No, I don’t believe hijacking someone’s email is identity theft.

It should certainly be a crime, it may fall under wire-tap statutes, but I can’t follow the logic that an identity was stolen. The criminal would have to use or purport to be the victim in order for it to be identity theft.

Sadly, it is the architecture of email that makes this type of information theft all too common. I think it is time that postal regulations be adapted to electronic mail, and the appropriate penalties applied.

I think that anyone who attempts to pose as another person for what ever the motivation is stealing that person’s identity. However if that person used his boss’s email and identified himself in it for the purpose of disseminating information to the list the boss had, then he was violating the privacy rights of the email address holders themselves.

It is very important to define a range of behaviors that largely require different solutions. ID theft is a very serious situation. However, it does not include plain vanilla credit card theft or impersonation without an attempt to take over a personality. For those who have not read it, strongly suggest Daniel Solove’s “Future of Reputation.” Free on-line at http://docs.law.gwu.edu/facweb/dsolove/Future-of-Reputation/ Also in book form.

m not sure if this makes a difference, but was his work email hijacked? A work email is issued by an organization to a specific individual and whose identity is known. So in that case I think that impersonation and possible ID theft could occur.

Not being a lawyer, I do think that there are specific differences in work email account hijacks versus social email hijacks (i.e. hotmail, gmail, etc.).

When you hijack a work account, you could be impersonating an individual’s title and reputation.

On a side note: If we remember the Sara Palin hacked email account, a suspect was charged under federal law for unlawful access to stored communications and intentionally accessing a computer without authorization across state lines. I also believe that this case is still active.

So it seems likely that federal laws were violated in this case as well.

Since your identity isn’t presented at the time of opening an email account (you’re not required to provide a SSN, DOB etc) the subsequent “takeover” of that account would not be a theft of your identity in the traditional way. If we are going to say that email account takeover is identity theft, we are going to have to make stricter controls regarding the information people provide to open the accounts in the first place. The question really isn’t “is it identity theft?” but rather “should it be considered identity theft?” The answer to THAT depends on your views on internet anonymity. I don’t believe that we can protect internet anonymity and call email account (or social networking account) takeover identity theft at the same time. Online impersonation and identity fraud for the purposes of ruining reputation or scamming others is different than traditional identity theft used for credit purposes. The damage is different, and the controls and punishments should be different as well. Perhaps identity theft could be used as a more general term to encompass credit identity fraud and online impersonation- but it is not currently widely recognized as such to my knowledge… this court decision may change that.

Without a doubt this is identity theft. Impersonating someone else without proper disclosure is unlawful. Breaking the law to prosecute someone else is still breaking the law.

Indeed this is an important case.

My quick take is that the court ruling, which I have only skimmed, finds that the unlawfulness of the act is not mitigated by the First Amendment rights of the defendant.

Thanks for posting this, and to Ms. Davis Friend for the detailed comment and background info.

I think it’s important to put it into the same context as it would be in if the crime was “physical” eg; “posing as another when apprehended for a crime”. Perhaps it wasn’t called “identity theft” in the past but it is now. My short answer is yes and agree the charges should be reinstated.

Additional details:
According to the non-profit Identity Theft Resource Center and other sources, identity theft can be sub-divided into five categories:

business/commercial identity theft (using another’s business name to obtain credit)
criminal identity theft (posing as another when apprehended for a crime)
financial identity theft (using another’s identity to obtain goods and services)
identity cloning (using another’s information to assume his or her identity in daily life)
medical identity theft (using another’s information to obtain medical care or drugs)

I have been waiting to see an article where someone in the judicial system gets this crime, and the insidiousness of it. Also the incredibly tragic outcome of the employees action is untenable!

To add to the very few comments I’ve seen regarding this. According to the Identity Theft and Assumption Deterrence Act it is a federal crime when someone:
“knowingly transfers or uses, without lawful authority, a means of identification of another person with the intent to commit, or to aid or abet, any unlawful activity that constitutes a violation of federal law, or that constitutes a felony under any applicable state or local law.”

Important to note that means of identification is defined as:
“any name or number that may be used, alone or in conjunction with any other information to identify a specific individual, including any -
Name, SS#, DOB, officially issued driver’s license #’s or ID #’s
Unique Biometric data
Unique electronic identification number, address, or routing code or
Telecommunication identifying information or access device.

I’ve had a long standing concern with access to computers by personnel within companies. This issue should definitely be part of an organization’s information security policy. Additionally, it is an issue that can strike at a personal level in someone’s home/home office. As a result, an area of focus in my employee training sessions is “don’t share email accounts, and don’t share passwords, no matter how much you trust someone.

Strikes me that the use of another person’s e-mail does not constitute identity theft per se. In the case you cite the perp was engaged in fraud, defamation, intentional infliction of emotional distress and perhaps some other civil wrongs or crimes. In my view identity theft is using the ‘credentials’ of some one for personal monetary gain at the expense of the victim.

I agree. Now is the time that businesses need to address “all” of the issues surrounding the growing challenges of Identity Theft. Taking proactive steps makes good sense and will allow the business to mitigate their risk. We are just at the tip of the iceberg, compared to where they say we are going. I hear the term “the coming pandemic of Identity Theft”, as the problem becomes a larger international crime, with more international criminals. Most new U.S. laws are directed toward business, the holder of the data. Businesses need to take steps to protect their business, their clients and their employees. The problem is NOT going to go away!

Absolutely. Although I have not experienced having my own email account(s) hijacked, I have assisted consumers through their own ‘Identity Theft’ cases. Identity Theft and Fraud has increased rapidly over the past year with the decline of the economy. Email hacking is a quick way to dig through an individuals personal information, find out how they conduct business and banking online, then use it to retrieve usernames and passwords to other accounts. I gather that the experience is no different than that of a pick pocket lifting your wallet or having your home burglarized. However, there is always a risk when conducting business online which points to the “privacy paradox”. People go to great lengths to protect their wallet or safeguard their home, yet they also disclose their private information online without thinking twice. I have gathered more information about the privacy paradox surrounding social networks in a recent research proposal. Feel free to contact me if this is something of interest to your field.

From Linked-In:

Call me technical, but an email account is not verified by “identity.” It’s verified by having the right account name and password. Access might be unauthorized, but in no way is it identity theft.

The problem is that “identity theft” has become a catch-all term for “bad things that happen relating to your information”. This is true in part because of the hype around the idea of “identity theft” and in part because any time information goes missing or is found to be accessed, the default response is “identity theft” and “monitor your credit reports”, even if there is a snowball’s chance in hell that someone’s identity will actually be harmed.

Many states have computer laws on the books that are over a decade old, and many of them making unauthorized access illegal. Unfortunately those laws are more fitted to stopping ’80s style wardriving, and not any unauthorized access to a “cloud computing” service like an email account. So we have to force-fit identity theft laws into the facts in order to rightly achieve the justice this case deserves.