May 19, 2013

You are here: Home / Archives for identity theft

Colorado Court of Appeals: Evidence Insufficient to Prove Knowledge that Social Security Number Belonged to Someone Else in Identity Theft Case

May 13, 2013 by Leave a Comment

The Colorado Court of Appeals issued its opinion in People v. Perez on Thursday, May 9, 2013.

Identify Theft—Criminal Impersonation—Evidence—Mens Rea.

Defendant appealed the judgment of conviction entered on jury verdicts finding him guilty of identity theft and criminal impersonation. The convictions were vacated.

Defendant was charged with identity theft and criminal impersonation for using another person’s Social Security number to obtain employment. On appeal, defendant asserted that the prosecution presented insufficient evidence to sustain his identity theft convictions. The identity theft statute, CRS § 18-5-902, requires that the prosecution prove that the defendant knew the Social Security number at issue belonged to someone. The prosecution failed to present sufficient evidence of this element.

Defendant also contended that the evidence was insufficient to support his criminal impersonation conviction, because the prosecution failed to prove that he assumed a false or fictitious identity or capacity. Although there might have been evidence that the employers would not have hired defendant unless he had a Social Security number, there was no evidence that a Social Security number was legally required for employment. Thus, the evidence was not sufficient to prove defendant assumed a false capacity.

Summary and full case available here.

Filed Under: Case Law Tagged With: , , ,

Tenth Circuit: Jury Instructions Proper and Speedy Trial Act Not Violated in Defendant’s Conviction of Bank Fraud

March 12, 2013 by Leave a Comment

The Tenth Circuit published its opinion in United States v. Loughrin on Friday, March 8, 2013.

Kevin Loughrin was convicted of bank fraud and other charges arising from a check and identity theft scheme.

He appealed his conviction on two grounds: (1) the district court’s jury instructions on the bank fraud  counts, 18 U.S.C. § 1344(2), were erroneous because they did not contain a requirement that Loughrin intended to defraud a bank; and (2) the delay between his indictment and trial violated his rights under the Speedy Trial Act.

Jury Instructions

Loughrin first argued that the district court’s jury instructions on the bank fraud counts, 18 U.S.C. § 1344(2), were erroneous because they did not contain a requirement that Loughrin intended to defraud a bank.

The case law requires the government to prove: “(1) that the defendant knowingly executed or attempted to execute a scheme (i) to defraud [§ 1344(1)] or (ii) to obtain property by means of false or fraudulent pretenses, representations or promises [§ 1344(2)]; (2) that defendant did so with the intent to defraud; and (3) that the financial institution was then insured by the Federal Deposit Insurance Corporation.” United States v. Rackley, 986 F.2d 1357, 1360–61 (10th Cir. 1993).

There is no requirement in either Rackley or the text of § 1344(2) that the fraud must be intentionally directed at a bank. Unlike clause (1), clause (2) does not explicitly state who must be the object of the scheme. Rackley indicates that only an intent to defraud someone is required. 986 F.2d at 1360–61. Thus, under Tenth Circuit precedent, an individual can violate § 1344(2) by obtaining money from a bank while intending to defraud someone else. The fact that Loughrin fraudulently obtained funds using bank checks, even though the bank was not at risk of loss, was sufficient to support his conviction for bank fraud.

The Tenth Circuit concluded the district court did not err in applying the requisite elements for bank fraud under § 1344(2) and that the subsection does not require proof that the defendant intended to defraud a bank.

Speedy Trial Act

Loughrin next argued that the district court violated his rights under the Speedy Trial Act (STA).

The Speedy Trial Act requires that a criminal trial begin no more than seventy days after the filing of an indictment or the defendant’s first appearance in court. 18 U.S.C. § 3161(c)(1). But not every day counts towards the seventy-day limit because of a multitude of statutory exclusions, 18 U.S.C. § 3161(g). If a delay does not fit within an explicit exclusion, the court may still exclude days from the seventy-day tally as long as it makes “findings that the ends of justice served by taking such action outweigh the best interest of the public and the defendant in a speedy trial.” Id. § 3161(h)(7)(A).

Loughrin made his first appearance in federal court on June 8, 2010. After a series of continuances for various reasons, Loughrin went to trial in April 2011.

However, after reviewing each continuance in turn, the Tenth Circuit agreed with the district court that Loughrin was tried within seventy days as required by the Speedy Trial Act.

AFFIRMED.

Filed Under: Case Law Tagged With: , , , ,

Colorado State Judicial Revises Many JDF Instructions and Forms in March

April 11, 2012 by Leave a Comment

As part of its continuing efforts to keep JDF forms up-to-date, the Colorado State Judicial Branch revised several instructions and a few forms in March. Practitioners should begin using the new forms and instructions immediately.

All forms are available in Adobe Acrobat (PDF) and Microsoft Word formats. Download the new forms from State Judicial’s individual forms pages or below.

Adoption

  • JDF 495 – “Instructions for Second Parent Adoption” (revised 3/12)
  • JDF 497 – “Instructions for Validation of Foreign Adoption” (revised 3/12)
  • JDF 498 – “Instructions for Kinship Adoption” (revised 3/12)
  • JDF 499 – “Instructions for Custodial Adoption” (revised 3/12)
  • JDF 500 – “Instructions for Stepparent Adoption” (revised 3/12)
  • JDF 506 – “Notice of Adoption Proceeding and Summons to Respond” (revised 3/12)

Appeals

  • JDF 126 – “Instructions to File a County Court Civil or Small Claims Appeal” (revised 3/12)

County Civil / District Civil

  • JDF 86  – “Instructions for Issuing a Subpoena in Support of an Action Outside the State of Colorado” (revised 3/12)
  • JDF 96 – “Instructions for Filing an Answer and/or Counterclaim in County Court” (Money Demand) (revised 3/12)
  • JDF 100 – “Instructions for Forcible Entry and Detainer (FED) / Evictions” (revised 3/12)
  • JDF 110 – “Instructions for County Court Civil Cases (Money Demand)” (revised 3/12)
  • JDF 112 – “Instructions for Reviving a Judgment” (revised 3/12)
  • JDF 115 – “Instructions for Replevin” (revised 3/12)
  • JDF 122 – “Instructions for Issuance of Contempt Citation” (revised 3/12)
  • JDF 137 – “Instructions for Filing a Foreign Judgment” (revised 3/12)
  • JDF 385  – “Instructions for Filing a Change of Name to Obtain Identity-Related Documents” (revised 3/12)
  • JDF 420 – “Instructions for Filing for a Change of Name (Minor)” (revised 3/12)
  • JDF 432 – “Instructions for Filing a Change of Name (Adult)” (revised 3/12)
  • JDF 605 – “Instructions for Appealing Property Tax Assessments with the District Court” (revised 3/12)
  • JDF 611 – “Instructions to Seal Criminal Conviction Records” (revised 3/12)
  • JDF 620 – “Instructions for Filing a Response to a Rule 120 Notice” (revised 3/12)

Criminal

  • JDF 323 – “Instructions to File a Petition to Seal Underage Alcohol Conviction” (revised 3/12)
  • JDF 385 – “Instructions for Filing a Change of Name to Obtain Identity-Related Documents” (revised 3/12)
  • JDF 416 – “Instructions to File a Petition to Seal Arrest and Criminal Records” (revised 3/12)

Domestic

  • JDF 1215 – “Evaluation of a Foreign Decree, Foreign Custody-Determination, and Foreign Support Order” (revised 3/12)
  • JDF 1220 – “Instructions to Register a Foreign Decree” (revised 3/12)
  • JDF 1800 – “Instructions/Options to Enforce Orders” (revised 3/12)
  • JDF 1801 – “Instructions for Completing an Income Assignment Based on Child Support and/or Maintenance Orders” (revised 3/12)

Juvenile

  • JDF 323 – “Instructions to File a Petition to Seal Underage Alcohol Conviction” (revised 3/12)
  • JDF 385 – “Instructions for Filing a Change of Name to Obtain Identity-Related Documents” (revised 3/12)
  • JDF 476 – “Instructions to Discontinue Sex Offender Registration for a Colorado and Non-Colorado Juvenile Adjudication or Disposition” (revised 3/12)

Paternity

  • JDF 1500  – “Instructions to Establish Paternity” (revised 3/12)
  • JDF 1502 – “Summons in Paternity” (revised 3/12)
  • JDF 1513 – “Instructions to Disclaim Paternity” (revised 3/12)
  • JDF 1515 – “Summons to Disclaim Paternity” (revised 3/12)

Probate

  • JDF 782 – “Instructions to File Petition to Accept Adult Guardianship and/or Conservatorship in Colorado From Sending State” (revised 3/12)
  • JDF 786 – “Instructions to File Petition to Transfer Adult Guardianship and/or Conservatorship From Colorado to Receiving State” (revised 3/12)
  • JDF 820 – “Instructions for Appointment of Guardian for Minor by Will or Other Signed Writing” (revised 3/12)
  • JDF 823 – “Instructions for Appointment of a Guardian – Minor” (revised 3/12)
  • JDF 840 – “Instructions for Appointment of a Guardian – Adult” (revised 3/12)
  • JDF 860 – “Instructions for Appointment of a Conservator – Minor” (revised 3/12)
  • JDF 875 – “Instructions for Appointment of a Conservator – Adult” (revised 3/12)
  • JDF 887 – “Instructions to File a Petition to Terminate Conservatorship” (revised 3/12)
  • JDF 906 – “Instructions for Probate With a Will” (revised 3/12)
  • JDF 907 – “Instructions for Probate Without a Will” (revised 3/12)
  • JDF 957 – “Instructions for Closing an Estate Formally” (revised 3/12)
  • JDF 958 – “Instructions for Closing a Small Estate Informally” (revised 3/12)
  • JDF 959 – “Instructions for Closing an Estate Informally” (revised 3/12)
  • JDF 989 – “Instructions for Re-Opening an Estate” (revised 3/12)

Protection Orders

  • JDF 395 – “Instructions for Restrained Person – Motion to Modify/Dismiss Protection Order” (revised 3/12)
  • JDF 400 – “Instructions for Obtaining a Civil Protection Order” (revised 3/12)

Small Claims

  • JDF 248 – “Instructions for Filing a Small Claims Case” (revised 3/12)
Filed Under: Resources Tagged With: , , , , , , , , , , , , , ,

Cyber Insurance: An Efficient Way to Manage Security and Privacy Risk

March 21, 2012 by Leave a Comment

Practically every company in our modern economy has information security and privacy risk. There is no way to completely eliminate it. Whether it is your firm or your client, most companies of all shapes, sizes, and wealth profiles use information technology and handle sensitive information including personal information and credit card numbers. That means organizations face potential direct losses, lawsuits, and liability due to data, security, and privacy breaches.

The frequency and magnitude of data breaches by hackers has only been increasing. We read about security and privacy breaches practically every day in the newspaper. As the world continues to change at seemingly light-speed and cyber risks increase, the need for risk transfer with cyber insurance is also growing. Relying on a general liability or property policy to provide the coverage is no longer a wise choice (if it ever was), and companies could be well-served to get peace of mind and relative predictability by learning more about cyber policies that are actually designed to address the risk.

CBA-CLE will be hold a program on Thursday, March 29 to address the impact of data breaches and the trend toward cyber insurance. The program presenter, David Navetta, Esq., has written several articles about data security and cyber insurance. Read some of his insights below, and then join us to learn more about protecting sensitive information with cyber insurance, an option that may be of great importance to your clients or law firm.

In the early 2000s, just around the “DotCom Bust,” some insurers began developing a product designed to address the financial loss that might arise out of a data breach. This was a time where most “brick and mortar” companies were just beginning to leverage the economic potential of the Internet. At that time, insurers wanted to target the big “dotcom” companies like Amazon, Yahoo, eBay, Google, etc., and other companies pioneering e-commerce and online retailing. At some point, somebody dubbed this type of insurance “cyber insurance.”

The early cyber policies included liability and property components. The liability coverages addressed claim expenses and liability arising out of a security breach of the insured’s computer systems (some early policies only covered “technical” security breaches, as opposed to policy violation-based security breaches). The property-related components covered business interruption and data asset loss/damage arising out of a data breach (during the holiday season many online retailers suddenly developed a tasted for business interruption coverage after realizing just how negatively their business would be impacted by a denial of service attack).  Additional first party coverages included cyber-extortion coverage and crisis management/PR coverage.

Unfortunately for the carriers, it was not easy to get people to understand the need for this coverage (and that is still a challenge today, but certainly a lesser challenge with all of the security and privacy news constantly streaming). Early on there were very few lawsuits and regulators were just beginning to consider enforcement of relatively new statutes like GLB and HIPAA.

Two things changed that made cyber insurance much more relevant. One was a rather sudden event, and the other more gradual.

First, in 2003, California passed SB1386, the world’s first breach notification law. The reality then (as now) is that companies suffer security breaches each and every day. Prior to SB1386, however, breaches of personal information simply went unreported. With SB1386 and the subsequent passage of breach notice laws in 45 other states (and now coming internationally), the risk profile changed for data breaches. Instead of burying the breaches, companies were required to incur significant direct expenses to investigate security breaches and comply with applicable breach notice laws, including the offering of credit monitoring to affected individuals (which is not legally required by existing breach notice laws, but is optionally provided by many companies or “suggested” by state regulators). As a result, the plaintiffs’ bar now had notice of security breaches and began filing class action lawsuits after big breaches (usually involving high-profile brand name organizations). As such, cyber insurance coverage went from coverage addressing a hypothetical risk of future lawsuits, to a coverage addressing real-life risk (and now we have lawsuits getting deeper into litigation and public settlements of these types of cases). Moreover, shortly after the passage of SB 1386 many cyber insurance policies began covering the direct costs associated with complying with breach notification laws, including attorney fees, forensic investigation expenses, printing and mailing costs, credit monitoring expenses and call center expenses.  Breach notification costs are direct and almost unavoidable after a personal information breach.  Regardless of lawsuit activity, a direct financial rationale for cyber insurance coverage now existed.

The other change that occurred more gradually over time, but which has had a significant impact concerning the frequency and magnitude of data breaches, was organized crime. In the early 2000s, hacking was more of an exercise in annoyance or a used for bragging purposes. Hackers at that time wanted their exploits talked about and know. They wanted credit for hacking into or bringing down a sophisticated company (or better yet a division of the Federal Government or military). As such, when an attack happened it was discovered and remediated, and that would be the end of it.

True criminals, of course, are less interested in such notoriety. In fact, when trying to steal thousands/millions of records to commit identity theft or credit card fraud it is much better to NOT be detected. Lingering on a company’s network taking information for months or years is a much more profitable endeavor. Recognizing that this type of crime is low risk (it can be performed from thousands of miles away in Eastern Europe with almost no chance of getting caught) and high reward, organized crime flooded into the space. And in this context the word “organized” is truly appropriate – these enterprises retain very smart IT-oriented people that use every tool possible to scale and automate their crimes. They leverage the communication tools on the Internet to fence their “goods” creating, for example, wholesale and retail markets for credit cards, or “eBay”-like auction sites to hawk their illicit wares (e.g. valuable information). The change in orientation described above has essentially resulted in a 24/7/365 relentless crime machine constantly attacking and looking for new ways to attack, and always seeming to be one step ahead of those seeking to stop them. That is why we read about security and privacy breaches practically every day in the newspaper.

Fast-forward to present time. Cyber insurance is a much more established market with more carriers entering on a regular basis. There are primary and excess markets available for big risks, and companies of all sizes are looking at cyber more as a mandatory purchase rather than discretionary. As the world continues to change at seemingly light-speed and cyber risks increase (with the advent of hacktivism, social media and the consumerization of IT/BYOD ) the need for cyber is also growing. With competition pushing cyber insurance prices down, and significant security and privacy risk being retained by organizations, risk transfer is becoming very attractive (and from an overall big picture systemic point of view, spreading risk is also attractive). The price may be right, and the peace of mind priceless.

Click here to read the full article. Program registration information below.

CLE Program: Is Your Sensitive Data Secure? Cyber Insurance for Your Firm and Your Clients

This CLE presentation will take place on Thursday, March 29. Participants may attend live in our classroom or watch the live webcast.

If you can’t make the live program or webcast, the program will also be available as a homestudy in two formats: video on-demand and mp3 download.
Filed Under: CLE Tagged With: , , , , ,

HB 12-1101: Clarifying the Mental State Necessary for Identity Theft

February 17, 2012 by Leave a Comment

On January 18, 2012, Rep. Mark Barker introduced HB 12-042 – Concerning the Culpable Mental State for Identity Theft. This summary is published here courtesy of the Colorado Bar Association’s e-Legislative Report.

The bill clarifies certain statutory language describing the offenses of identity theft. To commit identity theft, it is not necessary that a person be aware that the personal identifying information, financial identifying information, or financial device involved in the commission of the offense belongs to another person. On February 2, the Judiciary Committee amended the bill and sent it to the Appropriations Committee for consideration of the fiscal impact.

Summaries of other featured bills can be found here.

Filed Under: Legislation Tagged With: , , , ,

Secretary of State Launches Password Protection for Business Filers

January 26, 2012 by Leave a Comment

On Thursday, January 26, 2012, Colorado Secretary of State Scott Gessler began allowing business owners and filers to password protect their filings to help safeguard against business identity theft. As business filers incorporate in Colorado or file their annual reports online, they will now have the option to create their own password to prevent unauthorized changes to their records.

According to the press release, the state first uncovered business identity theft in 2010, when identity thieves targeted businesses by illegally manipulating data on secretaries of state websites. After hijacking business identities, they took out credit using the company’s good name, forcing businesses to rebuild their credit history.

Implementation of the system follows the passage of HB 11-1095 last year, which allowed the Secretary of State’s office to implement a password protected business filing system.

Current business filers can now add password protection to their filings by going to their business’ summary page and clicking “Set Up Secure Business Filing.” From there, simply request a PIN that will be mailed to the address already on file. New businesses registering can set up a password as part of their registration. Click here for more information.

Filed Under: Updates Tagged With: , , ,

Tenth Circuit: Court Erred in Sentencing Defendant for Identity Theft by Calculating “Intended Loss” as Total of Credit Limits Possibly Reached and Not as Loss Purposely Sought to Inflict

August 2, 2011 by Leave a Comment

The Tenth Circuit Court of Appeals issued its opinion in United States v. Manatau on Monday, August 1, 2011.

The Tenth Circuit vacated the district court’s sentence and remanded for further proceedings. Petitioner was in the business of stealing identities, including social security numbers, credit cards, and checks. When finally indicted by the government, the district court looked at Petitioner’s conduct regarding “convenience checks,” which allow the holder to write a check against their line of credit. Along with two of the checks, Petitioner had a statement revealing a credit limit of $30,000. Two other checks, however, did not state the limit to which they could be drawn, even though it was $10,000; Petitioner only negotiated those two for $1,800. When determining an appropriate sentence, the Guidelines suggest lengths based on actual or intended victim losses, whichever is greater. The district court agreed with the government that the intended losses should equal the amount of the credit limits, despite what was actually negotiated by Petitioner; whether or not Petitioner ever intended to reach those credit limits does not matter, and the appropriate consideration is the loss up to the credit limits that was both possible and potentially contemplated by the scheme.

The Court disagreed with the government and district court. Instead, the Court agreed with Petitioner that the appropriate inquiry requires an analysis of Petitioner’s mens rea when determining his intended loss. Such an inquiry in his case shows that he didn’t intend to reach the available credit limits on at least some of the convenience checks, because he had no knowledge regarding those credit limits. “‘Intended loss’ means a loss the defendant purposely sought to inflict. ‘Intended loss’ does not mean a loss that the defendant merely knew would result from his scheme or a loss he might have possibly and potentially contemplated.” “The available credit limits on the convenience checks in question and the defendant’s knowledge (or lack of knowledge) of them may well be relevant evidence bearing on what loss a defendant did (or didn’t) intend. But a court cannot simply calculate ‘intended loss’ by toting up credit limits without any finding that the defendant intended to inflict a loss reasonably approaching those limits.”

Filed Under: Case Law Tagged With: , , , , ,

Legislation to Protect Businesses from ID Theft on Secretary of State Websites Becomes Law

June 2, 2011 by 1 Comment

At the end of the last week, Governor Hickenlooper signed HB 11-1095 into law. The legislation was sponsored by Rep. B.J. Nikkel and Sen. Kevin Lundberg, and will allow the Secretary of State’s office to implement a password protected business filing system.

The password protection system will help prevent identity thieves from changing information on the Secretary of State’s website. A recent tactic by identity thieves is to target businesses throughout the country by posing as agents of companies, illegally manipulating data on secretaries of state websites. Once they establish some legitimacy, they apply for credit using the company’s good name and go on a spending spree, forcing businesses to rebuild their credit history.

Click here to read the full press release from the Secretary of State’s office concerning HB 11-1095 - Concerning security of the information filed on behalf of an entity with the secretary of state’s on-line business filing system, and making an appropriation therefor.

Filed Under: Legislation Tagged With: , , , ,

Update: FTC Eases Enforcement of Anti-Identity Theft “Red Flags” Rule Among Lawyers, Other Professionals

June 4, 2010 by Leave a Comment

The National Law Journal reports this week that the Federal Trade Commission (FTC) has bowed to Congressional pressure to dial back enforcement of the so-called “Red Flags” Rule, which directs certain professionals, including lawyers and doctors, to develop written measures to detect and thwart identity theft within their organizations.

Lawyers, doctors, and other professionals are considered “creditors” and “financial institutions” under the Fair and Accurate Credit Transactions Act (.pdf), designations disputed by the American Bar Association and American Medical Association in lawsuits filed against the FTC.

The FTC has agreed to ease enforcement of the Red Flags Rule until the end of 2010.

Filed Under: Updates Tagged With: , ,
Protected

2013-05-19 05:22:10