[Politech] An insider says EPIC hasn't done homework on credit agencies [priv]

From: Declan McCullagh (declan@private)
Date: Wed Jan 12 2005 - 21:04:02 PST

-------- Original Message --------
Subject: Re: [Politech] ChoicePoint, EPIC tiff continues with another 
letter-writing round [priv]
Date: Wed, 12 Jan 2005 14:46:08 -0600
From: Bill Fason <bfason@private>
To: Declan McCullagh <declan@private>
References: <41E4B735.6040006@private>


As you know, over the years I have worked as a private investigator, 
server, and debt collector, and have daily hands-on experience with credit
reports, ChoicePoint, AutoTrack, information brokers, and the like.  It
appears to me that Chris Hoofnagle, Associate Director of the Electronic
Privacy Information Center, may not have completely done his homework 
sending his letter to the Federal Trade Commission (16 December 2004) as he
makes inaccurate claims regarding the use of certain ChoicePoint 
products by
investigators, law firms and law enforcement agencies. Based on my own use
of products obtained from ChoicePoint as well as credit reports obtained
from the “Big Three” major credit reporting agencies (TransUnion, Experian,
and Exquifax), I can state that several of his claims are incorrect.

Hoofnagle incorrectly claims that ChoicePoint’s AutoTrackXP reports contain
“the same information” that appears in a credit report. True credit reports
obtained from the Big Three (even if resold by information brokers) include
open trade lines, payment histories, balances, contact information for 
creditors, recent inquiries, reported employment, often some kind of credit
score and/or a ratio of debt to total available credit. None of this
information is contained in an AutoTrackXP report, which pertains to the
identity, location, address history, and public record filings of the
data-subject. Don’t take my word for it. Order copies of your credit report
from the Big Three, and then compare it side-by-side with any non-Fair
Credit Reporting Act (FCRA) report generated by ChoicePoint. It is a matter
of public record that a mortgage company holds a deed of trust on one’s
home, and this fact can be reported outside the purview of the FCRA.
However, the monthly obligation, payment history, and balance reported by a
mortgage company to a credit reporting agency are not matters of public
record, and can be divulged only in accordance with the FCRA.

Hoofnagle claims that “based on their status of being a private
investigator, a paralegal, or a law enforcement agent, ChoicePoint's
customers can pull information on almost anyone without having to declare
their legal justification or entitlement to the data.” Flat wrong. The
contracts that ChoicePoint requires its subscribers to sign require that
subscribers obtain information only in accordance with the Fair Credit
Report Act, Driver Privacy Protection Act, and the Gramm-Leach-Bliley Act.
Each time I wish to pull information from ChoicePoint, I am first routed to
a screen which requires that I certify the specific legal purpose for which
I am obtaining the report. Each search I conduct leaves an electronic 
and is subject to auditing. ChoicePoint can come back to me months or years
later and demand that I prove exactly how a certain search complied with a
specific privacy law.

While Hoofnagle claims that “ChoicePoint and other information brokers can
create ties with marginal businesses or private investigators with dubious
backgrounds,” the reality is that ChoicePoint carefully screens it
customers. Notice how Hoofnagle uses a wiggle word (“can”) in the sentence?
He’s not actually accusing ChoicePoint of having allowed “marginal
businesses” (whatever that is) or investigators with “dubious backgrounds”
to access ChoicePoint’s products, but he is smearing ChoicePoint by stating
what he thinks “can” happen. The truth on the ground is that there is not a
single documented case in which a private investigator obtained information
from ChoicePoint which he then used to commit identity fraud.

Hoofnagle claims that ChoicePoint’s non-FRCA products, such as AutoTrackXP,
“are sold outside the protections of the FCRA, yet are often used for
related (and sometimes identical) purposes.” He provides no evidence for
this assertion. Since the AutoTrackXP report does not contain trade lines,
credit and debt, credit scores, payment history, or account balances, by
itself it simply would not be useful to a loan officer, insurance company,
or employer who needs to make an intelligent decision regarding the
extension of credit, the underwriting of an insurance policy, or hiring and
promoting. Creditors, landlords, insurance companies and employers want a
true credit report, not the an incomplete substitute.

While an AutoTrackXP report does not contain credit and debt 
information, it
is quite useful for investigators, law firms and police officers who 
need to
identify and locate witnesses to take witness statements, or to locate
defendants for service of legal process (subpoenas, summonses, 
warrants), or
to find connections among people, corporations, and addresses. For this
limited investigative purpose of generating leads, the AutoTrackXP report
packs tremendous value for its $20 price tag. However, locating 
witnesses to
take witness statements and defendants for service of legal process falls
outside the scope of the FCRA. If the FTC decided to extend by regulatory
fiat the proscriptions of FCRA to AutoTrackXP and similar reports, the
result would be that the current access enjoyed by law firms, investigators
and police officers would be cut off.  In fact, the FTC and other 
agencies would likewise have trouble locating defendants in their legal

I present an example of a case I worked on several years ago where the
question before the court was whether a certain affidavit had been forged.
To prove that the affidavit was legitimate, we needed to locate the notary
public who notarized the affidavit and have her testify at trial.
Unfortunately we could not locate her in time for trail, and 
consequently an
innocent man spent five months behind bars until he was freed by writ of
habeas corpus, and then eventually cleared completely of the charge. EPIC’s
policy recommendations would have deleterious consequences for those 
justice through the courts.

EPIC calls for tighter regulation of commercial data brokers “in light of
the Amy Boyer case, where a Florida information broker sold data to the man
who stalked and killed Amy Boyer.”  Boyer was murdered at her place of
employment by Liam Youens, who on 8 September 1999 obtained her place of
employment from Docusearch, a Florida private investigative firm.
Docusearch acquired this address through a subcontractor in New York named
Michele Gambino, who had obtained the information by placing a "pretext"
telephone call to Boyer in New Hampshire. Gambino lied about who she was 
the purpose of her call in order to convince Boyer to reveal her employment
information.  It should be noted that ChoicePoint did not provide Amy 
place of employment or any other information about her, and that 
does not engage in pretext calls. Changing the FCRA would not address
pretext callers one iota. In fact, shutting off legitimate access to
information might actually have the unintended consequence of increasing
reliance on pretext calls, good old boy connections, and other gray area


Bill Fason

Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)

This archive was generated by hypermail 2.1.3 : Wed Jan 12 2005 - 21:53:44 PST