Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

11/3/2010
03:30 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Colorado Supreme Court Ruling Over SSN Fraud Opens Dangerous Door, ITRC Says

Identity Theft Resource Center concurs with the three dissenting judges

(November 1, 2010, San Diego CA) The Colorado Supreme Court recently over-ruled (4-3) a lower court decision that convicted a man of criminal impersonation when he fraudulently used the Social Security number (SSN) of another when applying for a car loan. The trial and appellate court in Montes-Rodriguez v. People found that Mr. Montes-Rodriguez defrauded a car dealership which required an SSN on its loan application. The Supreme Court however held that since Montes-Rodriguez used his own name, birth date and address, the use of another person’s SSN was not criminal impersonation even though he had also used it for employment as well.

The Identity Theft Resource Center (ITRC) concurs with the three dissenting judges. The use of a false SSN even without using the victim’s name is one of the core issues of identity theft, whether the SSN has been issued or fabricated. As Justice Coats said, “Because I consider the defendant’s deliberate misrepresentation of the single most unique and important piece of identifying data for credit-transaction purposes to be precisely the kind of conduct meant to be proscribed as criminal by this statute.” (18-5-113 Criminal Impersonation).

This is further validated by Section 603.2 of the Federal Fair Credit Reporting Act (FCRA) which states that “identity theft is a fraud committed or attempted using the identifying information of another without permission.” That section specifically states that the unauthorized use of another’s SSN is Identity theft.

By using a SSN which was not issued to the defendant, he assumed the capacity to gain a benefit - in this case, a car loan (and a job) he would not have received if he used his own SSN, which apparently he did not have. This act defrauded the car dealership and the woman whose SSN was used without her permission.

Attorney Mari Frank, frequently called as an expert witness to testify in court, before legislative hearings and who teaches law classes in identity theft, said: “ This 4 to 3 decision demonstrates that false identification and identity theft are still misunderstood by the ‘majority’ of people including judges. For far too long, the courts and industry have not taken identity theft seriously and here is but another example. Clearly the woman whose SSN was used already was hampered by the fraud appearing on her credit report as an inquiry. If the defendant stops payment, all the creditors with whom he has established credit with using this SSN will demand payment from the woman who was issued this number. If he doesn’t pay taxes, the IRS will call upon the victim. It might even impede her ability to get a job. I have seen victims trying to unravel the challenging mixed file mess numerous times.”

ITRC is very concerned by this decision. Identity theft crimes are evolving daily. It is critical that law makers, law enforcement, and the judicial system stay abreast of the actions of identity thieves. Semantics must not get in the way of “intent.” In over-ruling the lower court, the Colorado State Supreme Court has implied it is permissible to use an SSN that was not issued to an individual to establish new lines of credit. That was not the intent of the Colorado statute or that of the FCRA. This is a dangerous precedent that has now been established and which could permit abuses of the system designed to protect innocent bystanders from fraud.

About the ITRC The Identity Theft Resource Center' (ITRC) is a nationally recognized non-profit organization established to support victims of identity theft in resolving their cases, and to broaden public education and awareness in the understanding of identity theft. Visit www.idtheftcenter.org Victims may contact the ITRC at 888-400-5530.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-20934
PUBLISHED: 2020-11-28
An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.
CVE-2020-29368
PUBLISHED: 2020-11-28
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.
CVE-2020-29369
PUBLISHED: 2020-11-28
An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.
CVE-2020-29370
PUBLISHED: 2020-11-28
An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.
CVE-2020-29371
PUBLISHED: 2020-11-28
An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.