Good morning Mr. Chairman, and members of the Committee. My name is Bruce H. Hulme and I am appearing today on behalf of the National Council of Investigation and Security Services and as Legislative Chairman of the Associated Licensed Detectives of New York. State. I am a past president, chairman and serve as a Board member of both organizations. I have been a licensed private investigator in New York for thirty-six years and am president of Special Investigations, Inc.

I appreciate the opportunity to comment on H.R. 4311, the Identity Theft Prevention Act of 2000. You have asked us to address the uses private investigators currently make of Social Security numbers and other personally identifiable information; for our views on specific provisions of this bill that would affect the private investigator community; and our assessment of the implication and enforcement of the anti-pretexting provisions of the Gramm-Leach-Bliley Act.

As a profession that has been trying to help victims through the identity theft maze for years, we applaud Congress' efforts to finally put laws on the books that will bring victims some relief. While a percentage of identity thieves no doubt gather their victim's identities from the Internet, our experience is that most such thefts result from the purloining of documents, files, charge slips, credit cards, and wallets from restaurants, stores, trash bins and private property. The remedies you have proposed for a person once victimized seem appropriate, but you should not expect that closing Internet information access is going to stop this crime.

Most of HR 4311 seems to be on the right track, but we are very concerned about Sections 7 and 8, which will, in fact, hinder relief for victims and cause many unintended consequences.

A number of years ago, the FTC entered into a consent agreement whereby the identifying information that precedes a credit report, which is called "header" information, was deemed not part of the credit report and therefore not covered by the Fair Credit Reporting Act as a Consumer Report. The "header" report does not contain any financial information. This information has been an invaluable resource for investigators to locate witnesses, heirs, debtors, and to employ in all manner of fraud and theft investigations. The language in Section 7(a)(3) and (c) of HR 4311, we believe, will codify the termination of credit header availability for any legitimate purpose. In combination with Section 8(b)(2) it will make it impossible for any civilian investigator to obtain or report information necessary to identify suspects and exonerate the innocent without first obtaining the written permission of a suspect as required by the FCRA. We therefore ask that all of Section 7 be deleted.

The definition of Individual Reference Services Provider contained in Section 8 of HR 4311, regrettably encompasses not just credit bureaus and information providers, but anyone who gathers information, which would also include all licensed private investigators. Section 8(b)(A) as presently drafted would define a private investigator as an Individual Reference Service Provider. In fact, many entities such as the National Association of Security Dealers, Insurance Index Bureau and self-regulatory organizations and others that are not part of Federal or State government would be included under the definition of an IRSP. We request that the IRSP definition be eliminated, modified, or in the alternative that an exemption be provided in the Section 8 definition of an IRSP which would reflect that the definition does not include providers of reports prepared in connection with litigation, in anticipation of litigation, due diligence, investigation of insurance claims, civil and criminal fraud, criminal defense, failure to provide child support, identity fraud, and stalking or any other violations of law.

Requiring that IRSPs open their files to consumers upon request makes sense as it pertains to credit bureaus, but not as it applies to confidential investigations of suspected crime or other legitimate business purposes. I note that this Committee is now in the process of attempting to correct several problems created by the 1996 amendments to the Fair Credit Reporting Act. One of those problems the Committee is attempting to remedy with the introduction of HR 3408, is that the FTC has said that current law requires employers to turn over to an employee, a full, unedited copy of any report by outside investigators if any adverse action is taken against a suspect employee. This would include the names of complaining witnesses and their sensitive, confidential statements. Section 8 of HR 4311 would require investigators, upon request, to provide not only the report made to the employer, but the entire investigative file. This disclosure would create a climate of fear among potential witnesses and victims.

Private investigators, for a fee, hire or reward, as a regular part of their routine, ascertain, collect, assemble, evaluate and provide their clients documents and reports containing personally identifiable information. Such information often includes the Social Security numbers of individuals as well as many of the items enumerated in Section 8. The twelve types of information described in paragraph Sec.8 (b)(2) as well as other similar information not as yet determined by the Federal Trade Commission, are in most cases routinely and legally obtained by private investigators.

In 1997, I testified before the Federal Trade Commission Workshop on behalf of the National Council of Investigation and Security Services to present the private investigation industry's position on consumer information privacy. That presentation helped create the record that formed the FTC's analysis of computer database services. Members of the Individual Reference Services Group testified along with others and industry practices were implemented regarding the disclosure of information that they gather and disseminate to third parties such as private investigators, insurance companies, security firms, attorneys, public interests groups and law enforcement agencies. Private investigators were found to be qualified users for permissible purposes of the data provided by IRSG member firms such as LEXIS-NEXIS, ChoicePoint-Database Technologies, Inc., Equifax, Experian and Trans Union.

There are appropriate uses for such information which is not only critical for private investigators but for attorneys, journalists, medical researchers, insurance companies, self regulatory bodies, as well as government and law enforcement in fraud prevention, child support enforcement, uniting separated families, locating heirs to estates, locating pension fund beneficiaries, locating organ and bone marrow donors, significant journalistic endeavors, apprehending criminals, aiding citizens in obtaining access to public record information and in assisting the very individuals that this legislation seeks to protect.

In December 1997 the Federal Trade Commission submitted a report to Congress entitled Individual Reference Services wherein the list of comments submitted pursuant to Federal Register Notice comprised hundreds of letters that were received from private investigators which outlined their need for continued access to credit header records and gave case by case examples where such information was essential. When I appeared before the FTC I submitted hundreds of additional letters from private investigators citing examples where credit header information was the critical factor in their obtaining a successful result for their clients.

The Council believes that licensed private investigators, and for that matter licensed security firms, should continue to be allowed access to credit header information. The Drivers Privacy Protection Act of 1994, enacted after Congressional hearings before which the Council testified, permits a licensed private investigative agency or licensed security service access to personally identifiable information for legitimate purposes. We would like this committee to consider similar provisions in the present legislation being discussed today.

Licensed private investigators and security service companies in my state are licensed by the New York Department of State. "The duties of a private investigator as set forth in that state's General Business Law Section 71(1) encompass various activities aimed at uncovering and/or prevention of the commission of crimes and/or torts by others, and the business of private investigation is, therefore, quasi law enforcement in nature. Licensed private investigators are, therefore, held to the highest standards of honesty, integrity and rectitude in their business dealings."

Most other states have legal jurisdiction over private investigative and security firms. They undergo fingerprint criminal background checks, are regulated, are tested and for the most part receive training and often continuing education. We believe that regulated licensed private investigators and security firms should be allowed continued access to header information. Many of the reports containing the personally identifiable information that this committee seeks to protect that private investigators prepare, are privileged attorney work product. We abhor scam fraud artists and rogue information brokers who advertise on the Internet to the general public that they will provide information on anybody to anybody for a price no matter who the customer. Publication of personally identifiable information to the general public can only continue to lead to improper use, theft, fraud and even potential physical harm.

There are a number of bills before Congress which would ban the use of the Social Security number for any but its intended purpose. Many of these bills do not take into consideration the effect of removing the social security number as an identifier. We believe a good example of a viable type of solution lies in Section 1150A of the Senate version of the Commerce Appropriations bill. This legislation prohibits the wrongful use and publication of a consumer's social security number, while recognizing the legitimate and necessary uses of the number.

We fully appreciate the incredible burdens faced by victims of identity theft. Many of us have had to face these victims. When all other avenues of redress have fallen upon deaf ears and often as a last resort, identity fraud victims have turned to private investigators to redeem their name and restore their good reputation. In fact, many of us have assisted these victims for little or no remuneration.

The New York State Senate Majority Task Force on the Invasion of Privacy in March 2000 made several recommendations that concern identity theft:

• Provide for an expedited process whereby identity theft victims can petition a court or administrative body to make a finding and issue an order in cases where evidence of identity theft can be clearly demonstrated, thereby facilitating efforts to restore the victim's credit history;

• Develop initiatives to curtail abusive practices of collection agencies, particularly when actions are directed at identity theft victims;

• Increase civil penalties for credit reporting agencies' willful noncompliance with the resolution of identity theft matters;

• Establish an Identity Theft/Consumer Fraud Assistance Board to provide assistance to identity theft victims and a fund for victim assistance and investigations.

This Committee has also asked for our assessment of the implementation and enforcement of the anti-pretexting provisions of the Gramm-Leach-Bliley Act. We take issue with outlawing the pretexting of a criminal who has hidden in a financial institution his or her ill-gotten gains stolen from our clients, but allowing such a pretext of an individual in the investigation of insurance fraud and child support judgments but not in other frauds or other judgments. However, we strongly support criminal sanctions against any person who pretexts others that result in a criminal act including a criminal act against an identity theft victim.

The National Council of Investigation and Security Services and the Associated Licensed Detectives of New York State takes the position that anyone that uses personally identifiable information or financial information for illegal purposes be subject to criminal sanctions and heavy fines. We favor the implementation of assessing enhanced penalties for aggravated cases, actual damages for willful violations, and additional damages allowed by the court for commercial purposes, disgorgement of profits, attorney's fees and costs, and additional sanctions upon the receiver of information that is obtained for unlawful purposes.

Taking away the tools from the civilian crime fighters and investigators serving the justice system is not the way to go about resolving identity theft. Congress needs to ensure that exemptions are provided for licensed private investigators on legitimate business. We would also like to see the FTC set up a liaison with our profession which would allow us to provide evidence on those who commit fraud and who tarnish our reputation.

We have recently surveyed our membership about how they have been able to assist victims of identity theft. The following examples demonstrate the benefits of permitting licensed private investigators to access essential information from "credit headers." Section 7 of HR 4311 would deny us this critical tool. These anecdotes should give this Committee some idea of the types of cases that require this information.

In Coronado, California, an elderly woman whose apartment building had just been renovated suddenly began receiving bills for a credit card that she never used and kept in a desk drawer. When she complained to the contractor, he realized there were four possible suspect workers and hired a private investigator. The investigator verified the credit card was used by a man and wife fitting the description and in the neighborhood of one of the workers. The suspect was terminated while the other three were cleared and their jobs and reputations saved. No prosecution resulted.

In Tennessee, a show dog breeder was being stalked and threatened by email from an unknown harasser. She was terrified because she had no idea what the suspect looked like and she was often exposed in public arenas. The police could not help without some identification. Using credit headers and other sources, the private investigator found addresses for the suspect who was using four names, four different social security numbers and who had a criminal record. The police then obtained a mug shot and provided it to the victim who was relieved. The same investigator reports she recently located and served process on a dead-beat dad and could not have located him without using credit headers.

In New York, a public utility hired our member to conduct a pre-employment background investigation for a high level position. A credit report, obtained under the FCRA contained two different Social Security numbers. Running a credit header check on the second number revealed a different name and addresses and the investigator discovered his true identity. The applicant had adopted the identity of one of his former college professors to keep his own less desirable background secret.

In Atlanta, Georgia, an auto dealership asked our investigator to help an applicant who claimed his identity had been stolen. An imposter had stolen this man's social security number and date of birth as well as the identity of four other people. His criminal record included nine felonies in Georgia and other multi-state offenses. The applicant couldn't understand why he had been turned down for several jobs until one potential employer leveled with him and he realized his identity had been stolen. Numerous law enforcement agencies told him they couldn't help him. Our investigator arranged for the applicant to be fingerprinted and the Georgia Bureau of Investigation issued him a certificate stating he was not the same person as the imposter. He then carried the certificate to the three major credit bureaus to clear his name in their files. The investigator says had he not helped the victim through this maze, he would surely have been arrested in Georgia or Florida where warrants had been issued.

While staying in a hotel in Las Vegas, Nevada, two New Mexico residents had their wallets stolen from their room. A security camera identified an employee entering and departing their room. The employee was confronted by hotel security and allowed to resign. The hotel said it was their policy, partly because of the Fair Credit Reporting Act, not to prosecute, but just fire the bad apple. The hotel reimbursed the two victims for their lost cash and they returned to New Mexico and notified their credit card companies. Soon, one man started receiving calls from a collection agency in California about a bad check passed using a California driver's license as identification. The man had never been in California and was shocked to find that the fake license had his name and date of birth. He hired a private investigator that made a report and submitted it to the authorities in California, Nevada and New Mexico. Each state's agency said they could not investigate because it was not in their jurisdiction. The motor vehicle department told our investigator they were aware of the true identity of the suspect, but were prevented by law from disclosing the true name or address. The investigation did not result in any apprehension or prosecution. The victims could not afford to investigate further.

An investigation currently underway in California has a middle-aged suspect who returned home after years away and stole his elderly father's identity. He went on a spending spree in Oregon and California and was not called to answer before both his parents passed away. The investigator is now working for the estate to try to apprehend the thief and obtain restitution. Most of his leads involve the use of credit header information.

A former Dallas police sergeant, now a private investigator, reports he is pursuing a physician who filed bankruptcy following loss of suit for a wrongful death. The doctor divorced her husband before the bankruptcy and is now remarried to a man with a similar name and date of birth. The suspicion is that this maneuver served to hide assets due to the victim's survivors. He says the lack of legal access to credit records impedes his investigation.

In San Francisco, an investigator reports working a case right now for a successful business owner who started getting statements in the mail saying he owed tens of thousands of dollars on computers and other purchases, none of which he knew anything about. He found someone had hijacked his identity, opened credit card and store accounts in his name and had even opened a web page mirroring his web page and had an email address similar to his. The San Francisco Police said they would take a report, but would not investigate and suggested he go to the Secret Service. The Secret Service said they would not handle the case until at least $100,000 is lost. Current losses are approaching $80,000. The victim had a suspicion it was an ex-employee who lived in Salt Lake City and called the investigator. The agency used credit header information to learn that the ex-employee has three names, three or four Social Security numbers, and three different dates of birth on file. The investigators still don't know if he is involved, but they continue looking for linkages. They also located an address to which computers were shipped and are currently running down as much information as they can on the owners and occupants of that address.

Here is an investigator's story from Toledo, Ohio, in his own words, about how credit header information is used to locate lost heirs:

"As of yet, I have not worked on an identity theft case, but over the years I have located a number of missing heirs in probate estate cases.

"One of my cases involved a woman whose name was Terri. She was left a sizeable inheritance by her uncle in the form of a trust. The family had not had any contact with her for a number of years, so the attorney handling the trust asked for my assistance. By using header information, I was able to eventually determine that Terri was recently married and was living someplace in Utah. I was able to locate her husband's relatives and learned that Terri and her husband were destitute and were living out of a pick-up truck either in Utah or Oregon. I sent the requisite documentation to Terri in care of her husband's relatives and she rightfully obtained her substantial inheritance. Without access to header information, I would not have been able to locate her.

"Although I have numerous cases, I would like to cite two more. I learned that a decedent was wrongfully killed and her family reached a settlement after suing in court. The funds were to go to her son who the family had not had any contact with for a number of years. Once again, by using header information, I was able to locate her son Nathaniel, who was down on his luck in Texas, and to get his substantial inheritance to him as well.

"Another case involved a missing heir whose father died and left him a sizeable estate. His family had not had any contact with him for a number of years. Once again, by using header information, I was able to locate him in Kentucky. He was self-employed and did not have any health insurance. I learned that his wife needed surgery and he could not afford it. With my efforts in locating him and sending him his rightful inheritance, his wife had the much needed surgery and the family thanked me profusely for my efforts in locating them."

We believe that the identity theft laws recently enacted will help law enforcement to prosecute perpetrators once apprehended. But Congress should be aware that public law enforcement resources are stretched and crimes of this nature are not now a high priority. The losses, though devastating to the victims, are usually beneath the dollar threshold that many departments follow. And the mental toll on the victims is unquantifiable. The private sector will have to continue to augment public law enforcement. And it should be noted that the hapless victims of this crime often have very limited resources.

To the extent HR 4311 makes it easier for victims of identity theft to clear their credit files and restore their reputation, we commend it. But Congress should proceed very carefully before eliminating the very tools used to apprehend the stealers of the identities of others or the perpetrators of other criminal acts.

# # #