Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

11/3/2010
03:30 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Colorado Supreme Court Ruling Over SSN Fraud Opens Dangerous Door, ITRC Says

Identity Theft Resource Center concurs with the three dissenting judges

(November 1, 2010, San Diego CA) The Colorado Supreme Court recently over-ruled (4-3) a lower court decision that convicted a man of criminal impersonation when he fraudulently used the Social Security number (SSN) of another when applying for a car loan. The trial and appellate court in Montes-Rodriguez v. People found that Mr. Montes-Rodriguez defrauded a car dealership which required an SSN on its loan application. The Supreme Court however held that since Montes-Rodriguez used his own name, birth date and address, the use of another person’s SSN was not criminal impersonation even though he had also used it for employment as well.

The Identity Theft Resource Center (ITRC) concurs with the three dissenting judges. The use of a false SSN even without using the victim’s name is one of the core issues of identity theft, whether the SSN has been issued or fabricated. As Justice Coats said, “Because I consider the defendant’s deliberate misrepresentation of the single most unique and important piece of identifying data for credit-transaction purposes to be precisely the kind of conduct meant to be proscribed as criminal by this statute.” (18-5-113 Criminal Impersonation).

This is further validated by Section 603.2 of the Federal Fair Credit Reporting Act (FCRA) which states that “identity theft is a fraud committed or attempted using the identifying information of another without permission.” That section specifically states that the unauthorized use of another’s SSN is Identity theft.

By using a SSN which was not issued to the defendant, he assumed the capacity to gain a benefit - in this case, a car loan (and a job) he would not have received if he used his own SSN, which apparently he did not have. This act defrauded the car dealership and the woman whose SSN was used without her permission.

Attorney Mari Frank, frequently called as an expert witness to testify in court, before legislative hearings and who teaches law classes in identity theft, said: “ This 4 to 3 decision demonstrates that false identification and identity theft are still misunderstood by the ‘majority’ of people including judges. For far too long, the courts and industry have not taken identity theft seriously and here is but another example. Clearly the woman whose SSN was used already was hampered by the fraud appearing on her credit report as an inquiry. If the defendant stops payment, all the creditors with whom he has established credit with using this SSN will demand payment from the woman who was issued this number. If he doesn’t pay taxes, the IRS will call upon the victim. It might even impede her ability to get a job. I have seen victims trying to unravel the challenging mixed file mess numerous times.”

ITRC is very concerned by this decision. Identity theft crimes are evolving daily. It is critical that law makers, law enforcement, and the judicial system stay abreast of the actions of identity thieves. Semantics must not get in the way of “intent.” In over-ruling the lower court, the Colorado State Supreme Court has implied it is permissible to use an SSN that was not issued to an individual to establish new lines of credit. That was not the intent of the Colorado statute or that of the FCRA. This is a dangerous precedent that has now been established and which could permit abuses of the system designed to protect innocent bystanders from fraud.

About the ITRC The Identity Theft Resource Center' (ITRC) is a nationally recognized non-profit organization established to support victims of identity theft in resolving their cases, and to broaden public education and awareness in the understanding of identity theft. Visit www.idtheftcenter.org Victims may contact the ITRC at 888-400-5530.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
David Pearson, Principal Threat Researcher,  10/21/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27187
PUBLISHED: 2020-10-26
An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other partitioning related command...
CVE-2020-7752
PUBLISHED: 2020-10-26
This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands.
CVE-2020-7127
PUBLISHED: 2020-10-26
A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.
CVE-2020-7196
PUBLISHED: 2020-10-26
The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdc_admin_password in the source file of the ur...
CVE-2020-7197
PUBLISHED: 2020-10-26
SSMC3.7.0.0 is vulnerable to remote authentication bypass. HPE StoreServ Management Console (SSMC) 3.7.0.0 is an off node multiarray manager web application and remains isolated from data on the managed arrays. HPE has provided an update to HPE StoreServ Management Console (SSMC) software 3.7.0.0* U...