Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

11/3/2010
03:30 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Colorado Supreme Court Ruling Over SSN Fraud Opens Dangerous Door, ITRC Says

Identity Theft Resource Center concurs with the three dissenting judges

(November 1, 2010, San Diego CA) The Colorado Supreme Court recently over-ruled (4-3) a lower court decision that convicted a man of criminal impersonation when he fraudulently used the Social Security number (SSN) of another when applying for a car loan. The trial and appellate court in Montes-Rodriguez v. People found that Mr. Montes-Rodriguez defrauded a car dealership which required an SSN on its loan application. The Supreme Court however held that since Montes-Rodriguez used his own name, birth date and address, the use of another person’s SSN was not criminal impersonation even though he had also used it for employment as well.

The Identity Theft Resource Center (ITRC) concurs with the three dissenting judges. The use of a false SSN even without using the victim’s name is one of the core issues of identity theft, whether the SSN has been issued or fabricated. As Justice Coats said, “Because I consider the defendant’s deliberate misrepresentation of the single most unique and important piece of identifying data for credit-transaction purposes to be precisely the kind of conduct meant to be proscribed as criminal by this statute.” (18-5-113 Criminal Impersonation).

This is further validated by Section 603.2 of the Federal Fair Credit Reporting Act (FCRA) which states that “identity theft is a fraud committed or attempted using the identifying information of another without permission.” That section specifically states that the unauthorized use of another’s SSN is Identity theft.

By using a SSN which was not issued to the defendant, he assumed the capacity to gain a benefit - in this case, a car loan (and a job) he would not have received if he used his own SSN, which apparently he did not have. This act defrauded the car dealership and the woman whose SSN was used without her permission.

Attorney Mari Frank, frequently called as an expert witness to testify in court, before legislative hearings and who teaches law classes in identity theft, said: “ This 4 to 3 decision demonstrates that false identification and identity theft are still misunderstood by the ‘majority’ of people including judges. For far too long, the courts and industry have not taken identity theft seriously and here is but another example. Clearly the woman whose SSN was used already was hampered by the fraud appearing on her credit report as an inquiry. If the defendant stops payment, all the creditors with whom he has established credit with using this SSN will demand payment from the woman who was issued this number. If he doesn’t pay taxes, the IRS will call upon the victim. It might even impede her ability to get a job. I have seen victims trying to unravel the challenging mixed file mess numerous times.”

ITRC is very concerned by this decision. Identity theft crimes are evolving daily. It is critical that law makers, law enforcement, and the judicial system stay abreast of the actions of identity thieves. Semantics must not get in the way of “intent.” In over-ruling the lower court, the Colorado State Supreme Court has implied it is permissible to use an SSN that was not issued to an individual to establish new lines of credit. That was not the intent of the Colorado statute or that of the FCRA. This is a dangerous precedent that has now been established and which could permit abuses of the system designed to protect innocent bystanders from fraud.

About the ITRC The Identity Theft Resource Center' (ITRC) is a nationally recognized non-profit organization established to support victims of identity theft in resolving their cases, and to broaden public education and awareness in the understanding of identity theft. Visit www.idtheftcenter.org Victims may contact the ITRC at 888-400-5530.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 11/19/2020
New Proposed DNS Security Features Released
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/19/2020
The Yellow Brick Road to Risk Management
Andrew Lowe, Senior Information Security Consultant, TalaTek,  11/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: He hits the gong anytime he sees someone click on an email link.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-14191
PUBLISHED: 2020-11-25
Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4.
CVE-2020-29070
PUBLISHED: 2020-11-25
osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters.
CVE-2020-26212
PUBLISHED: 2020-11-25
GLPI stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In GLPI before version 9.5.3, any authenticated user has read-only permissions to the planning of ever...
CVE-2020-26243
PUBLISHED: 2020-11-25
Nanopb is a small code-size Protocol Buffers implementation. In Nanopb before versions 0.4.4 and 0.3.9.7, decoding specifically formed message can leak memory if dynamic allocation is enabled and an oneof field contains a static submessage that contains a dynamic field, and the message being decoded...
CVE-2020-25650
PUBLISHED: 2020-11-25
A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged local guest user with access to the UNIX domain socket path `/run/spice-vdagentd/spice-vdagent-sock` could use this flaw to perform a memory denial of service fo...