Instead, the Whites (who, perhaps understandably, wish not to use their real names) had joined the legions of Americans victimized by someone (in their case, someone still unknown) who'd gotten ahold of enough of their personal information to manufacture a phony Georgia driver's license and a stack of bogus checks.
"Essentially, whoever stole my information my husband's name, our address, my Social Security number had also gotten my checking account number. And whoever bought that information apparently created checks from the same sort of templates you would buy at Office Depot."
Over the next couple of weeks, more of the checks surfaced: a cell phone, clothing, almost $1,000 worth of jewelry somewhere in the neighborhood of $4,000 in worthless paper, all of which had to be explained away. Kelly estimates she spent at least a week's worth of time canceling and creating checking accounts, filing police reports and making countless calls to check-verification services and merchants.
The White's case is a straightforward and relatively minor example of what's commonly known as "identity theft." But, in a larger sense, it also exemplifies just one facet (albeit a particularly nasty one) of information-age reality at the dawn of the 21st century.
The Internet-fueled growth of global information as a hot new market has already spurred fairly stringent regulation in some countries (notably, the European Union, which has implemented tough laws guarding an individual's personal data) and, to a lesser extent, here in the U.S. In Georgia, where laws guarding access to private information are virtually nonexistent, privacy advocates are expressing concerns over the easy availability of such information and the potential for its abuse.
Each day, it seems, new accounts emerge detailing the horrors of abused, misused or erroneously disclosed information. Whether it's telemarketers buying personal information from data-miners, "opposition researchers" combing the backgrounds and personal histories of political foes, law enforcement officials and licensed investigators ferreting out reams of purportedly "restricted" information, amateur investigators availing themselves of equally available black-market data, computer-savvy identity thieves, credit card crooks and hi-tech con artists, the ultimate conclusion is the same: The details of your life financial, personal, educational and maybe even sexual are an open book.
Many of us have already begun to take some common-sense precautions. We only use "secure" sites to buy stuff online with our credit cards; we stand real close to the phone and guard against prying eyes when we use our calling cards; maybe we even remember to tear up all those pre-printed credit applications that come in the mail. Then there's the Census, which a vocal segment of newly minted privacy mavens assures us is really just a way for the feds to snoop into things that don't concern 'em.
But in general, we're so accustomed to the idea of Big Brother and Big Business looking down our collars, through our wallets and underneath our bedclothes that few Americans over the age of 14 really think their own affairs are truly safe from prying eyes. Even so, the amount and depth of personal detail available to pretty much anyone with a little time or a little cash is truly extraordinary.
And despite increasingly vocal cautionary calls, it may already be too late to do anything but try to slow the flood of new data into an already swollen sea.
"In a sense, it is too late," says Gerald Weber, legal director for the American Civil Liberties Union of Georgia. "The fact that government is constantly gathering information, as well as all these private companies, and they're all sharing databases and selling information ... there's very little left that one can call 'private.' I don't believe most citizens realize just how open it is. I don't even fully realize it, and I deal with this stuff every day."
Inarguably, the 800-pound gorilla of the information trade is government. From birth certificate to death certificate, our lives are tracked and traced at every level of officialdom. While the Internal Revenue Service and Social Security Administration are by far the most pervasive and constant presences in every American's life, the list of supplementary data school records, vaccinations, property deeds, juvenile and adult criminal records, driving license information and records, auto registration, gun permits you name it, Uncle Sam (or any of his myriad nephews and nieces) have it.
The most vital bit of federally mandated information for American citizens is the Social Security number. Although legally required only for purposes of reporting wages and obtaining benefits, the SSN has become the most ubiquitous identifier for a broad range of transactions, from opening a bank or credit account to buying a car to in some cases simply cashing a check. Thus, it is also the most widely sought bit of information for crooks and identity thieves.
Until recently, the main protection between Joe Citizen and the prying of eyes the world rested, at the federal level, with the Privacy Act of 1974. Essentially, the Act requires that all government agencies federal, state and local that request SSNs provide a "disclosure" statement on the form explaining whether the number is required or optional, how it will be used, and under what legal authority it is requested. It also decrees that government benefits or services may not be denied to someone who refuses to disclose the number, unless it's required by federal law.
Although many private businesses may request Social Security numbers, there is no legal mandate to provide them. On the other hand, such businesses may decline to serve individuals who choose not to disclose their numbers; the choice is up to you whether to take the risk, since there is little to prevent private companies from doing whatever they'd like with information they've been willingly provided.
And governments themselves are often in the data-selling business. In Georgia, for instance, the Secretary of State's office routinely sells lists of names and mailing addresses of individuals licensed by its examining boards, which oversee 43 professions from architects to wastewater treatment operators.
"For instance, somebody publishing a catalog of barbers' supplies might want a mailing list of all the barbers in Georgia," explains Secretary of State press secretary Chris Riggall. "It's pretty simple: name, address, business name. That's about it."
But sales of more detailed information, such as that contained in drivers license applications which includes birth dates, addresses and, often, Social Security numbers is more problematic. In 1994 Congress stepped in with the Drivers Protection Act, which aimed to end the practice many states have of selling drivers' information to private concerns. A wide variety of companies compile and retain massive databases for use by insurers, private investigators, bounty hunters and law enforcement; others sell lists to merchants, telemarketers and direct-mail operations. Such sales are highly lucrative, and South Carolina challenged the law, but the U.S. Supreme Court upheld it in a January decision.
There are indications that Washington is focusing new attention on governmental information-gathering, and possible abuses. On April 6, a House subcommittee convened hearings on Internet privacy, specifically as it relates to governmental information gathering.
"Federal agencies from the Securities and Exchange Commission to the Department of Justice have recently shown a disturbing tendency to apply a vacuum-cleaner surveillance approach to the Internet, sucking in all kinds of irrelevant data, then isolating, storing and manipulating items of interest" said Georgia's 7th District Rep. Bob Barr, who sits on the subcommittee. "This approach rejects time-honored principles, enshrined in law, that have done a remarkably good job of balancing privacy and law enforcement."
Barr warned that unless Congress formulates "guidance for, and limitations on, government monitoring on the Internet, personal privacy will be an early casualty of this new century."
Among the potential abuses Barr fears: the release of information such as IRS tax data to third parties; an increasing tendency of governmental bodies to demand private or financial data without any legal authorization, such as a warrant or court order; and similar demands upon private institutions, such as the Bank Secrecy Act, which requires financial institutions to inform the Justice Department of any large cash transactions or even when relatively small sums are transferred out of the country. (After a national outcry, far more intrusive "Know your customer" regulations which would have required banks to alert the feds anytime an "unusual" transaction took place, were rescinded.)
Barr and like-minded colleagues also share the concerns of Internet privacy advocates that a major push by the FBI to be allowed "master keys" to any new encryption software portends a new era of unlimited, warrantless invasions into private and corporate computer files.
But, even as federal and state governments have begun to craft legislation aimed at limiting government snooping, other avenues are opening for private information-seekers. A key example is the Banking Services Reform Act passed last year, which scrapped Depression-era laws prohibiting banks from merging with related businesses, such as insurers and stock brokerages. The law further allows such multi-service companies to freely share such information internally (i.e., a health insurer affiliated with a bank is free to inspect a bank client's records), and even allows them to sell such information to non-affiliated third parties data miners, etc. unless the client specifically requests otherwise, or "opts out." (Barr was among those voting in support of the bill, which passed overwhelmingly in both houses.)
At the state level, control of information varies widely. In some states, lawmakers have clamped down on access to government records' availability to the press and public, although they often leave large loopholes for corporate data-miners.
In Georgia, the push seems to be in the other direction. Gov. Roy Barnes last year pushed through a law laying down a three-day deadline for compliance with Open Records requests and codifying sanctions for government officials who willfully disobey.
Even so, there's still uneasiness with the availability of some records. Last year, the Atlanta Journal-Constitution began demanding entire databases containing the employment records for several state agencies, the entire Department of Transportation drivers license records (which were denied under the federal Drivers Privacy Act), and the licensing records for the Secretary of State's examining boards. Particularly troubling to some state bureaucrats were demands for the birthdates and Social Security numbers on those records.
A September, 1999, internal memo from a Secretary of State staffer asserts that the AJC "is building a huge database of citizens' names addressees, and all available personal information (including Social Security numbers and dates of birth) by collecting the files maintained by several state agencies. (Dept. of Education, teachers' certification and school employees, all holders of drivers licenses in the state, all clerks' court records, all databases maintained by the Department of Human Resources ... ) They may be containing other databases as well, these are the ones they admit to."
Earlier that year, staffers in the Department of Education were similarly alarmed, and a lengthy back-and-forth exchange of e-mails finally resulted in a frosty missive from DOE legal director Melanie Stockwell to the AJC's computer-assisted reporting editor, David Milliron, stating "we will not release the Social Security numbers of certified personnel to you or to anybody."
The AJC backed off the request, accepting records from which the identifier had been expunged. But, according to Georgia Deputy Attorney General Daryl Robinson, only the records from the examining boards are actually protected, due to a provision in the particular law establishing such boards. If the DOE or agencies decide to divulge such information, they are well within the scope of current statutes.
"Currently, there's very little in state law dealing with open records [restrictions]," says Robinson, who says case law on such disclosures is virtually nonexistent. Although the Open Records law specifically exempts medical and personnel records which will nearly always include Social Security numbers other places where such information may appear are wide open.
"If you've got some licensing agency that maintains Social Security numbers as part of their records, that number may well be public ... " he says. "There's not any 'bright-line' litmus test as to what's covered; it's been on a case-by-case basis so far ... I suspect there are cases where people would be surprised to know how much of their information is open to the public."
As it turns out, the AJC's intentions are less Orwellian than they may have appeared. Although the newspaper's computer man, Milliron, declined to go on-record concerning his extensive mining of other people's records, it turns out that the databases had been sought as part of what has become standard computer-assisted reporting: Acquiring such databases, then cross-referencing them with Corrections Department data to see who's been convicted of crimes. (AJC readers may recall a series last year detailing teachers who had legal problem in their past, some of the fruits of that data-mining operation.)
Paul Overberg, database editor for USA Today, says access to such records by the press is vital.
"One of the things that's problematic for journalists is that the records are still open to all sorts of commercial purposes," he says. He views the Supreme Court decision placing drivers' records off-limits as just one of many shifts away from an open society. And it worries him.
"The trouble is, journalists can't get at those files because of that law. Bad guys can get at it, private investigators can get at it, marketers can suck those files out ... but journalists can't do good stuff with it."
The Reporters Committee for Freedom of the Press, an organization that tracks legislation as well as legal challenges involving the media, maintains a website containing an extensive file of laws and legal challenges to the media that is updated daily. A visit there reveals a tug-of-war between information seekers and various state legislatures particularly those in Texas and California which increasingly throw up barriers to public access.
Early this month, a controversial 4-3 decision by the Georgia Supreme Court threw out a woman's drunken driving conviction, which was based on a blood test she'd undergone for medical reasons following a traffic accident. The decision seems to indicate that the state's highest court is also concerned with the ability of outside parties even, in this case, law enforcement invading areas that many believe should remain private.
In Georgia, the media and the public has so far remained relatively unshackled, particularly since the passage of last year's more expansive Open Records law and the Barnes administration's active defense of it.
And that's the way it should be, says attorney Hollie Manheimer, director of the Georgia First Amendment Foundation. "But I expect [more regulation] will be coming," she says. Manheimer hopes that any new restrictions will apply to such areas as the private selling of public information. As for computer data mining and the availability of online information, she doesn't see any particular boundaries in place, and doesn't think any are needed.
"I like to say the law always follows technology, so I'm not sure we really have a line yet; I certainly don't think we should treat electronic data any different than our hard copies. So the safeguards are in place; there should be no new exceptions."
While acknowledging that the ready availability of information can be troublesome, the alternative, she says, is worse.
"It's the same question that always comes up in any medium: the right of the individual to privacy versus the right of society to know," says Manheimer. "I remain firm in my belief that, in the end, to have a free and democratic community, the public's right to know has to outweigh some very good and important interests in privacy."
But journalists seeking out juicy stories are not the main concern of privacy buffs. Far more worrisome is the sale and exchange of personal data for commercial or criminal purposes. In addition to quandaries spawned by the legal sale of medical information to insurers and financial information to credit card vendors and employers, there are quasi-legal and black-market operations that have produced a whole new breed of Information Age highwaymen.
A coalition of credit-reporting and data-reselling agencies known as the Individual Reference Services Group has formulated a set of principles governing the collection of and access to their databanks. Among them are provisions restricting sales to authorized individuals or companies that sign contracts limiting the use of the data, mandating a review of subscriber bona fides, and establishing processes for individuals to correct erroneous data.
Peggy Eisenhauer, a local attorney who represents several IRSG member organizations, says there are both perceived and real conflicts at play.
"The Internet has made information very accessible. There are benefits associated with it, and costs as well ... " she says. "We need to make sure that people understand the value of information." For example, she cites the information restrictions in Europe as the reason there's no such thing as instant credit there. "You can't go into a store at six o'clock at night and open a line of credit," she says. "We have the ability to make those decisions instantly ... I don't want to downplay the risks of information, but you have to view them in proportion to the benefits."
Like Manheimer, she approves of the current regulations that impact her area of interest, and hopes lawmakers will guard against knee-jerk regulation.
"I'm very comfortable with the legislation that exists in preventing real harm," says Eisenhauer. "I am very uncomfortable with legislative attempts to address what I call 'yuch' harm. I mean, I don't like junk mail, for instance, but it's not a matter for legislation."
And many times, consumer awareness may be the most efficient regulator. One of the largest information services, Lexis-Nexis, was forced to kill a locator program that offered easy access to a person's most recent addresses, maiden names and Social Security numbers after a wave of protests. Not only could the information be easily abused by identity thieves, said critics, but stalkers and abusive husbands could easily track down targets attempting to preserve their safety.
But the proliferation of black-market data-miners is frightening. A recent e-mail to CL offered for sale a CD enabling a purchaser to "find out anything about anybody" by offering access to birth records, Social Security numbers, credit information, addresses, phone numbers, employment data all for $10.
Some sources offer even more, and are decidedly more sinister. Consider How to Get Anything on Anybody: Book II, a manual including instruction on how to "dig out unlisted phone numbers, bypass computer passwords and assemble a complete dossier on anyone from the comfort of your own home." The cover art: A young woman with a rifle scope's cross-hair pattern over her face.
A veteran FBI agent now employed by one of Atlanta's larger private detective firms (who, mindful of his professional interests, asks that his name and that of his company be withheld), frequently utilizes some of the scores of private information services available. He notes that the amount of information available through such legitimate, legal means is astounding never mind the hundreds more websites that offer blatantly proscribed information, including credit card numbers, home addresses and Social Security numbers to anyone who'll pay a fee.
"There's a tremendous amount of data out there," he says. "They try to control it but, with all the data collection agencies out there, particularly with the Internet, there are groups and companies that know everything in the world about you. Let's face it: The state sells information to these companies, the credit card companies sell it to these companies they might call it 'marketing' even your health providers probably sell information."
The ACLU, which has taken a leading role both in efforts to curtail the intrusiveness of government as well as to keep public records open, finds itself in something of a bind.
"It's a struggle for the ACLU," says Weber, "because it deals with two conflicting issues. One is public information, which we feel belongs to the public, and should be available to everyone. At the same time, the government is gathering so much information on citizens that is or should be private, that if the citizens found out how much of that information is being sold to the highest bidder, they'd be outraged."
And, despite the best efforts of alert citizens and well-meaning lawmakers, society may well have to learn to live with the reality of having virtually all of its affairs subject to the scrutiny of anyone with the desire and, maybe, the money to take a look. The flood of data collected, bought and often willingly supplied by consumers, is just too torrential and profitable, it seems, to be impacted by a patchwork of regulation and a too-trusting public.
"Pandora's Box is already open," says Weber. "We can push it shut a little, but it will never be closed again."
different city parks do different things, I think keeping the fulton county diamond, or the…
"The Coming Medicaid Cost Explosion" _______________________________ Right has been running around like Chicken Little for…
QM, you have commandment 5 wrong. It should read: Thou shalt not kill except it…
yeah, because Grant Park is miles away and isn't a park
""She admitted that she was drinking and driving,' attorney Jackie Patterson told reporters following her…