Illinois Identity Theft Statute Partially Invalidated–People v. Madrigal

By Eric Goldman

People v. Madrigal, 2011 WL 1074427 (Ill. March 24, 2011)

Many state anti-identity theft laws are written very broadly. This loose drafting creates the possibility that they unintentionally restrict innocent–and indeed socially desirable–activity. Today’s case is a good example of sloppy statutory drafting. Fortunately, a vigilant Illinois Supreme Court fixed the legislative error.

The Illinois statute at issue said: “A person commits the offense of identity theft when he or she knowingly…(7) uses any personal identification information or personal identification document of another for the purpose of gaining access to any record of the actions taken, communications made or received, or other activities or transactions of that person, without the prior express permission of that person.”

I don’t understand what that means, but the court easily finds several examples of possibly criminalized conduct swept into this broad language. As one example, the court says:

doing a computer search through Google or some other search engine or through a social networking site such as Facebook or MySpace, by entering someone’s name, could uncover numerous records of actions taken, communications made or received, or other activities or transactions of that person. Thus, the statute as it currently reads would criminalize such innocuous conduct as someone using the internet to look up how their neighbor did in the Chicago Marathon.

Oops. As a result, the court invalidates this provision. It appears the state legislature could fix the provision by adding a requirement that the defendant have a culpable mental state. Even better, the state could do the harder work of precisely defining the harms of identity theft and drafting the criminal provisions to precisely fit those harms.