Data brokers and buyers anger Congress

WASHINGTON (Reuters) - Almost every piece of personal information that Americans try to keep secret — including bank account statements, e-mail messages and telephone records — is semi-public and available for sale.

That was the lesson Congress learned over the last week during a series of hearings aimed at exposing peddlers of personal data, from whom banks, car dealers, jealous lovers and even some law enforcement officers have covertly purchased information to use as they wish.

U.S. House Energy and Commerce Committee members also hoped the hearings would free up two measures to outlaw the practice that were mysteriously pulled from the House floor last month, apparently due to concerns in the U.S. intelligence community.

“We had the impression that there were no secrets any more. Now we know that for sure,” said Rep. Ed Whitfield, a Kentucky Republican and chairman of the panel’s oversight subcommittee.

He described a multimillion dollar industry that sells cell phone records for $200, Social Security information for $60 and a student’s university class schedule for $80.

Most often, the customers are banks or financial institutions attempting to locate absconding debtors. But law enforcement officers — including those in the Department of Homeland Security, FBI and Austin Police Department — have used the services on occasion.

The problem has been that data brokers often have obtained information by deception, and they did not monitor to whom they were selling or how the data was used, lawmakers said.

“Such information, for example, could allow a stalker to find a victim or a threatening husband to find a spouse,” said Rep. Diana DeGette, a Colorado Democrat who lamented that for $300 buyers can purchase the location of a cell phone that a person carries daily.

Witnesses also testified that in one instance an undercover Los Angeles police officer was killed after drug dealers used a data broker to retrieve his beeper information.

REFUSING TO TESTIFY

The committee subpoenaed representatives from 11 companies that use the Internet and phone calls to obtain, market, and sell personal data, but they refused to talk.

All invoked their constitutional right to not incriminate themselves when asked whether they sold “personal, non-public information” that had been obtained by lying or impersonating someone.

“What delicious irony,” said Rep. Joe Barton, chairman of the full committee and a Texas Republican. “People who cheat and lie for the purpose of making money are now complaining that they cannot cheat and lie in private.”

The committee focused on the technique of pretexting, in which a caller contacts a phone company, utility or government agency under the pretense of being someone else, perhaps the manager of a branch office or the actual customer.

Some lawmakers shook their heads as former data broker James Rapp explained how easily and quickly he could obtain and sell a bank password or credit card record of committee members.

Rapp said by offering a few pieces of personal information, such as a person’s name and address, pretexters con a customer service representative into revealing other information. After a few inquiries, they can get the Social Security number, the key to a trove of other sensitive data.

“There was nowhere you could run or hide that I couldn’t track you down,” said Rapp, who closed his data brokerage in 1999 under pressure from Denver police.

The pending legislation was developed because it is unclear if data brokers violate specific fraud or identity theft laws.

However, Republicans and Democrats on the committee said they suspected House leaders halted the bills because of their potential implications on terrorism investigations, such as accessing phone records from Verizon Communications and other companies without subpoenas.

Lawmakers also grilled law enforcement officials about using data brokers, questioning whether it was a method to circumvent a subpoena or cut the time required to receive a company’s response.

The officers said using data brokers was not standard practices and those who obtained the information were new or believed the information was obtained legitimately. They also denied it was a problem to wait sometimes days or weeks to receive information through a warrant.

© Copyright 1996-2006 The Washington Post Company