Friday, May 08, 2009

Identities: The Living, the Dead and the Imaginary

A couple of days ago, I did a post on the recent case in which the Supreme Court held that to commit identity theft under the federal statute, you have to know you’re using the personal identifying information of a “real person.” In a comment to the post, someone asked what “real person” means, i.e., whether it’s someone who’s alive or can also be someone who has died.

It’s a good question, one the federal statute at issue in that case doesn’t explicitly answer. I found some state statutes that do address this issue, but I’ll get to them in a minute.

The question as to whether 18 U.S. Code § 1028A, the statute at issue in the Supreme Court case, encompasses a deceased person’s identity has been addressed by two of the U.S. Circuit Courts of Appeal. The U.S. Court of Appeals for the Eighth Circuit dealt with this issue a year ago in U.S. v. Kowal, 527 F.3d 741 (2008).

Kowal was charged with multiple violations of § 1028A, was convicted and appealed, arguing in part that the convictions on two of the counts should be reversed because “the statute does not cover the theft of a deceased person’s identity.” U.S. v. Kowal, supra.

Since the statutes doesn’t SAY it encompasses the identity of one who’s deceased, the Court of Appeals had to rely on a general parsing of the term “person:”
[T]here are varying dictionary definitions of `person.’ Some pertain only to living persons while others are not so limited. In common usage, however, the adjectives `living’ and `deceased’ may both properly be used to narrow . . .the meaning of the noun `person.’ The word `person' thus encompasses both the living and the deceased, and each of such persons possesses an identity which is susceptible to misappropriation. It is reasonable to assume Congress considered it unnecessary to distinguish between theft of the identity of a deceased person as opposed to a living person because the word `person’ is broad enough to cover both.

The context in which `person' is employed supports this conclusion. General principles of statutory construction provide that we look to the structure of the statute and the language surrounding the term to ascertain its meaning. When two statutory provisions employ the same word in close proximity, the `normal rule of statutory construction that identical words used in different parts of the same act are intended to have the same meaning' carries even greater weight. Both 18 U.S.C. §§ 1028A(a)(1) and 1028A(a)(2) prohibit the use `without lawful authority, of a means of identification of another person,’ but § 1028A(a)(2) adds an additional phrase prohibiting the use of a `false identification document.’ Section 1028A(a)(2) deals with identity theft related to acts of terrorism and imposes a mandatory five year sentence upon conviction. Cf. § 1028A(a)(1) (two year mandatory sentence). To interpret § 1028A(a)(2) to apply only to those terrorists who steal a living person's identity would be inconsistent with what otherwise appears to be an effort to achieve broad coverage, as evidenced by the statute's prohibition of false identification documents in addition to `means of identification of another person’ and the congressional purpose to prevent aggravated identity theft, as well as the provision for more serious sentences for violations of this subsection. Reading `person’ . . . to include a deceased person avoids the illogical result of limiting the scope of the terrorist provision, and the close proximity of the identical phrase in § 1028A(a)(1) leads to the conclusion that `person’ has the same meaning in both subsections. We conclude that the term “person” as used in § 1028A(a)(1) is not ambiguous.

The legislative purpose in protecting individual identity by passage of the aggravated identity theft statute supports this interpretation. An identity stolen from an actual person based on a real name, a real social security number, and a real birth date makes detection of the theft more difficult than if a perpetrator had fabricated a false identity. An identity stolen from a deceased person, however, is far less likely to be uncovered than one stolen from a living person. [Section] 1028A(a)(1) imposes a stiffer penalty on these types of identity thefts precisely because they are more difficult to uncover.
U.S. v. Kowal, supra. So this court held that the statute at issue in the Supreme Court case applies both to living and deceased persons; and the U.S. Court of Appeals for the First Circuit reached essentially the same conclusion in U.S. v. Jimenez, 507 F.3d 13 (2007). I also found a decision from a federal trial court, which agreed with these appellate courts.

It seems, then, that a deceased person is a “real person” under the federal identity theft statute . . . unless and until the U.S. Supreme Court decides to address that issue, which I seriously doubt will happen. That led me to wonder if the states have addressed this issue and if so, how they’ve dealt with it.

I found a few state statutes that do what the federal statute doesn’t, i.e., expressly state that identity theft can involve using the personal identifying information of someone who is deceased. Here, for example, is North Carolina’s identity theft statute:
A person who knowingly obtains, possesses, or uses identifying information of another person, living or dead, with the intent to fraudulently represent that the person is the other person for the purposes of making financial or credit transactions in the other person's name, to obtain anything of value, benefit, or advantage, or for the purpose of avoiding legal consequences is guilty of a felony punishable as provided in [North Carolina General Statutes] 14-113.22(a).
North Carolina General Statutes § 14-113.20(a). Ohio has a similar provision (Ohio Revised Code § 2913.49(A), as do these states: Oklahoma (21 Oklahoma Statutes § 1533.1), Rhode Island (Rhode Island General Laws § 11-49.1-3), Utah (Utah Code § 76-6-1102(2)), Virginia (Virginia Code § 18.2-186.3(B1) and Washington (Washington Code § 9.35.020).

Missouri does something a little different. Its statute makes identity theft a crime, just like the federal and other state statutes. It also creates a civil cause of action that lets the living victim of identity theft sue the perpetrator for damages. Missouri Statutes § 570.223. And then the statute includes this provision: “If the identifying information of a deceased person is used in a manner made unlawful by [this statute], the deceased person's estate shall have the right to recover damages pursuant to” the provision I just mentioned. Missouri Statutes § 570.223(6). I don’t think this provision means that the statute’s criminal provisions don’t apply to identity theft involving a deceased person. Another part of the Missouri statute says that the civil remedies do not “depend on whether a criminal prosecution has been or will be instituted” against the perpetrator. Missouri Statutes § 570.223(8).

Kentucky’s identity theft statute also does something different. The statute makes it a crime (identity theft) to knowingly possess or use “any current or former identifying information of the other person or family member or ancestor of the other person”. Kentucky Revised Statutes § 514.160(1). I’m not really sure what that means in practice. As to the “family member” element, I don’t know why the statute makes it a crime to use John Doe Junior’s father’s identity, instead of just making it a crime to use John Doe Senior’s identity. And then there’s the ancestor issue: Maybe the ancestor element is just another way of addressing the issue of using the identity of a deceased person. If that’s true, then I don’t know why it matters that they have a descendant; in other words, it seems as if the crime would be using the deceased person’s identity, not using-the-identity-of-an-ancestor-of-John-Doe. Maybe I’m missing something.

Washington’s identity theft statute used to have a similar provision, but they deleted it when the statute was revised in 2001. Washington Laws 2001, chapter 217 § 9. I have no idea why Washington did that.

Finally, here’s my favorite identity theft statute. Oregon makes it a crime if someone “with the intent to deceive or defraud, obtains possesses, transfers, creates, utters or converts to the person’s own use the personal identification of another person.” Oregon Revised Statutes § 165,800(1). The Oregon statute then defines “another person” as “a real person, whether living or deceased, or an imaginary person.” Oregon Revised Statutes § 165,800(4)(a).

Though I’m tempted to speculate otherwise, I assume the term “imaginary person” is intended to let Oregon prosecute someone who uses, say, “a fake social security card containing a fabricated social security number.” Mandujano-Real v. Mukasey, 526 F.3d 585 (U.S. Court of Appeals for the Ninth Circuit 2008). That’s what the Ninth Circuit Court of Appeals concluded in the Mandujano-Real case, and it’s probably correct.

Either way, I can see a defendant using the Flores-Figueroa case, the Supreme Court case I mentioned earlier, to argue that the Oregon provision is unlawful because identity theft (as a generic crime) necessarily involves using the identification information of a “real” person . . . and imaginary persons are, I believe, definitely not real.

No comments: