By Eduard Goodman, Identity Theft 911

An interesting Appellate Court opinion was recently issued that, while limited in scope, requires us to acknowledge the expanding realm of our own identity footprints and the need for evolving views of how we define identity theft. The case, PEOPLE v. ROLANDO S., stemmed from a Juvenile Court case in Kings county California. The case involving teenagers was based on the following facts:

Rolando S., a minor, was one of several recipients of an unsolicited text message containing the password to the victim’s email account. Rolando, who apparently had been in trouble with the law before, used this information to gain access to the victim’s email account. Once he was in, he accessed her Facebook account and profile. Then Rolando proceeded to post vulgar, sexually oriented comments on the walls of a couple of the victim’s male Facebook friends pretending to be her. He even modified the victim’s profile adding additional sexually oriented comments.

Once the victim discovered these unauthorized posts she immediately notified her father who helped her remove the posts and then contacted local police.

Rolando admitted to police that he altered the victim’s Facebook profile and posted the messages. Charges were filed with the Juvenile court alleging one count of a violation of California’s identity theft statute, California Penal Code §530.5(a) (willfully obtaining personal identifying information and using it for an unlawful purpose). The Juvenile trial court found Rolando S. guilty under the statute.

However, his attorney appealed the decision based on two arguments: First, he asserted that Rolando didn’t “willfully” obtain the PII of the victim, since it was sent to him and others via an unsolicited text. Second, he asserted that Rolando didn’t actually use the information for an “unlawful purpose.”

On the first point, the Appellate court found that while Rolando may not of sought out the e-mail password, as it was sent to him and others, his act of going further and accessing the email account and further using that information to gain access to the victim’s Facebook account definitely satisfied the willful component of the statute.

On the second point, the court found that an “unlawful purpose” is NOT limited to behavior that is simply codified under criminal law. Unlawful purposes can also include other activities covered under common law such as an intentional tort like that of defamation in this case.

The court’s examination of the “unlawful purpose” language was based on the legislative history of the identity theft statute. The original text of the law in California was limited to using someone else’s information to “…obtain, credit, goods, or services”. It was amended in 1998 to broaden the definition to the more expansive language of “… using it for an unlawful purpose” which in this case included defaming the victim.

The most interesting aspects of this case though go much further than the simple and limited legal precedent it sets in the state of California. It points to a trend towards a formal recognition that an individual’s identity is more than simply a social security number, driver’s license number, account number or date of birth. We are more than our financial or medical data. Personal information and the nature of our identity is also all about who we represent ourselves to be to our friends, our family and to the public. At no time in human history has this been more true than today and in the age of e-mail, social networking sites, blogs, and smart phones; the parts of our “identity footprints” that we exert specific control over are growing in scope, influence and duration and are being monitored by others — whether we recognize it or not. As this case illustrates though, fortunately, the definition of identity theft is growing too.

Eduard Goodman, Chief Privacy Officer, Identity Theft 911
An internationally trained attorney and privacy expert, Eduard has more than a decade of experience in privacy law, fraud and identity management. He is a member of the state bar of Arizona and served as the 2008-2009 section chair of the bar’s Internet, E-Commerce & Technology Law Practice Section.

One Response

  1. says:

    [...] Are Hijacked Facebook Accounts Identity Theft? [...]

Leave a Reply