Friday, November 14, 2008

Identity "Theft"

In a case decided last summer, the U.S. Court of Appeals for the First Circuit considered the level of mens rea – or intent – required by the federal identity theft statute.

The case is United States v. Godin, 534 F.3d 51 (1st Cir. 2008), and here are the rather unusual facts that led to Cori Godin’s being charged with identity theft:
In 2006, Godin defrauded eight banks and credit unions (collectively, the `banks’). She opened accounts using fabricated social security numbers, closed some accounts, and then deposited checks drawn on the closed accounts into the still open accounts. Godin then withdrew funds from the falsely inflated accounts. In this manner, Godin defrauded the banks of approximately $40,000.

Godin fabricated seven different social security numbers by altering the fourth and fifth digits of her own social security number. Godin's social security number is 004-82-XXXX. Of the seven fabricated numbers, only one, number 004-44-XXXX, belonged to another person. Godin opened an account at Bank of America with the fabricated 004-44-XXXX number but provided the bank with her correct name, address, date of birth, driver's license number, and telephone number.
U.S. v. Godin, supra. Godin was charged with violating 18 U.S. Code § 1028A(a)(1), which makes it a crime to “knowingly” transfer, possess, or use, “without lawful authority, a means of identification of another person” in the course of perpetrating a felony under state or federal law. The government claimed she used “a means of identification of another” in committing bank and social security fraud; Godin pled guilty to the 16 bank and social security fraud counts with which she was also charged.

But she moved to dismiss the § 1028A(a)(1) charge, arguing that she could not have acted “knowingly” within the meaning of the statute; the district court denied her motion, she went to trial and was convicted. On appeal, she raised the issue she had raised in her motion to dismiss.

Godin’s argument, essentially, was that to convict her the government had to prove beyond a reasonable doubt that she “knowingly” used the identity of another person, but failed to do so. Remember, this is not a case where she misappropriated personal identifying information (like Social Security numbers) belonging to someone else; instead, she cloned her Social Security number to create new numbers. Godin said that as far as she knew, none of the cloned numbers belonged to a real person; more precisely, she said she did NOT know that any of them belonged to a real person.

At trial, the district court instructed the jury that to convict Godin on the §1028A(a)(1) charge, the government had to prove beyond a reasonable doubt that she (i) "knowingly used a means of identification without lawful authority” (ii) “during and in relation to” committing bank and social security fraud and (iii) that the means of identification belonged to another person. U.S. v. Godin, supra. To prove its case, the government called two witnesses:

The first was employed by Bank of America and testified that Godin used number 004-44-XXXX to open an account but gave the bank her correct name, address, phone number, driver's license number, and date of birth. The government then called a Special Agent for the Social Security Administration [who] testified that by searching a secure and password-protected Social Security Administration database, he determined that social security number 004-44-XXXX was assigned to a man who resided in Maine. The Agent also testified that he could not tell by looking at the number that it belonged to another person because there are millions of unassigned numbers.
U.S. v. Godin, supra.

The issue the Court of Appeals had to decide was whether “knowingly” applied to the fact that this “means of identification” belonged to another person. At trial, the district court specifically instructed the jury that the government “is not required to prove that she knew the means of identification actually belonged to another person.” U.S. v. Godin, supra.

The Court began its analysis by noting that three federal courts of appeal (the Fourth, Eighth and Eleventh Circuits) have held that knowingly does not apply to the fact that the means of identification belongs to another person. Only the D.C. Court of Appeals had held that it does. The First Circuit then analyzed the proper interpretation of “knowingly” as an adverb included in the statute, the legislative history of the statute (which wasn’t that helpful), and the canons used to construe statutes. After all that, it concluded that the statute is inherently ambiguous on this point. U.S. v. Godin, supra.

If a statute contains a `grievous ambiguity,’ the ambiguity must be resolved in the defendant's favor. United States v. Councilman, 418 F.3d 61 (1st Cir.2005); United States v. Santos, 128 S.Ct. 2020 (2008) (`The rule of lenity requires ambiguous criminal laws to be interpreted in favor of the defendants subjected to them.’). . . . Using all methods of statutory construction available to us, we are unable to ascertain whether Congress intended`“knowingly’ to extend to `of another person.’

The language of § 1028A is ambiguous. The ambiguity cannot be resolved by the statutory structure, the title, or the legislative history. We hold that the rule of lenity applies, and the scienter requirement must stretch to “of another person.” Thus, the District Court instructed the jury in error.
U.S. v. Godin, supra. The Court of Appeals then held that based on the evidence presented at trial, a “rational fact-finder could not find beyond a reasonable doubt that Godin knew the false social security number was assigned to another person.” U.S. v. Godin, supra. It reversed her conviction and remanded the case to the district court, instructing that court to dismiss the § 1028A(a)(1) count against Godin. In other words, she won.

I find the Godin case interesting because I think it points up the inherent ambiguity in how we conceptualize the crime of “identity theft.” What we call identity theft is not “theft" in the traditional sense because the victim is not completely deprived of his/her identity; as I assume we all know, theft has historically been a zero-sum phenomenon. I take your laptop, which means I have it and you do not; in legal terms, I (completely) deprive you of the possession and use of your property. That’s what theft has always been.

We have, as I’ve noted here before, expanded our conception of theft to encompass the copying of data. If an employee, copies a password file belonging to his employer before leaving the company, that’s not traditional theft because the company still has the passwords. The problem is, so does the ex-employee. The value of the passwords – of the copied data – has been diminished, which the law is beginning to realize. So, in at least some circumstances, we have to expand our conception of theft so it’s no longer zero-sum; we have to in order to criminalize the misappropriation of some quantum of another’s property.
In its analysis of 18 U.S. Code § 1028A’s legislative history, the Godin court found that Congress mean the statute to be a theft statute – that it was “intended only to punish `thieves,’ or those who knowingly use another's identification.” U.S. v. Godin. I think the government implicitly recognized that in the Godin prosecution, because it only charged her with one count of identity theft . . . which was based on the fact that, coincidentally, one of the Social Security numbers she cloned happened to belong to a real person.
I think an issue the Godin decision implicitly raises is whether the “identity theft” crime is really meant to be a “theft” crime (which means no charge can be brought unless the defendant misappropriated a real person’s identifying information) or a “fraud” crime.

If it’s mean to be a fraud crime (and some states call it “identity fraud” instead of “identity theft”), then it wouldn’t matter whether someone like Godin used identification documents that did, or did not, belong to a real person. All that would matter is that she used identifying documents that did not legitimately belong to her to trick banks or credit card companies or others out of money or property.
It seems to me the best argument for construing “identity theft” as a “theft” crime is the argument that we already have fraud statutes (like the bank and social security fraud statutes used to charge Godin with the other 16 counts) and don’t really need another.

When someone is charged with fraud, the victim is the person or entity who was tricked out of money or property – the banks and credit card companies in this case. When someone is charged with theft, the victim is the person who lost some quantum of their property. In this case and cases like it, so this argument would go, the government already has the tools it needs to seek justice for the fraud victims; the identity theft statutes let it seek justice for the indirect victims, for the people whose identities were misappropriated and used to commit fraud.

No comments: