Thank you for sharing!

Your article was successfully shared with the contacts you provided.
Governor David A. Paterson last month signed into law the lengthily titled “An act to amend the executive law, the general business law, the public officers law, the labor law, the penal law, and the criminal procedure law, in relation to identity theft; and to amend the penal law, in relation to establishing the crime of unlawful possession of a skimmer device.” L. 2008, ch. 279. Despite its dreary name, one would be hard pressed to discover any legislation in recent history that will have a greater effect in New York on privacy rights, consumer rights and grand jury practice. In fact, identity theft cases just became a little easier to prosecute. As early as 1999, the use of “skimmer devices” (small, usually hand-held sized credit card scanners) were not only being used for legitimate commercial use, but also by thieves using them to collect credit card data from unsuspecting business and ATM patrons. 1 A new breed of criminal was taking Willie Sutton’s famous advice about why he robbed banks: “Because that’s where the money is.” 2 Only now, the money is easier to obtain through Internet fraud, identity theft and credit card and bank fraud, and the punishment is significantly less. 3 Recognizing this crime trend, the New York State District Attorney’s Association began lobbying the state Legislature to create new identity theft statutes to combat this new breed of criminal, and requested legislation to allow the introduction of business records into evidence upon a supporting deposition in the grand jury. This helped result in the passage of L. 2002, ch. 619, which created the new crimes of identity theft and unlawful possession of personal identification information. 4 It also allowed a change in the jurisdictional venue statute, permitting identity theft crimes to be prosecuted not only where the crime took place, but also gave concurrent jurisdiction in any county where the person who suffered financial loss or whose information was used resided at the time the crime took place. 5 But while New York lawmakers increased the number of venues where identity thefts could be prosecuted, they failed to provide a mechanism to easily indict these cases, and failed to allow one prosecution for the attendant grand larcenies (which often were higher level felonies) that accompany the identity theft. Typical identity theft involves a defendant stealing a credit card, and then using it to buy products or tap into a credit line to steal cash. The problem in prosecuting these crimes comes in the multijurisdictional nature of each element of the crime. An example of an “easy” jurisdictional case is a Staten Island defendant stealing a Staten Island victim’s credit card, issued by a Staten Island bank, and using the credit card at the Staten Island Mall. In my seven years of prosecuting identity theft, these “easy” cases rarely occur. A more typical variation is a Brooklyn defendant 6 stealing a Virginia resident’s credit card, using it (or, more likely, the credit card account information) over the Internet and having electronic equipment shipped to an apartment on Staten Island. The Virginia resident contacts his California-based credit card company to report the misuse of his credit card. The credit card company reports it to a Staten Island precinct, where a detective goes to the mail drop location, and, if lucky, catches the defendant or one of his accomplices accepting the package. The defendant is arrested on Staten Island, and if an offer is rejected in Criminal Court, an overworked felony assistant district attorney is assigned the case. To prosecute this second variation of identity theft, the ADA will need to get a supporting deposition from the Virginia victim that she did not give permission or authority for the defendant to utilize her personal identifying information, utilize her credit card, forge her name on the merchandise shipping form, and so on. Absent a confession obtained by a stellar detective who already has copies of all of the business records involved (credit card charges, merchant shipping request, delivery manifest with forged name) and who can get the defendant to confess that he was the one who made those charges and signed for the delivery, the ADA will likely need to get the business records of the out-of-state credit card company entered into evidence. And, thus, a prosecution for a $1,500 credit card loss can cost half that much at the get-go just to fly a witness in from California to answer the four basic business record questions. 7 The manifest insanity in this mechanism is that while the standard for obtaining a true bill is less than that for obtaining a verdict of guilt at a criminal trial, business records can be put before a trial jury upon an affidavit. 8 This is now changed for good as of Aug. 7. The new statute, an amendment adding a new subdivision 8 to CPL 190.30, allows the submission into evidence before the grand jury of business records, albeit only certain types of business records: (i) usage, subscription to, charges and payments for, equipment and services provided by telephone companies and Internet service providers; and (ii) financial transactions, a person’s ownership or possessory interest in any account at a bank, insurance company, brokerage, exchange, or banking organization. While a cynic might wonder why communications and financial institutions – two industries with plenty of lobbying clout – were given a pass on coming to the grand jury, in the forum of identity theft these records are most often put into evidence. And because the term “Internet service provider” is not defined in the statute, one must wonder whether this includes only traditional ISPs such as AOL and RoadRunner, or does it include providers of services over the Internet, such as Amazon.com, Craigslist, and eBay? 9 Another oddity in the statute is that it provides the prosecutor the choice of either redacting material that does not fit the definition of a “business record” for the purpose of this statute [PL 190.30(8)(a) & (b)], or entering the entire set of business records before the jury upon instructing the grand jury “that [it] shall not consider any additional material in support of any criminal charge” (after presumably telling the grand jury what portions of the business records it may consider). PL 190.30(8)(c). Additional Laws Needed While this is terrific news for the prosecutor (and really of little consequence to the defendant who in any event had no right to cross examine the witness entering the business records before the grand jury), there is still one problem in prosecuting these cases – an identity theft defendant is not likely to concentrate all of his or her handiwork in one county in New York. The third variation involves a defendant who might cause $125,000 in loss to the California bank, with three of its customers located in the Bronx, Manhattan and Staten Island, and the three credit cards were used in all five counties of New York City. If the Staten Island credit card holder suffered only $30,000 of that $125,000 loss, then the Richmond County prosecutor will only be able to charge the defendant with the D felonies of first-degree identity theft (PL §190.80) and third-degree grand larceny (PL §155.35) (stealing between $3,000 and $50,000), when in fact the defendant has committed the crime of second-degree grand larceny (PL §155.40)] for causing between $50,000 and $1 million in monetary loss. The current alternatives are (1) to have a California prosecutor take the case, and ship the defendant and the three victims out there as well for one prosecution, (2) prosecute the defendant in all five counties for each counties’ part of the loss, or (3) prosecute the defendant in the three counties where the credit card holders reside. Regardless, each choice is a phenomenal waste of judicial resources. Hopefully, the Legislature and governor can cure this last problem and pass a new amendment to CPL 20.40(8)(l) to include grand larcenies as well, since lawmakers have already recognized that grand larcenies and identity thefts go hand in hand. 10 David Frey is an assistant district attorney on Staten Island and chief of the computer and technology investigations unit. Endnotes: 1. See, e.g., http://www.oklahomahistory.net/newsletters/ttnewsj.html (local Oklahoma City news reports waiters using skimmers to steal credit card information). The author is also personally aware of several such cases in New York City during the late 1990s. 2. See, http://www.fbi.gov/libref/historic/famcases/sutton/sutton.htm. 3. In 2006, the average bank robber stole $4,330. 2006 Crimes in U.S., Table 23 (FBI 2007), www.fbi.gov/ucr/cius2006/data/table_23.html. During that same period, the average Nigerian letter fraud was for $5,100 per complainant, and the average check fraud was $3,744. IC3 Internet Crime Report 2006 (NW3C & FBI 2007), www.ic3.gov/media/annualreport/2006_IC3Report.pdf. The first time armed bank robber would face a determinate sentence range of five to 25 years, while the first time check or Nigerian letter schemer would face a range from an unconditional discharge to an indeterminate sentence of two to seven years. P.L. §70.02 & 70.00. 4. PL §§190.77-190.84. 5. PL §20.40(4)(l). 6. Brooklyn was chosen only because it is the closest geographical venue to Richmond County. 7. 1. Are these records kept in the regular course of business by your company? 2. Is it the regular course of business for your company to keep these types of records? 3. Were these records created at or about the time of the transaction being recorded? 4. Is the person who keeps these records under a business duty to do so accurately? Farrell, PRINCE, RICHARDSON ON EVIDENCE at p. 602 [BLS 1995]. 8. CPLR §3122-a. 9. While the Legislature in 2005 defined the term “dial-up Internet service provider” as “an entity that provides dial-up Internet service” [GBL §396-ss(1)(b)], and “dial-up Internet service” is defined as a “service that, by employing telephone lines, offers the transmission, routing, or providing of connections for online communications, between or among points specified by a user, of material of the user’s choosing, without modification to the content of the material as sent or received” [GBL §396-ss(1)(a)], that definition is contained in a section on traditional telecommunication devices, and thus appears to be truly limited to internet services provided through a telephone modem. 10. A grand larceny is already defined as a predicate crime that can increase the level of the identity theft charged against the defendant. See, PL §§190.79-4, 190.80-4, and 190.83-2.

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]


ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.