SPEAKERS CONTENTS INSERTS
Page 1 TOP OF DOC
H.R. 4311—THE IDENTITY THEFT PREVENTION ACT OF 2000
WEDNESDAY, SEPTEMBER 13, 2000
U.S. House of Representatives,
Committee on Banking and Financial Services,
Washington, DC.
The committee met at 10:12 a.m., in room 2129, Rayburn House Office Building, Hon. James A. Leach, [chairman of the committee], presiding.
Present: Chairman Leach; Representatives Castle, Kelly, LaTourette, Biggert, LaFalce, C. Maloney of New York, Bentsen, Hooley, Sherman, Inslee, Schakowsky, Moore, and Capuano.
Chairman LEACH. The hearing will come to order.
The Committee meets this morning to examine the threat to financial services consumers from persons using illegal means to obtain private bank account balances and other financial information of persons and to consider the merits of a particular legislative proposal to combat identity theft put forward by two respected Members of this Committee.
At the dawn of the 21st century, Americans' financial privacy, indeed, their very financial identities, are at risk as never before.
Page 2 PREV PAGE TOP OF DOC
Whether the threat involves cyber intrusions into large corporate databases by hackers seeking to download credit card numbers or other account information, or less technologically sophisticated techniques such as dumpster diving to retrieve credit card receipts or bank statements, the most confidential pieces of a consumer's financial profile appear to be easily available to a growing number of financial scam artists.
The Federal Trade Commission, which will testify later this morning, reports that calls to its recently established identity theft hotline are now averaging over a thousand a month, one of several indications that the identity theft problem is fast reaching epidemic proportions.
In such an environment, the importance of vigilance by financial services providers and their customers in deterring and detecting unauthorized access to confidential financial data cannot be overemphasized.
Complicating the job of the FTC and other enforcement agencies is the increasingly international character of identity theft, underscored by several recent episodes of intrusions into U.S. corporate databases by hackers operating in Eastern Europe and elsewhere around the world.
The Secret Service, which is also represented at today's hearing, testified before the Committee several years ago about the growing presence in this country of organized criminal groups, many with Russian or Nigerian origins, that have engaged in large-scale identity theft schemes targeted at United States citizens.
Page 3 PREV PAGE TOP OF DOC
What steps are being taken to protect consumers from these crimes which wreak havoc on individual credit ratings and result in a profound sense of violation of those who are its victims? Is there a need for additional laws, or is it a matter of strong law enforcement of existing laws? These are among the questions the Committee has before it.
This is the latest in a series of hearings the Committee has held on this issue of financial fraud and identity theft in this and prior Congresses. In 1998, the Committee was the first to focus congressional and public attention on the problem of ''pretext calling,'' a practice closely related to identity theft, that involves the use of false and deceptive methods to obtain personal financial information.
We welcome back before the Committee today one of the witnesses at that earlier hearing, Robert Douglas, a private citizen in Alexandria, Virginia, who was instrumental in first making the Committee aware of the threat to financial privacy posed by practitioners of pretext calling.
Prompted in large part by the information shared by Mr. Douglas and other witnesses at the Committee's 1998 hearing, I introduced legislation making it a Federal crime to obtain or attempt to obtain consumer information of a financial institution by false pretenses, such as by misrepresenting the identity of the person requesting the information or otherwise tricking an institution or its consumer into making unwitting disclosures of such information.
These provisions were incorporated in last year's Gramm-Leach-Bliley financial modernization legislation and went into effect upon the signing of that law on November 12th, 1999.
Page 4 PREV PAGE TOP OF DOC
In the ten months since, the Committee has received sporadic reports that since passage, Federal regulators have not paid adequate heed to the strictures of the legislation. To determine in an admittedly unscientific way whether it remains possible to find someone willing to break the law to obtain private financial information of an individual, an informal survey was conducted by Committee staff over the recently concluded August recess, assisted by Mr. Douglas.
Staff identified and contacted businesses advertising their ability to locate bank accounts, determine bank account balances, and find other financial assets assumed by most consumers to be confidential. Subjects were selected at random based upon searches of the internet, telephone book yellow pages, and classified advertisements in legal trade journals.
Posing as a potential customer, a member of the Committee staff, Ms. Alison Watson, placed a series of calls in which she purported to be someone whose live-in boyfriend had recently disappeared, cleaning out their joint bank account and absconding with other assets in the process. The staff member asked each firm whether it could assist her in locating her ex-boyfriend and any bank accounts in which he might have placed the funds removed from their joint account. Of 26 calls placed in an uninterrupted three-hour period, eleven were completed. Of the eleven companies reached, every one of them confirmed their ability and their willingness, for a fee, to obtain bank account and other financial information.
Put another way, three hours of calling to randomly selected vendors yielded the names of eleven firms willing and in all cases eager to sell bank account information on a private citizen with few, if any, questions asked.
Page 5 PREV PAGE TOP OF DOC
Although two of the eleven firms made vague references to privacy laws that they said would complicate their efforts to locate assets, none mentioned the existence of statutory prohibitions on the services they were offering to provide.
Based upon this survey, it appears that the fraudulent practices first highlighted by the Committee in mid-1998 are continuing largely unabated.
In short, bank account information and other aspects of consumers' financial profiles apparently remain freely available to anybody willing to pay for them. What we have are outfits unafraid to break the law, in fact, even continuing to advertise their lawbreaking talents. The victims are those individuals whose account information is obtained, but it is also our civil society that is based upon trust and respect for the privacy of one another.
While no money may instantly be changing hands, and no one's life is immediately at risk from gun-toting thieves, these are cases of robbery of bank information and potentially of bank accounts.
For many Americans, account information may be almost as valuable as their actual balance, and the impact of knowing that our private financial records are so readily available is frightening. Law enforcement agencies need to take these crimes more seriously.
Mr. Douglas will expand on the survey later during his testimony.
Our first witnesses this morning will be two distinguished Members of the Committee, Ms. Hooley and Mr. LaTourette, who are the primary sponsors of H.R. 4311, The Identity Theft Prevention Act of 2000.
Page 6 PREV PAGE TOP OF DOC
This legislation, cosponsored by 37 other Members of the House, reflects a very thoughtful approach to the identity theft problem and deserves serious consideration by this Committee.
We will hear later from several witnesses with differing perspectives on some of the bill's specific provisions. But I want at the outset to commend Ms. Hooley and Mr. LaTourette for their work in developing this very important piece of pro-consumer legislation.
At this point, let me ask Mr. Sherman if he has any opening comments.
Mr. SHERMAN. Thank you, Mr. Chairman. Thank you for holding these hearings on an important matter. Several constituents of mine have had problems with identity theft.
We need not only strict criminal laws, we also need perhaps some national clearing agency so that a person can identify themselves as potentially a victim of identity theft and make it at least more difficult for those stealing their identity to in effect steal thousands and tens of thousands of dollars from the lenders that they are then approaching and trying to bilk, or make the withdrawals from bank accounts. I would like, without objection, to place in the record a report by the Federal Trade Commission issued just last month, August 22nd, titled ''Information on Identity Theft for Consumers in California from November 1999 through July 2000'', where the FTC indicates that just it—and, frankly, it is not the first agency that I would have thought of—has had over 2,700 contacts from California in a one-year period about identity theft. Sixty-two percent of those were complaining that their identity had been the subject of such theft.
Page 7 PREV PAGE TOP OF DOC
I would also like to place in the record the suggestions of Sheriff Lee Bacca of Los Angeles County giving consumer tips as to how to avoid being victims of such identity theft. I have a good friend who I will simply identify——
Chairman LEACH. If the gentleman will yield, without objection, both of those will be placed in the record.
Mr. SHERMAN. Thank you, Mr. Chairman. I have a friend who I will identify only as ''Karen,'' who has been pushed through the wringer on this. And without objection, I would like permission to add to the record a statement that she might provide, Mr. Chairman, how many days is traditional to submit additional material for the record?
Chairman LEACH. Usually several, but we will do our best.
Mr. SHERMAN. OK. Whatever number of days we have.
Chairman LEACH. And without objection, the statement of Ms. ''Karen'' will be placed in the record if it is presented in a timely basis.
Mr. SHERMAN. Thank you. So I want to compliment those who will be making presentations to us who have taken the time to draft legislation in this area. This is not only lost money and lost sense of security for those who are victims of identity theft; it is a tremendous drain on their time and also a drain on our business and banking system which is bilked into making loans to people who are not who they say they are or allowing the withdrawal of funds from a bank by a person who is not the depositor.
Page 8 PREV PAGE TOP OF DOC
Thank you, Mr. Chairman.
Chairman LEACH. Thank you very much, Mr. Sherman.
At this point, the Committee would welcome Ms. Hooley and Mr. LaTourette. And we thank you for the bill that you have presented to us and thank you for your long and thoughtful service to this Committee in general.
Shall we begin with you, Ms. Hooley?
Ms. HOOLEY. Mr. Chair, either one is fine.
Chairman LEACH. Fine. Please.
STATEMENT OF HON. DARLENE HOOLEY, A REPRESENTATIVE IN CONGRESS FROM THE STATE OF OREGON
Ms. HOOLEY. First of all, I would like to thank you for your willingness to hold this meeting, and I would like to thank you for all the work you have done in this area, both in trying to make and making it a criminal act, and for your pretext calling. Those are both really important pieces of this issue, and so thank you for doing that.
Mr. LaTourette and I introduced this bill because identity theft occurs when someone uses your name, Social Security number, mother's maiden name, or any personal identifiable information to purchase goods or services.
Page 9 PREV PAGE TOP OF DOC
While credit issuers have been willing to refund fraudulent charges, victims are still faced with problems of ruined or destroyed credit, the time commitment of redeeming their name with multiple credit bureaus and credit issuers, and the fear and anxiety associated with knowing that someone is using all of their personal information to charge any manner of goods. As a result of identity theft, victims have been turned down for jobs, turned down for mortgages, and other important extensions of credit.
Identity theft is becoming a growing concern for millions of Americans. Now this is an equal opportunity crime, with victims of all ages, incomes, and races. Regardless, the effects can be devastating on the victim. Take, for example, Shon Boulden from Hillsboro, Oregon, who you will be hearing from today.
Shon has dozens of accounts opened under his Social Security number. As a result, Shon has spent countless hours battling to clear up his good name. Now at the age of 23, Shon is unable to get the kind of credit a young person needs to start off in life, including credit card loans, business loans, or student loans.
While the consequences can be dire for the young, this crime can be devastating to the elderly who are especially vulnerable. A few months ago I spoke to a constituent whose 96-year-old mother had her checks, credit card, and driver's license stolen. Now I was surprised she still had a driver's license at 96.
With her driver's license and account numbers, the thieves were able to cash multiple checks in her name. She and her son, along with the bank, investigated this issue, and they did open up new accounts for her. But it did not end there.
Page 10 PREV PAGE TOP OF DOC
Even though she canceled her credit card, the thieves were able to transfer $12,000 from her Visa card to a bank in Ann Arbor, Michigan. Now I should note that this woman has never been to Ann Arbor, nor has she ever had anything close to that kind of a balance on her card.
This constituent was lucky enough to have a son to help her navigate through the maze of opening and closing accounts, dealing with banks and credit card companies and credit bureaus.
But many elderly people do not have children nearby, they are in poor health, financially unstable. Therefore, these crimes do not just aggravate—they cause tremendous fear. People fear not only the criminals, but the harassing phone calls and threatening letters from collection agencies.
In introducing the Identity Theft Protection Act, we are asking credit issuers and credit reporters to do their part in making sure that credit is extended to the right person. And in the case of fraud, we are asking for procedures to be put in place to assure that consumers can clear up their good names quickly.
For instance, the legislation requires that anytime a creditor receives a change of address form, the creditor sends back a confirmation to both the old and new address. That way, if a thief attempts to change a victim's address, the victim will know about it. A very simple but important piece of prevention.
Page 11 PREV PAGE TOP OF DOC
It asks credit bureaus to investigate discrepancies in the names and addresses they have on file with names and addresses provided by a credit issuer.
H.R. 4311 codifies a practice of placing fraud alerts on consumer credit files and allows a consumer to require verification before credit is extended. This bill gives the FTC the authority to impose fines against credit issuers that ignore that fraud alert.
This legislation also gives consumers more access to the personal information collected about them, which is a critical tool in combatting identity theft by requiring that every consumer that asks for it across the Nation have access to one free credit report annually.
This bill restricts the sale of Social Security numbers by credit bureaus. Increasingly, the Social Security number is becoming a national identity and the key to identity theft.
I want to reiterate that I fully understand that in most cases of identity theft, the victims recoup most of their financial losses, and I applaud the credit issuers for not further punishing victims.
However, I believe that credit issuers and credit bureaus must recognize the problem this creates for consumers. The son of the 96-year-old victim told me that his mother's bank just did not seem to care. As they saw it, she did not lose money, so she should not be upset. Well, Mr. Chairman, I do not see it that way.
Page 12 PREV PAGE TOP OF DOC
In closing, our bill has common sense reforms. It asks credit bureaus to honor fraud alerts, forces credit issuers to observe those alerts, gives customers a notice when their billing addresses are changed, and asks credit bureaus to at least look into discrepancies.
In my mind, this is the least we can ask of those companies—who profit in extending credit and trading in our credit histories—to do to protect us. Thank you.
Chairman LEACH. Well, thank you very much, Ms. Hooley.
Mr. LaTourette.
STATEMENT OF HON. STEVEN C. LaTOURETTE, A REPRESENTATIVE IN CONGRESS FROM THE STATE OF OHIO
Mr. LATOURETTE. Thank you very much, Mr. Chairman. I want to thank you for conducting this hearing and for your continued efforts in finding ways to protect the consumers in this country on this very important issue. I also want to congratulate my colleague, Darlene Hooley from Oregon. And this bill is affectionately known by the acronym the HOOLA bill in our two offices, and that was why it immediately became attractive to us.
I thought I would, by way of illustration, share with the Committee a story as to how I became intimately involved with the issue of identity theft. Last year, a couple from my home town, Ray and Maureen Mitchell, came into my district office.
Page 13 PREV PAGE TOP OF DOC
And I have a special affection for the Mitchells, because when I was first running in 1994, their son, who goes to Madison High School with my daughter Sarah, was the only boy who would show up to be in my television commercials, so the Mitchells have been long-time favorites of mine.
They told me a numbing story of how they became involved in identity theft and how they had been involved now in ''identity theft hell.''
There are a half-a-million people a year out there just like them—victims of crimes that largely go unreported and widely misunderstood.
In many ways, being the victim of this crime can be far more devastating than being the victim of a typical crime. Once you are exposed to this crime, you never feel totally safe. As a matter of fact, now the Mitchells drive around with a signed affidavit in their car, fearing that when they make a purchase they will be confused for the bogus Mitchells, and this is not a way for innocent people to live.
The Mitchells' daughter just graduated from high school this year, and like a lot of parents, they wanted to buy her a car. They purchased the car with cash, however, because they were afraid they could not get a loan as a result of their once perfect credit now being shattered.
It started about a year ago. The Mitchells' bank noticed $2,100 worth of unusual charges on their credit card, and it has been downhill ever since. The thieves used the Mitchells' personal information to open new credit cards, buy cell phones, take out two huge personal loans, and purchase not one, but two $40,000 SUVs. One was a Ford Expedition. They are probably having some problems with their tires now.
Page 14 PREV PAGE TOP OF DOC
[Laughter.]
Mr. LATOURETTE. And the other one was a Lincoln Navigator.
All told, Ray and Maureen have been victimized to the tune of $110,000. The Secret Service is involved, the Postal Inspector is involved, Illinois authorities are involved.
But last November 19th, Mr. Chairman, three days after the fraud alerts were placed on their credit report, a man went into three different Chicago banks, and in a two-hour period applied for $45,000 worth of personal loans in Ray Mitchell's name. Each time the bogus Ray Mitchell presented a valid Illinois driver's license, an Illinois State identification card, and all of the real Ray Mitchell's personal information.
The Mitchells never engaged in so-called risky behavior or behavior that is, quite frankly, typical for millions of American families. They did not put shopping receipts or preapproved credit card offers in the trash. They did not buy things online. They did not do catalogue shopping or pay for credit card purchases over the telephone. There was no stolen wallet or credit cards. Still, someone was able to re-create Ray Mitchell's identity with ease. Because the Mitchells had a history of always paying their bills on time and had a blemish-free credit report, they were a perfect target.
The good news, Mr. Chairman, is that the guy that applied for the loans was arrested the same afternoon. Police arrested him as he tried to leave Bank One in Chicago, after securing a $15,000 loan. He had $5,000 in cash and $10,000 in bank checks payable to ''Raymond Mitchell''.
Page 15 PREV PAGE TOP OF DOC
The bad news is that the judge freed him two days later on a personal recognizance bond, even though he has a criminal record dating back to 1977 and has used seventeen different aliases. Suffice to say that the guy was not shaking in his boots when he was arrested. He told the detective, ''I did not use a gun. I did not use a knife. Call my lawyer and I will plead guilty and they will put me on probation.''
The Mitchells are angry, Mr. Chairman. They agree with the purposes of this bill. There were red flags that should have been noticed by someone, like the thirty inquiries in the Mitchell's credit card report in just sixty days or the numerous change-of-address requests.
Almost every other day the bogus Ray Mitchell was applying for car loans and personal loans. The Mitchells had not had that much activity on their credit report in two decades. They averaged just 1.5 inquiries on their credit report per year.
It is disheartening to me that this legislation is opposed by some folks. I understand that it may increase some costs and it may require more paperwork. But the Mitchells, and people that find themselves like the Mitchells, deserve the attention and the protection of this Congress. And I would just ask unanimous consent to include the rest of my statement in the record so you can move on with your hearing.
Chairman LEACH. All right. Without objection.
And let me thank both of you for your very thoughtful testimony, and more importantly, for realerting the Committee again to a very profound area of concern.
Page 16 PREV PAGE TOP OF DOC
We just have one or two minutes before a vote. Does anyone seek to ask our witnesses any questions?
[No response.]
Chairman LEACH. If not, I would like to recess the hearing pending the votes on the floor. The hearing is in recess.
[Recess.]
Chairman LEACH. The hearing will reconvene.
Our second panel is represented by Ms. Betsy Broder, who is the Assistant Director of the Division of Planning and Information of the Bureau of Consumer Protection of the Federal Trade Commission, and Mr. Bruce Townsend, who is Special Agent in Charge of the Financial Crimes Division of the United States Secret Service.
We will begin with you, Ms. Broder, unless you have a differing agreement.
Ms. BRODER. No, that is fine.
Chairman LEACH. Ms. Broder.
Ms. BRODER. Thank you, Mr. Chairman, and Members of the——
Page 17 PREV PAGE TOP OF DOC
Chairman LEACH. And if I could ask you to withhold for a second.
Ms. BRODER. Yes, sir.
Chairman LEACH. If you would put the microphone up very close, I think it is an easier way you will find to speak and you do not strain as much. Thank you.
STATEMENT OF BETSY BRODER, ASSISTANT DIRECTOR, DIVISION OF PLANNING AND INFORMATION, BUREAU OF CONSUMER PROTECTION, FEDERAL TRADE COMMISSION
Ms. BRODER. Thank you. As you said, my name is Betsy Broder, and I am the Assistant Director for Planning and Information at the Federal Trade Commission's Bureau of Consumer Protection.
I am very pleased to have the opportunity this morning to present the Commission's testimony describing our efforts to help victims, alert industry, and equip law enforcement to deal with this pernicious crime of identity theft.
I would like first to discuss the measures that the Commission has taken to meet the goals of the Identity Theft Assumption and Deterrence Act of 1998 and then describe what we see as the challenges for the future.
Page 18 PREV PAGE TOP OF DOC
The FTC has launched a comprehensive response to ID fraud. Under the 1998 act, the agency was charged with establishing a central repository for identity theft complaints, to refer appropriate complaints to law enforcement and private sector entities, and to provide support for identity theft victims.
This is how we have met these goals. We have established a toll-free hotline—1-877-ID THEFT—for consumers to call to report incidents of identity theft. Callers who call our toll-free line are connected to specially trained telephone counselors, one of whom actually was Mrs. Mitchell referred to earlier by Mr. LaTourette.
These counselors provide information to assist the consumers who find themselves to be victims of identity theft. Our approach is to give consumers the information necessary to help them resolve problems typically associated with identity theft.
While we receive many calls from victims, about 40 percent of our callers are people seeking information to try to prevent this type of crime. Some of these people find themselves especially vulnerable to identity theft, perhaps because they have had their wallet stolen and they want to find out what they can do to prevent identity theft from happening to them.
With these callers, we provide practical tips on identity theft prevention, including ways to protect the type of personal financial information that is frequently exploited by identity crooks. We also refer these callers to our consumer education publication.
Page 19 PREV PAGE TOP OF DOC
Our toll-free number has been up less than a year. We set it up in November of 1999, and so far we have answered almost 30,000 calls. Our call volume has tripled in the last six months, and we believe that this steep growth will continue.
We now receive about 1,000 calls a week to our hotline. When we first set this up, we were receiving 100 calls a month. We are now up to 1,000 calls every week.
Consumer education is a key component of our efforts. Our publication, which I show you here, ''ID Theft: When Bad Things Happen to Your Name'', has been a tremendous hit and an asset to consumers. We have distributed more than 100,000 copies of this publication. The Social Security Administration itself has printed and distributed over 140,000 copies, and about an equal number have been accessed through our identity theft website.
The website links to State statutes, publications, and other information that assists consumers and law enforcement, and it has received about 160,000 visits.
Finally, we are using the complaint information——
Chairman LEACH. If the gentlelady will yield for a second. With regard to your publication, we are going to put that on our website as well, and I think it is a very appropriate one. And I want to congratulate you on putting it together.
Ms. BRODER. Thank you, sir. In fact, it has been an enormously successful campaign, and we know that if we can give some of this information to consumers, they may not be able to prevent consumer ID theft, but they can limit their exposure.
Page 20 PREV PAGE TOP OF DOC
I talked earlier about our hotline. What do we do with the people who call in? Well, we provide assistance, but we also get information from them. We use the complaint information provided by these victims to help law enforcement efforts. We enter consumer's complaints into our ID Theft Data Clearinghouse.
This Clearinghouse is part of our larger consumer fraud network called Consumer Sentinel, which is used currently by more than 260 law enforcement agencies around this country and Canada.
Using a password and special security software, law enforcers use their desktop PC to access Sentinel and through it the identity theft clearinghouse. They search for identity theft perpetrators and victims in their backyard, and they are able to uncover trends through this collection of data that would not be apparent by looking at individual complaints.
We are also developing ways, in accordance with the Act, to provide limited and appropriate access to financial institutions and the three national consumer reporting agencies to allow them to track complaints and trends related to themselves.
I would just add that we receive complaint data from consumers themselves, but we are also receiving data from other agencies and entities to add to our database. Just today, we will be receiving complaint data from the Social Security Administration representing the last two weeks of complaints that they have to include in our database, to make it as rich a repository of data as possible to assist in law enforcement in this area.
Page 21 PREV PAGE TOP OF DOC
Our database has given us some very interesting statistics about identity theft and financial institutions. About 55 percent of the victims who contact our hotline report that an ID thief either opened or took over a credit card account. Eighteen percent report that a bank or a checking account had been opened in their name and/or that checks had been fraudulently written in their name, and 11 percent report that loans were obtained in their name.
Of course, you realize that each of these violations may have occurred to the same person. They may have had a bank account opened in their name, and a credit card takeover. People suffer numerous types of harm.
Our Clearinghouse also collects complaints about the ways in which banks and other financial institutions handle ID theft. That is, have their business practices unnecessarily exposed people to this crime, or have they been responsive to their customers' needs as victims of ID theft? Again, as we build out our system, we will make this information directly available to those institutions through limited access to the Clearinghouse.
Private sector and legislative proposals have also emerged to help protect against identity theft. H.R. 4311, from this Committee, is one such response.
The Senate version of this, S.R. 2328, contains many of the same provisions, and the Commission has come out strongly supporting these proposals. Giving consumers access to information when there are changes of address; providing them with free credit reports every year from each of the major credit reporting agencies. All of these measures give consumers access to information about themselves that could reveal vulnerability to, or actual victimization of, identity theft.
Page 22 PREV PAGE TOP OF DOC
We think these are very positive and helpful measures, and we support them.
Finally, we are working closely with many private sector groups to uncover ways to help improve prevention and victim assistance.
In late October we will be hosting a workshop on victim assistance and identity theft. We have invited all interested parties—the consumer reporting agencies, consumer groups, Government agencies, financial institutions—to help us set up the agenda.
We hope to able to use this forum as an opportunity to start developing a standardized complaint affidavit, something that is also referred to in H.R. 4311, so that consumers will only have to fill out one form when they have been a victim of identity theft, and this form will be accepted by all financial institutions.
We will also be pursuing, with our sleeves rolled up, other practical ways to assist consumers who have been victims of identity theft.
Thank you, Mr. Chairman and Members of the Committee, and I would be happy to answer any questions you may have.
Chairman LEACH. Thank you very much, Ms. Broder.
Mr. Townsend.
Page 23 PREV PAGE TOP OF DOC
STATEMENT OF BRUCE A. TOWNSEND, SPECIAL AGENT IN CHARGE—FINANCIAL CRIMES DIVISION, U.S. SECRET SERVICE
Mr. TOWNSEND. Good morning. Mr. Chairman, Members of the Committee, thank you for the opportunity to address the Committee on the subject of identity theft and the Secret Service's efforts to combat this problem.
I have prepared a comprehensive statement which will be submitted for the record. And with the Committee's permission, I will summarize it at this time.
Chairman LEACH. Without objection, your statement will be fully in the record if it has not been fully presented.
Mr. TOWNSEND. In addition to providing the highest level of physical protection to our Nation's leaders, the Secret Service exercises broad investigative jurisdiction over a wide variety of financial crimes.
As the original guardian of our Nation's financial payment systems, the Secret Service has a long history of pursuing those who would victimize our financial institutions and our law abiding citizens.
In recent years, the combination of the information technology revolution and the effects of globalization have caused the investigative mission of the Secret Service to evolve in a manner which cannot be overstated.
Page 24 PREV PAGE TOP OF DOC
Today we are faced with a new challenge. That of identity theft. We in the Secret Service view identity theft as a disturbing combination of old schemes and abuse of the emerging technologies. However, it should be clear. This crime is about more than the theft of money or property. This crime is about the theft of things that cannot be so easily replaced. A person's good name, a reputation in the community, years of hard work and commitment to goals.
Make no mistake about it, this crime is a particularly invasive crime that can leave victims picking up the pieces of their lives for months or years afterward.
Mr. Chairman, we in the Secret Service applaud your efforts in convening this hearing today. We stand ready to work with you and all the Members of the Committee in attacking the crime of identity theft.
It is our belief that hearings such as this will be the catalyst to bring together the resources of both the State and Federal Governments in a unified response to the identity theft problem.
As we enter the next century, the strength of the financial industry has never been greater. A strong economy, burgeoning use of the internet and advanced technology, coupled with increased spending has led to fierce competition within financial sector.
Although this provides benefits to the consumer through readily available credit and consumer-oriented financial services, it also creates a rich environment for today's sophisticated criminals, many of whom are organized and operate across international borders.
Page 25 PREV PAGE TOP OF DOC
In addition, information collection has become a common byproduct of the newly emerging e-commerce. Internet purchases, credit card sales and other forms of electronic transactions are being captured, stored, and analyzed by entrepreneurs intent on increasing their market share. This has led to an entirely new business sector being created, which promotes the buying and selling of personal information.
With the advent of the internet, companies have been created for the sole purpose of data mining, data warehousing, and brokering of this information. These companies collect a wealth of information about consumers, including information as confidential as their medical histories.
Data collection companies, like all business, are profit motivated, and as such, may be more concerned with generating potential customers rather than the misuse of information by unscrupulous individuals.
This readily available personal information, in conjunction with customer-friendly marketing environment, has presented ample opportunities for criminals intent on exploiting the situation for economic gain.
The Secret Service has investigated cases where criminals have used other people's identities to purchase everything from computers to houses. Financial institutions must continually practice due diligence lest they fall victim to the criminal who attempts to attain a loan or cash a counterfeit check using someone else's identity.
Page 26 PREV PAGE TOP OF DOC
As financial institutions and merchants become more cautious in their approach to hand-to-hand transactions, the criminals are looking for other venues to compromise. Today, criminals need look no further than the internet.
For example, an internet fraud investigation conducted by the Secret Service, the Department of Defense, the Postal Inspection Service, and the Social Security Administration Office of the Inspector General, highlighted the ease with which criminals can obtain personal information through public sources.
These defendants accessed a website that published the promotion list of high-ranking military officers. This site further documented personal information on these officers that was used to fraudulently obtain credit, merchandise, and services.
In this particular case, the financial institution, in an effort to operate in a customer-friendly manner, issued credit over the internet in less than a minute. Approval for credit was granted after conducting a credit check for the applicant, who provided a true name and matching true Social Security number. All other information provided, such as the date of birth, the address and telephone number that could have been used for further verification, was fraudulent.
The failure of this bank to conduct a more comprehensive verification process resulted in substantial losses; and more importantly, a long list of high-ranking military officers who became the victim of identity fraud.
The internet provides the anonymity that criminals desire. In the past, fraud schemes required false identification documents and necessitated a face-to-face exchange of information in identity verification. Now with just a laptop and modem, criminals are capable of perpetrating a variety of financial crimes without identity documents through the use of stolen personal information.
Page 27 PREV PAGE TOP OF DOC
The Secret Service has investigated several cases where cyber criminals have hacked into internet merchant sites and stolen the personal information and credit card account numbers of their customers. These account numbers are then used with supporting personal information to order merchandise, which is then transshipped throughout the world. Most account holders are not aware that their credit card account has been compromised until they receive their billing statement.
The Secret Service continues to attack identity theft by aggressively pursuing our core violations. It is by the successful investigation of criminals involved in financial and computer fraud that we have been able to identify and suppress cases of identity theft.
The Secret Service's investigative program focuses on three areas of criminal schemes within our core expertise.
First, the Secret Service emphasizes the investigation of counterfeit instruments. By ''counterfeit instruments'', I refer to counterfeit currency, counterfeit checks, both commercial and Government, counterfeit credit cards, counterfeit stocks or bonds, and virtually any negotiable instrument that can be counterfeited.
Many of these schemes would not be possible without the compromise of innocent victims' financial identities.
Second, the Secret Service targets organized criminal groups which are engaged in financial crimes on both a national and international scale. Again, we see many of these groups, most notably the West African and Asian organized criminal groups, prolific in their use of stolen financial and personal information to further their financial crime activity.
Page 28 PREV PAGE TOP OF DOC
Finally, we focus our resources on community impact cases. The Secret Service works in concert with the State, county, and local police departments to ensure our resources are being targeted to those criminal areas that are of a high concern to the local citizenry.
Further, we work very closely with both Federal and local prosecutors to ensure that our investigations are relevant, topical, and prosecutable under existing guidelines. No area today is more relevant or topical than that of identity theft.
The Secret Service acknowledges that identity theft is a very real problem and pledges its support in the Federal Government's efforts to eliminate it.
Mr. Chairman, this concludes my prepared statement. I would happy to answer any question that you or other Members of the Committee have. Thank you.
Chairman LEACH. Well, thank you very much. And I thank both witnesses.
We have a very, very large problem. One element—and I stress it is only one element of the problem—is a professional class of facilitators who are lawbreakers. And I remain absolutely astonished that after passage of a law that says that identity theft is by national statute illegal, subject to fine and imprisonment, that it is as wantonly advertised.
I have never known any area of criminal behavior in which one advertises that they are going to do a criminal misdeed, and bizarrely, advertised in legal publications, that is, advertised to officers of the court, that a company is prepared to do illegal acts for a fee.
Page 29 PREV PAGE TOP OF DOC
And I would like to introduce or reintroduce, because the FTC once did a sting, the word ''sting'' to law enforcement in this area. It is inconceivable to me that anybody should be advertising to do these things. And when our Committee hit eleven of eleven through public advertisements of people willing to steal someone's identity or get information based upon false identity presentations, there is something that is not being met in an active way, and I turn to the FTC.
Have you brought any enforcement actions against any of these companies?
Ms. BRODER. Mr. Chairman, pretexting is not new to the Federal Trade Commission. We have, in fact, brought a case against a pretexter.
Chairman LEACH. This was the one in Colorado?
Ms. BRODER. Yes, the Touchtone case. And this was prior to the passage of Gramm-Leach-Bliley.
Chairman LEACH. Sure.
Ms. BRODER. And in that case, the information broker, a company called Touchtone, posed as the consumer, asked the bank for that consumer's private financial information, and then they sold that information to a third party; of course, without the knowledge or consent of the account holder.
Page 30 PREV PAGE TOP OF DOC
We have obtained a judgment against Touchtone and its principals which prohibits them from pretexting except for those exceptions allowed by Gramm-Leach-Bliley, and we have extracted a $200,000 suspended judgment.
Since the passage of the Gramm-Leach-Bliley Identity Theft Act, we have taken further steps, further tools to track down and further prevent the pretexting.
But, we too are aware, Mr. Chairman, that notwithstanding the passage of Gramm-Leach-Bliley, pretexting persists. And while today I am not able to discuss ongoing investigations, we are mindful of this problem, and we will use our Gramm-Leach-Bliley enforcement authority under H.R. 521 to target appropriate cases in keeping with our resources as an agency.
Chairman LEACH. Well, I would first of all suggest that the FTC listen very carefully to one of our following witnesses and what he has to say. And I would also ask the FTC to be in contact after this hearing with my Committee staff about what they did, how they did it, and the simplicity of receiving affirmations that people were willing to do illegal activities.
Ms. BRODER. We will certainly follow up, Mr. Chairman.
Chairman LEACH. And, I mean, it is inconceivable to me that you cannot simply look at advertisements and reach some conclusions on actions that can follow.
In addition, it has struck me that there has been an inadequate education effort to the legal community. I mean, if people advertise in legal publications, that is an invitation for a lawyer to use services. And I think it should be clear that a lawyer could be accountable under the law if he or she knowingly uses a service that itself uses illegal methodologies.
Page 31 PREV PAGE TOP OF DOC
And I do not know what outreach you have to the various Bars of the country, but I would certainly think that strong advisements would be in order.
With regard to the Secret Service, Mr. Townsend, I am very impressed with one of your premises that the Secret Service is the guardian of our financial payment system, which I think is a very profound obligation.
And my own view is that of all the criminal activity that is rising in the world today, it relates to this. And I am not convinced that you have all the adequate resources you need, and I am wondering if you would like to opine on this.
And as I look at the year-end budgeting circumstance in Congress, I have directed my staff to look at this issue, because I think that the assumption of the Secret Service's jurisdiction of one nature in the popular mind does not relate to some of the activities and areas of concern in other areas.
And I am wondering if you would be willing to indicate whether you think the Secret Service needs more resources with regard to payment system issues.
Mr. TOWNSEND. With regard to payment system issues and more broadly, our evolving investigative jurisdiction, clearly, resources are stretched thin.
I mentioned earlier that the lay of the land with regard to identity theft and the broader issue of financial crimes has really changed in the last five years with this concept we refer to as globalization.
Page 32 PREV PAGE TOP OF DOC
We have had to go global to stay up with the criminals. Today, the Secret Service has special agents deployed on a permanent basis to eighteen United States embassies around the world.
In years past when we worried about our identities being compromised, we had to worry about perhaps our mail being stolen out of our mailbox or our wallet being stolen. Today, with computer technology, information technology generally, a hacker in a country can literally steal from our technological boxes around the world. And in order to be responsive, we in the Secret Service have deployed our personnel in a global fashion.
This, of course, does stretch existing resources.
Chairman LEACH. Can you give us some order of magnitude of the Secret Service today? How many people in it?
Mr. TOWNSEND. The Secret Service today is at about 2,800 Special Agents, and we are an agency that is changing.
Over the last two years, the Congress, with the support of many of you on this Committee, have supported additional Special Agent positions, which we, as I mentioned, we have deployed around the world.
Additionally, we are deploying them to our major field offices domestically in order that we can be more effective to attack issues like this.
Page 33 PREV PAGE TOP OF DOC
Chairman LEACH. Well, thank you very much.
Mr. TOWNSEND. Yes, sir.
Chairman LEACH. Mr. LaFalce.
Mr. LAFALCE. Thank you very much, Mr. Chairman.
Mr. Chairman, by your comments, I appreciate the gravity with which you take this issue, and I think that gravity is extremely warranted. I share it, as do many other Members on both sides of the aisle—Ms. Hooley, Mr. LaTourette, many others. And I know it is very, very late in the session and it would be very difficult to pass legislation, but I would hope that we could mark this legislation up at least and attempt to get it to the House floor, and then who knows what would happen during the Omnibus bill. Because this is an extremely serious problem, as has been testified, of epidemic proportions.
Ms. Broder, you indicated that FTC supports the preventive measures proposed in H.R. 4311, correct?
Ms. BRODER. Correct, sir.
Mr. LAFALCE. OK, fine. Now I think we are going to hear from trade associations that the measures are unnecessary and the problems you have identified can be addressed through voluntary self-regulatory measures. How would you respond to those arguments?
Page 34 PREV PAGE TOP OF DOC
Ms. BRODER. We believe that the measures in H.R. 4311 and its companion bill, S.R. 2328 in the Senate, are necessary because we have not seen a great response on the self-regulatory front, quite frankly.
And while initiatives have been announced, we have not seen any changes implemented, for example, among the consumer reporting agencies.
Now we know that fraud alerts are placed on a consumer's credit file when they call into their credit reporting agency, but we also know that in many cases those fraud alerts are neither clear nor conspicuous. One of the provisions in H.R. 4311 is to make certain that those fraud alerts do what they are supposed to do.
So there are many measures within this bill that we think are very practical and would in fact assist consumers and have not been undertaken by private industry itself.
Mr. LAFALCE. Both Mr. Townsend and Ms. Broder, if you were on this Committee or a Member of Congress and could initiate and pass legislation to deal with the problem of identity theft, what do you think might be either necessary or desirable legislatively? We will start with you, Mr. Townsend.
Mr. TOWNSEND. Sir, clearly the data that we are getting and the trends that we are seeing indicate that the criminal suspects we need to be most concerned about are operating online. They are operating in the cyber world. And I would submit, respectfully, to the Committee that legislation that would be drafted address specifically the cyber issues.
Page 35 PREV PAGE TOP OF DOC
Frequently, as we have seen in the last two or three years, the amendment of 18 U.S.C. 1028 to move away from a certain number of false identification documents to address the fact that information can be downloaded now from the internet.
So I would submit respectfully that legislation address crimes that are committed via the use of the internet and computers.
Mr. LAFALCE. All right.
Ms. Broder.
Ms. BRODER. And I would agree with everything Mr. Townsend said. I would also suggest at this time that we have some fairly young legislation out there. We have certainly criminalized, or Congress has criminalized, identity theft.
We have established the central repository of identity theft complaints. And we believe that this will provide tremendous incentive for prosecutors to be able to go after identity theft. Not only do they have the data now, they can see the picture rather than individual complaints.
So I would suggest perhaps that it is time to see how the system is working with what we have in place, and should H.R. 4311 be enacted into law, with those provisions, too, to help prevent identity theft, as opposed to the prosecution.
Page 36 PREV PAGE TOP OF DOC
Mr. LAFALCE. We are talking about both prevention, which is necessary, and prosecution, which is necessary.
Now forget about legislation. What could you do to enhance the prosecution of identity theft? I mean, who can prosecute? Is it a local county district attorney? Is it a State attorney general? Is it the U.S. attorney, or is it all of the above, depending? And to what extent are prosecutors equipped to handle the growing epidemic?
And how could you engage in an outreach effort to enlist them to prosecute these cases as a priority item which might turn out to be the best preventive measure we could take?
Ms. BRODER. It is a priority item.
Mr. LAFALCE. For whom? And how do we make it a priority item for all the prosecutors?
Ms. BRODER. You have asked a series of questions. Let me first tell you who it is that prosecutes these cases. It is now a Federal crime to engage in identity theft. So any U.S. Attorney's office can prosecute these crimes.
Seventy-five percent of the States have statutes prohibiting identity theft, so there can be State, and in some cases, local prosecution of these crimes.
As I have mentioned, I think one of the problems is, when a——
Page 37 PREV PAGE TOP OF DOC
Mr. LAFALCE. You say in some cases. Aren't most every local county attorney or prosecutor able to prosecute violations of State laws?
Ms. BRODER. I think generally that is so, sir.
Mr. LAFALCE. And with respect to the 25 percent of the States that do not have laws, is there any effort that we could make to get them to pass laws in those States to enable their prosecutors to also prosecute this crime?
Ms. BRODER. I think this is the trend that we are going to see, sir.
Mr. LAFALCE. Under the Federal law that exists making it a Federal crime, do the local prosecutors have the capacity to prosecute for violations of Federal law?
Ms. BRODER. No they do not.
Mr. LAFALCE. Can we enable them to do that? I am just asking questions.
Ms. BRODER. Sir, we know that under certain civil statutes, for example, the Home Equity Protection Act, the Telemarketing Sales Rule, the 900 Number Act, the Federal Trade Commission and State attorneys general have enforcement authority. So there is this joint jurisdiction and enforcement authority on a civil level.
Page 38 PREV PAGE TOP OF DOC
I am not aware, Mr. LaFalce, on the criminal side of whether that is a common measure.
Mr. TOWNSEND. If I could respond, sir, to your first issue regarding prosecution. Clearly, as you have mentioned, it is a Federal crime. And in the case of the Secret Service, we aggressively pursue those for presentation to the various United States Attorneys offices.
But more importantly, I mentioned in my opening statement, one of the critical components of the Secret Service investigative strategy is community impact cases. And that varies widely across this country from judicial district to State to various counties.
We regularly present for prosecution identity theft cases to State and local authorities if in fact in that area that is a community impact issue. It may not meet the Federal threshold for prosecution, but we in the Secret Service regularly submit, testify in open court, all of the resources of the Secret Service in terms of expert testimony, forensic service analysis are available to the State and local prosecutors.
If in fact that is deemed to be a community impact case, that is an important issue, wherever it may be, we would then go into the State court if for whatever reason the Federal system were unavailable to us through the thresholds or other reasons.
You also asked a question about resources. Clearly, prosecutors, like many in the criminal justice system, feel besieged by a competing number of priorities. I can report to you that on November the 27th, the Secret Service, along with the Treasury Department, will host an identity theft workshop focused on enforcement efforts. And we hope to host local prosecutors and their local police and State counterparts in order that we can move this issue along.
Page 39 PREV PAGE TOP OF DOC
Clearly, there is work to be done, but in the Secret Service, we view partnerships with State and local governments as critical to our effort.
Mr. LAFALCE. Is there a committee of the National District Attorneys Association that deals specifically with the issue of identity theft? At the State or national conventions of the District Attorneys Association, do you attempt to put seminars before them at their meetings or make presentations on the issue of identity theft?
I just see this, because of the proliferation of the usage of the internet and the availability of so much personal data—if it is epidemic now, it is going to be geometrically increasing epidemically in the future—and so we have to wage war.
Mr. TOWNSEND. If I could respond, public education is also a key regarding this variety of financial crimes that we investigate. I find myself sometimes having to make difficult decisions because of the demand for our Special Agents to make public presentations versus actually working the cases we need to be working.
But we have such a demand for presentations, and we have long lists and regular—we have people literally today in Mexico City making presentations on this topic and deployed elsewhere around the country speaking to these kinds of groups.
So, your point is well taken. Public education is a key component, and it is one that we try to pursue.
Page 40 PREV PAGE TOP OF DOC
Chairman LEACH. Ms. Biggert.
Ms. BIGGERT. Thank you, Mr. Chairman. I was amazed going on the internet, at the amount of information that could be gathered from one of the companies, I think the investigative company.
And, for example, they no longer will provide Social Security numbers, but in a location search, they can locate, by Social Security number, the name of a person for $43. They can locate a current address from a phone number. For $25, you can have the date of birth of somebody. For financial searches, you can get a bank account balance for $45.
A bank account search costs you quite a bit of money, $249, to find out what somebody's bank account is. You can get bank account activity detail for $99. More information is the property records by name for $37, property records by address for $32.
I am astounded by the personal information that can be garnered just from the internet.
Now, apparently, the Social Security number is a little bit harder to find, but could you not just go with a made-up a Social Security number until you find somebody that you you want to assume their identity, even if they do not have that Social Security number or they had a hacker find the Social Security number, and then proceed from there?
Ms. BRODER. Identity thieves are tremendously resourceful, and they can obtain this type of information legally and illicitly, and generally they have many ways of doing so.
Page 41 PREV PAGE TOP OF DOC
We know that there is legislation being considered now to prohibit the offering for sale and purchase of Social Security numbers. So there are measures being undertaken.
Certainly with the internet, information that had been publicly available before is available on such a widespread basis, it can be disseminated so broadly that it is causing all of us concern.
It is time to stop and look at these practices in this cyber world and determine the balance between access to information and privacy interests.
Ms. BIGGERT. I think people would be absolutely amazed if they knew that people had access to their bank account balance and their activity every month.
But several of the proposals, including H.R. 4311, deal with the issue of removing the Social Security number from the header of credit reports.
I know that there has been some opposition to that and some are saying that it would actually detract from the accuracy of the credit reporting system, with the consequences being an inability to locate heirs, deadbeat debtors or others who there is an interest in identifying.
Do you think this is a valid concern? And if so, how would you address it?
Ms. BRODER. We do not think it is a valid concern. They will have access to the information if they have a permissible purpose under the FCRA. That is, entities who obtain a consumer's consent who can get access to this information, so we do not find it a compelling argument.
Page 42 PREV PAGE TOP OF DOC
Ms. BIGGERT. All right. Thank you.
And then, Mr. Townsend, I think that there was a U.S. News & World Report recently that reported the indictment of two Government employees for allegedly using information from the FDIC and the Department of Health and Human Services to commit identity theft.
In addition, there was a report issued by Congressman Horn of the Government Management and Information Committee, which gave very low marks to computer security systems in the Government agencies.
Do you think that the Federal Government has adequate procedures in place to protect its employees and citizens whose personal information is on their centralized databases from identity theft?
Mr. TOWNSEND. Well, I can tell you that the Secret Service is a law enforcement bureau within the Treasury Department, and as such, we are charged with looking at intrusions and so forth within the Treasury system.
Although I have not read the report in detail, as I recall, the Treasury was not listed, fortunately, as one of those which was having problems.
I really have to tell you that I am not intimately familiar with the other systems. I can tell you that, with regard to the Treasury system, we have not investigated intrusions during my tenure there.
Page 43 PREV PAGE TOP OF DOC
But clearly, your point—and you referred to the U.S. News article from I believe August the 31st—clearly, this is an area in which we in the Government need to get our houses in order also. It is an area that is highly topical, it is discussed daily, and it is one that certainly we are going to be pursuing in the days to come.
Ms. BIGGERT. Thank you.
Thank you, Mr. Chairman.
Chairman LEACH. Well, thank you very much.
Mrs. Maloney.
Mrs. MALONEY. Thank you, Mr. Chairman, for calling this hearing. And I applaud my colleague, Darlene Hooley, for her bill.
It has been pointed out in Ms. Biggert's statement and others that the societal changes of the information age have really improved our lives, they have helped the economy, but in the area of privacy and protecting the personal information of individuals, I believe this Congress has really fallen far behind in providing legal protections for our constituents.
I know that identity theft is growing problem. I am getting more and more calls in my office about it. And I think by giving one example it helps illustrate what we are hearing in our offices.
Page 44 PREV PAGE TOP OF DOC
One such victim is a Mr. Ahmed who lives and works in Manhattan, and he has been battling credit reporting agencies for five years. Five years ago, he discovered that someone had stolen his Social Security number in order to obtain fourteen credit cards.
When he ordered copies of his credit reports, he was astounded to find two names with two different occupations and two different birthdates on the reports. Even with such glaring errors on his credit report, and after obtaining a police report to back up his claim, the credit reporting agencies were largely totally unresponsive in assisting him in clearing his name.
The agencies informed him that they had contacted the credit issuing banks, and having received confirmation that the Social Security numbers that the banks were using matched, would continue to include the information from both names on his credit report.
The credit issuing banks were also of little help. After writing to all fourteen, only four responded over a three-year period, and even some of the account information from the four remained on Mr. Ahmed's credit report. In all, the identity theft defaulted on over $20,000 in charges for which he received collection notices.
Despite the fraud alert that has been on his credit report since 1995, and the terrible credit record, he continues to receive credit card solicitations. He and his wife continue to monitor his credit report, and every time they think that the problem is completed, they find a new fraudulent account on this report.
And this has been going on for five stressful years, and they have invested literally hundreds of hours trying to clear his name. Just last week they were initially denied a mortgage until the situation was again explained to the bank. They now they face an even more stringent review. In this coming week, they have to appear before a New York co-op board and explain once again why their credit history has had such a turbulent past.
Page 45 PREV PAGE TOP OF DOC
And I really want to let the representatives of the credit reporting agencies in the audience today know that I will continue to follow his case and other constituents' cases. And I really feel, Mr. Chairman, that all of our constituents deserve the extra protections of sensitive information that is provided in the Hooley bill, and I feel that we need to adopt it in this Congress.
I would like to first of all ask Mr. Broder, in your testimony, you indicated that the FTC is receiving—or rather, Mrs. Broder—a thousand calls a week regarding identity theft. And first of all, how many other FTC hotlines receive anywhere near this many consumer contacts?
Second, when consumers call the FTC hotline, they are advised to contact the credit reporting agencies. From my own experience that is illustrated in the case that I just gave you, many of my constituents are totally frustrated with the response from the agencies.
The constituent whose case that I just spoke about, indicated of the three that he contacted, the TransUnion Fraud Department was by far the most helpful. And how does the FTC monitor what is happening to our constituents when our constituents call and relay these problems?
Specifically, do you make sure that the credit reporting agencies are answering their fraud lines with real people and not just computers that never follow up? Have you—or do you—test the credit reporting agency's ability to actually resolve an identity theft case? Or are more people than my constituents and Mr. Ahmed, who is just running around in circles, really not receiving help from anyone in his particular case? So I look forward to your answers.
Page 46 PREV PAGE TOP OF DOC
Ms. BRODER. One of the measures that we hope to enter into with the consumer reporting agencies is one-stop shopping. If there is one constant that we hear from victims, it is that they have to call each of the three major consumer reporting agencies and the Federal Trade Commission and all of their creditors to take care of things.
One measure that we would like to enter into with the three major credit reporting agencies is one-stop shopping; that is, they either call the FTC at our hotline or call one of the three major credit reporting agencies to place a fraud alert on their file and that it goes to all three offices.
We have not made progress toward pursuing that. We think that it would be of great help to consumers who are so burdened with——
Mrs. MALONEY. Do you ever monitor? Do you ever go in and take a case and see if they are actually solving it? I have got about five cases that are very similar to his, where they say they call everyone and no one ever does anything and it is now five years, four years, three years, and they are running in circles.
Ms. BRODER. Well, I would offer to you, Mrs. Maloney, first our toll-free hotline for you to provide to your constituents so they can talk to our specially trained telephone counselors and be given the information.
Many consumers know they have to call the consumer reporting agencies for fraud alerts. Do they know they should also call the Department of Motor Vehicles to find out if someone obtained a driver's license in their name? Do they know they should also contact the Social Security Administration to see if there is other misuse, if people are making money, earning wages in their name, and incurring tax liability?
Page 47 PREV PAGE TOP OF DOC
So there are many steps, a lot of information that our phone counselors can provide.
We do follow this data. We collect data in our database that shows how responsive the financial institutions are and the consumer reporting agencies, all of those associated entities that consumers have to deal with when they are victims of ID theft. And we look forward to putting a little pressure on them, you know, to get them to be more responsive.
Is there a legal responsibility? They are supposed to correct erroneous reports on a consumer's file, but we know that in many cases after consumers have gone in and gotten a correction on their report, the same debt pops up again, which is why in our testimony we make the rather dire, but perhaps at this time appropriate statement that often identity theft is unavoidable, undetectable, and unstoppable. Unstoppable, because it keeps rising up just when the consumer believes that he or she has settled out all of these problems, they keep coming up.
We are working very, very hard both with individual consumers and with the financial industries to try to approach this, but I share your frustration.
Mrs. MALONEY. Well, my time is up. Thank you.
Chairman LEACH. Thank you very much.
Mr. LaTourette.
Page 48 PREV PAGE TOP OF DOC
Mr. LATOURETTE. Thank you, Mr. Chairman.
Agent Townsend, I want to follow up with the excellent questions that Mr. LaFalce was asking.
You talked about the Federal threshold a couple of times. What is a Federal threshold?
Mr. TOWNSEND. When we discuss Federal thresholds, what we are referring to are prosecutive guidelines, if you will. Those are set by the individual United States Attorneys in their respective judicial districts. So as you can imagine, the prosecutive guidelines are different in the Central District of California as opposed to the Central District of Illinois.
Mr. LATOURETTE. And that is an excellent point, and that is what I thought you were talking about. Because in my testimony when I was talking about the family from Lake County, Ohio, the Mitchells, they had the misfortune at the time they reported it to the Federal authorities of only having lost $80,000. They had not crested $100,000. And so their fondest hope was that the thieves would take another $20,000 from them so that they could get the attention of the U.S. Attorney in Cleveland. And that seems to be a problem.
And then what happens is—before this job, I was a district attorney in Ohio—and what happens is that what you have available then if the Federal prosecution is not initiated, the miscreant is arrested in Chicago, the full panoply of charges available to a Federal prosecutor is not available to the prosecutor in Chicago, because the crime committed in Chicago was going to get one $15,000 loan. That becomes something in most States that is a felony, punishable by eighteen months. And I made the observation when the fellow arrested he said, ''I did not use a gun. I am going to get probation'' even though he had a record going back to 1977.
Page 49 PREV PAGE TOP OF DOC
So it really seems to be that we have not given prosecutors anything if the Federal threshold is going to be a certain amount, identity theft is not a crime. Identity theft, when you steal a lot of money is a crime, and it seems to me that one of the things that we could do is to somehow massage those Federal thresholds. Otherwise we are going to have disparate prosecutions.
And prosecutors all over the country are busy. The guy in Chicago who is worried about the murderers and the rapists and the burglars does not care about some lady in Madison, Ohio that lost $100,000 to a guy that got a loan. And I would be interested, one, in any thoughts that you have on that.
And then, two, one of the things that concerns the victims of identity theft that I have talked to are not only what Ms. Broder was talking about, and that is, it seems you have to do all the work. I mean, you have got to call everybody in town, and it does not get in the file. As a matter of fact, some of these loans that were made to the crooks were made after the phone calls had been made. And so one-stop shopping would be a wonderful addition to what it is you are doing.
But what they are also concerned about—and any knowledge that you have about the market for this information. We have three guys now in jail in Chicago. They are concerned that they sold it to three more guys in Colorado and that there is a move to traffic this information, not only to steal it and use it once, but then also to sell it to other people that want to engage in similar criminal activity. And any information that you have on that I would be interested in hearing.
Page 50 PREV PAGE TOP OF DOC
Mr. TOWNSEND. Sir, you have hit on two key issues. We share your frustration at times with regard to Federal prosecutive thresholds or guidelines. As you know, the United States Attorneys have wide prosecutorial discretion as to what they do prosecute.
And you make the point federally we can bring people much more easily back and forth across judicial lines as opposed to extraditing under the State courts. But we do make efforts——
Mr. LATOURETTE. If I could interrupt you for just a second. You also have jurisdictional problems. I mean, the reason that it is a smaller crime in Chicago is, especially if it is on the internet, that these crimes could have been committed all over the country, and all the guy in Chicago gets to do is what happened in Chicago.
Mr. TOWNSEND. You make a very good point, which relates to this issue of globalization. If the hacker in Moscow hacks into a system in Chicago, sends the identity to a co-conspirator in Buenos Aires who buys property and transships it to Miami and sells it to unsuspecting people, where did the crime occur? And it takes about that long to transact that transaction. So your point is well taken.
Second, with regard to the marketing of this information, there is no question that we have seen a migration of organized criminal groups who formerly dealt in crack cocaine, weapons and so forth, into this very lucrative area.
And within the Chicago area that you mentioned, well-known street gangs are now moving into this area, because, as you say, the sentencing guidelines are not perhaps what we would all like them to be. They know that violent crime is a priority. And additionally, they are able to traffic second and third and fourth time among other members of the gangs these identification documents and full identities.
Page 51 PREV PAGE TOP OF DOC
Mr. LATOURETTE. Thank you very much.
Thank you, Mr. Chairman.
Chairman LEACH. Ms. Hooley.
Ms. HOOLEY. Thank you for your testimony. I have question for Ms. Broder. First of all, thank you for all the work that you have done, and I know you have not had very much time to get this up and running.
And when I have constituents call, you are very good at helping victims help themselves. However, as far as law enforcement goes, it seems that your hands are still somewhat tied. What types of authority do you think you need to further combat this problem?
Ms. BRODER. Well, as you know, we have civil enforcement, not criminal enforcement authority. And we have used that in cases of identity theft. We just recently obtained a judgment against a company based in California.
We have a judgment for $37 million for a company that was billing consumers' credit cards for purchases they did not make. They were cramming charges onto their credit card. That is a violation of the Identity Theft Act of 1998, because they were using consumers' identity, their name and their credit card numbers to commit a crime.
And so we will continue vigorously to exercise our authority under Section 5 for unfair and deceptive acts and practices that involve identity theft. We believe that that is a very full granting of jurisdiction for us to address many issues civilly.
Page 52 PREV PAGE TOP OF DOC
But we do know that we rely upon our criminal enforcement colleagues to add a little more muscle there for criminal enforcement, for serious jail time under the Identity Theft Act.
Ms. HOOLEY. You talked about one-stop shopping that you had not found people too cooperative to make that happen. And we have talked to a number of victims of identity theft, and that is the problem.
I mean, there are a lot of problems with it. I mean, people just feel so violated with this, and it comes up. I mean, something like 55 percent of the cases have gone on over four years, so it is just a constant—I mean, it is there all the time with them.
So it is much more than just money being taken. And most of the time, money is not that—I mean, they do not have to pay the money, so it is just this feeling of violation that somebody is out there impersonating them all the time.
But what would it take to motivate other organizations to join with you in this one-stop, how do we let everyone know, Motor Vehicles, the credit bureaus, what would that take?
Ms. BRODER. We are working very closely. We are trying to work very closely with all of the affected entities, public and private consumer groups to answer that question.
Page 53 PREV PAGE TOP OF DOC
You know, specifically, if you ask me what will it take to get the credit reporting agencies to step up and engage in one-stop shopping, I guess I would have to address that to one of the later witnesses on a later panel today.
But we are always available to discuss these initiatives with any other entities. And in fact, we hope that our workshop later in October will be just such an opportunity.
Ms. HOOLEY. OK.
Mr. Townsend, thank you again for all that you are doing and for your testimony. This piece of legislation that we have introduced, H.R. 4311, is really trying to deal with the prevention. And fraud alerts have to be put on. We are trying to codify that so that they actually have to use those. Again, this is a prevention piece, not necessarily the enforcement that we have dealt with in other pieces of legislation.
But since you are in enforcement, what can Congress do to help law enforcement help victims and put these criminals behind bars? What do we need to do both nationally and to help local law enforcement?
Mr. TOWNSEND. I think some of the points that Mr. LaTourette raised are interesting with regard to your question. One area that we have not touched a great deal on today is sentencing guidelines.
Clearly, the effect that this crime of identity theft is having in our community, I believe that Congress could support looking once again at where the sentencing guidelines put identity theft and perhaps this joint effort between the FTC, Congress, the Secret Service and our other partners might institute a new look at where the sentencing guidelines could go.
Page 54 PREV PAGE TOP OF DOC
Ms. HOOLEY. OK. Thank you.
Chairman LEACH. Mr. LaFalce.
Mr. LAFALCE. I thank the Chairman. I will only take a minute for one question.
Is the advertising of what is criminal intent to steal an identity—is the advertising, in and of itself, criminally prosecutable?
Mr. TOWNSEND. My understanding is that it is not. And, of course, let me once again say that what may be prosecutable in one particular district is not the case in another. United States Attorneys——
Mr. LAFALCE. I am thinking now with respect to not thresholds, but just the law itself. If we had a U.S. Attorney who wanted to prosecute advertising that clearly advertises with a criminal intent, could it be done under existing law? That is the first question.
The second question, if it could be done under criminal law, could we pass a law that would be both constitutional and practically enforceable? In other words, I am thinking of the ability to—you say people are advertising, can we go in there and stop them by prosecuting them criminally before they do the injury? Have they done enough injury to the public in some way by advertising?
Page 55 PREV PAGE TOP OF DOC
If somebody intends to murder you and we see—is there a conspiracy law that is applicable? And they are into a conspiracy with the millions of people who use the internet.
Mr. TOWNSEND. You have asked obviously a very complex issue which a team of lawyers would——
Mr. LAFALCE. Well, I would like a team of lawyers to huddle together and respond to me.
Mr. TOWNSEND. Yes, sir.
Chairman LEACH. Will the gentleman yield?
Mr. LAFALCE. Yes, surely.
Chairman LEACH. There is a further point. Are there enforcement actions against advertising criminal intent? The FTC brings enforcement actions against misleading advertising. Is there such a thing as an enforcement action against truthful advertising of any illegal act?
Ms. BRODER. Yes there is. Under various theories of our unfairness jurisdiction, we could pursue a civil case under that type of theory.
Page 56 PREV PAGE TOP OF DOC
Chairman LEACH. Have you ever done that?
Ms. BRODER. Not since the 1950's.
Chairman LEACH. All right. Let me go a step further, again following the logic of Mr. LaFalce. Have you considered informing newspapers, yellow books, and so forth, that a given type of advertising is for an illegal act and do companies want to have a policy accepting advertising for illegal acts?
Ms. BRODER. We have done that.
Chairman LEACH. Is that a First Amendment problem?
Ms. BRODER. Well, we have met with the editors or the directors of classified sections of newspapers before to talk about the offering of fraudulent franchises and business opportunities with which Mr. LaFalce is very familiar.
And we have spoken to them about what the warning signs are, what are the indicia of frauds, and so that they can then institute a policy to screen out those. And I think that you raise a very interesting point, which I will bring back to the Commission to discuss.
Chairman LEACH. Fair enough.
Ms. HOOLEY. Mr. Chairman.
Page 57 PREV PAGE TOP OF DOC
Chairman LEACH. Yes, Ms. Hooley.
Ms. HOOLEY. Just one real quick question for Ms. Broder. I mean, with your hotline and your educational pieces, what have we done to educate just the agencies within the Federal Government on, you know, having their Social Security numbers on pieces of information or on documents that may not be necessary? Because so much of identity theft really deals with your Social Security number.
And one of the reasons I bring it up is I look at my voting card. It has our Social Security number on it. You know, and if you lose this card, somebody has your Social Security number. So my question is, what kind of a job have we done in educating our other Federal agencies?
Ms. BRODER. Well, the Department of the Treasury just obviously made changes in the way that they send out checks. They no longer reveal the Social Security number in the mailing window. There is growing sensitivity.
When we began our efforts on identity theft, we met with over a dozen other Federal agencies to talk about initiatives that we could take, but also about cleaning up our own houses and our own information practices. It is a very important point that we make whenever we speak to the public, to private agencies as well as to public governmental units.
Chairman LEACH. I apologize. It is still the time of Mr. LaFalce if—no? Thank you.
Page 58 PREV PAGE TOP OF DOC
If there are no further questions, I would just like to ask Mr. Townsend if he would return to his agency and think through some of the resource questions. And I would like to meet with your agency by the end of the week with regard to that question.
Mr. TOWNSEND. Yes, sir.
Chairman LEACH. Thank you. Thank you all very much.
Our third panel is composed of Mr. Robert Douglas, who is the CEO of American Privacy Consultants, Inc. of Alexandria, Virginia, and Shon Boulden, who is an identity theft victim from Hillsboro, Oregon.
And let me say, both of your statements will be placed fully in the record, and you may proceed as you see fit. And Mr. Douglas, you are welcomed back to the Committee, and we appreciate very much the assistance over the last several years you have given the Committee on this specific issue.
Mr. DOUGLAS. Thank you, Mr. Chairman.
Chairman LEACH. Mr. Douglas.
STATEMENT OF ROBERT DOUGLAS, CEO, AMERICAN PRIVACY CONSULTANTS, INC., ALEXANDRIA, VA
Mr. DOUGLAS. My name is Robert Douglas, and I am with American Privacy Consultants. I appreciate the opportunity to appear before this Committee once again to address the issue of identity theft, pretext calling, and other deceptive practices.
Page 59 PREV PAGE TOP OF DOC
Unfortunately, in spite of the enaction of legislation drafted by this Committee to outlaw such practices, these methods not only survive, but also continue to grow in volume, scope, and methodology.
Chairman Leach and Ranking Member LaFalce——
Chairman LEACH. Excuse me. If you could withhold for one second.
Mr. DOUGLAS. Certainly.
Chairman LEACH. Is anyone still here from the FTC? Good. And you are taking notes? Thank you. Please.
Mr. DOUGLAS. Certainly. I would like to personally thank you and Ranking Member LaFalce and the Committee for your continued willingness and desire to address this serious issue.
On July 28th, 1998 while appearing before this Committee, I stated: ''All across the United States, information brokers and private investigators are stealing and selling for profit our fellow citizens' personal financial information. The problem is so extensive that no citizen should have confidence that his or her financial holdings are safe.''
Sadly, I return today to inform this Committee that my statement of 1998 remains true to this day.
Page 60 PREV PAGE TOP OF DOC
The good news is progress has been made. In 1998 four steps were required. First, the financial services industry needed to understand and combat the threat. Second, tough Federal legislation was needed. Third, appropriate Federal regulatory agencies needed to create standards and regulations designed to assist institutions. And finally, aggressive prosecution was required.
The financial services industry has made significant progress in beginning to combat identity theft and pretext. This Committee and Congress moved quickly to pass legislation designed to punish those who would impersonate others in order to gain access to confidential financial records.
The Federal regulatory agencies moved quickly in 1998 by means of an advisory letter and other steps to alert all institutions to the practices of identity thieves and information brokers.
With the first three sides of the box either erected or under construction, it is now time to build the final wall—progressive enforcement action.
In the invitation letter I received from the Committee to testify today, I was asked to specifically address three issues.
First, the extent to which the use of pretext calling and other deceptive means continue in spite of the passage of Gramm-Leach-Bliley.
Page 61 PREV PAGE TOP OF DOC
Two, the effectiveness of efforts by the financial services industry to deter and detect fraudulent attempts to obtain confidential account information.
And third, other threats to financial privacy emerging today.
The use of pretext calling and other means of deception to trick financial institution employees and customers continue unabated. Advertisements on the World Wide Web have doubled in the past two years.
We have several exhibit boards to my right in the hearing room today, and I would be happy to discuss those in detail if the Committee so desires.
I would hope that Members of this Committee would find the services offered and language of the advertisements disturbing. Members of this Committee might wonder why these firms are allowed to operate. The excuse might be offered that these companies fly so far below the horizon as to be undetectable. That excuse would have a hollow ring.
Docusearch is the company that sold personal information concerning Amy Boyer to a stalker that resulted in the murder of Ms. Boyer and the suicide of the stalker. Amy's parents have testified before Congress and have been widely covered in the media.
Docusearch was the cover story for Forbes Magazine on November 29, 1999, just seventeen days after Gramm-Leach-Bliley was signed into law. In the article, Dan Cohn of Docusearch bragged about his abilities to obtain personal information about a subject. Amazingly, Cohn arguably admits to the use of fraud and bribery. And should there be any question as to the ability of a determined criminal to gain access to confidential information, including, Mr. Chairman, financial information, the Forbes article evidences Cohn doing it with apparent ease.
Page 62 PREV PAGE TOP OF DOC
Cohn is willing to lead officials to believe he is a law enforcement officer. If you read the Forbes piece and my analysis of it in my written statement, there can be only one question. Why are Dan Cohn, Docusearch, and thousands of others offering these same services still in business?
To be sure, Docusearch is not alone. There are now more information brokers and private investigators openly advertising their ability to obtain and sell financial information than there were in 1998.
One phone call to a company advertising in the DC area Legal Times determined that they offer for $200 to supply the name of the bank, the type of account maintained, and the balance in the account for any individual specified. And I would note that that is a trade paper that is in the U.S. Attorney's Office, the Department of Justice, and I dare say at the FTC.
The scenario presented to the company fell squarely within the four corners of Gramm-Leach-Bliley that would make the request and provision of the banking information if accomplished by pretext. The company was informed that a woman was trying to locate a current address for a live-in boyfriend who had skipped town with money from her checking account. There was nothing in the scenario presented that even began to come close to the exceptions enacted as part of Gramm-Leach-Bliley.
In fact, as the Chairman is aware, on August 30th, Senior Counsel Jim Clinger and other of your staff members and I called numerous private investigators and information brokers in an effort to determine how many would sell bank account information and under what circumstances.
Page 63 PREV PAGE TOP OF DOC
We surveyed the first ten companies we could reach by phone. And, Mr. Chairman, you referred to eleven. There were eleven, and I would give them a push, because of some of their answers, but I will talk about that later.
The companies were selected randomly. The companies were presented with the scenario outlined above. And with the Committee's permission, I would like to detail some of the results we obtained.
In less than three hours, the first ten companies we reached were all willing to sell us personal bank account information detailed enough to raise the educated belief that the information would be obtained by pretext or other deceptive means. Not a single company we reached turned us down. Not one.
More to the point, two of the companies' representatives made specific mention of ''privacy laws'' and ''Federal statutes'' being a hindrance to their ability to provide the information. However, we were told, they could succeed, but just ''don't tell anybody'' that we had obtained the information.
One individual referred to the fact that he had banking experience and guaranteed he could find the bank and 80 percent of the time could get the account number and balance. Several of the companies stated they could get us individual transaction records, including individual deposit transactions.
One offered to teach us how to determine the amount in the account once he located the bank and account number. He would not do it, he would teach us how.
Page 64 PREV PAGE TOP OF DOC
One company stated they would check the Federal Reserve section for the part of the country where the individual was located. This same company claimed to work for hundreds—and this is a quote: ''hundreds and hundreds of attorneys and collection agencies.'' Further, they stated they had found $1.2 million in an account just the previous day for an attorney. They advised us to wait for the banking information before going to court, in direct contravention of Gramm-Leach-Bliley, I might add.
Another company stated that they would locate the information if they had a court filing judgment or a letter from an attorney giving the name of the person the account information was being sought for and the reason. This company stated they could find local bank information for $200 and statewide information for $500, including account numbers and balances.
Several of the companies offered to locate safety deposit box locations and securities-related information. One company charges $175 to locate the name and address of the bank if you have a judgment. However, the same company for $250—slightly more—would locate all accounts, account numbers, balances, mutual funds, names on the accounts, dates of closure if an account was closed, safety deposit box information, if we did not have a judgment.
Here is just one example of the type of advertising we found, and I believe we have an exhibit board for this. Actually we do not, but it is in my testimony. But they have a disclaimer at the bottom, and I will just read a couple of quick sentences. And I know my time is short. ''We limit retrieval to documents or information available from a public entity or public utility which are intended for public use only. We neither utilize, reveal, nor attempt to access any confidential information concerning the parties involved.'' And the ad is specifically referring to bank account information.
Page 65 PREV PAGE TOP OF DOC
The disclaimer is amazing in light of the fact that this company offered to sell us the amount located in a checking account and the deposit history to the account for $275. I can't fathom a single way that account balance and deposit transaction records could be ''intended for public use.'' Indeed, this would be a direct revelation of ''confidential information.''
Mr. Chairman, no company reached asked any question that would logically follow from the passage of Gramm-Leach-Bliley, even when they had disclaimers in the advertisements suggesting there were restrictions.
Further, in addition to the overt remarks made by several companies to the minor obstacles presented by ''Federal statutes'' and ''privacy laws,'' the advertisements and telephonic presentations bore all the classic signs of pretext operations. And I could detail those later if you would like.
The financial services industry has for many years utilized various methods of combatting fraud and protecting the confidentiality of customer information. The industry is traditionally between a rock and a hard place when it comes to information security. Customers want their information to remain confidential. At the same time, they want easy access 24-hours a day to that same confidential information.
It is this very dilemma that criminals exploit.
The financial services industry is moving aggressively to combat the methods and deceptive practices used by identity thieves and info brokers that seek to illegally gain access to information.
Page 66 PREV PAGE TOP OF DOC
I believe the Committee will hear from Richard Harvey, the chief privacy officer and chief compliance officer for Chevy Chase Bank later today, who will document and detail the steps the industry has taken both historically and recently.
But as an interested and active observer of the industry over the last several years, I would like to commend the efforts and initiatives they have undertaken.
I have worked directly with institutions and professional associations to educate them on the issue of pretext and other deceptive practices used to penetrate security systems. In each instance I have found that the privacy, administrative and security leaders in the institutions and in associations are genuinely concerned about solving the problem and are moving to do so.
This concern has led in one instance to the American Bankers Association distributing to the entire membership an education and basic training program on pretext calling I was asked to author at the Association's initiative. The portion I authored was just a small part of a comprehensive three-part series the ABA has distributed to the membership.
I have been asked to speak on a number of occasions to groups of bankers to demonstrate how to spot pretext calls, how to educate financial services employees, and what steps to take at the institution level.
Indeed, you would be hard pressed to find a gathering of bankers anywhere today where the subject of privacy is not addressed as a major topic of discussion. In fact, I flew overnight last night to be here this morning from just such a gathering, where I made two rather major presentations on this issue.
Page 67 PREV PAGE TOP OF DOC
But, Mr. Chairman, the financial services industry needs a helping hand from law enforcement. These criminals must be prosecuted. The message needs to be sent that Federal law enforcement is serious about protecting financial institution customers. It is time to act.
My last area is the emerging threats to financial privacy. And this is all new material that has not been covered in the last two years, Mr. Chairman.
The fastest growing method used to skip trace for the current address and other personal information of an individual is to obtain the information from the phone company. Most United States citizens believe that their phone records are private unless obtained by subpoena or other form of court order. This is especially true for the millions of Americans who pay extra to have a nonpublished or unlisted phone number.
Most citizens would further think that who they call and how long they talk is also a private matter. Most Americans would be wrong.
Currently there are presentations of closed, highly secure classes for private investigators and information brokers—and we have an ad of one on the exhibit boards—teaching the inner workings of the telecommunications industry. We have exhibits in the room today that I just mentioned.
Why am I discussing the access of confidential phone information before the Banking Committee? One of the most common financial pretexts begins with either a pretext call to the consumer impersonating someone from the phone company, or a pretext call to the phone company to develop enough personal information from their databases to be used as part of a further pretext against either the consumer or financial institution.
Page 68 PREV PAGE TOP OF DOC
Another method becoming more common is the use of a ''Trojan check.'' I cover this method in my written statement and will be happy to address any questions the Committee may have.
Suffice it to say there is great debate in the investigative broker, and I might add legal communities, as to the legality of this practice, given GLB and the deceptive trade practice statues. While the debate continues, so does the practice.
Informal networks of investigators, info brokers, judgment collectors and collection professionals are found all over the internet. It is common to see requests for contacts in financial service institutions. Some collection professionals openly advertise their ability to provide information maintained within their files.
Routinely, there are account and file numbers along with the names of targets placed on the internet for inspection by others to determine if information can be traded or obtained.
And I would add that I have close to 2,000 such references of the methods that I am discussing catalogued at home on my computer that I have collected over the last two years.
Vehicle tracking devices are being offered for sale in order to follow or record the travels of citizens. While not directly relevant to the pretext of financial information, it demonstrates the length that some will go to in order to obtain information on citizens in the United States today.
Page 69 PREV PAGE TOP OF DOC
If law enforcement agencies of State and Federal Governments were caught doing these practices absent a constitutionally permissible purpose and/or court order, there would be rioting in the streets. Yet every day these events are carried out by private investigators, information brokers and judgment collectors who have no authority above that of a private citizen, and no one seems to blink.
From where I sit, my privacy is just as violated whether the intrusion comes from a person with a badge or not.
I would like to make some suggestions concerning what needs to be done to continue the battle. First and foremost, we need swift, aggressive, nationwide action by law enforcement to begin criminal investigations and prosecutions of those who are thumbing their noses at the provisions of Gramm-Leach-Bliley and other appropriate statutes.
I hope the information I provided in 1998 and today supports this conclusion.
Second, GLB needs to be amended. The narrowly crafted child support exemption for the use of pretext is being used as an advertising shield by private investigators to hide behind while continuing the covert sale of financial information that falls outside of the GLB exemption.
I have prepared a lengthy analysis for the Committee's consideration in my written testimony. Simply put, there is no legitimate reason to continue the child support exemption to Gramm-Leach-Bliley.
Page 70 PREV PAGE TOP OF DOC
Third, financial institutions must continue the work they have started to take every precaution necessary to teach all banking employees about the methods associated with identity theft.
Fourth, the Federal regulatory agencies must continue their efforts to stay abreast of information security threats and implement appropriate standards and regulations
Finally, this Committee must continue on a regular basis to exercise the appropriate oversight functions necessary to ensure that the agencies of the Federal Government continue to take every step available to stop illegal access of confidential information.
In closing, when I appeared before this Committee in 1998, I recited a long laundry list of the dangers posed by the deceptive methods in use by some private investigators and information brokers to gain illegal access to confidential and protected information.
There were some who found it hard to believe that what I claimed was true or as serious as I presented the problem. However, those in the investigative and information broker industries who were practicing these techniques knew that I had spoken honestly and were not pleased to have sunshine illuminating their practices.
These practices continue to this day and threaten the soundness of our financial system and the rule of law. These very techniques are also used to indeed put more than information and money in jeopardy, and here I might part company with you, Mr. Chairman, in your opening statement about threats to lives.
Page 71 PREV PAGE TOP OF DOC
One need look no further than the case of Touchtone Services which we heard referred to earlier. While I have described in detail the activities of Touchtone in my written statement, I would like to point out that by using the means of pretext that I have been discussing for several years now with this Committee and others within the United States Congress, Touchtone endangered the lives of many undercover police officers in Los Angeles in a case involving organized crime.
Mr. Chairman, one of my best friends, the father of my Godchildren, is a police officer serving within sight of the Capitol steps. On his behalf and on the behalf of the American people, I ask that Federal law enforcement begin to take this problem seriously before disaster strikes and we all return to this room to do a post-mortem.
Mr. Chairman and Members of the Committee, as I leave you today, I hope that the time and effort I have placed in this testimony will serve as a blueprint for further examination by this Congress of matters deserving attention.
Thank you.
Chairman LEACH. Well, thank you very much, Mr. Douglas.
Mr. Boulden.
STATEMENT OF SHON BOULDEN, IDENTITY THEFT VICTIM, HILLSBORO, OR
Page 72 PREV PAGE TOP OF DOC
Mr. BOULDEN. Thank you, Mr. Chairman. And thank you for allowing me to tell my story today.
About eight months ago, I decided to switch my checking account from US Bank to Washington Mutual. To my amazement, I was denied an account there. Upon getting denied, I asked to see my credit report to see what had caused the denial.
What I found was incredible. Washington Mutual told me that when they ran my Social Security number, twelve different names showed up. Twelve different people were using my Social Security number to obtain credit.
Despite the fact these people were using their own personal identifying information, including names, addresses, all of the information about credit inquiries and accounts had been tied to my credit report some way or another.
It appears that the identity thieves used my Social Security number to open accounts with AT&T Wireless, Bank of America, Citibank, Capitol One, Gastalks, Macy's, Oscar Supply Hardware, Payless, Home Depot, Associates Corner, Household Credit, Dayton Hudson, Montgomery Wards, GMAC, Peoples Bank, and perhaps others.
At one bank, three people opened accounts using the same Social Security number—mine. But the bank did not seem to notice. They opened two car loans through GMAC. I sent the bank a letter requesting help in March. They have not replied.
Page 73 PREV PAGE TOP OF DOC
In many of these cases, I am not sure who has bought what and for how much, because the creditors will not give me the information without a subpoena. It is obvious to me that the banks and credit bureaus are not doing any checking. I am frustrated that the credit bureaus did not notify me when multiple people were using the same Social Security number.
In this age of computer technology, that should have raised a huge red flag.
I notice that H.R. 4311 requires credit bureaus to investigate discrepancies between information they have on file and information being given to them by banks and stores. Perhaps such a law should and would have triggered further investigation in my case.
As a result of this problem I can't obtain credit anywhere. I have been denied by Meier & Frank, US Bank, and Capitol One. Interestingly enough, one credit card company which approved an account for someone el