Lawmakers call for ChoicePoint investigation

A group of Democratic U.S. lawmakers called Thursday for a federal investigation on how terrorists could use information from commercial databases, such as the compromised records thieves obtained from ChoicePoint Inc.

Five Democrats, four of them senior members of congressional committees related to domestic security, called for investigations by the U.S. Department of Homeland Security and the U.S. Government Accountability Office (GAO) after data collection company ChoicePoint announced in February that identity thieves had tricked the company into giving them personal records of up to 145,000 U.S. residents.

The five lawmakers argued, in letters to the two agencies, that foreign terrorists could use information from commercial databases such as ChoicePoint’s to obtain identification that would help them get into the U.S. “With the information that companies like ChoicePoint maintain, terrorists could have a better chance of entering the United States, they could better smuggle finances, and could obtain better cover when preparing to perform terrorist attacks,” wrote Representative Bennie Thompson, a Mississippi Democrat, in a letter to the GAO signed by four other Democrats.

ChoicePoint’s database includes 19 billion public records, including Social Security numbers, military records and motor vehicle registrations, on virtually all U.S. adults. The company sells this information to a variety of groups, including businesses and government agencies performing background checks on potential employees.

ChoicePoint officials say its data was likely obtained by identity thieves who used stolen identities to set up bogus businesses that requested information from the company.

Thompson, the ranking Democrat on the House Committee on Homeland Security, also called on the committee to hold hearings on possible terrorist uses of commercial databases. Senate Judiciary Chairman Arlen Specter, a Pennsylvania Republican, has already promised to hold hearings, and Senator Dianne Feinstein, a California Democrat, introduced a bill in January that would require businesses and government agencies to notify the likely victim when there is a “reasonable basis to conclude” that a criminal has obtained unencrypted personal data.

Among the other Democratic lawmakers joining with Thompson Thursday were Representative John Conyers of Michigan, the ranking Democrat on the House Judiciary Committee, and Representative Zoe Lofgren, ranking Democrat on the House Homeland Security Committee’s Subcommittee on Intelligence, Information Sharing, and Terrorism Risk Assessment.

The lawmakers’ call for an investigation comes a day after the Los Angeles Times reported that two Nigerian men gained access to ChoicePoint’s database in 2002 and used stolen identifies to buy US$1 million in merchandise. It’s unclear whether the company notified affected people at that time, according to the Times story.

ChoicePoint, on advice of its lawyers, is “not going to comment today on anything,” company spokeswoman Kristen McCoughan said Thursday.

Meanwhile, an executive of a vulnerability management firm, called for a national law that would require victims of ID theft to be notified by the companies that lose the data. Pete Stewart, chief executive officer of TraceSecurity Inc., based in Baton Rouge, Louisiana, met with Feinstein’s staff Thursday, and he talked about possible laws to address software vulnerabilties as well as ID theft.

When Stewart’s company finds a vulnerability in software one of its clients uses, TraceSecurity contacts the software vendor. “A lot of times, that (vendor) isn’t very glad to hear us make that call,” he said after his meeting. “A lot of times, there are lawsuits threatened.”

Stewart hopes the ChoicePoint situation will show lawmakers the need for better ID theft protections. The concern that Thompson and other Democrats raised about terrorists using ID theft is realistic, he added. “Let’s hope we never go there, but that’s obviously a very large issue,” Stewart said. “If (a bill) doesn’t pass, you’re going to see more ID theft take place. And it’s going to be more dramatic.”

Related Download
A Guide to Print Security for Canadian Organizations Sponsor: HP
A Guide to Print Security for Canadian Organizations
IT security vulnerabilities are a growing cause for concern for organizations trying to protect their data from printer breaches.
Register Now