Language Selection

English French German Italian Portuguese Spanish

Dealing with identity theft

Filed under
Security

The campaign to stamp out identity theft may claim some unexpected victims -- the nation's private investigators.

Modern PIs do a lot of their work with computers, using commercial databases to obtain Social Security numbers. These can be used to help track down missing persons or locate witnesses to a crime. But investigators say that in the aftermath of recent identity theft scandals, database companies are cracking down in ways that make it harder for them to do their work. And they worry that proposed federal legislation will make matters worse.

''It's like throwing the baby out with the bath water," said Bruce Hulme, chairman of the legislative committee of the National Council of Investigation and Security Services in Baltimore. The group is lobbying Congress to prevent passage of a bill introduced in April by Representative Clay Shaw of Florida, a Republican, which would tighten restrictions on the sale of Social Security numbers.

Hulme said that many of his members rely on Social Security numbers, and that without full access to them, they'll lose their ability to crack cases. Investigators are also worried about a similar bill introduced last month by Republican US Senator Arlen Specter of Pennsylvania and Democratic Senator Patrick Leahy of Vermont.

No action has been taken on the Specter-Leahy bill. But Gail Gitcho, a spokeswoman for Shaw, said his legislation had been substantially modified from the version first introduced last year, and will now place fewer restrictions on private detectives. For example, the bill would allow the US attorney general to issue regulations granting the investigators access to Social Security numbers. But Hulme and others want a specific ''carve-out" in the language of the bill, allowing database companies to sell detailed personal information to licensed private investigators.

Even if these bills are defeated or modified to ease the detectives' concerns, they'll still face tougher restrictions imposed by the database companies themselves. Firms like LexisNexis and ChoicePoint Inc. hold detailed files on millions of Americans, which they sell to businesses, government agencies, journalists and private investigators.

But these companies have been hit hard by reports that their records have been misplaced or stolen. In February, ChoicePoint admitted that criminals posing as legitimate business people had purchased files on about 140,000 people, some of whom were later defrauded. In March, LexisNexis revealed that someone with a stolen account password had swiped the files of about 310,000 people.

John Buckley, president of the Licensed Private Detectives Association of Massachusetts, said people in the PI business weren't surprised by the problems at LexisNexis and ChoicePoint. ''It's ridiculous how they've been giving this information to everybody," he said. ''We've always been concerned about it."

But after the recent thefts, database companies have begun to crack down. For example, last year LexisNexis bought Seisint, a Florida database firm popular with private eyes because it sold personal data including Social Security numbers. Soon after the Seisint acquisition, the data thieves struck.

Now LexisNexis has modified its service. Its database listings include names, addresses and phone numbers, but the last four digits of each Social Security number are deleted. LexisNexis does provide more detailed information to law enforcement agencies and financial services firms investigating fraud. But it will no longer provide full Social Security numbers and driver's license numbers to private investigators. ChoicePoint has adopted a similar policy.

''We're under a lot of pressure to minimize the availability of Social Security numbers," said LexisNexis spokeswoman Mary Dale Walters. Marco Piovesan, vice president of business services at ChoicePoint, said that his company has discussed the issue with private investigators, but has decided not to sell them Social Security numbers. ''We restrict that information to a large number of business types, including the PI group," Piovesan said.

Detectives like Buckley say that truncated Social Security numbers aren't enough to provide positive identification of missing persons, especially when they're trying to locate someone with a common name, like Bob Jones or John Smith.

But not all detectives share Buckley's concern. Kroll Associates, one of the world's largest investigation firms, uses Social Security numbers to identify their investigative targets. But Kroll's executive managing director, Dan Karson, said that his investigators should be able to find Social Security numbers even if the big database firms clam up.

''For most of the population, I don't think you'd need these databases to get SS numbers," Karson said, noting that the numbers for millions of Americans can be found by scrutinizing freely accessible public records.

Longtime Boston private eye Gil Lewis prefers to find people using courthouse records, data on previous employers, and places of residence. Lewis said that he never uses Social Security numbers in his work. ''If a guy doesn't want to be found, he's not going to use his Social Security number," Lewis said.

Indeed, he said that when he tried Social Security number searches, he has found the same number being used by four or five people, making it useless as an identifier. ''I don't care if they do away with every SS number in the world," Lewis said.

No matter how much a person might try to hide, he'll still find work, make friends and spend money. In the process, said Lewis, he'll leave a trail that a skilled investigator can track. ''You really can't hide for very long," Lewis said. ''If you've got the time and money to pursue somebody, you can find anybody."

But Hulme said that easy access to Social Security numbers, drivers license numbers and other personal data are vital for private investigators working to establish the innocence of a defendant in a criminal case. He said that police will continue to have full access to the data, enabling them to quickly track down witnesses for the prosecution.

''If it all gets tied up," said Hulme, ''only police organizations will have access to this information, and the defense will not." He said that this could put defense attorneys and their clients at a serious disadvantage.

That means that detectives may have to get used to finding people the old-fashioned way, a prospect that doesn't bother Lewis. ''You just have to be imaginative." he said. ''If you find a closed door, you find another door."

By Hiawatha Bray
The Boston Globe

More in Tux Machines

today's leftovers

  • GoboLinux 016
    GoboLinux is available for 64-bit x86 computers exclusively. The ISO I downloaded for GoboLinux 016 was 958MB in size. Booting from the installation media brings up a text-based menu system where we are asked to select our preferred language from a list of six European languages. We are then asked to select our keyboard's layout from another list. At this point, the system drops us to a command prompt where we are logged in as the root user. The default shell is zsh. A welcome message lets us know we can run the startx command to launch a desktop environment or run the Installer command to begin installing the distribution.
  • Solus Linux Working On A Flatpak-Based, Optimized Steam Runtime
    The Solus Linux developers have been working on their "Linux Steam Integration" for Steam and improvements around the Steam runtime, with this being one of the distributions interested in good Linux performance and making use of some Clear Linux optimizations, while their next step is looking at Flatpak-packaging up of libraries needed by the Steam runtime to fork a Flatpak-happy Linux gaming setup.
  • It’s ‘Best Linux Distro’ Time Again
    It’s time to start the process of choosing the FOSS Force Reader’s Choice Award winner for Best Desktop Linux Distro for 2016. This is the third outing for our annual poll, which began in a March, 2015 contest that was won by Ubuntu, which bested runner-up Linux Mint by only 11 votes. Last year we moved the voting up to January, in a contest which saw Arch Linux as the overall winner, with elementary OS in second place. Just like last year, this year’s polling will be a two round process. The first round, which began early Friday afternoon when the poll quietly went up on our front page, is a qualifying round. In this round, we’re offering a field of 19 of the top 20 distros on Distrowatch’s famous “Page Hit Ranking” list. Those whose favorite distro isn’t on the list shouldn’t worry — your distro’s not out of the game yet. Below the poll there’s a place to write-in any distro that’s not in the poll to be tallied for possible inclusion in the second and final round of polling to follow.
  • Tracktion NAMM 2017 Preview [Ed: Raspberry Pi with Ubuntu]
  • Snapdragon 410E SBC offers long lifecycle support at $85
    The Linux/Android-ready Inforce 6309L is a cheaper version of the DragonBoard 410c-like Inforce 6309. It sacrifices GbE and LVDS, but has 10-year support. Inforce Computing has released a more affordable and slightly less feature rich version of its commercial-oriented, circa-2015 Inforce 6309 SBC. Like the Inforce 6309, the new Inforce 6309L has the same 85 x 54mm footprint and much the same feature set as Arrow’s Qualcomm-backed, community-backed DragonBoard 410c SBC. It also offers the same Linux and Android BSPs used by the DragonBoard 410c, one of the first SBCs to adopt Linaro’s 96Boards form-factor.
  • It’s time to spring-clean your IT contracts
    The start of a new year is a time for review and planning, in business, as well as in our personal lives. It’s likely that you will be focused on finalising your company’s objectives and strategy for the year ahead. But it’s also important to consider whether the tools and processes that you have in place remain fit for purpose – and that includes your contract templates and contractual risk and compliance processes. When it comes to the law, “the only thing that is constant is change”. Without fail, each year brings the introduction of new legislation, case law and regulatory guidance that may have an impact on your contracts – whether it’s the terms of use or privacy policy for your website or app, or the contract terms that you use when supplying or purchasing technology services. Therefore, it’s important to carry out a regular review of your contract terms (and any existing contracts) to make sure that they remain compliant with law and are future-proofed as much as possible in terms of new legal and regulatory developments that you know are around the corner.
  • Chinese investors buy owner of PCWorld, IDC
    International Data Group, the owner of PCWorld magazine, several other tech journals and the IDC market research organisation, has been bought by two Chinese investors. China Oceanwide Holdings Group and IDG Capital (no affiliate of IDG) have paid between US$500 million and US$1 billion for IDG sans its high-performance computing research businesses. The two Chinese entities had made separate bids but were told by investment banker Goldman Sachs to join hands. The sale of IDG has been cleared by the US Committee on Foreign Investment and should be completed by end of the first quarter this year. China Oceanwide Holdings Group, founded by chairman Zhiqiang Lu, is active in financial services, real estate, technology, and media among others.

OpenStack News

  • So you want to create a new official OpenStack project...
    OpenStack development is organized around a mission, a governance model and a set of principles. Project teams apply for inclusion, and the Technical Committee (TC), elected by all OpenStack contributors, judges whether that team work helps with the OpenStack mission and follows the OpenStack development principles. If it does, the team is considered part of the OpenStack development community, and its work is considered an official OpenStack project. The main effect of being official is that it places the team work under the oversight of the Technical Committee. In exchange, recent contributors to that team are considered Active Technical Contributors (ATCs), which means they can participate in the vote to elect the Technical Committee.
  • Why you should hire upstream
  • The OpenStack Interoperability Challenge Update: Phase Two Progress
    In 2016 the OpenStack Interoperability Challenge was originally announced by IBM GM Don Rippert at the OpenStack Austin Summit. This effort was the first initiative to use the deployment and execution of enterprise workloads using automated deployment tools as the means of proving interoperability across OpenStack cloud environments. The first phase of the OpenStack Interoperability Challenge culminated with a Barcelona Summit Keynote demo comprised of 16 vendors all running the same enterprise workload and automation tools to illustrate that OpenStack enables workload portability across public and private OpenStack clouds. Here is a short trip down memory lane:
  • OpenStack’s Stewardship Working Group and what it can do for you
    Stewardship is defined as the careful and responsible management of something entrusted to one’s care. OpenStack Foundation community members formed a Stewardship Working Group to ensure that “people at the bottom and the boundaries of the organization choice over how to serve a customer, a citizen, a community.”
  • Tips for instance configuration, creating a new project, and more OpenStack news

Phoronix on Graphics

Phoronix Benchmarks