to include more than that which the federal statute encompasses. However, there is the risk that the Arizona courts may take a narrower view of the phrase, by not including unique biometric data, and the federal statute will continue to be more encompassing.

   Both the federal identity theft statute and the Arizona statute recognize individuals as the only victims of identity fraud. (20) The federal statute provides that victims are "individuals who certify that they have a reasonable belief that [one] or more of their means of identification ... have been assumed, stolen, or otherwise unlawfully acquired." (21) This language allows victims to obtain police reports and to be compensated by the perpetrators of the identity fraud. (22) Thus, the federal and Arizona statutes both exclude banks and businesses from their definition of victims of identity fraud.

   Although certain aspects of the federal statute are similar to Arizona's statute, it surpasses the Arizona statute by creating a federal communications post for all identity theft crimes. (23) The federal statute provides for the Federal Trade Commission (FTC) to "establish procedures to ... log and acknowledge the receipt of complaints by individuals." (24) The statute also directs the FTC to "provide informational materials to individuals" that are victims of identity theft and to "refer complaints [of identity theft] to ... the [three] major national consumer reporting agencies[] and ... appropriate law enforcement agencies for potential law enforcement action." (25)

   Through this language, Congress has established that the FTC is responsible for the implementation and coordination of enforcement of this Act. (26) To accomplish this immense goal, the FTC has developed a helpful website, educational materials regarding identity theft, a complaint hotline, and a central information database. (27) Further, the FTC provides victims with a simple plan to remove any record of the crime by contacting the various credit-reporting agencies. (28) Comparing these implementations to the Arizona statute demonstrates that the federal statute is more proactive in the deterrence and rectification of identity fraud.

   Yet another strength of the federal statute is that it directs the United States Sentencing Commission to incorporate the identity theft crime into the United States...