Lawmakers call for ChoicePoint investigation

They fear terrorists could use information from commercial databases

A group of Democratic U.S. lawmakers called today for a federal investigation on how terrorists could use information from commercial databases, such as the compromised records thieves obtained from ChoicePoint Inc. (see story).

Five Democrats, four of them senior members of congressional committees related to domestic security, called for investigations by the U.S. Department of Homeland Security and the U.S. Government Accountability Office (GAO) after data collection company ChoicePoint announced last month that identity thieves had tricked the company into giving them personal records of up to 145,000 U.S. residents.

The five lawmakers argued, in letters to the two agencies, that foreign terrorists could use information from commercial databases such as ChoicePoint's to obtain identification that would help them get into the U.S.

"With the information that companies like ChoicePoint maintain, terrorists could have a better chance of entering the United States, they could better smuggle finances, and could obtain better cover when preparing to perform terrorist attacks," Rep. Bennie Thompson (D-Miss.) wrote in a letter to the GAO signed by four other Democrats.

ChoicePoint's database includes 19 billion public records, including Social Security numbers, military records and motor vehicle registrations on virtually all U.S. adults. The company sells this information to a variety of groups, including businesses and government agencies performing background checks on potential employees.

ChoicePoint officials say its data was likely obtained by identity thieves who used stolen identities to set up bogus businesses that requested information from the company.

Thompson, the ranking Democrat on the House Committee on Homeland Security, also called on the committee to hold hearings on possible terrorist uses of commercial databases. Senate Judiciary Chairman Arlen Specter (R-Pa.) has already promised hearings, and Sen. Dianne Feinstein (D-Calif.) introduced a bill in January that would require businesses and government agencies to notify the likely victim when there is a "reasonable basis to conclude" that a criminal has obtained unencrypted personal data.

Among the other Democratic lawmakers joining with Thompson were Rep. John Conyers (D-Mich.), the ranking Democrat on the House Judiciary Committee, and Rep. Zoe Lofgren (D-Calif.), ranking Democrat on the House Homeland Security Committee's Subcommittee on Intelligence, Information Sharing, and Terrorism Risk Assessment.

The lawmakers' call for an investigation comes a day after the Los Angeles Times reported that two Nigerian men gained access to ChoicePoint's database in 2002 and used stolen identifies to buy $1 million in merchandise. It's unclear whether the company notified affected people at that time, according to the Times story.

ChoicePoint, on advice of its lawyers, is "not going to comment today on anything," company spokeswoman Kristen McCoughan said.

Meanwhile, an executive of a vulnerability management firm called for a national law that would require victims of identity theft to be notified by the companies that lose the data. Pete Stewart, CEO of TraceSecurity Inc., based in Baton Rouge, La., met with Feinstein's staff today and talked about possible laws to address software vulnerabilties in addition to identity theft.

When Stewart's company finds a vulnerability in the software one of its clients uses, TraceSecurity contacts the software vendor. "A lot of times, that [vendor] isn't very glad to hear us make that call," he said after his meeting. "A lot of times, there are lawsuits threatened."

Stewart hopes the ChoicePoint situation will show lawmakers the need for better identity theft protections. The concern that Thompson and other Democrats raised about terrorists using identity theft is realistic, he said.

"Let's hope we never go there, but that's obviously a very large issue," Stewart said. "If [a bill] doesn't pass, you're going to see more ID theft take place. And it's going to be more dramatic."

Copyright © 2005 IDG Communications, Inc.

It’s time to break the ChatGPT habit
Shop Tech Products at Amazon