Someone out there knows everything about your life

Click to follow
Personal privacy is under threat in America from the ever-growing number of background investigation databases. Sensitive personal information on millions of people - from bank account numbers to police records - can now be purchased cheaply and easily over the Internet. Food for thought the next time you use that loyalty card.

Bronti Kelly's problems started so innocuously - his wallet was stolen, contents: $4 and a couple of pieces of ID. He reported the theft to the police and thought nothing more of it.

But soon he would be made redundant from his temporary sales job and then he would find himself virtually unemployable. Despite a booming California economy and an exemplary work record, he was turned away from every job he applied for over the next four years. He heard a litany of excuses over that time, but as it turns out, he was told everything but the truth.

The real reason he couldn't find a job was that the thief who stole Mr Kelly's wallet, in May 1990, later used the stolen ID. When he was arrested for other crimes, in effect Mr Kelly got the rap. Not only did Mr Kelly wrongfully wind up with a criminal record, but the black mark spread like wildfire across the background investigation databases that employers use to check out potential employees.

After four years without any idea why he could not land himself a job, Mr Kelly was broke, hungry and homeless - his self-image in tatters. "The whole time I kept blaming myself," he says. "I had no idea what was going on."

Now, despite receiving a letter clearing him of any crimes from the Los Angeles Police Department (a letter he will have to carry with him indefinitely, police say), Mr Kelly's name continues to turn up as a convicted felon on background investigation databases.

While Mr Kelly had his identity stolen the old-fashioned way - out of his back pocket - his ongoing problems have been all hi-tech. His case illustrates the growing threat to personal privacy posed by ever-easier access to background databases. Sensitive personal information, ranging from social security numbers to arrest records (genuine or false) is sold over the Internet to anyone who wants to see it.

The databases use increasingly sophisticated "data-mining" software to pull together scattered pieces of information from a wide range of sources, allowing ever-more detailed personal profiles. While this may be of great benefit to marketers, employers, landlords and private investigators, they are also open to widespread abuse.

In the past, background searches required time and patience: a trip to City Hall, filing request forms, thumbing through mountains of old files. Now, dozens of Web sites with names like Dig Dirt, Informus and Deep Data sell information you could never find at City Hall.

Unlisted telephone numbers and bank account numbers can be found for less than $70. Social security numbers - the holy grail of identity thieves - can be found in a matter of seconds for less than $10. Informus will do a "flake search", which will turn up social security numbers, creditor information, eviction notices and tax evasion data - all for $20.

And if you turn to the grey or black market through information brokers, salary, stock-and-bond holdings, medical history and criminal information can be tracked down without difficulty.

The issue has gained the attention of legislators and several privacy bills have recently been introduced in Congress - although their fate is far from certain. Last June, the Federal Trade Commission held hearings into the data collection business and the industry, looking to avoid regulation, pledged to clean up its act and police itself.

In conjunction with the FTC, industry representatives are now working on guidelines that would leave many of the databases off-limits to all but specified users, including insurance agents, private eyes, bill collectors and journalists. But the guidelines would not carry the weight of law and companies could choose to defy them.

Despite strong industry pressure to restrict sales to established subscribers since the hearings, for example, it is still easy to find companies that will sell to anyone with a credit card. "There's little you can do to prevent it from happening," laments Beth Givins, director of the Privacy Rights Clearing House in San Diego. "If someone wants to snoop into your background, they can do that quite easily."

Identity theft, which enables any number of white-collar crimes - in particular, credit card fraud - is only one of the ways people are vulnerable. Increasingly, companies involved in litigation launch thorough investigations of their opponents.

In a case that has yet to be settled, Texaco hired a private eye to do just that in a multi-million dollar California lawsuit it faces. The suit is the result of a powerful explosion and subsequent fire which ripped through a Texaco refinery in the poor, largely Hispanic community of Wilmington. Toxic chemical fumes billowed into the air as far as five miles from the plant, as the fire raged for three days. Thousands had to be evacuated and, eventually, more than 4,700 property-damage and 14,000 personal-injury claims were filed against the company.

Using computer databases, information brokers, law enforcement files and hi-tech surveillance equipment, Texaco's private eye quickly amassed a trove of sensitive information about dozens of claimants. According to the New York Times, the investigator used the information to pressure litigants into turning against their lawyer. In one case, a 23-year-old mother was confronted with a five-page computer printout of alarming detail. The investigator had found the woman's social security number, date of birth, every address where she had ever lived, names of present and past neighbours - even the work history of the children's fathers.

He also found the woman had two outstanding parking tickets and is accused, in sworn statements, of threatening her with arrest if she did not provide damaging information about lawyers involved in the case. Five of the residents of the neighbourhood and one of the lead lawyers have filed separate lawsuits accusing the Texaco investigator of violating their privacy and other civil rights as part of a strategy to sabotage the case.

"We are approaching the time when those who have technological capabilities will have tremendous power over those who don't," says Glen Roberts, a privacy advocate who maintains the provocative Stalkers Home Page Web site. "Everyone is vulnerable."

Information is widely available on the grey or black market as well. For example, the National Crime Information Center database, a collection of all criminal arrests and convictions in the US, is legally obtainable only by law- enforcement agencies. Yet, despite numerous convictions, data that could only have been culled from NCIC files remains openly sold over the Internet.

"Once you create a database, you create a honey pot which is eventually very difficult to protect," says Don Haines, national legislative counsel on privacy and cyberspace of the American Civil Liberties Union.

The link to the black market is often crystal clear. Many states, for example, employ prisoners to input auto registration, income tax, and property tax filings. In other cases, companies have contracted for prisoners to input marketing information, sell holidays over the phone, even handle airline reservations.

Sometimes things go terribly awry as a result. In 1994, factory worker Beverly Dennis received a graphic and sexually explicit letter from a Texas prison inmate who knew personal details about her, including her birthday and the kind of soap she used. The inmate had obtained Ms Dennis's personal details from another convict for 25 cents.

TWA still uses prison labour to process reservations despite one case where a prisoner stole 60 credit card numbers and billed thousands of dollars to client cards.

Marketing information taken from warranty service cards, rebate forms, and customer surveys are habitually bought and resold by an ever expanding array of databases.

"You need to remember whenever you give someone information it is going to be used for purposes you don't know about and far beyond the people you originally give it to," says Mr Roberts. He decided to use the name Stalker's Home Page for his Web site - a definitive source of information on how privacy can be violated online - in a deliberate effort to be inflammatory, he says. Privacy, he says, doesn't generate much excitement.

"When you speak about privacy, people's eyes start to glaze over," says Mr Roberts. "They think if they haven't done anything wrong they've got nothing to worry about."

That's what Bronti Kelly thought. But now, with a four-year hole in his CV, he's still having a hard time finding work. To clear his name, he decided to change it and apply for a new social security number as well. But he's not happy about it.

"I like the name I was born with," he says. "Most people who do this are unhappy with their name or their family; I was happy being Bronti Kelly."