Are The Real Problems Of Identity Theft Overshadowed By The Hype?
By Allie Gottlieb
Send this Article to a friend! Printer Friendly It’s summertime and the living is… well, it’s not so easy if you’re the one in charge of making plans. No sweat though.This summer, we’ve made it simple: Step 1: Grab a pen (we recommend red). Step 2: Cruise through these pages and circle the items you find interesting. Step 3: Present them to your friends as though you’re the inventor of fun. Step 4: Repeat until it starts raining next fall.
Your stalker uses the internet, mapping satellites and Sunnyvale’s NASA research center to track your movements. Your bank’s failure to protect your Social Security number allows high-tech criminals to destroy your credit with unauthorized shopping sprees. The Nigerians know your favorite pizza and credit card number because they joined forces with the Russians and hacked into a data clearinghouse. Quick, shut down your phone, disable your cookies and hide under the bed!
That’s the alarm reverberating in this strung-out age of identity theft and privacy trespass. Naturally, a concerned public is rushing to the Federal Trade Commission’s (FTC’s) phone lines to report violations and request protection. Googling “identity theft” brings up nearly six million hits. One popularly quoted figure states that 10 million Americans register complaints with the FTC every year. Another says that every person will suffer theft of their identity twice in their life.
Several disconcerting data losses and thefts this year have fueled this new wave of privacy paranoia. In March, LexisNexis, a huge data compiler, announced that hackers had accessed the accounts of 32,000 subscribers. That same month, thieves swiped a laptop from UC Berkeley that contained the Social Security numbers of nearly 100,000 alumni dating back to 1976. In February, thieves posing as clients stole the private information of 145,000 people from data trade leader ChoicePoint Inc. Whoops, Bank of America recently lost the personal files of 1.2 million federal employees. And just this month, Citicorp reported that computer tapes containing personal info on 3.9 million customers had been lost while being shipped by UPS.
“Anecdotally, [identity theft] is a bigger and bigger problem,” says Julius Finkelstein, Santa Clara County Supervising Deputy District Attorney. “It’s a crime that’s easy to commit. There’s a whole gambit of ways that people do it.”
However, FTC Spokesperson Claudia Farrell says complaints of identity theft only seem to be growing. “We don’t know if there has been a growth in the number of crimes,” Farrell says. FTC studies “would suggest that identity theft is not increasing. Consumer awareness may be increasing.”
In fact, the hype around the likelihood of terrorists using your phone number and bank account stems more from fear than reality. For instance, investigators searched the pool of 32,000 potential LexisNexis data leak victims and found that only 10 of them, less than one-half of one-tenth of one percent, might have suffered identity theft. None filed a complaint. Of the 145,000 Americans whose personal information the ChoicePoint hackers may have gotten a hold of in March, about 750 people were defrauded. That works out to approximately one-half of one-percent of those thought to be endangered.
And that 10 million complaints-a-year number so popularly quoted? In fact, the FTC reports that the number is significantly lower: In 2004, they received 635,000 consumer fraud and identity theft complaints combined.
With all the publicity surrounding these data breaches, it’s no wonder that consumer watchdogs are signaling SOS. In response, bills letting consumers freeze their credit reports are working their way through state legislatures and both houses of Congress. But while privacy avengers like state senator Jackie Speier (D-San Mateo, San Francisco) aim one way (Speier has been trying to prevent banks and other financial institutions from selling personal data without their patrons’ knowledge), their buckshot solutions may cover too much ground. The proposed laws, which lump together all users of the information, could just as easily deny access to legitimate users, including private investigators, as to thieves. This means that citizens trying to track down long-lost loved ones, or defend themselves against legal actions could face a serious disadvantage.
“We have a huge, huge battle before us,” says Francie Koehler, an Oakland-based private investigator and member of the National Council for Security & Investigative Services, which lobbies the government on behalf of private investigators. “I would say this is the biggest battle in the history of investigation. I can tell you if we don’t do something, [investigators] are going to lose access.”
Koehler has been collecting stories from private eyes and attorneys about how they use private information in order to show Congress why they should continue to get access to things like Social Security numbers. In all her research, she has heard of only three instances where private eyes misused personal information. While it’s nearly certain that there are other unethical investigators, attorneys, et cetera, who have misused private identifying information, Koehler is quick to provide a bigger context.
One positive story Koehler collected came from Brian McGuinness, an investigator in Miami, Florida. McGuinness wrote in an affidavit that he once located a client’s son by using a Social Security number. A woman who hadn’t seen her son in five years hired McGuinness and provided him with the Social Security number of her son’s father, the kidnapper. McGuinness found the father and son by searching the database of TransUnion, one of the three credit reporting agencies, which provided a recent address.
Another detective, William Means from Bakersfield, made an unsuspecting heir to an $800,000 estate really happy by finding his name in a credit header database. (A credit header includes the top portion of a credit report with the latest address information and certain identifiers like a middle name. It doesn’t include the financial stuff.)
A third investigator, San Jose’s Sheila Klopper, played a role in freeing John Stoll, who was wrongly imprisoned for 19 years. Klopper, who works pro bono with the Northern California Innocence Project, found two witnesses by searching for their Social Security numbers in various databases. These witnesses originally testified to Stoll’s guilt as children, but were lying at the time. Their adult testimony eventually freed Stoll. Had they not been found by an investigator armed with access to private information, an innocent man would still be jailed today.
“The first thing you want to do is run a Social [Security number] if you have it,” Michael Dores told about 25 private investigators, service processors and debt collectors sitting in the Concord Hyatt seminar room on May 17. Dores owns Merlin Information Services, a California data company that sells information gleaned from property, court and credit records, orders placed online and various other databases. He gave a four-hour seminar to explain how professional background researchers and people locators (so-called skip tracers) can keep doing their jobs in the face of the impending disappearance of Social Security numbers.
Dores, a private investigator specializing in skip tracing since the ’80s, emphasizes that the Social Security number, while helpful for verifying identity, is not always essential to finding people. Dores can often find people without their Social Security number, but he passionately defends his right to access personal identifiers. “There’s 46,000 Bob Smiths in California,” Dores says, giving a hypothetical example. “There’s no way to tell them apart from each other without the Social Security number. It’s not the P.I.’s fault that the SSN has become the primary identifier.”
Dores notes that private investigators are often one of the best ways to find perpetrators of identity theft. So it’s ironic that government efforts to restrict the use of private information may result in the apprehension of fewer identity thieves.
“There has to be an understanding that all the identity theft data that the privacy guys are worried about is all regulated,” he said during a phone conversation. “But to make it illegal because somebody steals it would be the same thing as making hammers illegal because somebody hits you over the head with one.”
AWARE NOT SCARED
Pete Sequera, a Los Gatos resident, is an identity theft expert. The high tech program manager for San Jose-based BEA Systems started teaching adult education classes in identity theft prevention two years ago. He charges $30 per class and plans to hold the next one at Los Gatos High School in the fall.
Should we worry about someone using our good credit for evil? “Oh, absolutely,” Sequera said during a conversation in May at Red Rock Coffee Company in Mountain View. “Your name is just being sold right and left.”
Sequera blames database merging. He postulates, “What if your grocer tells your HMO that you never buy fruits or vegetables? How would that affect your ability to get health insurance?”
But even Sequera – who advocates such privacy defenses as keeping your name off mailing lists, using disposable email addresses, getting a P.O. Box, paying a service to monitor your credit card activity for you and avoiding debit cards altogether – notes public concern has gone a little crazy.
“I think we’re in danger of people becoming over-scared,” he said. “I’m much more aware of the ways you can be hit. But I’m comfortable with the ways you can prevent it.”
Allie Gottlieb is a private investigator and freelance journalist living in the Bay Area.