When criminals get help from the Web
So you think your private information is relatively safe? Think again.
For a mere $49, someone can hop on the Internet, give a company your name, wait a few days, and bingo: up pops your Social Security number. Want someone's bank account balance? That costs $45. An unpublished telephone number? $59.
It has become remarkably easy, with the advent of the Internet, for anyone to find out what people do, buy, and see. But when such information is sold to the wrong person - someone whose intent is to harm - who is accountable?
That's the question now being raised in a wrongful-death lawsuit, filed against an Internet firm for allegedly selling information to a stalker. The man used it to track down and kill a woman at her office.
Currently, there's little people can do to keep companies from selling such information, although Congress is on the case. This session, some 50 bills have been introduced to regulate this practice. One of those bills, sponsored by Rep. Judd Gregg (R) of New Hampshire, would stop the sale of Social Security numbers without a person's specific permission.
On the question of liability, though, the answers are less obvious. The wrongful-death lawsuit - from Mr. Gregg's home state of New Hampshire - is now testing whether companies are culpable when they sell data to someone with nefarious intents.
One problem with privacy-invasion suits is that the companies may not have broken any laws. "It's very difficult to argue privacy in court," says Sarah Andrews, a policy analyst at the Electronic Privacy Information Center in Washington. "It's hard to prove there has been a breach of law when there aren't any laws in place."
The New Hampshire wrongful-death suit stems from the murder of Amy Boyer. Her killer, a man obsessed with her since 10th grade, left evidence that he tracked her down through the online personal-data service Docusearch.com.
On his own Web site, Liam Youens detailed his plans for killing Boyer, including how he found her: "I found an internet site to do that, and to my surprize [sic] everything else under the Sun. Most importantly: her current employment. It's accually [sic] obsene [sic] what you can find out about a person on the internet." After shooting Boyer, he turned the gun on himself.
Stunned that such information could be purchased by anyone, Boyer's parents, Tim and Helen Remsburg, recently filed a suit against Docusearch.com. They also testified before a Senate subcommittee about the killing.
"If this young man had not been able to buy her Social Security number ... and employer's address, she'd be here now," says Mr. Remsburg. "[Youens] needed help, and he depended entirely on these search companies to lead him with a red carpet right to Amy's door."
The Electronic Privacy Information Center and similar groups urge tough regulation of companies that gather such data. They advocate limited use of personal information, quick disposal of it, and providing notice of its use.
But lawmakers have their work cut out for them. Last year, Congress lifted Depression-era barriers that kept banks, insurers, and stockbrokers from sharing information about customers without consent. That has led to a booming information-gathering business, expected to bring in up to $10 billion this year.
Others, however, argue that public education holds the real key to keeping personal information from falling into the wrong hands online.
"There are a lot of things that we can do besides resorting to heavy-handed legislation or regulation," says Deborah Pierce of the Electronic Frontier Foundation in San Francisco. "Some legislation may be needed, but it's just a piece."
Docusearch.com director Daniel Cohn says his firm has stopped selling Social Security numbers online - not because of the murder, but because of the proposed congressional legislation.
He says he has not been served with the Remsburgs' lawsuit, and would not comment on it. But he says his company is not an information brokerage, rather a group of private investigators licensed, bonded, and insured by Florida.
"Yes, we find private information about people, but we just don't take every case. Every customer is contacted and interviewed," he says. "They must have a justifiable reason for placing that order."
Mr. Cohn says his company fills as many as 100 orders a day, from lawyers, agencies, private detectives, and credit-card firms, as well as private citizens. "We turn down a good 40 percent of everything that comes into our Web site," he adds.
Tim Remsburg charges that Docusearch.com did not look into Youens's request. One search of his name on the Net would have brought up his Web site - and his plans to kill Boyer.
A handful of Internet firms still offer Social Security numbers over the Web, but others won't. KnowX.com, for instance, uses only information obtained from public records and published sources.
Some suggest the online firms should be self-regulating, much as private investigators have been.
Nate Lenow, a private investigator from Memphis, Tenn., uses many of the same sources to gather information as Internet companies do. He says he adheres to his industry's self-imposed guidelines and strictly controls who gets the information. During his 25 years in the business, he's turned away many people he believes had "evil intentions."
But scanning Web sites that offer access to private information, Lenow says he's amazed at how little screening is involved. "It's really hard to determine someone's intent over the Internet."
(c) Copyright 2000. The Christian Science Publishing Society