-------- Original Message -------- Subject: Re: [Politech] ChoicePoint, EPIC tiff continues with another letter-writing round [priv] Date: Wed, 12 Jan 2005 14:46:08 -0600 From: Bill Fason <bfason@private> To: Declan McCullagh <declan@private> References: <41E4B735.6040006@private> Declan, As you know, over the years I have worked as a private investigator, process server, and debt collector, and have daily hands-on experience with credit reports, ChoicePoint, AutoTrack, information brokers, and the like. It appears to me that Chris Hoofnagle, Associate Director of the Electronic Privacy Information Center, may not have completely done his homework before sending his letter to the Federal Trade Commission (16 December 2004) as he makes inaccurate claims regarding the use of certain ChoicePoint products by investigators, law firms and law enforcement agencies. Based on my own use of products obtained from ChoicePoint as well as credit reports obtained from the “Big Three” major credit reporting agencies (TransUnion, Experian, and Exquifax), I can state that several of his claims are incorrect. Hoofnagle incorrectly claims that ChoicePoint’s AutoTrackXP reports contain “the same information” that appears in a credit report. True credit reports obtained from the Big Three (even if resold by information brokers) include open trade lines, payment histories, balances, contact information for other creditors, recent inquiries, reported employment, often some kind of credit score and/or a ratio of debt to total available credit. None of this information is contained in an AutoTrackXP report, which pertains to the identity, location, address history, and public record filings of the data-subject. Don’t take my word for it. Order copies of your credit report from the Big Three, and then compare it side-by-side with any non-Fair Credit Reporting Act (FCRA) report generated by ChoicePoint. It is a matter of public record that a mortgage company holds a deed of trust on one’s home, and this fact can be reported outside the purview of the FCRA. However, the monthly obligation, payment history, and balance reported by a mortgage company to a credit reporting agency are not matters of public record, and can be divulged only in accordance with the FCRA. Hoofnagle claims that “based on their status of being a private investigator, a paralegal, or a law enforcement agent, ChoicePoint's customers can pull information on almost anyone without having to declare their legal justification or entitlement to the data.” Flat wrong. The contracts that ChoicePoint requires its subscribers to sign require that subscribers obtain information only in accordance with the Fair Credit Report Act, Driver Privacy Protection Act, and the Gramm-Leach-Bliley Act. Each time I wish to pull information from ChoicePoint, I am first routed to a screen which requires that I certify the specific legal purpose for which I am obtaining the report. Each search I conduct leaves an electronic trail, and is subject to auditing. ChoicePoint can come back to me months or years later and demand that I prove exactly how a certain search complied with a specific privacy law. While Hoofnagle claims that “ChoicePoint and other information brokers can create ties with marginal businesses or private investigators with dubious backgrounds,” the reality is that ChoicePoint carefully screens it customers. Notice how Hoofnagle uses a wiggle word (“can”) in the sentence? He’s not actually accusing ChoicePoint of having allowed “marginal businesses” (whatever that is) or investigators with “dubious backgrounds” to access ChoicePoint’s products, but he is smearing ChoicePoint by stating what he thinks “can” happen. The truth on the ground is that there is not a single documented case in which a private investigator obtained information from ChoicePoint which he then used to commit identity fraud. Hoofnagle claims that ChoicePoint’s non-FRCA products, such as AutoTrackXP, “are sold outside the protections of the FCRA, yet are often used for related (and sometimes identical) purposes.” He provides no evidence for this assertion. Since the AutoTrackXP report does not contain trade lines, credit and debt, credit scores, payment history, or account balances, by itself it simply would not be useful to a loan officer, insurance company, or employer who needs to make an intelligent decision regarding the extension of credit, the underwriting of an insurance policy, or hiring and promoting. Creditors, landlords, insurance companies and employers want a true credit report, not the an incomplete substitute. While an AutoTrackXP report does not contain credit and debt information, it is quite useful for investigators, law firms and police officers who need to identify and locate witnesses to take witness statements, or to locate defendants for service of legal process (subpoenas, summonses, warrants), or to find connections among people, corporations, and addresses. For this limited investigative purpose of generating leads, the AutoTrackXP report packs tremendous value for its $20 price tag. However, locating witnesses to take witness statements and defendants for service of legal process falls outside the scope of the FCRA. If the FTC decided to extend by regulatory fiat the proscriptions of FCRA to AutoTrackXP and similar reports, the result would be that the current access enjoyed by law firms, investigators and police officers would be cut off. In fact, the FTC and other regulatory agencies would likewise have trouble locating defendants in their legal actions. I present an example of a case I worked on several years ago where the question before the court was whether a certain affidavit had been forged. To prove that the affidavit was legitimate, we needed to locate the notary public who notarized the affidavit and have her testify at trial. Unfortunately we could not locate her in time for trail, and consequently an innocent man spent five months behind bars until he was freed by writ of habeas corpus, and then eventually cleared completely of the charge. EPIC’s policy recommendations would have deleterious consequences for those seeking justice through the courts. EPIC calls for tighter regulation of commercial data brokers “in light of the Amy Boyer case, where a Florida information broker sold data to the man who stalked and killed Amy Boyer.” Boyer was murdered at her place of employment by Liam Youens, who on 8 September 1999 obtained her place of employment from Docusearch, a Florida private investigative firm. Docusearch acquired this address through a subcontractor in New York named Michele Gambino, who had obtained the information by placing a "pretext" telephone call to Boyer in New Hampshire. Gambino lied about who she was and the purpose of her call in order to convince Boyer to reveal her employment information. It should be noted that ChoicePoint did not provide Amy Boyer’s place of employment or any other information about her, and that ChoicePoint does not engage in pretext calls. Changing the FCRA would not address pretext callers one iota. In fact, shutting off legitimate access to information might actually have the unintended consequence of increasing reliance on pretext calls, good old boy connections, and other gray area techniques. Regards, Bill Fason _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/)
This archive was generated by hypermail 2.1.3 : Wed Jan 12 2005 - 21:53:44 PST