Identity Theft Penalty Enhancement Act (ITPEA), What You Need to Know

ByAll About Lawyer Reading Time: 5 minutes

Imagine committing a financial crime like bank fraud and expecting a single sentenceโ€”only to find out you’re facing an additional mandatory two-year prison term just for using someone elseโ€™s identity in the process. Thatโ€™s the real-world impact of the Identity Theft Penalty Enhancement Act (ITPEA), a powerful federal statute enacted in 2004 to combat rising identity theft, particularly when it facilitates serious federal crimes or terrorism.

In an era where identity data is more vulnerable than ever, the ITPEA remains one of the most critical tools for federal prosecutors. But what does it actually say? Who does it affect? And how are the courts interpreting it today?

What Is the Identity Theft Penalty Enhancement Act?

The ITPEA (Public Law 108-275) introduced a new federal offense known as “aggravated identity theft”, codified in 18 U.S.C. ยง 1028A. This law mandates consecutive prison terms for identity theft crimes tied to serious federal offensesโ€”meaning these sentences are served in addition to any punishment for the underlying crime.

Key Takeaways:

  • 2-year mandatory prison sentence for general aggravated identity theft.
  • 5-year mandatory sentence for terrorism-related identity theft.
  • Sentences must run consecutively, not concurrently, with any other charges.
  • Applies to over 60 predicate federal offenses, including fraud and immigration crimes.

Legislative Background and Purpose

Signed into law by President George W. Bush on July 15, 2004, the ITPEA aimed to close loopholes in existing identity theft laws. Before its enactment, perpetrators could sometimes avoid meaningful prison time if the stolen identity wasn’t directly used in a prosecutable felony.

The Act:

  • Amended Title 18 of the U.S. Code, adding ยง 1028A.
  • Directed the U.S. Sentencing Commission to revise guidelines.
  • Responded to the concern that sentencing failed to reflect the harm to victims.

President Bush emphasized the need for “consequences that come on top of any punishment for crimes that proceed from identity theft.”

Related article:
Biggest Identity Theft Cases in History: 10 Jaw-Dropping Scandals That Shook the World

Identity Theft Penalty Enhancement Act (ITPEA), What You Need to Know

Key Provisions of 18 U.S.C. ยง 1028A

1. Aggravated Identity Theft (ยง 1028A(a))

To convict someone under this provision, the government must prove that the defendant:

  • Knowingly used, transferred, or possessed another personโ€™s identity,
  • Did so without lawful authority, and
  • Committed the act during or in relation to certain felony offenses.

2. Mandatory Consecutive Sentences (ยง 1028A(b))

  • A minimum of 2 years in prison is added to the sentence for the underlying felony.
  • If related to terrorism (under 18 U.S.C. ยง 2332b), the mandatory sentence jumps to 5 years.
  • These sentences must run consecutively, except in rare multiple-charge scenarios under ยง 1028A.

3. Expansion of Covered Conduct

The Act extended criminal liability to include mere possession of identity documents intended for fraudulent use, even if they were not actively used in a crime.

Predicate Felonies Covered Under ITPEA

ITPEA applies to over 60 serious federal crimes, such as:

  • Bank, wire, and mail fraud (18 U.S.C. ยงยง 1341โ€“1343)
  • Theft of public funds (18 U.S.C. ยง 641)
  • Immigration violations
  • Firearm-related false statements (18 U.S.C. ยง 922(a)(6))
  • Social Security fraud (42 U.S.C. ยง 408)

According to U.S. Sentencing Commission data:

  • In FY 2006, only 21.9% of identity theft offenders were convicted under ยง 1028A.
  • By FY 2016, that figure rose to 53.4%.
  • In FY 2021, 99.3% of those convicted under ยง 1028A received prison sentences, averaging 46 months.
  • 31.1% received sentence reductions for substantial cooperation with prosecutors.

These trends highlight the DOJโ€™s increasing reliance on ยง 1028A to impose strict, unavoidable penalties.

Judicial Interpretation: Knowledge Requirement

A landmark case, Flores-Figueroa v. United States (2009), clarified a critical legal issue: the government must prove that the defendant knew the stolen identity belonged to a real person, not just a fabricated name. This ruling reinforced the need for intent in aggravated identity theft prosecutions.

Real-World Case Examples

1. Wire Fraud + Identity Theft

In United States v. Omotayo, the defendant received a mandatory consecutive sentence under ยง 1028A for using another personโ€™s name in wire fraudโ€”even without evidence that the identity was used directly in the fraud.

2. Bank Fraud + ID Theft

In United States v. A.M., a guilty plea to both bank fraud and identity theft resulted in separate, consecutive sentencesโ€”underscoring the lawโ€™s rigidity.

Defense Strategies and Criticisms

Common Defense Approaches:

  • Challenging โ€œknowledgeโ€ of identity ownership (post-Flores-Figueroa).
  • Seeking substantial-assistance departures under USSG ยง 5K1.1.
  • Requesting variances for minor or non-violent offenders.

Criticisms:

  • Proportionality concerns: Some legal scholars argue the law can lead to excessively harsh sentences, especially in low-dollar cases.
  • Enforcement limitations: The rise of cross-border cybercrime and insider threats limits the lawโ€™s reach.

Practical Compliance for Businesses

With over 70% of data breaches (as of 2013) attributed to employee negligence or malice, organizations must take proactive steps:

  • Strengthen internal data controls
  • Train employees on data handling
  • Vet third-party vendors
  • Monitor suspicious activity

Failure to do so can expose companies to aiding-and-abetting liability under federal law.

Federal vs. State Enforcement

Most identity theft prosecutions occur at the state level, but the federal government intervenes when:

  • The crime involves multi-state fraud or terrorism.
  • The financial loss is significant (often millions).
  • There’s a need for uniform sentencing across jurisdictions.

FAQs

What is aggravated identity theft?

A federal crime where someone uses anotherโ€™s identity during or in relation to a serious felony. It carries a mandatory consecutive sentence.

Can the mandatory two-year term be avoided?

Only through rare cooperation agreements or successful downward variancesโ€”both difficult to achieve.

How is it different from regular identity theft?

Aggravated identity theft (ยง 1028A) requires a link to a predicate felony and mandates prison time. Regular identity theft (ยง 1028) does not.

Conclusion: A Tool for Deterrenceโ€”But Not Without Controversy

The Identity Theft Penalty Enhancement Act continues to serve as a strong deterrent against the misuse of personal data in serious crimes. Its mandatory sentencing model reflects the severity of harm caused by identity theftโ€”but it also raises concerns about fairness and flexibility.

As technology evolves, so too will identity crimes. Stakeholdersโ€”from prosecutors and defense lawyers to businesses and consumersโ€”must stay alert to legal developments and compliance strategies. For individuals and organizations alike, prevention remains the best defense.

Resources

  • FTC IdentityTheft.gov
  • Public Law 108-275 Text (Congress.gov)
  • Flores-Figueroa v. United States (Justia)
  • U.S. Sentencing Commission Quick Facts (FY 2021)
  • George W. Bush White House Archives (Identity Theft)
Spread the love

Leave a Reply

Your email address will not be published. Required fields are marked *