Colorado Supreme Court: Stolen SSN is not ID Theft

Thursday, November 18, 2010

Robert Siciliano


I feel like my head is going to explode.

The Colorado Supreme Court has ruled “that using someone else’s Social Security number is not identity theft as long as you use your own name with it.”

The defendant in this particular case had admitted to using a false Social Security number on an application for a car loan, and to find employment.

The court ruled that since he had used his real name, and the Social Security number was only one of many pieces of identifying information, he “did not assume a false or fictitious identity or capacity,” and “did not hold himself out to be another person.”

The court found the defendant’s use of a false Social Security number “irrelevant,” since the number was provided to fulfill “a lender requirement, not a legal requirement.”

Justice Nathan Coats dissented, writing, “The defendant’s deliberate misrepresentation of the single most unique and important piece of identifying data for credit-transaction purposes” was “precisely the kind of conduct meant to be proscribed as criminal.”

This is yet another example of the lack of justice in the judicial system. The justices erred by failing to understand what identity theft really entails, especially when considering the distinction between a “lender requirement” and a “legal requirement.”

Whether or not a Social Security number is legally required in order to obtain credit, it is still a legal identifier in many circumstances.

42 USC Chapter 7, Subchapter IV, Part D, Sec. 666(a)(13), a federal law enacted in 1996, determines when the numbers should be used. This law requires a Social Security number to be recorded for “any applicant for a professional license, driver’s license, occupational license, recreational license or marriage license.”

It can also be used and recorded by creditors, the Department of Motor Vehicles, whenever a cash transaction exceeds $10,000, and in military matters.

“Synthetic identity theft” occurs whenever an identity is partially or entirely fabricated. This commonly involves the use of a real Social Security number in combination with a name and birth date that are not associated with the number.

This type of fraud is more difficult to track because the evidence does not appear on the victim’s credit report or on the perpetrator’s credit report, but rather as a new credit file or subfile.

Synthetic identity theft is a problem for creditors, who grant credit based on false records. It can also create complications for individual victims if their names become associated with synthetic identities, or if their credit scores are impacted by negative information in an erroneous subfile.

With this decision, the Colorado Supreme Court has fundamentally upset the balance of law, effectively opening a Pandora’s box of problems. This saga is far from over.

Since the law won’t protect you, at least in this scenario, consider investing in McAfee Identity Protection, which includes proactive identity surveillance to monitor subscribers’ credit and personal information, plus access to live fraud resolution agents who can help subscribers resolve identity theft issues.

For additional tips, please visit

Robert Siciliano is a McAfee consultant and identity theft expert. See him discuss identity theft victims on The Morning Show with Mike and Juliet. (Disclosures)

Possibly Related Articles:
Legal Identity Theft fraud Social Security Numbers
Post Rating I Like this!
Susan V. James I guess the Colorado court is either unaware of the FTC's firm position that SSNs *are* a primary form of one's PII, or they've chosen to ignore this fact.

NIST seems to think so too, and lists the SSN as PII even before a biometric measurement in SP 800-122!

There are so many things wrong in the reasoning behind this ruling that I just don't know where to begin. Well, here's a starting point... what if the scoundrel had not used his own name, nor the name of the person who's SSN he stole, but used a completely different third name? Would it still be considered that no crime was committed? If using someone else's social security number to fabricate a credit history is NOT a crime, we are all in serious peril.
Anthony M. Freed Great points Susan - legal reasoning is so tied up in precedent and case law that decisioning can become very skewed. I believe we will see a great number of legal decisions regarding security and privacy issues that fly in the face of common sense, and are completely counter-intuitive. Such is the way of the courts - hold on to your hats!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.