*1147 Jesse Wm. Barton, Salem, argued the cause and filed the brief for appellant.

Susan G. Howe, Senior Assistant Attorney General, argued the cause for respondent. With her on the brief were John R. Kroger, Attorney General, and Jerome Lidz, Solicitor General.

Before SERCOMBE, Presiding Judge, and BREWER, Chief Judge, and CARSON, Senior Judge.

SERCOMBE, P.J.

In these consolidated cases, defendant appeals judgments of conviction for, among other things, several counts of identity theft, ORS 165.800(1). On appeal, defendant raises two contentions. First, defendant contends that the trial court failed to merge three of his identity theft convictions that were predicated on his possession of the personal identifications of three different persons. Defendant argues that those persons were not separate "victims" of identity theft within the meaning of ORS 161.067(2)^[1] and that his convictions should therefore merge. Second, defendant contends that the trial court erred in denying his motion for judgment of acquittal on various other counts of identity theft related to his possession and use of forged checks. We reject defendant's second contention without discussion. As to his first contention, we conclude that the trial court did not err in refusing to merge defendant's identity theft convictions. Accordingly, we affirm.

Defendant was arrested after he attempted to purchase a $300 gift card from a restaurant using a bad check. The check was drawn on a defunct account that had been opened by defendant in the name of "ILL, Inc." The account had been closed by the bank shortly after it was opened, but defendant had continued to pass "ILL, Inc." checks to restaurants and other entities. Although defendant was the only person authorized to write checks on the account, the checks were signed in someone else's name.

In addition, at the time he was arrested, defendant possessed multiple documents and handwritten notes that contained personal information about other people. Specifically, defendant had department store invoices containing the names, addresses, telephone numbers, and credit card or debit card information of three individuals, Burton, Spencer, and Martinelli. Defendant had also apparently copied Burton's and Spencer's information in handwritten notes.

Defendant was charged by two separate indictments with, among other things, multiple counts of identity theft. The cases were consolidated for trial, and defendant was ultimately convicted of several crimes, including six counts of identity theft—three counts related to defendant's passing of bad checks and three counts related to defendant's possession of the personal identification of Burton, Spencer, and Martinelli. Before sentencing, defendant filed a motion seeking merger of the latter three convictions^[2] on *1148 the grounds that they arose from the same criminal episode, violated only one statutory provision, and did not involve multiple victims within the meaning of ORS 161.067(2). Although the court agreed that the possession of multiple pieces of personal identification was "part of a continuous and uninterrupted course of conduct," it concluded that Burton, Spencer, and Martinelli were "separate victims" justifying multiple convictions for identity theft. Consequently, it denied defendant's motion.

As noted, ORS 161.067(2) allows separate convictions of a common crime committed against "two or more victims" during the "same conduct or criminal episode." Defendant's conduct of possessing the personal identifications of three other persons with intent to deceive or defraud violated the identity theft statute, ORS 165.800(1). The issue on appeal is whether, under ORS 161.067(2), there are three victims of that conduct supporting three separate convictions of identity theft. Defendant argues that the victim of identity theft is not the person whose identification is misappropriated but, rather, the person who a defendant intends to deceive or defraud by use of the identification. Thus, in defendant's view, his possession of multiple pieces of personal identification did not victimize multiple people and therefore his identity theft convictions should merge. The state responds that the identity theft statute protects "a wide range of victims harmed by the use of [a] stolen identity," including both the person whose identification is misappropriated and third parties who may be deceived or defrauded by use of the identification. Consequently, the state asserts that defendant's possession of the personal identification of Burton, Spencer, and Martinelli were separately punishable offenses. For the reasons that follow, we agree with the state that a person whose identity is misappropriated is a "victim" for purposes of identity theft.

In determining whether defendant's conduct involved "two or more victims" under ORS 161.067(2), we look to the substantive statute that defines the crime. State v. Glaspey, 337 Or. 558, 563, 100 P.3d 730 (2004) (explaining that the term "victims," as used in ORS 161.067(2), describes "the category of persons who are victims within the meaning of the specific substantive statute defining the relevant offense"). Thus, we must examine who qualifies as a victim within the meaning of the identity theft statute, ORS 165.800. In construing that statute, we examine the text of the statute in context, along with any relevant legislative history, to discern the legislature's intent. State v. Gaines, 346 Or. 160, 171-72, 206 P.3d 1042 (2009). ORS 165.800 provides, in part:

"(1) A person commits the crime of identity theft if the person, with the intent to deceive or to defraud, obtains, possesses, transfers, creates, utters or converts to the person's own use the personal identification of another person.

"* * * * *

"(4) As used in this section:

"(a) `Another person' means a real person, whether living or deceased, or an imaginary person.

"(b) `Personal identification' includes, but is not limited to, any written document or electronic data that does, or purports to, provide information concerning:

"(A) A person's name, address or telephone number;

"* * * * *

"(H) The identifying number of a person's depository account * * * or a credit card account;

"(I) A person's signature or a copy of a person's signature[.]"

Nothing in ORS 165.800 expressly addresses whether a person who has his or her personal identification misappropriated is a "victim" of identity theft. The statute refers to that person as "another person," which is defined to include both a real or "imaginary" person. ORS 165.800(4)(a). Defendant argues that "[a]n imaginary person may not be injured by an act of a defendant, and thus may not be a victim. Ipso facto the person (real or imaginary) whose identity is misappropriated is not the victim of the offense of identity theft." In defendant's view, the statute is instead "directed at fraud and deceit, so the intended victim of identity theft is *1149 the person the defendant intends to deceive or defraud."

The state responds that people whose identities are misappropriated often suffer substantial economic harm and that we can therefore infer that ORS 165.800 was enacted to protect not only "parties being deceived or defrauded," but also "the persons, if real, whose identification information is stolen." Moreover, the state contends, prior to the enactment of the identity theft statute, "[p]re-existing laws already protect[ed] a deceived party in cases of identity theft," whereas a person whose identity was stolen did not enjoy similar protection under other statutes. Thus, according to the state, the identity theft statute was enacted to supplement existing laws by protecting against precisely that type of harm.

The text of the statute references only two persons: the person who commits identity theft and "another person" whose identification is obtained, possessed, transferred, created, uttered, or converted by the person committing the crime. The use of the term "another person" does no more than distinguish the perpetrator of the crime from the person whose identity is misappropriated. It does not, as defendant suggests, indicate that the person is merely a secondary or collateral subject of the statute. See, e.g., State v. Hamilton, 348 Or. 371, 378-79, 233 P.3d 432 (2010) (concluding that "another person" who the defendant threatened with physical force was a victim for purposes of the robbery statute); State v. Sumerlin, 139 Or.App. 579, 586-87, 913 P.2d 340 (1996) (concluding that "another person" put at risk of injury by the defendant was a victim for purposes of the reckless endangerment statute). Nor do we agree that real people who have their identities misappropriated cannot be victims under the statute merely because "another person" may, in some instances, be an imaginary person.

"Where the statute defining a crime does not expressly identify the person who qualifies as a `victim,' the court examines the statute to identify the gravamen of the crime and determine the class of persons whom the legislature intended to directly protect by way of the criminal proscription." State v. Moncada, 241 Or.App. 202, 212, 250 P.3d 31 (2011). The conduct criminalized by ORS 165.800 is obtaining, possessing, transferring, creating, uttering, or converting the identity of another person. However, those acts by themselves may be innocuous. What makes that conduct harmful is that the information is obtained or used with the "intent to deceive or to defraud." In other words, the harm that the statute targets is the potential misuse of personal identification for deceptive or fraudulent purposes. See State v. Porter, 198 Or.App. 274, 278, 108 P.3d 107 (2005) (noting, in a different context, that "ORS 165.800 creates a crime that targets deception or fraud"). Deception, in the context of identity theft, "denotes an attempt to obtain some benefit to which the deceiver is not lawfully entitled." Id. at 280, 108 P.3d 107. Fraud, as used in this context, includes misrepresentations intended to cause injury to another's legal rights or interests. See State v. Alvarez-Amador, 235 Or.App. 402, 406-07, 232 P.3d 989 (2010) (discussing meaning of "defraud" under ORS 165.800).

The statute does not require a completed act of deception or fraud to commit the crime; rather, it requires only that one of the listed acts (involving the appropriation or use of another's identification) be done with a general "intent to deceive or to defraud." (Emphasis added.) Consequently, the crime can be committed without any person being actually deceived or defrauded. And, even where there is a third party defrauded or deceived, they may suffer no real economic harm.

Nonetheless, we need not determine which parties actually suffer economic harm that results from a completed act of deception or fraud under various scenarios of identity theft because we conclude that the victims of identity theft include persons who suffer a risk of loss from the exposure of their identification to misuse. In all cases of identity theft, the "[ ]other person" is disadvantaged because their personal identification could be used by another person for deceptive or fraudulent ends. It is immaterial whether that risk is realized or whether economic or reputational injury actually occurs. As noted, the text of the statute does not *1150 require a completed act of deception or fraud. That reflects the legislature's determination that the risk of loss is itself a harm that occurs when one's identification is possessed by someone with an intent to deceive or defraud. We conclude that the legislature intended to protect against that harm—and to protect the true holders of the identification, who are harmed by the risk of loss—in the enactment of ORS 165.800(1).^[3]

We find some support for that conclusion in the legislative history of the statute. At the time of the enactment of ORS 165.800, preexisting laws already protected a deceived party in cases of identity theft. See, e.g., ORS 165.007-165.032 (forgery); ORS 165.055 (fraudulent use of a credit card); ORS 164.015-164.140 (theft). The statute was adopted to expand the protection of the law to other persons. The staff measure summary of the bill explained:

"The proponents of the bill assert that current law does not adequately address situations referenced above, and cite as an example a person fraudulently in possession of multiple pieces of identification from multiple persons, where there is reported several unauthorized transactions on those various pieces of identification. The offender may escape prosecution under current law, because it cannot be proven that the person stole, rather than found, the identification (Theft); that the person was the one who actually used the identification (Theft and Forgery); or that the identification was actually forged (Criminal Possession of a Forged Instrument), because the document may be a real document, not a forged one, but nevertheless, the offender is improperly in possession of another person's identification."

Staff Measure Summary, House Committee on Judiciary—Criminal Law, HB 3057A, May 12, 1999. See DLCD v. Crook County, 242 Or.App. 580, 587, 256 P.3d 178, adh'd to as modified on recons., 244 Or.App. 572, 261 P.3d 1264 (2011) (staff measure summaries properly considered in discerning legislative intent). Indeed, the summary of the measure indicates that the statute was "targeted at situations where a person adopts or appropriates the identity of another person." Staff Measure Summary, House Committee on Judiciary —Criminal Law, HB 3057A, May 12, 1999. That legislative history suggests that the identity theft statute is concerned with the misappropriation of persons' identities for the purpose of financial or pecuniary gain and that a person who is subjected to the risk of loss as a result of that misappropriation is a victim of the crime.

In light of the foregoing, we conclude that Burton, Spencer, and Martinelli were separate victims of identity theft within the meaning of ORS 165.800. Accordingly, the trial court did not err in refusing to merge defendant's convictions.

Affirmed.

NOTES

[1] ORS 161.067(2) provides, in part:

"When the same conduct or criminal episode, though violating only one statutory provision involves two or more victims, there are as many separately punishable offenses as there are victims."

[2] Defendant also argued that one other count of identity theft should merge, but he has abandoned that argument on appeal.

[3] In the context of this case, we need not decide if there are other victims under the identity theft statute.