June 14, 2005
Private investigators are working to blunt legislation that cracks down on the active marketplace for Social Security numbers, telling Congress that restricting access to the numbers will hurt their business and hamper their investigations. Several bills are moving through the Capitol to prevent identity thieves from getting Social Security numbers to gain access to consumers' financial accounts. In the past year, the Social Security numbers of tens of millions of Americans have been exposed through personal data being lost, stolen or hacked.
But private investigators contend that the rush to protect privacy goes too far and would damage their ability to deliver valuable services, such as locating people who skip out on debts, commit fraud or want to avoid testifying in court.
In a lobbying blitz, trade associations representing roughly 40,000 licensed private investigators are exhorting their members to "please do something, or we will have nothing" by writing to Congress and state legislatures, many of which also are moving to curb the availability of Social Security numbers.
Representatives of private investigator groups discussed lobbying strategy last month with several data brokers -- companies that buy and sell personal information -- at a meeting hosted by ChoicePoint Inc., one of the country's largest such firms.
According to a summary of the meeting circulated to online news groups frequented by private investigators, "PIs and data provider companies are committed to a massive lobbying effort to educate our legislators on the ill effects of truncating data to licensed investigators."
But the investigators also are worried about large data brokers themselves, which routinely buy and sell personal data but have taken their own steps to restrict access to Social Security numbers in the wake of breaches at their firms.
Two of the largest, ChoicePoint and LexisNexis Group, now sell only partial Social Security numbers to several types of businesses, including private investigators.
"We think they can do their jobs without" full Social Security numbers, said James Lee, chief marketing officer of ChoicePoint. He confirmed most of the account of the lobbying meeting.
Private investigators also have other ways of profiting from their access to such information. Some have ongoing subscriptions for data from brokers and maintain Web sites offering to resell the data to the public. Most of the subscription contracts prohibit such resale, and many data brokers now are requiring private investigators and other clients to recertify their credentials.
Brian P. McGuinness, president of the Baltimore-based National Council of Investigation and Security Services, said the large data brokers that decided to limit private investigators to partial Social Security numbers were being "a bit disingenuous," and were simply trying to stave off stricter regulation by Congress. Instead, he said, the policy will make it harder for private eyes to distinguish between people who have the same or similar names.
McGuinness said his group is hoping for an exception to limits on Social Security numbers similar to one investigators enjoy in a 1994 law that restricts the sale of driver's license data.
"There are some problem children in every profession," McGuinness said, referring to investigators who indiscriminately resell data. His organization supports legislation that would prohibit reselling of Social Security numbers to the general public online, he said.
Other information brokers are not truncating Social Security numbers for private investigators. "I think they are an extension of law enforcement," said Terry Kilburn, chief operating officer of Tracers Information Specialists Inc. of Florida, which also advertises data available to the public on its Web site.
He said that because his firm has amassed and combined data from a variety of public and private sources over many years -- including mega-brokers such as ChoicePoint -- he is rarely bound by their resale restrictions. For their part, the large data brokers say they support identity-theft legislation but are working quietly with banks and other financial services companies -- also the source of several recent breaches -- to shape the bills.
Most of the bills introduced would require that organizations notify customers if their information is breached, similar to a California law credited with forcing ChoicePoint and others to reveal their cases in recent months. The industry supports the position of the head of the Federal Trade Commission, Deborah Platt Majoras, which is to limit the disclosure requirement to instances in which the organization believes the breach could result in identity theft.
Privacy groups argue that such an exemption is a loophole, because firms might not always know if the breach could lead to theft and would have little incentive to say so.
The industry also wants one federal law that would supersede a potential patchwork of state laws. Consumer groups support that approach only if the national bill is strong. Other bills would provide incentives to the industry to encrypt data that they keep in storage, making it more difficult to use the information if it is lost or stolen.