Back in 2004, Congress decided to tackle the problem of "identity theft." It was responding to much-publicized cases in which criminals obtained credit cards in other people's names, sticking them with the resulting bills and hurting their credit ratings. But instead of focusing on that paradigmatic situation and crimes of a similar nature, Congress passed the Identity Theft Penalty Enhancement Act, which prescribed a two-year mandatory minimum sentence for "aggravated identity theft." The law's definition of that crime is so broad that it can be read to cover myriad minor offenses that are nothing like identity theft as it is generally understood.
Naturally, the federal government favors a sweeping interpretation of the statute, which gives prosecutors more power to coerce guilty pleas. Under the Justice Department's reading, defendants who otherwise might pay fines and/or receive probation for low-level fraud can instead go to prison for two years. But during oral arguments this week in Dubin v. United States, a wide range of justices pushed back against that interpretation, noting that it produces absurd results.
The case involves David Dubin, who worked for a business that performs psychological testing of Texas teenagers living in emergency shelters. Dubin was accused of submitting a fraudulent Medicaid claim for a client who was tested by a licensed psychological associate in April 2013. According to the government, the claim misrepresented the services in three ways: It said the testing had been done by a licensed psychologist, which increased the reimbursement by $101; it said the testing happened in May rather than April; and it rounded up the time required for the evaluation from two-and-a-half hours to three hours.
A jury convicted Dubin of health care fraud under 18 USC 1347, which can be punished by a fine and/or up to 10 years in prison. Based on the same conduct, the jury also convicted him of aggravated identity theft under 18 USC 1028A, triggering the two-year mandatory minimum. Although the trial court said "this doesn't seem to be an aggravated identity theft case," it concluded that 5th Circuit precedent required judges to pretend otherwise.
On appeal, the gist of Dubin's argument was straightforward: I did not commit identity theft, so how can I be guilty of identity theft? The U.S. Court of Appeals for the 5th Circuit gave its answer last March.
The law says a defendant is guilty of aggravated identity theft when he "knowingly transfers, possesses, or uses, without lawful authority, a means of identification of another person…during and in relation to" one of many predicate offenses, including health care fraud. As the 5th Circuit saw it, Dubin used "a means of identification of another person"—the client's name and Medicaid ID number—when he submitted the disputed claim. And although he was generally authorized to use that information when he submitted Medicaid claims, the appeals court said, he did not have "lawful authority" to use it in connection with a fraudulent claim.
As Dubin's lawyers note in their Supreme Court briefs, that understanding of the law, which they call "the epitome of overcriminalization," conflicts with narrower interpretations adopted by several other federal appeals courts. When Justice Department lawyer Vivek Suri tried to defend the government's interpretation this week, it was rough going.
Justice Neil Gorsuch wondered how the government's definition of aggravated identity theft would apply to credit card charges in a restaurant. "If the government's theory is correct," he said, "and every time I order salmon at a restaurant I'm told it's fresh, but it's frozen, and my credit card is run for fresh salmon, that's identity theft." He might have added that no such charge would be possible if he paid for the salmon in cash, even though the injury would be exactly the same.
According to the government's reading of the law, Gorsuch noted, all sorts of allegedly improper charges could be treated as aggravated identity theft, "whether it's in a restaurant billing scenario, a health care billing scenario, or lawyers who round their hours up." He got some laughs by adding, "I'm sure nobody in this audience has ever done that."
Justice Clarence Thomas also grilled Suri about the implications of his argument. "Let's say the only allegation here involved the rounding up from 2.5 hours to three hours," he said. "Would that be sufficient to violate this provision?"
Yes, Suri said, although "I appreciate that that may seem an unattractive result." Thomas replied that "'unattractive' is an understatement." Gorsuch added that "you've given up the ghost" by arguing that "every time anyone overbills for anything, that triggers this statute."
Justice Ketanji Brown Jackson likewise seemed troubled by the government's position. "It's like every fraud in the world," she told Suri. "And you just admitted in response to Justice Thomas that it could be a teeny, teeny fraud."
To illustrate the "absurdities" implied by the government's position, Justice Sonia Sotomayor imagined a parent who "lists their child as a dependent" on a tax return and "lies about child care services." Under the government's "broad definition," she said, that would count as aggravated identity theft, "because they use the child's name to commit a fraud on the government."
Sotomayor said "the vagueness" of the statute—a due process issue—"is a problem." She noted that it is hard to get a handle on the government's definition of the crime "because every time you point to something that seems absurd, they come up with a limiting rule." She worried that "the issue of vagueness permeates this statute" and mentioned the rule of lenity, which favors a narrow reading of ambiguous criminal laws.
Justice Brett Kavanaugh made a similar point. "The elements in the statute are vague," he told Suri. "Why doesn't the title"—i.e., "aggravated identity theft"—"give us a helpful clue about how broadly to read those somewhat elastic terms?"
As University of California, Berkeley law professor Orin Kerr notes, the statute is even more of a mess than the justices' comments suggested. "Congress did a lousy job describing the fraud-based felonies that can act as a predicate offense," he writes. "Instead of saying the predicate offense had to be a fraud crime, Congress looked to various parts of Title 18 and included large swaths of the code that seemed to have some kind of connection to fraud. When you look at the predicate felonies in subsection (c), there are 11 different areas of Title 18 that are included as predicates. Some of those sections are about fraud. But some aren't. Some were just codified near sections about fraud."
The referenced sections, for example, include the Computer Fraud and Abuse Act (CFAA), which makes unauthorized access to someone's computer a federal crime, whether or not it facilitates a financial fraud. "Any felony violation of the CFAA is a felony predicate for aggravated identity theft," Kerr notes, "whether it has to do with fraud or not."
The interaction between these two laws can result in stark sentencing disparities with no rational basis. "If you hack into someone's account by exploiting a security flaw," Kerr says, "that's just a standard CFAA offense and you'll probably get probation unless a lot of dollar loss occurred." But if you use a password, which is "a means of identification of another person," that would be aggravated identity theft as the Justice Department defines it, meaning you will go to prison for two years.
This is hardly the only case in which Congress has defined crimes in a counterintuitive way. The 2022 Bipartisan Safer Communities Act, for example, makes "trafficking in firearms" a felony punishable by up to 15 years in prison and defines the offense broadly enough to encompass gun purchases by "prohibited persons." Just as Dubin was found guilty of aggravated identity theft without actually stealing anyone's identity, a cannabis consumer who buys a gun is guilty of trafficking in firearms even though he never trafficked in firearms. That's in addition to preexisting felony provisions covering the same conduct.
Congress deliberately made gun purchases by prohibited persons even more illegal. But it accidentally defined aggravated identity theft so broadly that the law could be used to impose a two-year sentence on people guilty of penny-ante crimes that do not involve identity theft and may not even involve fraud. Now the Supreme Court has to make sense out of that muddle, which would not be necessary if legislators knew what they were doing to begin with.
The post SCOTUS Questions the Government's Absurdly Broad Definition of 'Aggravated Identity Theft' appeared first on Reason.com.