Have you been the victim of identity theft?
If so, you’re definitely not alone.
The deliberate use of someone else’s identity for malicious activity, identity theft is a bane to victims, private companies, and law enforcement alike. In 1998 identity theft became a federal crime within the United States, thanks to the Identity Theft and Assumption Deterrence Act. Other legislations have since come into place to aide in judicial crackdown. These include the Identity Theft Penalty Enhancement Act of 2004, and the Identity Theft Enforcement and Restitution Act of 2008. Together, these laws try to reduce identity theft crime by providing legal tools and stiff penalties.
What is the Identity Theft and Assumption Deterrence Act?
In 1997 Senator Jon Kyl introduced the Identity Theft and Assumption Deterrence Act (ITADA). With the rising tide of digital technology making identity theft easier than ever federal law needed a new tool for taking action.
ITADA establishes a concise definition of identity theft for the first time in the United States. Under ITADA, identity theft is defined when the offender:
knowingly transfers or uses, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of Federal law, or that constitutes a felony under any applicable State or local law.
Critically, under ITADA identity theft can include cases of misused personal information beyond sanctioned records. The ITADA definition of identity theft specifically refers to “means of identification”, in addition to an identification document. Prior to 1998, identity theft could only be prosecuted under evidence of stolen documents; meaningless in a world of copy and paste data.
What powers does the Identity Theft and Assumption Deterrence Act hold?
First, ITADA establishes identity theft as a federal crime. Penalties provide a deterrent for would-be thieves, including both fines and the possibility of prison time. Factors which have an affect on ITADA sentencing include:
- The number of victims in the case.
- The information used for false identification, including how it was obtained. For example, data gained from illegal hacking a state database will have higher penalties than reading the name and address from an envelope.
- Any measurable value of loss individual victims have suffered as a result of the theft. This includes the harm of reputations, inconvenience, and other consequences.
The last point highlights another powerful change in how ITADA charges felons. Prior to ITADA, identity theft charges did not include the impact on the victim. In a more notorious case according to FindLaw.com and Thomson Reuters, prior to ITADA’s enactment, a felon used’s the victim’s stolen identity to rack up more than $100,000 in credit card loans and obtained a federal home loan. Buying homes, motorcycles and handguns, they forced the victim to spend years clearing their name. While charges were eventually laid, restitution to the victim not included. Stories like this were significant in pushing ITADA forward.
The Identity Theft Penalty Enhancement Act
In 2004, ITADA was joined by another law: the Identity Theft Enhancement Act (ITPEA). Notably, ITPEA came to the courts after the tragedy of 9/11. Investigations of the attacks revealed six of the nineteen terrorists used fake passports. Suddenly, identity theft could be instrumental in a much more serious crime: terrorism.
ITPEA, as the name implies, presents higher penalties for significant criminal intent. While ITADA cases consider the number of victims, information stolen and personal losses, ITPEA focuses on the use of identity theft with the severity of the crime. The law now assigns a minimum two years imprisonment for “knowingly transferring, possessing, or using, without lawful authority, a means of identification of another person during and in relation to specified felony convictions”. Crimes punishable under ITPEA include theft of public money or property, embezzlement, social insurance fraud, immigration fraud, using false information to acquire a firearm, and fraud if veterans benefits. The law also included more funding to the Department of Justice for investigation and prosecution of identity theft cases: $2,000,000 in 2005, and another $2,000,000 for the four years following.
A follow up of ITPEA was is the Identity Theft Enforcement and Restitution Act of 2008 (ITERA). Critically, ITERA offers better legal redress for victims. Under ITERA, the crime may be up for federal prosecution even when victim and defendant are in the same state. Prior to this change federal law only came into force if the data was accessed by interstate means. ITERA also provides compensation for the victim in time and resources spent repairing the damage the identity theft caused.
Other acts against identity fraud
In addition to ITADA, ITPEA and ITERA, there are other laws for deterring identity theft and compensating victims. Depending on the circumstances, other acts may apply, including:
- The Consumer Identity Protection Act of Alabama
- The Identity Theft Protection Act of Michigan
- The Social Security Number Fraud Prevention Act
- The Bank Fraud Statute
The National Conference of State Legislatures provides a good list of State bills, acts and class of felony related to identity theft. The application of these laws will often depend on the type of information used, and for what fraudulent purpose. Examples include bank fraud, postal fraud, and social security number fraud, crimes that can all be committed with stolen data.
There are also legislations in place to help you protect yourself. For example, the Fair and Accurate Credit Transactions Act allows those in the United States to protect their identity by freely accessing their own credit reports to scan for unusual activity. Privacy laws are increasing in power to have organizations properly protect and care for personal data. ITADA and its successors act as deterrents, while stronger consumer protections reduce identity theft opportunity.
Are there any weaknesses in federal identity theft acts? Unfortunately, yes: although the laws make a huge stance in the fight against identity theft, they are not perfect. For starters, laws have a huge handicap on digital crime. Simply put, in a world where personal information is regularly in process, there are too many opportunities to steal it. In 2017, Javelin Strategy confirmed identity theft hit 16.7 million victims in America alone. Prosecutors may also be reluctant to go to court for identity fraud claims, feeling they aren’t worth the efforts. Finally, it is hard to lay charges against identity theft when victims don’t report; if you have been a victim, consider coming forward. Your identity may not be the only one being abused.
“Justice Statue” By William Cho licensed under CC by 2.0