[WaPo] Great piece on the state of Identity Theft
khare at alumni.caltech.edu
Tue Jan 6 10:58:28 PST 2004
They certainly get credit for uncovering the worst-possible-case story.
The $1.3M judgment against Trans Union can't be high enough (see, I'm
actually supporting the trial lawyers for once!)
The Washington Post Magazine: Cover Story
Meet Michael Berry: political activist, cancer survivor, creditor's
dream. Meet Michael Berry: scam artist, killer, the real Michael
Berry's worst nightmare
By Robert O'Harrow Jr.
Sunday, August 10, 2003; Page W14
Michael Berry prowled the streets of South Central Los Angeles in a
rented silver Volvo, searching for a clue. He turned onto a residential
street called 12th Avenue, peered at each home and then slowed the car
almost to a stop. His heart fluttered.
Off to his left was the address that had obsessed him for months. He
saw a well-tended bungalow with crisp green grass. Watering the lawn
was a man covered in tattoos and wearing a sleeveless undershirt and
aviator sunglasses, who watched closely as Berry drove by.
"Oh crap, I didn't do this right," Berry muttered to himself, gripping
the steering wheel a little tighter and trying not to stare back.
He had come 2,700 miles from his townhouse in Arlington to scope out
the place that somehow had appeared on credit reports as his new home.
Some cretin using the address had opened at least 15 new credit card
accounts in Berry's name and run up thousands of dollars in bills for
clothing, flowers, gasoline and telephone calls.
Berry had always taken pride in paying his bills on time. At 33, he was
the chief operating officer of the Independent Women's Forum, a
conservative women's group, mingling regularly with Washington
lawmakers and Republican activists. The theft of his identity was
changing everything: threatening not just his credit rating, which was
in tatters, but his respectability, his very sense of himself as a man
firmly in control of his own life. Now, as he drove by the tidy house
in L.A., he was at a loss. "I felt," he says, "totally helpless."
He had tried to report the financial problems to L.A. police. Because
he wasn't a resident, and the fraud was not considered large enough,
they brushed him off over the telephone. When he called police in
Arlington, a friendly officer took his report. But he got no promises.
Arlington, the officer said, had no jurisdiction in California.
Berry pulled up the street, turned the car around and parked.
Pretending to do paperwork in his lap, he kept watch for anything
suspicious. "Be careful," he told himself. "Sit back and watch."
He had good reason to take care. Just days before, he'd learned from a
Florida homicide detective that a man who had assumed his persona --
using his Social Security number and carrying a driver's license with
his name -- was a convicted murderer who was wanted for fresh killings
in two states. That meant that Berry, the real Berry, was liable to be
taken into custody as a wanted man at any time.
Sitting in his office in south Arlington, Berry dialed a toll-free
number and waited for the computerized voice at Chase Manhattan Bank to
prompt him. He punched in the number of his Chase Platinum MasterCard.
It was early January 2002, six months before his visit to Los Angeles,
and he was trying to consolidate his debts onto one low-interest card.
He sat back in his chair as he told the clerk his current income and
how much credit he wanted. When he hung up, he was certain the bank
would comply, because he had never missed a payment, even when he was
between jobs. A few days later, he heard the news. He was rejected.
"I'm sorry," the clerk told him. "You have opened too many cards
Berry was puzzled, but not particularly upset. "This is a mistake," he
thought. He'd get it fixed. Determined by nature, Berry was used to
working through problems and, eventually, getting where he wanted to
As an undergraduate at the University of Southern California, he'd
found his way into the state headquarters of the 1988 Bush-Quayle
campaign, landing a volunteer job recruiting and coordinating college
activists. He became head of the Trojan College Republicans at USC, one
of the state's largest college political groups. After transferring to
Pepperdine University in his junior year, Berry parlayed his burgeoning
Rolodex into prestigious internships at Ronald Reagan's post-White
House office and in the Bush administration, where he worked as an
advance man for Vice President Quayle.
He had every intention of staying in Washington as a political
operative. But he cut short his plans after his father had a heart
attack. He moved back to his home town in central California and took a
job as a teacher, following in the footsteps of his father. Not long
after, Berry faced his own health crisis. He was diagnosed with
testicular cancer at the age of 24. For a time, he thought he might
die. His doctors urged him to donate sperm in case he wanted a family
someday. Then they removed one testicle and prescribed radiation
The treatments that cured Berry also nauseated him and sapped his
vitality. But after the ordeal was over, he worked his way through the
education bureaucracy and became an elementary school principal. He
never lost interest in politics, though, and decided to move back to
D.C. a few years ago. He became a special assistant to Texas Sen. Kay
Bailey Hutchison on the Hill before moving over to the Independent
Michael Berry, in his Arlington office, knows Washington's ins and
outs, but he'd never encountered anything like the mess created when
his idenity was stolen. (Photograph by David Deal)
Berry tried to put his savvy to work for him. After the rejection from
Chase, he made a round of calls to the top three credit bureaus, Trans
Union, Experian and Equifax, companies that operate near the center of
the U.S. economy. Working with banks, retailers, landlords, car
dealerships and an array of other enterprises, the credit bureaus
collect and share extraordinarily rich financial details about nearly
every adult in America: where we live, how much money we owe and to
whom, and whether we pay our bills on time.
Credit bureaus sold some 1.2 billion credit reports in the United
States last year, more than double the number a decade ago. Many of the
transactions that characterize American life depend on those reports.
They are factored into mortgage loans and credit offers, used to weed
out risky tenants and screen people for mobile phone service. Some
identifying personal information in them, including addresses and
Social Security numbers, also has helped fill the reservoirs of
information brokers, who resell data to lawyers, debt collectors and
jilted spouses searching for wayward mates. The reports are also
perfect fodder for identity thieves.
The credit bureaus mailed Berry his own reports, which were sullied by
all kinds of purchases he hadn't made. According to the credit
agencies' computers, he had sought, received and quickly used thousands
of dollars in instant credit from Gap and Old Navy. He had maxed out a
$1,500 limit obtained a few weeks before from the QVC shopping channel.
He had charged hundreds of dollars' worth of gas in the Los Angeles
area on a new Exxon card, along with $462 on a new phone line in
Anxiety surged through Berry at these revelations. He'd been paying off
his car loan early and sharing a townhouse with two roommates to save
money, but he knew all the wild spending attributed to him would damage
his credit rating. If he didn't get this cleared up, he might have
trouble buying a house.
Berry discovered from other businesses that his fictive counterpart had
sent hundreds of dollars' worth of roses and a stuffed bear to a Los
Angeles woman named Joann. "These flowers are from You Know Who," read
the note that accompanied the flowers. "I love you a lot and your
conversation." A few days later, You Know Who sent another pile of
roses to a woman named Maisha, this time with a contrite note attached:
"I am sorry for lying, cheating, being selfish."
It was as though You Know Who -- and maybe others -- was in a spending
frenzy, trying to squeeze as much money as possible out of Berry's
identity before the scam was shut down. In some cases, the fraud artist
or artists got cute, using "Bebe Hooker" as his spouse's name on one
credit application, and "Lucy Love" as his mother's maiden name on
another. But the incorrect information didn't get in the way of the
applications being approved.
Old Navy had decided to open a new account, in January 2002, for
instance, even though the man impersonating Berry used the wrong
address. At the same time, the company that issues cards for Old Navy
-- Monogram Credit Card Bank of Georgia, a subsidiary of General
Electric Capital Corp. -- also had granted the impostor credit cards
for Exxon, Gap and QVC.
Monogram knew it was taking a risk on those accounts. About a month
after the Old Navy account was maxed out, Berry received a
computer-generated letter from Monogram. The company expressed its
uncertainty and asked Berry to tell it whether a mistake had been made.
"Dear Cardholder," it began. "We have recently opened up a credit card
account, in your name, with OLD NAVY. Since, the address in the
application did not match the address contained in the consumer credit
bureau report, we are writing to you to confirm that the credit card
account was opened at your request.
"If you did apply for this account, you do not need to respond."
When Berry called Monogram, a representative assured him the Old Navy
account would be closed and the charges removed from his credit report
within six weeks. Berry felt better after hanging up the phone -- a
sense of relief that wouldn't last long.
Identity theft is perhaps the most glaring symptom of the ills that
have accompanied the data revolution of the 1990s. Bounced checks. Loan
denials. Harassment from debt collectors. Victims of identity theft --
and there are millions of them -- are often haunted by the consequences
Some government officials estimate that as many as 750,000 people a
year are victimized. Others think that number is way too low. Last
month Gartner Inc., a business research group, estimated that 7 million
Americans have fallen prey to identity thieves in the past year alone,
an extraordinary figure mirrored by a new survey from Privacy &
American Business, an industry-funded think tank. Another study, by
Star Systems, a company that facilitates the majority of U.S. ATM
transactions, suggests that almost 12 million Americans in all, or
about one in 19 adults, have been hit by such fraud.
David Medine, a former Federal Trade Commission and White House
official, and now a leading information law specialist at the law firm
Wilmer, Cutler & Pickering, has an unscientific test he uses to judge
the extent of the problem. He asks friends at Washington parties if
they've been a victim or know a victim. These days, Medine says, almost
everyone has a horror story to contribute to the conversation. "You
have this seemingly low-level crime that, cumulatively, is a national
crisis," Medine says.
The financial costs are staggering, though no one can put a precise
dollar figure on them. Star Systems estimates the losses at $24
billion, the vast majority in the past decade, a burden shouldered
largely by the nation's financial institutions as a cost of doing
They are well aware that identity thieves are growing not only more
numerous, but more menacing. Scam artists and grifters have been joined
by criminal groups from abroad and street gangs that once specialized
in robberies or extortion. And as September 11 made plain, identity
theft also has become a favored technique of terrorists. Often using
documents generated by desktop computers, they take on fake names,
Social Security numbers, birth certificates and driver's licenses in
schemes to cloak themselves and raise money for their operations. It
is, law enforcement authorities agree, frighteningly easy for them to
get away with it.
The nature of identity has always been the stuff of mystery stories and
film noir. One of the great American novels of the 20th century, The
Great Gatsby, has questions about the mutability of identity at its
core. Now those same issues have become the stuff of national security
One of the most vexing questions facing those responsible for making
life in America safe from crime and terror is this: How can we prove
that someone is who he or she claims to be? For most of our history,
that was fairly easy to answer for the majority of Americans. We
defined individuals' identities by their parents, siblings and friends.
By the town they lived in and the schools they attended. By the clubs
and organizations they joined. In many cases we knew them by sight, or
at least knew someone who could vouch for them. Those who wanted to
remake themselves, to break free of the bonds of their own histories,
had to move away.
In our lifetimes, all that has faded away, as Americans conduct more
and more business electronically, move from town to town and job to
job, and generally know one another less well. Now, as often as not,
the practical terms of our identities are defined by "data elements"
contained in hundreds or thousands of computers.
Our Social Security numbers and addresses. Our mothers' maiden names
and middle initials. Our birth dates and the special numbers and
nicknames we use as our passwords. The things we buy, the cars we own
and the way we use our credit cards. These details, combined just so by
computers and analysts, now authenticate us in the way that personal
links used to, serving as virtual keys to financial accounts, retail
outlets, communication, air travel and government services.
"What are the last four digits of your Social Security number?" we are
asked. "What's your Zip code?"
The problem is, the "data elements" required to authenticate customers
on the fly are often available to criminals at little or no cost,
sometimes openly on the Web, other times for fees from information
The brokers, who run the gamut from legitimate businesses to
questionable characters operating out of their living rooms, peddle all
sorts of personal information for as little as $25 a pop. Some even
manage to get their hands on credit reports, which are especially
prized by identity thieves. In November, federal prosecutors arrested
three men who had stolen some 30,000 credit reports for resale and use
in identity theft schemes.
Then there are the hackers skilled at stripping computers of names,
Social Security numbers and financial records. In one recent case,
hackers plundered 10 million Visa, MasterCard and American Express
numbers from a company that processes transactions for merchants. Card
holders didn't learn about the intrusion until the FBI jumped in to
Bob Blakley, chief scientist for security and privacy at IBM Tivoli
Systems, a software maker, says that most Americans mistakenly assume
their old notions of identity still apply, that computers and clerks
can accept at face value an individual's answer to the question: Who
are you? "That's really a profoundly false view of the way that
identity works," says Blakley, who recently served on a National
Academy of Sciences group examining these issues. "There's a great deal
more opportunity for confusion. It's really complicated to sort out
Sometime in the spring of 2002, a man posing as Michael Berry moved
into Bay Run II apartments, a working-class complex in Orlando. He'd
come from California and sublet the place from a friend of a relative.
His real name was Demorris Andy Hunter, a convicted killer who'd spent
13 years in Folsom State Prison for a 1985 murder. He looked nothing
like Berry, a big man with pale Irish skin who stands six feet tall and
weighs close to 200 pounds. Hunter was smaller -- only 5 feet 7 inches
and 150 pounds -- and African American. A police photo of Hunter shows
a tired-looking man with a shaved head and a slight scowl.
None of those differences mattered when Hunter showed up in Orlando.
People assumed the California driver's license with Berry's name and
Hunter's photo was legitimate. A fake Social Security card displaying
Berry's number also passed muster. Those documents helped Hunter get a
job at B's, a barbecue joint where he washed dishes and bused tables.
Bay Run residents who met the man calling himself Michael Berry
considered him a friendly if somewhat wary character. Soon after moving
in, he was attending parties and getting to know some of his neighbors.
One of his new friends was Theresa Green, a part-time hospital
secretary who lived one floor up with her 14-year-old son.
On May 25, 2002, he and Green attended a party in an apartment in the
same building that ran into the early morning hours. According to those
who attended, the two drank copiously and danced to the loud music
until the party ended at about 2:30 a.m. But Green didn't want to
leave, and when Hunter pulled her away, the two started arguing and
somehow fell down a set of stairs. Later, their yelling could be heard
through the walls of her apartment.
About 7 a.m. that morning, Hunter approached Joseph Butler, the
neighbor who had had the party. Hunter gave him keys to a borrowed van
and, without explaining why, asked that he follow him to a drugstore in
a suburban town more than 15 miles away. Hunter drove Green's white
Oldsmobile, but she wasn't around.
After leaving Green's car in the drugstore parking lot, Hunter dropped
Butler off and disappeared in the van. Green was found early the next
day. She was dead, stuffed into the trunk of her own car. It appeared
she'd been strangled.
Orlando homicide detectives Roy Filippucci and Barbara Bergin received
pages on Memorial Day afternoon. When they went to Green's apartment
they found drywall broken in one spot and some personal items on her
bed that had been rifled through. When the two made the rounds in the
neighborhood, talking to people who knew Green, they turned up a
suspect in no time: a man named Michael Berry.
With a felt-tip pen, Berry outlined several lines of charges noted on
his Trans Union Personal Credit Report and Score. "NOT ME!," he
sketched in. "FRAUD." He circled the last word five or six times out of
frustration, as he thought about what to do next.
It was spring 2002, about the time that his impersonator had moved to
Orlando, and as usual Berry was working to offset the damage.
He had lost count of the telephone calls he had made to the credit
bureaus, the banks and the stores that had drawn him unwillingly into
their business. He had filled white legal pads on his desk with contact
names, reference numbers tagging his complaints, and dollar amounts.
His boss and co-workers knew about his trouble and now and then asked
for updates or offered to help him. To make up for all the time he was
spending on the telephone and writing letters, he worked later each
day. His usual 60-hour workweek grew even longer.
"I was totally in war room mode," Berry says. "Every single day I was
calling . . . The applications were pouring in every single day."
His notes show that from December to May, there were new requests for
cards from MBNA and Household Bank, two of the nation's largest credit
issuers. One came in for Macy's. Another report alerted him to the fact
that someone was trying to open a Cingular cell phone account in his
Berry noticed the thief's methods changing, growing cheekier with time.
In some applications, the thief started to use Berry's parents' address
and his birth date. Someone also was making up information about him,
writing on one application that he was a lawyer who worked for the City
of Los Angeles and earned $75,000 a year.
It was a grind, but it seemed like Berry was making headway. He had
placed a "fraud alert" in all his credit report files, a service that
tells companies inquiring about creditworthiness to be careful in
granting additional credit or new loans. "I felt like I was getting
near victory, when I was catching them before they were being issued,"
he says. "I absolutely thought the worst of this is over."
In fact, his troubles were just cresting.
Berry discovered that he had almost no legal standing as a victim to
make a formal report to authorities. That realization dawned on him
when he called Det. Dave Harned, a veteran in the Commercial Crimes
Division of the Los Angeles Police Department.
Harned takes all the calls about identity theft and directs them to the
right place. He made it clear where Berry's report was going: into an
inactive file. Not only was Berry not a Los Angeles resident, Harned
told him, his claims didn't come close to meeting the department's
informal threshold for investigation. "We wait for the retailers or
credit bureaus to make a report," he told Berry.
Berry tried persuading Harned to change his mind, explaining that he
knew exactly where all the fraudulent mail was going. "Even if you have
an address, you have to prove he did it," Harned explained later.
"People call me every day and say, 'I've got an address. We've solved
Though he couldn't offer Berry much help, Harned likens identity theft
to "financial rape," and blames it on the financial and data-driven
businesses that traffic so freely in personal information. "The credit
card companies and everybody else make it so easy," Harned says.
His department has resources to investigate only a tiny fraction of the
100-plus identity theft complaints it receives every day. "You almost
have to pick and choose what case you're going to work, because of the
volume," he says, adding, "Last year was bad, but this year is going to
The reasons for the surge in identity theft are complex. But the
problem ultimately comes down to a few salient facts. For one, we are
awash in information about ourselves. Twenty-four hours a day, every
day of the year, the credit bureaus, information services, groceries,
pharmacies, toll collectors, banks and other institutions gather
information about us. They build models about what we are likely to buy
and, sometimes, learn more about us in refined mercantile terms than we
know ourselves. They often resell or share information about us.
At the same time, the institutions responsible for safeguarding all
this data often do a poor job of it, according to regulators, consumer
advocates and privacy specialists. The information industry, including
brokers, marketers and credit bureaus, has steadfastly and successfully
opposed much government regulation in recent years, arguing that it
would make life less convenient and more costly.
The data revolution has indeed spurred an explosion in new credit
opportunities. Those who once could not afford to borrow, or were not
given access to loans, can now get credit cards in the time it takes to
buy a pair of shoes or a T-shirt, thanks to electronic networks, the
credit reporting system and regulatory changes over the years. Banks
such as 1st American claim they can provide "preapproved" credit cards,
via the World Wide Web, in under three minutes.
Credit issuers drum up business through junk mail solicitations, almost
5 billion of them last year, according to a company called Synovate,
which tracks such offers. Never mind that only a fraction of the people
who receive these pitches embrace them or that they have made life
easier for identity thieves, who sometimes search through mailboxes as
a starting point in their scams. Many of these offers come from banks
that have no tellers, no branches, no people at all of the sort that
once came to know customers over a period of many years.
From the standpoint of credit card issuers, the solicitations have been
a roaring success. There are now more than 3 billion Visa and
MasterCard cards in circulation around the world, generating huge
profits for the companies that issue them. Two-thirds of all American
adults have credit cards now, about 10 on average.
The problem is security, or the lack of it. Peter Tosches, a spokesman
for Monogram, says that retailers, in a desire to make things easy for
customers, will often approve credit cards for individuals who provide
only a picture ID and an unverified Social Security number. While
companies like Monogram try to guard against identity fraud in such
circumstances, Tosches says, the thieves have become increasingly
sophisticated in sidestepping security measures.
The credit bureaus also have a checkered history of responding to
complaints about identity theft and mistakes. After years of
complaints, Congress amended the Fair Credit Reporting Act in 1996 to
force credit bureaus to be more responsive to individuals, particularly
those worried about mistaken reports. Among other things, the bureaus
were supposed to provide easy access to their clerks by maintaining
toll-free telephone lines. They didn't do a good enough job, at least
according to the FTC.
Despite the clear message from Congress, hundreds of thousands of
telephone calls to the three credit bureaus went unanswered, or met
with a busy signal. In January 2000, the bureaus paid $2.5 million to
settle FTC charges that they were not properly responsive. Many people
complain they still aren't.
In one eye-opening case, an Oregon woman named Judy Thomas sued Trans
Union for allowing errors to remain on her credit report. She spent six
years calling and writing to the company, trying to get Trans Union to
permanently remove damning details -- such as unpaid bills -- that
belonged on another woman's report. Court records showed Trans Union
mistakenly assumed Thomas was the other woman. Her report would be
fixed one month only to show up tainted again several months later.
After hearing her story, a federal jury awarded Thomas $5.3 million
last year for her trouble. While the judge reduced the award to $1.3
million, it was still a record. Trans Union wrote a check to Thomas
earlier this year.
Evan Hendricks, a consumer advocate and editor of the Privacy Times
newsletter, testified on Thomas's behalf and believes her problem was
related to the fact that so much of our information is processed
automatically by computers, not people. "Human beings cost money that
the credit bureaus and the credit granters don't want to spend," he
explains. "That's why this is going to get worse before this gets
Identity theft is almost laughably easy to commit, and terribly
difficult to prevent. Consider the strange case of James Rinaldo
Jackson, a genial con artist from Memphis, Tenn. He knew that major
financial institutions routinely gave out confidential customer account
information to callers.
Standing before federal judge Deborah Batts in Manhattan two years ago,
Jackson described how he easily took advantage of that porous security,
duping information brokers, banks, credit card companies and even a
funeral home. Before he was caught in a sting operation, he netted some
$730,000 in diamonds and Rolex watches by using the information he
Jackson got the idea from a magazine ad that showed glinting diamonds
for sale online. As he looked at the slick photos, he thought, "I would
sure like to get some of these diamonds to just have." He described how
he gathered bits and pieces of information about his targets, including
Gordon Teter, the late chairman of Wendy's International Inc.; Nackey
Loeb, the now-deceased president and publisher of the Manchester, N.H.,
Union Leader; and other corporate executives.
Starting with an online version of Who's Who in America, he turned to
information brokers, paying them $50 and $100 for Social Security
numbers and banking details. With some of the basics in hand, he called
his targets' banks and persuaded clerks to hand over account numbers.
That enabled Jackson to tap the accounts directly over the phone,
sidestepping the need to talk to clerks the next time around.
Then it was a simple matter of calling dealers, ordering the jewels and
wiring the money. He had his booty sent to hotels, to which he
dispatched a confederate to pick up the packages. "Amazing, Mr.
Jackson, absolutely amazing," Batts said. "Keep going."
He told Batts that MasterCard, Visa and American Express, along with
banks in Ohio, New York and New Hampshire, all got taken in.
In the parlance of law enforcement, his specialty is known as "pretext
calling" -- using scraps of personal information to trick clerks on the
telephone into divulging even more information. It's an old con that's
become easier than ever.
Jackson was so good -- and security at his targets was so weak -- that
he convinced the Fifth Third Bank in Ohio to wire almost $300,000 from
Teter's accounts to diamond and watch merchants. He also changed
Teter's billing addresses to Jonesboro, Ark.
Robert Dunn, his attorney, said Jackson would have been stopped much
earlier had the companies required passwords before sharing customers'
information or allowing him to act on the accounts. "That simple screen
would have thwarted much of what he was able to accomplish," Dunn said.
Regulators and law enforcement officials had warned financial
institutions years ago that identity thieves and information brokers
were tricking clerks into giving them access to individuals' financial
information. They urged banks to require customers to use passwords or
codes instead of Social Security numbers, mothers' maiden names and
other widely available personal information to identify themselves when
calling. But for years, many financial institutions didn't bother.
"We don't want to make it difficult for customers to get access to
their accounts," Robin Warren, then a privacy executive at Bank of
America Corp., said before Jackson was sentenced. "Customers get
In the days after Green's death, Barbara Bergin made the case a
mission, and she worked all hours tracking down the killer. She is an
aggressive cop who rides Harley-Davidson motorcycles, a 20-year veteran
of the Orlando department who worked her way up from beat patrol to the
homicide squad. She also is charming and knows how to work her sources.
After coming up with Berry's name and some details about the killer,
she sent off a request to California authorities for Berry's
fingerprints, a copy of his license and a photo. On June 2, Bergin got
a hit on some records in California. But there was a problem. The
Michael Berry she was looking for was a short African American guy. The
records she received showed the real Berry.
With help from neighbors who'd heard Hunter mention his previous jail
time, and from a California official who searched through records on
her behalf, Bergin turned up Hunter's real name from scraps of evidence
she had found. She also discovered the case was more sordid than she
thought. Hunter also was wanted for the slaying of an Oakland, Calif.,
woman named Ivora Denise Huntly, who'd been shot two months before
Green's death. California authorities believe Hunter killed Huntly as
she tried to prevent him from beating his girlfriend.
The next day Bergin called the real Berry at his office in Arlington.
"There's a serious problem here," she told him. She was putting out a
national warrant for Hunter's arrest on murder charges, and would use
Berry's name as his alias. "Things could be very bad for you."
Berry was scared, and he didn't know what to do. "This was the first
indication I had this wasn't just a fraud problem. This was someone who
was killing people, posing as me."
Bergin explained the warrant meant that he, the real Michael Berry,
could be picked up for murder. The law enforcement computers would tell
officers they were looking for a black man. But cops are so used to
getting reports marred by mistakes, she said, they might ignore that
detail if they had the right name.
The two agreed he should get letters from police in Orlando and
Oakland, testifying to his real identity, which he obtained in the
coming weeks. "The last thing I wanted, after everything he had been
through, was for him to be on the ground, at gunpoint, in handcuffs,"
Bergin explains. "That could very well happen."
Michael Berry hurtled west on I-66, sitting in the passenger seat of a
friend's car. With music blaring on the stereo, Berry tried hard to
loosen up and think about the meal he was about to have at the Inn at
Little Washington, a gastronomic mecca he had long dreamed of visiting.
It wasn't working. Ever since he'd received the call a few days before
from Bergin, he'd worried he might be mistaken for a killer. In the
mornings, he feared he could be stopped while driving his car. Even now
he wondered what would happen if police asked for his ID.
He was pulled out of his reverie by the buzzing of his cell phone. When
he checked his messages, he heard the voice of his friend Arthur
Estopinan, chief of staff to Florida Rep. Ileana Ros-Lehtinen. "Hey,
Mike, it's Art," the message said. "You were just the lead story on
'America's Most Wanted.'" Berry called him back and grew lightheaded as
Estopinan described the episode he'd just watched.
"America's Most Wanted" features detailed crime reports and information
about fugitives. It urges viewers to call in with tips about suspects,
and the show's host, John Walsh, boasts that he has helped authorities
capture more than 750 people wanted for crimes.
On this particular night, Walsh did an episode on Demorris Hunter.
"Let's get down to business. We got to stop a real lady killer," said
Walsh, wearing a leather jacket, in a jazzy segment to begin the show.
A photo of Hunter filled the screen.
"Hunter uses the alias Michael Berry," Walsh said. "Look out, Hunter.
Now you're our prey, because the manhunt starts right now!"
"Oh my God," Berry exclaimed to Estopinan, "every policeman in America
is going to be after me."
The next morning, Berry drove to work and clicked his way to the
"America's Most Wanted" Web site. When he saw Hunter's photograph, he
actually laughed. "So this is the son of a bitch who is pretending to
be me," he murmured, incredulous that he could get away with the
impersonation. "He's not even my height." And he definitely wasn't the
man he'd seen outside that house in South Central L.A.
Then Berry looked at Hunter's biographical material. Once again, he
couldn't believe what he was looking at. Below a line naming Berry as
Hunter's alias was Berry's Social Security number. "I'm not looking at
my Social Security number on the World Wide Web," Berry thought. "I'm
dreaming. I cannot be looking at this. Any person in the world can be
looking at this page right now." (Officials at the show later said
police suggested including it as a detail that might lead to Hunter's
Berry wrote an e-mail to an address set up for crime tips and asked
that the number be removed from the site. To help out, his sister did
the same thing. "I never got a response," he says. His parents called
the show over the next few days, but never got calls back in response
to their messages.
Finally, they said, they turned to an aide in Sen. Dianne Feinstein's
office in California, who called the show on Berry's behalf. Berry's
Social Security number was removed from the Web site.
As horrified as Berry was about being caught up in a financial tangle
with a convicted killer, it was nothing compared with the dismay of law
enforcement and intelligence officials after September 11, 2001.
For some time, the FBI could not say exactly who the hijackers really
were. In their quest, agents resorted to low-tech investigative
techniques, knocking on doors and handing out grainy photographs of the
suspects, even as they pored through a sea of electronic intelligence.
Suddenly, identity theft wasn't just a consumer issue anymore. It was
an aspect of global terrorism. The hijackers used phony identification,
Social Security numbers and birth dates to establish bank accounts and
set up their lives in the United States. Landlords, flight schools,
banks and other institutions took them at their word.
Seven of the hijackers got identification cards through the Virginia
Department of Motor Vehicles even though none of the seven lived in the
state. They took advantage of rules allowing individuals to meet
residency requirements with a simple notarized letter. The system had
long been abused by immigrants seeking to establish themselves in the
region -- with help from immigration lawyers and local notaries. But
despite warnings from the FBI and DMV investigators, the department
maintained the system as a convenience until shortly after September
"We were seeking to balance legitimate needs with the potential for
fraud," agency spokeswoman Pam Goheen explains.
The link between terrorism and identity crimes goes much deeper.
Specialists believe that such fraud is becoming a chief source of
income for terrorists. Money raised through credit card scams, the
resale of goods purchased under assumed names and other types of
identity fraud enables cells to remain free of any financial ties to
their leaders or patron states.
Authorities allege that al Qaeda terrorists, for example, took on bogus
identities to run a credit card scam in Spain to raise money for their
attacks. They also allegedly used stolen telephone cards and IDs to
communicate with colleagues in the Middle East.
Dennis Lormel, chief of the FBI's terrorist financial review group,
underscored the point when he told Congress that identity fraud posed a
looming national security problem. Not much has changed in the months
since he testified, he says. "I don't think people have really gotten
the message. We have known terrorists out there who are exploiting
identity theft and identity fraud vulnerabilities."
Ahmed Ressam, a member of an Algerian group with close ties to Osama
bin Laden, for instance, was caught in December 1999 at the
U.S.-Canadian border with a trunkful of explosives. He had assumed the
name Benni Norris, which he used to obtain a passport and open bank
accounts. He also got a false birth certificate and a student ID.
A member of the Armed Islamic Group, or GIA, Ressam told authorities
that he relied on welfare and petty crime, including credit card fraud
and trafficking in identity documents, to support himself in Montreal.
He was linked to a theft ring suspected of funneling money to radical
Islamic groups around the world. Authorities believe the ring stole
more than 5,000 items, including computers, cellular phones, passports
and credit cards, with the goal of financing Muslim extremist groups.
"Identity theft -- credit card theft, bank fraud -- is hugely important
to al Qaeda, as it is to many terror groups. I've been astonished that
there's been so little attention paid to it," Magnus Ranstorp, director
of the Center for the Study of Terrorism and Political Violence at the
University of St. Andrews in Scotland, said in an interview with
Newsweek magazine. "The pattern was very clear within the North African
contingent of al Qaeda members operating in Europe. Every time you
arrest one of them he has 20 different identities and 20 different
By the time he flew out to Los Angeles in June last year, Berry was out
of patience. He needed to see for himself the address that mocked him
from the pages of his credit reports. Maybe it wouldn't do any good,
but maybe going to the house would turn up evidence that would spur an
investigation of the case. If nothing else, it would help Berry feel in
control of his life again.
As he drove into South Central Los Angeles, he wondered how he'd been
targeted. He had once been treated for his testicular cancer not far
away at UCLA Medical Center. Had someone there shared his information?
Could it have been a state motor vehicle official? Someone in a credit
He called Janie Haskill, a close friend who'd once served as Berry's
vice principal at an elementary school in central California. She often
serves as a sounding board for Berry's ideas, and he loves her sense of
On this day, she served as a security blanket for a determined but
frightened man. Speaking on his cell phone from his car, he described
for her the house and the man in the sunglasses. He was still
describing the scene to her when a sharp-looking young man in a Lexus
sedan pulled up to the house.
The fellow on the lawn disappeared inside for a moment, reappeared and
walked into the street. He handed the visitor in the Lexus a six-inch
stack of mail. Berry watched in rueful, bitter amazement. "I wonder how
many of those letters have credit cards with my name on them," he
thought to himself.
Then the two men looked directly at Berry, and he almost lost his cool.
"I'm scared," he admitted to Haskill. "I want you to know if anything
"This is wrong," she hissed back. "Michael, get the hell out of there."
While legislators, law enforcement authorities and entrepreneurs
recognize the problem of identity theft, they can't agree on what to do
After September 11, many people called for a national ID card,
including technology guru Larry Ellison and Harvard law professor Alan
M. Dershowitz. The American Association of Motor Vehicle Administrators
also started working on a plan to create a de facto national ID system
that would link state databases to uniform, high-tech driver's licenses
containing computer chips, bar codes and biometric identifiers, such as
fingerprints or iris scans.
Government agencies, including the new Transportation Security
Administration, have begun requiring workers to use such hardened IDs.
Before 9/11, the Pentagon had already begun issuing some 4 million
plastic "smart cards" containing name, rank, photograph and
But despite widespread support at first for some sort of national ID
system -- some surveys found that in the fall of 2001, almost seven of
10 people welcomed one -- the idea foundered. Technical problems and,
more important, a long-standing aversion to the concept undermined
enthusiasm. Some critics invoked the specter of Nazi tyranny, bristling
at the notion of authorities demanding, "Your papers, please."
Since the attacks, there also has been growing use of digital
fingerprint, face recognition and iris-scanning systems to confirm
identity at businesses, schools and other facilities. There are other
technological solutions in the works, some that have begun stirring
other kinds of privacy concerns.
Data giants like ChoicePoint, Lexis-Nexis and Acxiom are among many
companies willing to use vast caches of personal information to help
airports, retailers, police and other authorities determine, instantly,
whether someone is who they claim to be. The aviation screening system
known as CAPPS II will rely on some of those same companies to sweep
through databases and check whether a particular passenger is "rooted
in the community." In addition to identifying information in credit
reports, the system will analyze passengers' travel reservations,
housing information, family ties and other personal information to
authenticate passengers' identities.
Banks and other financial institutions, meanwhile, must now verify the
identities of new customers and make records of customer transactions
available to law enforcement and counterterrorism officials upon
request. Some banks are turning to commercial services to authenticate
the identities of their customers; others are banding together to
create their own verification systems.
Congress also intends to go at the issue, but credit bureaus and
information services are expected to fight hard against any legislation
that might curb their use of data. Five years ago, Congress did approve
legislation establishing identity theft as a federal crime and giving
law enforcement authorities more powers to prosecute.
The problem, says Medine, the information law specialist, is that few
agencies make extensive use of the authority. Investigations are costly
and the rewards, in terms of media attention, are relatively scanty.
The number of prosecutions by state and federal authorities, including
the FBI, Secret Service and Postal Inspection Service, has increased.
But they're not close to keeping pace with the crime, Hendricks and
other consumer advocates say.
The FTC was very aggressive in drawing attention to the problem a few
years ago. It created a database of fraud claims by victims, setting up
a system online called the Consumer Sentinel Network to give law
enforcement agencies access to the tips and complaints. Fewer than 600
of some 18,000 agencies across the country have signed up for the
Sen. Feinstein has already proposed at least four related bills,
including legislation that would penalize credit card companies that
ignore reports of fraud. Alabama Sen. Richard Shelby plans to address
the issue this year as part of efforts to reauthorize several recent
provisions of the Fair Credit Reporting Act, the 1970 law that governs
how credit bureaus can use personal financial information.
Shelby, an intelligence specialist and one of the most savvy privacy
advocates on the Hill, considers identity theft a major threat to
individuals and to security. But he faces a tough battle if he wants to
make any substantive changes. More than a dozen bills were introduced
in the last legislative cycle. None of them passed.
Earlier this year, Berry got an e-mail from an acquaintance who knew
about his case. It included a copy of a wire service account of how
police and the FBI captured Hunter in Houston on February 21. Police
found the van Hunter had been driving in Orlando, burned and abandoned,
not far from the house where he was captured.
Since then, Hunter has been moved to Alameda County, Calif., and is
awaiting trial in the Oakland murder case. The Orlando charges are
Apart from confirming that Hunter impersonated Berry, authorities still
know little about the identity theft or who the mastermind was. As of
early this summer, they had not conducted an investigation, or filed
any charges. Berry may never find out how Hunter latched onto his
Social Security number and driver's license. Or who was living in that
bungalow on 12th Avenue. Or how many people were filling out credit
card applications in his name.
Hunter is behind bars, but Berry is still wrestling with the mess made
of his finances. One charge -- $462 to Pacific Bell -- has been
particularly troublesome. Before Berry could get the debt erased, it
was sent to a collection agency, a red flag on any credit report. An
immediate casualty: Berry's Chase MasterCard Platinum credit card. Even
though it was Chase that had tipped Berry off to the identity theft,
the bank decided that he was somehow responsible for his troubles.
Viewed now as a credit risk, Berry was given a choice: Pay a much
higher interest rate or close out the card. He closed it out.
And while most of the fraudulent charges have been removed from two of
his credit reports, the third remains marred by purchases he didn't
make. Berry continues to fill out form after form to take care of the
problem. Each says essentially the same thing: that it was a thief and
not Berry who made the charges.
"I'm still dealing with the paperwork," Berry wrote in a recent e-mail.
"It is a total and complete nightmare, and completing the paperwork
alone could easily be my full-time job."
He still carries around the letters he obtained from police in Oakland
and Orlando, neatly folded in a black leather wallet. "Michael D. Berry
is not the felon fugitive that is being sought by several agencies,"
says the well-worn missive from the Orlando police. "It is our
intention to clear any confusion as to Mr. Berry's identity."
The police have assured him that he doesn't need the letters anymore.
Somehow, though, he can't bring himself to throw them away.
How to Protect Yourself
To reduce the risk of falling victim to identity thieves, consider
these recommendations from the Federal Trade Commission and a nonprofit
group called the Privacy Rights Clearinghouse:
* Check your credit report once or twice a year. Unfamiliar or missing
transactions may signal trouble. You can order the reports for a small
fee online or over the telephone.
* Use your Social Security number sparingly and do not carry it in your
wallet or purse. Never provide that number -- or other sensitive
personal information -- to telephone callers or people online unless
you initiated the contact.
* Destroy credit card receipts to ensure a "Dumpster diver" doesn't
find them. Also destroy unwanted offers of preapproved credit, which
contain details that make life easier for identity thieves.
* Close out unused or little-used credit card accounts.
* If you suspect you have been victimized, immediately contact the top
three credit bureaus. They will mail out credit reports for free to
people who believe they are victims, and they will place fraud alerts
on the suspected victims' accounts. Equifax: 888-766-0008; Experian:
888-397-3742; Trans Union: 800-680-7289.
For more information on identity theft, go to www.consumer.gov/idtheft,
the FTC's Web site; www.privacyrights.org/identity.htm, a site
maintained by the Privacy Rights Clearinghouse; or
www.cdiaonline.org/consumers2.cfm, a site created by the Consumer Data
Industry Association, which represents the credit bureaus. -- R.O.
Robert O'Harrow Jr. is on leave from The Post to write a book on
technology, surveillance and the war on terrorism, with support from
the Center for Investigative Reporting. He will be fielding questions
and comments about this article at 1 p.m. Monday on
More information about the FoRK