Identity Theft in the New Information Age

By: HR Fitzmorris

The Supreme Court recently granted the petition for a writ of certiorari in Dubin v. United States, agreeing to review the Fifth Circuit’s decision to uphold the conviction of Dubin for aggravated identity theft under 18 U.S.C. 1028A(a)(1).

Though seemingly mundane when compared with the Court’s recent blockbuster docket, this case raises interesting questions about what it means to commit identity theft in today’s technological landscape, and how prosecutors are adapting antiquated statutes to a new technological reality.

David Durbin was charged with health care fraud after he improperly billed Medicaid for patient care provided at the youth health facility where he worked. He had inflated the price of service and falsified the date to fit within the one-year limit for reimbursement.  Even though the fraud only netted the shelter $92, federal prosecutors tacked on an aggravated identity theft charge which carries a mandatory 24-month prison sentence. The aggravated identity theft statute makes it a federal crime, “during and in relation to a” predicate felony, to knowingly transfer, possess, or “use[], without lawful authority, a means of identification of another person.” 18 U.S.C. § 1028A(a)(1). Prosecutors reasoned that because Durbin used the patient’s name on the fraudulent form—even though Durbin was not impersonating the patient nor making misrepresentations about his identity—he had violated § 1028A(a)(1).

The district court convicted Durbin, despite the seemingly draconian punishment.  On announcing the verdict, the district court judge stated that he “hope[d]” that the conviction would “get reversed.” However, the en banc U.S. Court of Appeals for the Fifth Circuit affirmed

Prior to 1998, identity theft crimes were charged under “false personation” statutes, which go back to the late 19th century. False personation is “the crime of falsely assuming the identity of another to gain a benefit or avoid an expense.” Concern over the increasing ease of obtaining others’ identifying information for nefarious purposes skyrocketed as thieves went digital. Congress passed the Identity Theft and Assumption Deterrence Act in 1998, during the fledgling years of the world wide web. In his statement on signing the bill, President Clinton noted that “[a]s we enter the Information Age, it is critical that our newest technologies support our oldest values.” In 2004, Congress added the Identity Theft Penalty Enhancement, which established penalties for “aggravated” identity theft. Aggravated identity theft was defined as using the identity of another person to commit felony crimes, including immigration violations, theft of another’s Social Security benefits, and acts of domestic terrorism. 

Cases such as Durbin’s are raising questions about the potential reach of these statutes. Broad statutory language offers flexibility in a sector that is known for its quick innovations and ever-changing nature, which can be advantageous to prosecutors looking to curb cybercrime.  But, as the dissenting Fifth Circuit judges noted, the majority’s reading necessarily implicates “not only [] most every commission of healthcare fraud, but would also sweep in tax preparers, immigration attorneys, and anyone else convicted of submitting any form on someone’s behalf that contains a misrepresentation unrelated to the person’s identity.” This creates the risk of criminal liability for those submitting prepared forms on behalf of clients that contain misrepresentations that may have come from the client directly or from a mistake.

Chief Judge Priscilla Owen supported the majority reading of the statute, stating that the statute does not say anything about identity theft, but rather imposes an enhancement for certain felonies on anyone who “knowingly … uses, without lawful authority, a means of identification of another person.”

How the Supreme Court answers the question of “whether simply reciting another person’s name in the course of committing Medicaid fraud constitutes aggravated identity theft, or whether that person’s name has to play a ‘key role in the fraudulent activity’” may affect how identity theft is prosecuted in the future.