Language Selection

English French German Italian Portuguese Spanish

Dealing with identity theft

Filed under
Security

The campaign to stamp out identity theft may claim some unexpected victims -- the nation's private investigators.

Modern PIs do a lot of their work with computers, using commercial databases to obtain Social Security numbers. These can be used to help track down missing persons or locate witnesses to a crime. But investigators say that in the aftermath of recent identity theft scandals, database companies are cracking down in ways that make it harder for them to do their work. And they worry that proposed federal legislation will make matters worse.

''It's like throwing the baby out with the bath water," said Bruce Hulme, chairman of the legislative committee of the National Council of Investigation and Security Services in Baltimore. The group is lobbying Congress to prevent passage of a bill introduced in April by Representative Clay Shaw of Florida, a Republican, which would tighten restrictions on the sale of Social Security numbers.

Hulme said that many of his members rely on Social Security numbers, and that without full access to them, they'll lose their ability to crack cases. Investigators are also worried about a similar bill introduced last month by Republican US Senator Arlen Specter of Pennsylvania and Democratic Senator Patrick Leahy of Vermont.

No action has been taken on the Specter-Leahy bill. But Gail Gitcho, a spokeswoman for Shaw, said his legislation had been substantially modified from the version first introduced last year, and will now place fewer restrictions on private detectives. For example, the bill would allow the US attorney general to issue regulations granting the investigators access to Social Security numbers. But Hulme and others want a specific ''carve-out" in the language of the bill, allowing database companies to sell detailed personal information to licensed private investigators.

Even if these bills are defeated or modified to ease the detectives' concerns, they'll still face tougher restrictions imposed by the database companies themselves. Firms like LexisNexis and ChoicePoint Inc. hold detailed files on millions of Americans, which they sell to businesses, government agencies, journalists and private investigators.

But these companies have been hit hard by reports that their records have been misplaced or stolen. In February, ChoicePoint admitted that criminals posing as legitimate business people had purchased files on about 140,000 people, some of whom were later defrauded. In March, LexisNexis revealed that someone with a stolen account password had swiped the files of about 310,000 people.

John Buckley, president of the Licensed Private Detectives Association of Massachusetts, said people in the PI business weren't surprised by the problems at LexisNexis and ChoicePoint. ''It's ridiculous how they've been giving this information to everybody," he said. ''We've always been concerned about it."

But after the recent thefts, database companies have begun to crack down. For example, last year LexisNexis bought Seisint, a Florida database firm popular with private eyes because it sold personal data including Social Security numbers. Soon after the Seisint acquisition, the data thieves struck.

Now LexisNexis has modified its service. Its database listings include names, addresses and phone numbers, but the last four digits of each Social Security number are deleted. LexisNexis does provide more detailed information to law enforcement agencies and financial services firms investigating fraud. But it will no longer provide full Social Security numbers and driver's license numbers to private investigators. ChoicePoint has adopted a similar policy.

''We're under a lot of pressure to minimize the availability of Social Security numbers," said LexisNexis spokeswoman Mary Dale Walters. Marco Piovesan, vice president of business services at ChoicePoint, said that his company has discussed the issue with private investigators, but has decided not to sell them Social Security numbers. ''We restrict that information to a large number of business types, including the PI group," Piovesan said.

Detectives like Buckley say that truncated Social Security numbers aren't enough to provide positive identification of missing persons, especially when they're trying to locate someone with a common name, like Bob Jones or John Smith.

But not all detectives share Buckley's concern. Kroll Associates, one of the world's largest investigation firms, uses Social Security numbers to identify their investigative targets. But Kroll's executive managing director, Dan Karson, said that his investigators should be able to find Social Security numbers even if the big database firms clam up.

''For most of the population, I don't think you'd need these databases to get SS numbers," Karson said, noting that the numbers for millions of Americans can be found by scrutinizing freely accessible public records.

Longtime Boston private eye Gil Lewis prefers to find people using courthouse records, data on previous employers, and places of residence. Lewis said that he never uses Social Security numbers in his work. ''If a guy doesn't want to be found, he's not going to use his Social Security number," Lewis said.

Indeed, he said that when he tried Social Security number searches, he has found the same number being used by four or five people, making it useless as an identifier. ''I don't care if they do away with every SS number in the world," Lewis said.

No matter how much a person might try to hide, he'll still find work, make friends and spend money. In the process, said Lewis, he'll leave a trail that a skilled investigator can track. ''You really can't hide for very long," Lewis said. ''If you've got the time and money to pursue somebody, you can find anybody."

But Hulme said that easy access to Social Security numbers, drivers license numbers and other personal data are vital for private investigators working to establish the innocence of a defendant in a criminal case. He said that police will continue to have full access to the data, enabling them to quickly track down witnesses for the prosecution.

''If it all gets tied up," said Hulme, ''only police organizations will have access to this information, and the defense will not." He said that this could put defense attorneys and their clients at a serious disadvantage.

That means that detectives may have to get used to finding people the old-fashioned way, a prospect that doesn't bother Lewis. ''You just have to be imaginative." he said. ''If you find a closed door, you find another door."

By Hiawatha Bray
The Boston Globe

More in Tux Machines

MX Tools - A year later, the toolbox got better

Roughly fourteen full phases of the moon ago, I wrote an article on MX Tools, a unique and useful bunch of dedicated utilities packaged with the MX Linux distribution. This toolbox offered the ordinary (or new) MX Linux user a chance to perform some common configuration tasks with easy and elegance. In general, MX-16 was a great player, and the recent MX-17 is even better - and at a first glance, so is the new version of MX Tools bundled with the system. Good stuff. So I set about testing, to see what has changed, and in what way this set of utilities has improved, if at all. But I'm positive. Let us commence. [...] MX Tools turned out to be a predictable gem, just as I'd expected. Well, I'm cheating, because I wrote this article after some rather thorough testing. But then, if you look across the wider spectrum of Linux home distributions, there aren't that many unique players with distinctive features. Quite often, it's the rehash of old and familiar with some extra color, polish and rebranding. MX Linux goes the extra mile (or kilometer, if you will) in making the newbie experience meaningfully different. Future improvements could potentially include an interactive walkthrough - so users will be actively prompted and helped along in their tasks. Then of course, there's the matter of visual appearance, in the UI itself. But in general, MX Tools TNG is better than we had before. More elegant, more streamlined, better looking, and most importantly, more practical. This is a good and useful toolbox, and it makes a solid distro even more appealing. Well worth testing. So do it. And take care. Read more

The story of Gentoo management

I have recently made a tabular summary of (probably) all Council members and Trustees in the history of Gentoo. I think that this table provides a very succinct way of expressing the changes within management of Gentoo. While it can’t express the complete history of Gentoo, it can serve as a useful tool of reference. What questions can it answer? For example, it provides an easy way to see how many terms individuals have served, or how long Trustee terms were. You can clearly see who served both on the Council and on the Board and when those two bodies had common members. Most notably, it collects a fair amount of hard-to-find data in a single table. Read more

Success for net neutrality, success for free software

We've had great success with the United States Senate voting in support of net neutrality! Congratulations and thank you to everyone in the US for contacting your congresspeople, and all of you who helped spread the word. However, it's not over yet. Here are more actions you can take if you're in the United States. Now that the (CRA) has passed the Senate, it moves to the House of Representatives. Just as we asked you to call your senators, now it's time to call your House representatives. Find their contact info here and use the script below to ask them to support the reinstatement of net neutrality protections. The timing hasn't been set for future votes and hearings yet, but that's no reason to wait: make sure your representatives know how you feel. Read more Also: GNU Spotlight with Mike Gerwitz: 18 new GNU releases!

today's leftovers

  • 10 Reasons Why Desktop Linux Isn’t Mainstream – For The Record
    10 Reasons Why Desktop Linux Isn’t Mainstream. Yeah, the title is totally link-bait. However, it’s worth noting that I actually deliver what the title describes and then some. Linux is awesome, but sadly, most people haven’t heard of it. Here’s why.
  • Linux Works For You
    Linux allows YOUR computer to work for you, not against you. Wearing this shirt/hoodie demonstrates to all who see it that you are not a slave to your PC. You are in control and Linux is the reason for this.
  • Robin "Roblimo" Miller
    The Linux Journal mourns the passing of Robin Miller, a longtime presence in our community.
  •  
  • Pidgin / Libpurple SkypeWeb Plugin Sees New Stable Release
    SkypeWeb is a plugin that allows using Skype in Pidgin / libpurple chat clients. The plugin can be used to send instant messages and participate in group chats, but it does not yet support voice / video calling.
  • Feral's GameMode May Soon Have Soft Real-Time Capabilities
    Feral Interactive's Linux system tuning daemon, GameMode since being introduced earlier this year has primarily offered the ability to easily change the CPU scaling governor when gaming but not much more. Though a new feature is now in the works for GameMode.
  • Mini DebConf Hamburg
    Last week I attended the MiniDebConfHamburg. I worked on new releases of dracut and rinse. Dracut is an initramfs-tools replacement which now supports early microcode loading. Rinse is a tool similar to debootstrap for rpm distributions, which now can create Fedora 28 environments aka chroots.
  • Android and Automotive Grade Linux battle, as car becomes a data center
    Volvo’s decision to pick Intel’s Atom automotive system-on-chip (SoC) to run in-vehicle infotainment (IVI) for its new XC40 SUV highlights the intensifying competition among chipmakers in this fast growing sphere. The decision to base the system on Android also illuminates the evolving operating system scene for cars, with Linux the primary alternative in its AGL (Automotive Grade Linux) variant. However, given the complementary strengths of Android and Linux, it looks more likely that both will be deployed by many automobile makers in hybrid packages, so that they can take advantage of Android’s huge app ecosystem, encouraging plenty of third party enhancements, as well as harnessing the independence and enterprise scale of Linux. As cars become mini-data centers or edge compute…
  • Vending machine boardset works with UP or UP Squared boards
    Aaeon’s “AIOT-MSSP01” is a vending machine boardset powered by a PIC32 MCU that’s optimized to work with the UP or UP Squared SBCs. It offers vending-friendly I/O like MDB, EXE, and DEX, as well as motor controllers and 6x USB ports. The AIOT-MSSP01 is an industrial-grade vending machine controller (VMC) solution designed to run 24/7 “without a glitch,” says Aaeon. The boardset is optimized for use with the UP or UP Squared SBCs, but works with standard PCs and “most computer boards on the market.” There’s no mention of OS support for the connected computer, but the UP SBCs support Linux, Android, and Windows.