Apparently, I can use my own name and your Social Security Number to get a job or buy a car and it is not an identity theft crime. Really. This is according to a recent Colorado Supreme Court ruling. They ruled that, ‘that using someone else’s Social Security number is not identity theft as long as you use your own name with it.’ Seriously. The case in question involved a man who used his real name but someone else’s Social Security number to obtain a car loan. The court said that since he used his real name, along with other identifiable pieces of information, he wasn’t trying to impersonate someone else. The SSN info was just the ‘lender’s’ requirement and not a ‘legal’ requirement. The defendant said that he fully intended to pay the loan back and wasn’t trying to avoid the bills. There was another case where a man used a fake SSN to get a job at a steel plant in Illinois. He presented a Social Security card with his name but a fake SSN. Since he didn’t know that the number was fake and belonged to another person, the US Supreme Court ruled that he also didn’t break any federal ID theft laws since he did not ‘knowingly’ use another person’s number. He just ‘borrowed’ it. He could have just written 9 random numbers that may or may not have been tied to someone’s identity or he could have bought it from a broker, not knowing it was either fake or stolen.
These decisions contradicted previous rulings in Missouri, California, the Midwest, the Southeast and many other regions. It also left folks scratching their heads wondering just what were the courts thinking. Their logic is that, ‘(The suspect) claimed that the government could not prove that he knew that the numbers on the counterfeit documents were numbers assigned to other people….The question is whether the statute requires the government to show that the defendant knew that the ‘means of identification’ he or she unlawfully transferred, possessed, or used, in fact, belonged to ‘another person.’ We conclude that it does.’ I understand that there is a fine legal line between malicious intent and an uninformed accident but if you make up a number or obtain it by improper means, it’s still fake, false and fraudulent. I also understand that there are criminal organizations that prey on immigrants who might not fully understand the ramifications and are told that it is legitimate. We’ve all, at some point, been lured, duped or convinced that something we were obtaining was the real thing. We’re told with great conviction that it is authentic and because we want to believe, we do. When the truth is exposed, the ‘I didn’t know’ defense is obviously the most common and very well might be the honest answer. Maybe because I focus on Information Security and a bit skeptical myself, I also gotta believe that there’s that little nudge, intuition or feeling in your belly telling you that something isn’t right. I know because I’ve ignored that gut-check and got burned. Just because something is ‘not-illegal’ does not make it the right thing to do.
I’m not claiming to be a Mr. Goody-Two-Shoes and have certainly made my fair share of mistakes along with doing things I know to be wrong, legal or not. I also know that always acting in the ‘proper’ way or doing the ‘right’ thing is difficult sometimes. That’s what makes us human. We might seek the easiest, least complicated and sometimes slightly unethical way of accomplishing something. Sometimes we have to break the law to ensure the safety of others – like speeding to the Emergency Room if your wife is giving birth or a person is bleeding to death – but those are extenuating circumstances and doesn’t necessarily cause harm to others; unless, of course, you run somebody over on the way to the hospital. There are victims with this SSN borrowing since the real person may not ever know that their information was used since it won’t show up on a credit report. The trouble starts when a loan or tax payment is missed and by then, it’s too late. The courts have had difficulty over the years trying to interpret certain laws as technology whizzes by but, at least in the States, our Social Security Number is one of our unique, primary identifiers and should be protected. Incidentally, BIG-IP ASM does have a cool feature called Data Guard that can mask sensitive data from being leaked from the web application. Data Guard helps protect against information leakage like the leakage of credit card or Social Security numbers. Instead of sending the actual data to the client, ASM can respond by replacing the sensitive data with asterisks, or block the response and sending out an alert. You can also decide what ASM should consider as sensitive: credit card numbers, Social Security numbers, or responses that contain a specific pattern.