Home    Contact Us    Privacy News    APC News    Services    Speeches

PrivacyToday.com^™

Global Privacy Issues At The Click Of Your Mouse^™

Official website of

American Privacy Consultants, Inc.^™

Statement by Robert Douglas

 

Before the

Committee on Banking and Financial Services

United States House of Representatives

 

Hearing On

The Use Of Deceptive Practices To Gain Access To

Personal Financial Information

 

July 28, 1998

 

Introduction

 

     Thank you, Mr. Chairman.  My name is Robert Douglas and my firm is Douglas Investigations.  My firm provides private investigative services to the Washington, DC legal community.  While we specialize in complex criminal defense matters, we also provide general investigative services including traditional areas of civil investigation and information search services.  It is my experience with the information broker industry that brings me before you today.

 

     First, Mr. Chairman, let me state that I appreciate the opportunity to appear before you to give my perspective on what I believe to be one of the most significant problems facing our nation today.  I want to personally thank you for your willingness and desire to address this serious issue and the time you have invested on this problem.  I am aware from both the legislation you have introduced and your public comments that you share my concerns about maintaining citizen’s financial privacy.  I particularly want to thank your Committee’s staff, and specifically David Cohen, for the time they have invested with me discussing this problem. 

    

     Mr. Chairman, I also would like to single out for recognition your administrative assistant, Bill Tate, for his assistance in getting this critical issue before you and the Committee.  When I first approached Bill with my concerns about this subject, he immediately recognized this as an issue worthy of you and your Committee’s attention and moved quickly to bring it before you.  For that I am thankful and I believe the American people will be thankful when they learn the scope and dimensions of the problem we are hear today to discuss.

 

     All across the United States information brokers and private investigators are stealing and selling for profit our fellow citizens personal financial information.  The problem is so extensive that no citizen should have confidence that his or her financial holdings are safe.

 

     The types of financial information for sale include:  Private bank account numbers and balances; stock, bond and mutual fund holdings including the number of shares held; insurance policy data including the types of insurance maintained and the amount or value of the policy; credit card information including account numbers, size of credit lines, and transaction details including specific purchases.

 

     While the theft and sale of this information is occurring on a daily basis, much of societies focus on privacy as it relates to personal information has been concentrated elsewhere.  To date, the majority of public scrutiny has been on issues related to basic data collected via the Internet and the explosion of information that is collected everyday as part of routine commercial transactions.

 

     Issues such as the mass collection of citizens social security numbers, home addresses, phone numbers, and purchasing preferences by retailers have dominated the debate.  As part of this debate we routinely hear and read of generic “what ifs...” and concerns that “sometime in the near future” a citizen’s most privately held information will be easily obtained by anyone willing to pay for it.

 

     Mr. Chairman, I am here today to tell you that we passed that point long ago and somehow it seems no one noticed.

 

The Sale of Financial Information

By “Information Brokers”

 

     Currently, thousands of information brokers and private investigators are advertising their ability to locate citizen’s personal financial information.  The advertisements almost uniformly refer to “bank account searches” and/or “asset investigations”.  These advertisements can be found in legal and investigative trade journals, general circulation newspapers, the yellow pages, and on the World Wide Web.

 

     The genesis of this specialty niche within the information industry is a growing black market that has developed to sell financial and other forms of personal information.  As with most black markets, there needs to be a seller of a commodity that can’t be obtained through normal channels and a buyer interested in that commodity.  In this case the sellers are private investigators and information brokers, who I will collectively refer to as brokers, who have perfected a technique they call “pretexting”.  The commodity is private financial information.  Originally, and to a great extent still, the buyers were lawyers looking to seize assets of individuals with unsatisfied judgments.

 

     I do not want to mislead the Committee on this point.  There is a substantial problem in this country concerning the ability of successful parties to a lawsuit ever collecting the monetary awards from the opposing party.  There are millions of uncollected judgments representing billions of uncollected dollars in the United States.  In my opinion, this fact has played a large role in the development of the black market for financial information.  Indeed, if you review the materials I have provided to the Committee, most brokers providing these asset location services advertise them as a means to locate liquid assets to seize in order to satisfy judgments.  However, if you review those materials closely in conjunction with the audio and video tapes I have provided the Committee of a private investigator and an information broker selling an individuals banking information, you will clearly see that far too many brokers are selling citizens private information to anyone who cares to purchase it.

 

     Even if, for arguments sake, all brokers were only providing financial information obtained through pretext to attorneys holding lawful judgments as a means to assist in the collection on those judgments, it would still be a gross violation of privacy and in many states a violation of the law.  In other words, in a society governed by law, the end cannot justify the means.

 

     Yet this is the very argument that many brokers I have talked to make.  Their position is that there is nothing wrong with what they do.  They see themselves as financial bounty hunters filling a demand for information on where individuals have secreted their money.  Time and again in numerous conversations I have had with brokers around the country I have heard the following two positions argued as a justification of the services they sell.

 

     The primary position is that it is not against the law to obtain private financial information.  In the materials I have provided the Committee there are two specific examples of this declaration.  One is direct and the other is by inference.  The first is a broker assuring the viewers of the web page that it is legal to obtain financial information.  The second is a law firm newsletter on the web where they advise their readers and clients that they use brokers to locate bank accounts and that they will assist their clients in hiring brokers to do the same. 

 

     In furtherance of this position that what they do is legal, brokers argue that there is no federal law prohibiting a private citizen from obtaining the financial information of another private citizen.  The brokers, and in some instances their corporate attorneys, have told me that federal laws in this area relate only to the government’s access to a citizen’s financial information.    I would like to note that these very brokers and their attorneys appear to be ignoring existing state laws in many instances.

 

     The second position brokers advance is that “pretexting”, which I will discuss in more detail shortly, is perfectly legal.  The argument goes like this.  “If the bank is stupid enough to tell me the information, that’s the banks problem--not mine.”

 

The Extent of the Problem

 

     Five years ago there were a small number of these brokers actively advertising their “asset location” services.  The advertisements at that time were largely confined to legal and investigative trade journals, as the target markets were lawyers and creditors who had judgments that had remained uncollected.

 

     Today, there are literally hundreds of brokers advertising around the United States by means of the Internet.  By way of example I have provided to the Committee, and have here at the table with me today, approximately 285 individual web pages from approximately 40 companies advertising on the World Wide Web.  These 40 companies were located by searching the phrase “bank account search” on just one of the many Internet search engines.  Specifically, the AltaVista Internet search engine.

 

     The results are a combination of information brokers and traditional private investigators.  Each of these firms is advertising to other private investigators, information re-sellers, attorneys, and often the general public.  Even the firms that are publicly stating that they are not selling to the public will gladly sell to a private investigator without any ability to control where the data will go from there.  The end result is that thousands of investigators, brokers, and in many cases individual consumers can now purchase the personal financial information of any citizen in the United States.

 

     To further illustrate to the Committee the scope of the problem we are discussing today I would like to point out another fact.  By just examining two of the forty companies I have provided the Committee with web pages for, Noble Assets and The Pathfinder Group, you will see that they claim to have located over 1.5 billion dollars in assets.  If we take them at their word, or even if we divide that number by a factor of two, the scope of the dilemma is staggering.

 

Identity Theft and Pretexting

 

     The means by which private financial information is most commonly obtained is identity theft.  The financial data is obtained by the broker under false pretenses.  The most common method of identity theft used to obtain privately held financial information is for the broker to obtain through currently legal means enough biographical information on the target of the investigation to be able to falsely pretend that he, the broker, is the actual owner of the information sought after.  Having convinced the financial institution by false pretenses that he, the broker, is actually the institution’s client, the institution is only too happy to provide whatever information is requested.

 

     The following is a basic example of this method.  Bob Smith is the holder of a bank account at USA Bank.  Joe Info Broker obtains from one of dozens of lawful databases, many of which can be found on the Internet, Mr. Smith’s full name, social security number, address, and date of birth.  Joe Broker then starts calling banks in Mr. Smith’s neighborhood posing as someone who has received a check from Mr. Smith.  When Joe Broker finds a bank that confirms that Mr.Smith has an account, Joe Broker hangs up.  Joe Broker then calls back and identifies himself to the bank as Mr. Smith.  The bank, for security reasons, asks for personal information that the bank mistakenly believes only Mr. Smith would know.  Joe Broker armed with Mr. Smith’s biographical data is able to convince the bank that he is actually Mr. Smith.  The bank then provides Joe Broker with any information he requests on Mr. Smith’s account.

 

     A second method is for the broker to falsely convey to the target of the asset investigation that he, the broker, is an employee of a legitimate financial institution or company.  Having gained the confidence of the target, the broker induces the target to provide his or her own financial data.

 

     The following is a basic example of this second method.  Joe Info Broker, having determined Sally Senior Citizen’s bank by the means outlined above, calls Sally Senior Citizen at home and pretends to be an employee of the bank.  Joe Broker tells Sally that there is some confusion with her account and that they can clear it up on the phone if she goes and gets her checkbook.  Sally wanting to avoid a trip to the bank complies.  Joe Broker having gained Sally’s confidence gets her to read her account number to him as a means of “confirmation”.  Joe then gets Sally to tell him what her balance is so “the bank” can be sure its records are accurate.  Sally complies.  Joe Broker now has Sally’s banking information.

 

     These are just two of many methods that I have uncovered.  I note that the Committee will hear today from an information broker, Al Schweitzer, and I suspect that Mr. Schweitzer will be able to provide other techniques commonly in use.  However, at the core of any of these techniques is identity theft.

 

     Private investigators and information brokers who obtain these types of information by the above methods prefer to call it “pretexting”.  While pretexting is a commonly accepted investigative technique, I believe it is more properly classified as fraud when it rises to the level of identity theft as outlined above.

 

     Pretexting is a traditional, accepted investigative technique within the investigative trade.  The technique of pretexting is to either intentionally induce or allow another party to believe the investigator is someone they are not.  The goal being that the individual being pretexted will drop their guard and reveal information that they would not if they knew the true identity of the investigator.  This technique is routinely used by both law enforcement and private investigators.

 

     An example of traditional pretexting would be to pose by phone as a generic delivery person with a package for Mr. Jones as a method to determine if Mr. Jones is home so that a subpoena could be served or a warrant executed.  A second example would be to pose as an “old school friend” in order to find the current address of Mr. Jones from Mr. Jones’ parents.  The goal again being to learn the public address of Mr. Jones so that lawful process can be carried out.

 

     The difference between true pretexting and identity theft is simple.  In pretexting, the investigator poses as a generic individual or company in order to obtain public, non-protected information such as an address, name of a witness or relative.  Identity theft is the use of the targets personal and biographical information to impersonate the target as a means to obtain the target’s private, protected information.

 

Creditor Networks and “Sources”

 

     While I believe identity theft is currently the most common method being used by information brokers today, and is almost always used to gain the balance of a financial account, it is not the only method.

 

     Creditor networking as a means of obtaining personal financial information is another method used by brokers.  This method consists of a broker calling companies that have made inquiries on a target’s credit report in order to learn what biographical and financial information that company maintains on the target.  The broker will offer to exchange data in the broker’s possession or promise to call back with information developed as a means to induce the company to provide personal data on the target.  By calling one or more companies the broker begins to piece together the financial profile of the subject in order to then sell that information to the broker’s client.

 

     The final method I will address is that of using “sources”.  The term source in the investigative trade is often code language for illegally obtained information.  The broker purchases or trades on an existing friendship or relationship to obtain protected information from the “source”.  Brokers spend years developing “sources” and are constantly trying to cultivate new ones to obtain information. 

 

     I have heard brokers brag of developing sources within the major credit agencies as a means of obtaining “no foot print” credit reports.  A “no foot print” credit report is a report obtained on a target that doesn’t leave a notation on the report’s inquiry section recording who has obtained a copy of the target’s report.  Brokers also try to develop “sources” within the financial services sector itself.  One of the tapes I have provided to the Committee and to the FDIC is replete with discussions of sources developed within the financial industry.

 

Stalking, Theft, and Financial Terrorism

 

     In my introduction today I stated, “[t]he problem is so extensive that no citizen should have confidence that their personal financial holdings are safe.”  Mr. Chairman, I am not an alarmist by nature and consequently I do not make that statement lightly.  Frankly, I fought a battle within myself debating whether I should make such an incendiary charge.  However, the statement is true and I would like to provide the Committee with one example of what I know has already transpired by this information ending up in the wrong hands.  Further, I would like to warn the Committee of what can easily happen, and perhaps has already, if quick action is not taken.

 

     I am personally aware of a case that a Maryland private investigative agency has worked on where a stalker has purchased by means of a private investigator and an information broker the personal information of a Virginia woman.  This information included amongst other items her driving record and personal banking information.  As a form of harassment, terror and demonstration of power the stalker proceeded to distribute this information to all the woman’s neighbors in her community.

 

     While this example is bad enough in and of itself, it is just a small taste of the harm that can and will occur with this type of information so widely available by means of the Internet.

 

     With the financial information that can be purchased from a broker and the techniques that these brokers will teach to others and sell in books advertised on the Internet the following can be accomplished:

 

Theft

     1) You can steal money directly from the bank account of a citizen by using tele-check type services to make purchases.

     2) You can steal money directly from the bank account of a citizen by having the money wired from the account to another location.

     3) You can steal money directly from the bank account of a citizen by using the account information to make purchases on the Internet.

     4) You can use a citizen’s credit card information to make purchases by phone or the Internet.

     5) You can use investment information to cash in holdings to obtain the funds.

     6) You can determine the insurance coverage’s and policy amounts of a citizen and cash in certain types of policies.

 

Financial Terrorism

     1) You can close a citizens financial accounts.

     2) You can stop payment on checks the citizen has issued.

     3) You can use the knowledge of financial holdings to assist in blackmail or kidnapping.

     4) You can determine a business competitors financial holdings as a means to obtain a competitive edge.

     5) You can close a business competitors accounts or place stops on checks issued to create havoc for the competitor.

 

     These are just a few examples of the types of harm that can easily be visited upon a citizen or business.  I note that one of the guests today is Evan Hendricks representing Privacy Times.  I suspect Mr. Hendricks will be able to supply stories he is aware of and/or potential scenarios of how financial information in the wrong hands can cause incredible amounts of damage in a very short period of time.  In fact, it is easier to cause the damage than it is to correct it once it has taken place.

 

The Proposed Legislation

 

     One of the questions I was asked to address in your invitation letter, Mr. Chairman, was whether I thought existing Federal and state laws adequately safeguard citizen’s financial information.  Quite simply they do not.

 

     I note that Massachusetts Assistant Attorney General Clements is on the witness list for today.  I would also note that all of the companies the State of Massachusetts prosecuted are still in operation to the best of my knowledge.  As one broker we caught on tape stated to me concerning the fine given to Noble Assets, ...”what’s twenty to thirty thousand dollars when you’re making a quarter of a million a year”.

 

     I would also like to state that I researched the issue of whether obtaining private financial information is legal off and on for more than four years.  I found it hard to come to a conclusion based upon existing law and a review of law journals and books on privacy.  While everything in my gut told me that this can’t be right, I saw dozens of other companies advertising the ability to provide bank account and other financial information.  Many of these advertisements appeared and continue to appear in the local legal trade journal, Legal Times.  This paper is read in all the major law offices and I have seen it in the U.S. Attorney’s office for the District of Columbia.

 

     Indeed, an attorney representing one broker, Integrity National, told me that she had researched both the law and the methodology being used by Integrity and that what they sold was perfectly legal.  Noble Assets prominently displays that one of the principles of the firm is an attorney.  At one point I went to a legal conference here in the District of Columbia titled “Collecting On Judgments In DC, Maryland and Virginia.”  I asked two members of the panel, both attorneys, if they could provide assistance in this area and all I got in return was a blank stare.  They stated that they did not know the answer to the question of legality.

 

     Based upon my early research and discussions with brokers and their attorneys I purchased financial information on behalf of attorneys looking to collect on judgments for approximately 2 years.  At the end of that period I had an experience with a broker that clearly revealed to me that he was obtaining the information through fraud.  At that point I ceased purchasing financial information and put out a warning to all my clients that I believed brokers were stealing this information by means of identity theft.

 

     The preceding paragraphs are meant to illustrate that it is not easy to determine what laws specifically apply in this area.  Because of that reason and because of the scope and danger presented I believe there needs to be Federal law directly controlling the use of deceptive practices to obtain personal financial information.

 

     I have had an opportunity to review the legislation introduced by Chairman Leach and I believe it directly and fairly addresses the problem we are discussing today.  The legislation clearly evidences a thorough understanding of the issues presented and outlaws the use of identity theft or theft by false pretenses in the obtaining of financial information.  I support the inclusion of both criminal and civil remedies as a means of enforcement.

 

     I believe that passage of this law coupled with enforcement will almost immediately end the problem.  As I reviewed web pages advertising the sale of financial information, many of which I have provided to the Committee, I was struck by the fact that without exception they all noted that in order to obtain a credit report the purchaser had to be in compliance with the Fair Credit Reporting Act.  Brokers are terrified of being put out of business and/or sued for violating the FCRA.  I believe similarly they will get the word quickly that identity theft, as a means of obtaining personal financial information, is no longer acceptable.

 

     Enforcement of the law will require a minimal amount of resources.  Specifically, a single federal agent with a computer, Internet access, fax machine and the skill to out pretext the pretexters as I did could shut this industry down in a matter of months.

 

Education

 

     Finally, the last area that needs to be addressed is education.  No matter what happens today and whether or not this legislation passes, we must do all we can to educate the public, your fellow legislators, financial institutions, hospitals, universities, and any other company or institution that maintains private information about the dangers of identity theft.  As I noted earlier there are individuals teaching classes and writing books on how to “pretext”.  We need to teach businesses, institutions and individual citizens what steps they can take to protect their ever decreasing privacy and their most valued information.

 

Conclusion

 

     Mr. Chairman, I would like to once again thank you for the invitation to appear today.  I have great confidence that the Committee recognizes the seriousness of the problem before it and the threat it presents to the integrity of all financial information.  

 

     As a child I was taught that the first role of government is to protect the people.  This is an opportunity for this Committee and this Congress to do so.  As a professional in the investigative trade I would ask you on behalf of the honest members of the profession that you stop the use of deceptive practices to access financial information.  As a citizen of the United States I insist that you do so.

 

Home    Contact Us    Privacy News    APC News    Services    Speeches