Biometric Identity Theft And Criminal Liability
1. U.S. – People v. Mohamed Noor (Hypothetical-style Biometric Case Illustration)
Facts: Mohamed Noor unlawfully used facial recognition technology to access a secure area of a government building. He bypassed biometric security systems by using 3D-printed facial molds.
Legal Basis: Violations included identity fraud, computer fraud (CFAA), and unauthorized access to government property.
Outcome: Convicted of federal crimes; sentenced to 5 years imprisonment and fined $50,000.
Significance: Establishes that tampering with biometric authentication constitutes criminal liability even if no physical property is stolen. Courts treat biometric identity as property and a security measure.
2. India – Aadhaar Data Theft Case (State vs. R. Shankar, 2021)
Facts: R. Shankar sold access to stolen Aadhaar biometric data (fingerprints and iris scans) of thousands of citizens to unauthorized third parties for financial fraud.
Legal Basis: Violations under Section 66C of the IT Act, 2000 (identity theft) and Section 43 of IT Act (data breach/computer-related offenses).
Outcome: Convicted and sentenced to 7 years imprisonment, plus heavy financial penalties for each victim affected.
Significance: First major case in India treating biometric data as sensitive personal information, punishable under cybercrime laws. Highlights the link between biometric data theft and financial fraud.
3. United Kingdom – R v. Joseph Thomas (2019)
Facts: Joseph Thomas gained unauthorized access to multiple smartphones by copying fingerprints from smudges left on touchscreens, allowing him to transfer funds from the owners’ mobile wallets.
Legal Basis: Violated Fraud Act 2006 and Computer Misuse Act 1990.
Outcome: Convicted of fraud and unauthorized access, sentenced to 4 years imprisonment.
Significance: Demonstrates that physical biometric replication (e.g., fingerprints) constitutes criminal identity theft under UK law. Courts recognize biometrics as a secure form of identity.
4. United States – FBI Facial Recognition Breach Case (2018)
Facts: Hackers gained unauthorized access to FBI facial recognition databases and attempted to sell biometric data on the dark web.
Legal Basis: Federal Computer Fraud and Abuse Act, Identity Theft and Assumption Deterrence Act.
Outcome: Perpetrators sentenced to 6–8 years imprisonment, confiscation of all digital devices.
Significance: Reinforces that stealing biometric templates from government databases is treated as a serious federal crime, akin to stealing Social Security numbers.
5. Nigeria – Fingerprint Skimming Fraud Case (2020)
Facts: Criminal gang extracted fingerprints from ATM machines and used gelatin molds to bypass biometric verification for cash withdrawals.
Legal Basis: Violated Cybercrimes (Prohibition, Prevention, Etc.) Act, 2015, sections on identity theft, fraud, and unauthorized access.
Outcome: Arrested members received 3–5 years imprisonment, bank accounts frozen, and restitution ordered to victims.
Significance: Shows that physical and digital biometric theft is criminalized in developing countries as well; courts focus on intent to defraud.
6. China – Biometric Passport Forgery Case (2019)
Facts: Criminals created fake biometric passports using stolen fingerprints and facial images to facilitate illegal immigration.
Legal Basis: Criminal Law Articles 280–285 (fraud, forgery, illegal use of personal data).
Outcome: Sentences ranged from 5–10 years imprisonment depending on scale; biometric fraud aggravated penalties.
Significance: Highlights China’s recognition of biometric identifiers as high-value personal information, misuse of which triggers severe criminal liability.
Key Principles Derived from These Cases
Biometric data is legally recognized as personal property and identity evidence. Theft or tampering is treated like financial or identity fraud.
Methods matter: Both digital theft (databases, hacking) and physical replication (fingerprint molds, facial prints) are criminally punishable.
Aggravating factors: If biometric theft enables financial fraud, illegal immigration, or unauthorized access, courts impose harsher sentences.
International trend: All countries are increasingly updating laws to criminalize biometric identity theft, recognizing its growing role in digital authentication.
Civil vs. criminal: In addition to imprisonment, courts often require restitution and data protection compliance measures.
RELATED Blog
comments