By Joel Warner
By Michael Roberts
By Alan Prendergast
By Michael Roberts
By Michael Roberts
By Amber Taufen
By Patricia Calhoun
By William Breathes
"Some private eyes don't understand that information you can access today, you may not be able to access tomorrow, so you may not be in business," Johnson says. "If the feds don't do it, the data companies will."
Several data vendors have already taken steps on their own to restrict access, truncating Social Security numbers and beefing up internal security in an effort to ward off identity thieves. Earlier this year, ChoicePoint paid $10 million in penalties to the FTC after admitting that personal financial records of 163,000 consumers had been compromised because of lax security measures; the company also agreed to "ensure that consumer reports are provided only to those with a permissible purpose."
The increasing obstacles to getting data alarms P.I.s on all sides of the licensing issue. "The country runs off dates of birth and Social Security numbers," says Cinquanta. "Most of what you get now is worthless. They're crippling us with all this bullshit. You know who wins when they do that? The bad guys: deadbeats, criminals, con men."
Investigators use the data services on a variety of legit jobs, from tracking assets in a divorce case to locating witnesses in a personal-injury lawsuit or a criminal defense. Sometimes the information is used to find identity thieves or uncover employee fraud, cases that the police might decline to pursue unless the evidence is handed to them in a gift-wrapped package.
"The nightly news and Hollywood constantly portray our profession as a bunch of crooks," sighs Eddy McClain of NCISS. "Legislators watch television, too, and they begin to believe that stuff. They think private eyes are out there doing domestic work, spying on spouses. That's such a small part of what we do. We work for corporations. Insurance companies. If you shut down what we do, it would have a tremendous effect on commerce -- not to mention the civil and criminal-justice systems."
Yet the same data the P.I.s use to keep commerce humming can, in the wrong hands, drain bank accounts, supply stalkers with their victims' vitals and ruin lives. The current pressure to restrict access through legislation stems partly from the data companies' own security lapses and partly from the ingenuity of the pretexters employed by data brokers -- several of whom operate openly in Colorado. At congressional hearings in late June, lawmakers got a primary education in how easy it is to hoodwink the guardians of such personal data as credit-card numbers and cell-phone records. Their instructor was none other than James Rapp, the ex-P.I. whose prosecution for interfering with the Ramsey case marked one of the first successful investigations of the pretexting business.
Rapp told DeGette and other committee members that he'd learned a little bit about finding people while in prison in Cañon City on a probation violation in the early 1980s. As a favor to other inmates, he'd contact utility and phone companies and trick them into divulging the whereabouts of the cons' ex-girlfriends or family members. After he got out, he and his wife launched a lively business tracking down deadbeats and their assets on behalf of creditors.
Over time, Rapp's client list swelled. Tabloids, attorneys, P.I.s, even the occasional federal or local police officer -- they all wanted information, and they weren't too choosy about where it came from. For his part, Rapp wasn't always clear on who was obtaining the data or for what purpose.
"We had, at one point, over 1,500 clients that were private investigators throughout the country," he testified, "and they would bombard us, literally, with ten to twenty cases a day...so we didn't have time to look into each and every aspect."
Rapp used the Internet very little in his work, afraid of leaving a trail that could lead back to him. His specialty was calling up customer service at a phone company, a bank -- anyone that might have the target's address, credit-card records or other data on file. He'd convince them he wasthe customer, and he needed his password or his latest bill right now, and this is his Social Security number...no? You have a different one? Well, which one do you have? Oh, you've got it confused with my father.... Armed with the info he'd tricked out of one customer-service rep, Rapp was ready to move on to another and another, until he had all the data he needed.
"It's just playing the game," Rapp explained. "When you've convinced them that they're wrong, they want to prove to you that they're right."
The lawmakers were aghast. They never dreamed it was so easy for a fluent liar like Rapp to get past the human firewalls that guard personal data. At one point Rapp unwittingly tracked down addresses and phone numbers of an undercover Los Angeles police squad for one of his shadowy clients; the information was used by mobsters to identify informants and threaten detectives, one of whom was later killed. "That's the kind of thing that gives my former industry a tremendously bad name," he told the committee.
Rapp told the committee that he's been out of the business since 1999; that same year, Congress passed a law making it illegal to use pretexting to obtain financial data. But Rapp's legacy lives on in Colorado. He told the Rocky Mountain Newsthat in the 1990s he used traplines provided by one of Jim Welker's companies to identify the owners of pager numbers. Welker has been under fire for offering consumer cell-phone records for sale; this spring, he decided not to make another run for his seat as a state representative. Welker's company has also done business with companies in Frederick, Colorado, operated by John Strange, the data broker who sold Governor Mitt Romney's credit-card numbers to the Boston Globe. Strange has been sued by the Texas attorney general over the marketing of cell-phone records.