Prosecution Of Identity Theft And Online Impersonation Crimes
🔹 I. Understanding Identity Theft and Online Impersonation Crimes
Identity Theft occurs when a person unlawfully obtains and uses another individual’s personal identifying information (such as name, Social Security number, bank account, or credit card details) to commit fraud or gain financial benefit.
Online Impersonation refers to the use of the internet, social media, or other digital means to assume another person’s identity — often to deceive, defraud, or harass.
Key Legal Provisions
United States (Federal Law)
18 U.S.C. § 1028 – Fraud and related activity in connection with identification documents.
18 U.S.C. § 1028A – Aggravated Identity Theft (adds a mandatory two-year sentence on top of other crimes).
18 U.S.C. § 1343 – Wire Fraud (often charged alongside identity theft).
State Laws (e.g., Texas Penal Code §33.07 on Online Impersonation) provide additional local penalties.
International Examples
UK: Identity Documents Act 2010; Computer Misuse Act 1990.
India: Information Technology Act, 2000 – Sections 66C (identity theft) & 66D (cheating by impersonation).
🔹 II. Elements of Prosecution
To secure a conviction for identity theft or online impersonation, the prosecution must generally prove:
Unauthorized use of another person’s identifying information.
Knowledge and intent — the defendant knowingly used the information without consent.
Purpose of fraud or unlawful gain — financial, reputational, or other benefits.
Connection to interstate or online activity (for federal jurisdiction).
Evidence can include digital records, IP logs, emails, bank transactions, and witness testimony.
🔹 III. Landmark & Illustrative Case Law
Case 1: United States v. Flores-Figueroa (2009), 556 U.S. 646
Facts:
The defendant, a Mexican national, used counterfeit Social Security and Alien Registration cards bearing real people’s numbers to work in the U.S.
Issue:
Whether the prosecution must prove that the defendant knew the ID numbers belonged to actual people (not fictitious ones).
Holding:
The Supreme Court ruled that under 18 U.S.C. § 1028A, prosecutors must prove the defendant knew the means of identification belonged to another real person.
Significance:
This case set a crucial precedent — intent and knowledge are required elements in aggravated identity theft prosecutions.
Case 2: United States v. Blixt (2008), 548 F.3d 882 (9th Cir.)
Facts:
Defendant Blixt “forged” her mother’s signature on credit card applications and checks, impersonating her online to obtain funds.
Issue:
Whether forging another’s electronic signature constituted “use” of another person’s identifying information.
Holding:
The court held that electronic signatures qualify as “identifying information.” Thus, using another’s e-signature with fraudulent intent is identity theft under §1028A.
Significance:
Expanded the legal meaning of “identifying information” to include digital and electronic identifiers, relevant in online contexts.
Case 3: State of Texas v. Lori Drew (2009, Missouri Federal Court)
Facts:
Lori Drew created a fake MySpace profile posing as a teenage boy (“Josh Evans”) to harass 13-year-old Megan Meier, who later committed suicide.
Issue:
Whether creating a fake online persona violated the federal Computer Fraud and Abuse Act (CFAA).
Holding:
The conviction was overturned — the court found that violating MySpace’s Terms of Service did not amount to a criminal offense under the CFAA.
Significance:
Although Drew was acquitted, the case led to legislative reforms, including state laws specifically criminalizing online impersonation (like Texas Penal Code §33.07).
Case 4: United States v. Barrington (2010), 648 F.3d 1178 (11th Cir.)
Facts:
Three Florida A&M University students hacked into the school’s grading system, using stolen faculty credentials to alter grades for themselves and others.
Issue:
Were their actions identity theft or merely computer fraud?
Holding:
They were convicted under both wire fraud and aggravated identity theft. The court found that using faculty login credentials constituted using another’s identity in connection with fraud.
Significance:
Confirmed that unauthorized digital access using another person’s credentials can amount to identity theft.
Case 5: R v. Oke (2015, UK Crown Court)
Facts:
Oke used stolen personal data from hundreds of victims to create fake online bank accounts, applying for loans and credit cards.
Holding:
Convicted under the Identity Documents Act 2010 and Fraud Act 2006. The court imposed a severe sentence due to the large scale and digital sophistication of the fraud.
Significance:
Illustrates how courts abroad treat large-scale online identity theft as serious organized crime, aligning with international cybercrime enforcement.
🔹 IV. Prosecutorial Challenges
Cross-border Jurisdiction: Online crimes often involve multiple countries and ISPs.
Digital Evidence: Authenticating and preserving data from servers and social media is complex.
Anonymity Tools: VPNs, fake accounts, and encryption make attribution difficult.
Evolving Technology: Law must adapt to new forms of digital impersonation (AI deepfakes, synthetic IDs).
🔹 V. Conclusion
Prosecution of identity theft and online impersonation relies on proving knowledge, intent, and unauthorized use of identifying information.
Courts have increasingly recognized that digital identifiers — usernames, IP addresses, electronic signatures, and social media profiles — can all constitute “identifying information.”
The evolution of these cases (from Flores-Figueroa to Oke) shows the judiciary’s adaptation to cybercrime realities, emphasizing personal privacy, online safety, and accountability in digital spaces.
RELATED Blog
comments