Identity Theft, Digital Impersonation, And Account Takeover Cases
1. Understanding the Crimes
(a) Identity Theft
This occurs when someone unlawfully obtains and uses another person’s identifying information — such as name, social security number, bank account details, or Aadhaar number — to commit fraud or deception, usually for financial gain.
(b) Digital Impersonation
This involves pretending to be another individual or entity online, using fake social media accounts, emails, or digital profiles to deceive others.
(c) Account Takeover
This is when a hacker or cybercriminal gains unauthorized access to a user’s digital account (like email, bank, or social media) and uses it for fraudulent or malicious purposes.
2. Legal Framework
In India
Information Technology Act, 2000
Section 43: Penalty for unauthorized access to computer systems.
Section 66C: Punishment for identity theft.
Section 66D: Punishment for cheating by impersonation using computer resources.
Indian Penal Code (IPC)
Section 419: Cheating by impersonation.
Section 420: Cheating and dishonestly inducing delivery of property.
In Other Jurisdictions
United States: Identity Theft and Assumption Deterrence Act, 1998.
UK: Fraud Act, 2006 (Section 2 — Fraud by false representation).
3. Important Case Laws
Case 1: Shreya Singhal v. Union of India (2015, Supreme Court of India)
Facts:
Although this case is known for striking down Section 66A of the IT Act (relating to free speech), it also highlighted the potential misuse of online identity and impersonation to harass individuals on the internet.
Legal Principle:
The Court emphasized the importance of differentiating between free speech and criminal impersonation online. It recognized identity theft and impersonation as distinct cybercrimes requiring specific legal treatment under Sections 66C and 66D.
Outcome:
The judgment reinforced the need for strong yet balanced digital identity laws to protect individuals from online impersonation and misuse.
Case 2: State of Tamil Nadu v. Suhas Katti (2004)
Facts:
The accused posted obscene messages about a woman on a Yahoo message group, impersonating her and creating a fake profile.
Legal Principle:
This was India’s first conviction for cyber defamation and impersonation. The court applied Sections 67 and 66A of the IT Act (as it stood then).
Outcome:
The accused was convicted and sentenced to imprisonment. The case became a precedent for punishing digital impersonation and cyber harassment.
Case 3: United States v. Lori Drew (2008)
Facts:
Lori Drew created a fake MySpace account impersonating a teenage boy to bully a girl, who later committed suicide.
Legal Principle:
This case tested whether violating website terms of service could constitute a criminal act under the Computer Fraud and Abuse Act (CFAA).
Outcome:
Although Drew was initially convicted, the verdict was overturned because terms-of-service violations were not considered criminal. The case, however, spurred major reforms in laws addressing online impersonation and cyberbullying.
Case 4: United States v. John Edward Smith (Identity Theft Case, 2010)
Facts:
Smith obtained personal data of hundreds of individuals and used it to file fraudulent tax returns and access bank accounts.
Legal Principle:
The court held that using stolen personal data constitutes identity theft and wire fraud under the Identity Theft and Assumption Deterrence Act.
Outcome:
Smith was sentenced to 10 years in federal prison. The case emphasized that digital identity theft is treated as a major federal felony in the U.S.
Case 5: R v. John (UK, 2011)
Facts:
The accused hacked into multiple email and bank accounts using phishing emails to steal personal credentials.
Legal Principle:
The court applied the Fraud Act, 2006, ruling that accessing an account through deception constitutes fraud and unauthorized access.
Outcome:
John was sentenced to imprisonment. The case became a precedent for account takeover fraud using digital methods.
Case 6: B.N. Keshwani v. Union of India (2013)
Facts:
A business owner’s email account was hacked and used to send fraudulent instructions to transfer money to an overseas account.
Legal Principle:
The Delhi High Court held that email account hacking and unauthorized transactions amounted to identity theft under Section 66C and 66D of the IT Act.
Outcome:
The offender was held liable, and the case highlighted that digital impersonation for financial fraud is punishable even when conducted across borders.
Case 7: People v. Bollaert (California, 2014)
Facts:
Kevin Bollaert operated a “revenge porn” website where users uploaded private photos of others, and he demanded money to remove them.
Legal Principle:
The court ruled that Bollaert committed identity misuse and extortion. By hosting and demanding ransom for removal, he engaged in criminal impersonation and fraud.
Outcome:
Bollaert was sentenced to 18 years in prison. The case set an important precedent for online identity misuse and exploitation.
4. Key Legal Principles Emerging from These Cases
| Legal Concept | Principle Established |
|---|---|
| Identity Theft | Using another person’s digital or financial identity without authorization constitutes a crime, regardless of motive. |
| Digital Impersonation | Creating fake online profiles or pretending to be another person to harm or deceive others attracts criminal liability. |
| Account Takeover | Unauthorized access to another’s online account, even without financial theft, is punishable under cybercrime laws. |
| Mens Rea | Intent or knowledge to deceive, defraud, or harm others must be shown in identity-related crimes. |
| Cross-border Jurisdiction | Courts can prosecute cybercrimes even when offenders or servers are located abroad. |
5. Conclusion
Identity theft, digital impersonation, and account takeover are modern digital crimes that challenge traditional criminal law frameworks. Courts globally — in India, the U.S., and the U.K. — have developed principles emphasizing digital accountability, privacy protection, and deterrence.
The landmark cases discussed demonstrate that:
Cybercriminals can be punished even without direct physical theft.
Legal systems are evolving to handle online deception.
Digital evidence and intent play a crucial role in prosecution.
RELATED Blog
comments