[WaPo] Great piece on the state of Identity Theft

Rohit Khare khare at alumni.caltech.edu
Tue Jan 6 10:58:28 PST 2004


They certainly get credit for uncovering the worst-possible-case story. 
The $1.3M judgment against Trans Union can't be high enough (see, I'm 
actually supporting the trial lawyers for once!)

RK

The Washington Post Magazine: Cover Story
Identity Crisis

Meet Michael Berry: political activist, cancer survivor, creditor's 
dream. Meet Michael Berry: scam artist, killer, the real Michael 
Berry's worst nightmare

  By Robert O'Harrow Jr.
Sunday, August 10, 2003; Page W14


Michael Berry prowled the streets of South Central Los Angeles in a 
rented silver Volvo, searching for a clue. He turned onto a residential 
street called 12th Avenue, peered at each home and then slowed the car 
almost to a stop. His heart fluttered.

Off to his left was the address that had obsessed him for months. He 
saw a well-tended bungalow with crisp green grass. Watering the lawn 
was a man covered in tattoos and wearing a sleeveless undershirt and 
aviator sunglasses, who watched closely as Berry drove by.

"Oh crap, I didn't do this right," Berry muttered to himself, gripping 
the steering wheel a little tighter and trying not to stare back.

He had come 2,700 miles from his townhouse in Arlington to scope out 
the place that somehow had appeared on credit reports as his new home. 
Some cretin using the address had opened at least 15 new credit card 
accounts in Berry's name and run up thousands of dollars in bills for 
clothing, flowers, gasoline and telephone calls.

Berry had always taken pride in paying his bills on time. At 33, he was 
the chief operating officer of the Independent Women's Forum, a 
conservative women's group, mingling regularly with Washington 
lawmakers and Republican activists. The theft of his identity was 
changing everything: threatening not just his credit rating, which was 
in tatters, but his respectability, his very sense of himself as a man 
firmly in control of his own life. Now, as he drove by the tidy house 
in L.A., he was at a loss. "I felt," he says, "totally helpless."

He had tried to report the financial problems to L.A. police. Because 
he wasn't a resident, and the fraud was not considered large enough, 
they brushed him off over the telephone. When he called police in 
Arlington, a friendly officer took his report. But he got no promises. 
Arlington, the officer said, had no jurisdiction in California.

Berry pulled up the street, turned the car around and parked. 
Pretending to do paperwork in his lap, he kept watch for anything 
suspicious. "Be careful," he told himself. "Sit back and watch."

He had good reason to take care. Just days before, he'd learned from a 
Florida homicide detective that a man who had assumed his persona -- 
using his Social Security number and carrying a driver's license with 
his name -- was a convicted murderer who was wanted for fresh killings 
in two states. That meant that Berry, the real Berry, was liable to be 
taken into custody as a wanted man at any time.



Sitting in his office in south Arlington, Berry dialed a toll-free 
number and waited for the computerized voice at Chase Manhattan Bank to 
prompt him. He punched in the number of his Chase Platinum MasterCard. 
It was early January 2002, six months before his visit to Los Angeles, 
and he was trying to consolidate his debts onto one low-interest card.

He sat back in his chair as he told the clerk his current income and 
how much credit he wanted. When he hung up, he was certain the bank 
would comply, because he had never missed a payment, even when he was 
between jobs. A few days later, he heard the news. He was rejected. 
"I'm sorry," the clerk told him. "You have opened too many cards 
lately."

Berry was puzzled, but not particularly upset. "This is a mistake," he 
thought. He'd get it fixed. Determined by nature, Berry was used to 
working through problems and, eventually, getting where he wanted to 
be.

As an undergraduate at the University of Southern California, he'd 
found his way into the state headquarters of the 1988 Bush-Quayle 
campaign, landing a volunteer job recruiting and coordinating college 
activists. He became head of the Trojan College Republicans at USC, one 
of the state's largest college political groups. After transferring to 
Pepperdine University in his junior year, Berry parlayed his burgeoning 
Rolodex into prestigious internships at Ronald Reagan's post-White 
House office and in the Bush administration, where he worked as an 
advance man for Vice President Quayle.

He had every intention of staying in Washington as a political 
operative. But he cut short his plans after his father had a heart 
attack. He moved back to his home town in central California and took a 
job as a teacher, following in the footsteps of his father. Not long 
after, Berry faced his own health crisis. He was diagnosed with 
testicular cancer at the age of 24. For a time, he thought he might 
die. His doctors urged him to donate sperm in case he wanted a family 
someday. Then they removed one testicle and prescribed radiation 
therapy.

The treatments that cured Berry also nauseated him and sapped his 
vitality. But after the ordeal was over, he worked his way through the 
education bureaucracy and became an elementary school principal. He 
never lost interest in politics, though, and decided to move back to 
D.C. a few years ago. He became a special assistant to Texas Sen. Kay 
Bailey Hutchison on the Hill before moving over to the Independent 
Women's Forum.

Michael Berry, in his Arlington office, knows Washington's ins and 
outs, but he'd never encountered anything like the mess created when 
his idenity was stolen. (Photograph by David Deal)

Berry tried to put his savvy to work for him. After the rejection from 
Chase, he made a round of calls to the top three credit bureaus, Trans 
Union, Experian and Equifax, companies that operate near the center of 
the U.S. economy. Working with banks, retailers, landlords, car 
dealerships and an array of other enterprises, the credit bureaus 
collect and share extraordinarily rich financial details about nearly 
every adult in America: where we live, how much money we owe and to 
whom, and whether we pay our bills on time.

Credit bureaus sold some 1.2 billion credit reports in the United 
States last year, more than double the number a decade ago. Many of the 
transactions that characterize American life depend on those reports. 
They are factored into mortgage loans and credit offers, used to weed 
out risky tenants and screen people for mobile phone service. Some 
identifying personal information in them, including addresses and 
Social Security numbers, also has helped fill the reservoirs of 
information brokers, who resell data to lawyers, debt collectors and 
jilted spouses searching for wayward mates. The reports are also 
perfect fodder for identity thieves.

The credit bureaus mailed Berry his own reports, which were sullied by 
all kinds of purchases he hadn't made. According to the credit 
agencies' computers, he had sought, received and quickly used thousands 
of dollars in instant credit from Gap and Old Navy. He had maxed out a 
$1,500 limit obtained a few weeks before from the QVC shopping channel. 
He had charged hundreds of dollars' worth of gas in the Los Angeles 
area on a new Exxon card, along with $462 on a new phone line in 
Riverside, Calif.

Anxiety surged through Berry at these revelations. He'd been paying off 
his car loan early and sharing a townhouse with two roommates to save 
money, but he knew all the wild spending attributed to him would damage 
his credit rating. If he didn't get this cleared up, he might have 
trouble buying a house.

Berry discovered from other businesses that his fictive counterpart had 
sent hundreds of dollars' worth of roses and a stuffed bear to a Los 
Angeles woman named Joann. "These flowers are from You Know Who," read 
the note that accompanied the flowers. "I love you a lot and your 
conversation." A few days later, You Know Who sent another pile of 
roses to a woman named Maisha, this time with a contrite note attached: 
"I am sorry for lying, cheating, being selfish."

It was as though You Know Who -- and maybe others -- was in a spending 
frenzy, trying to squeeze as much money as possible out of Berry's 
identity before the scam was shut down. In some cases, the fraud artist 
or artists got cute, using "Bebe Hooker" as his spouse's name on one 
credit application, and "Lucy Love" as his mother's maiden name on 
another. But the incorrect information didn't get in the way of the 
applications being approved.

Old Navy had decided to open a new account, in January 2002, for 
instance, even though the man impersonating Berry used the wrong 
address. At the same time, the company that issues cards for Old Navy 
-- Monogram Credit Card Bank of Georgia, a subsidiary of General 
Electric Capital Corp. -- also had granted the impostor credit cards 
for Exxon, Gap and QVC.

Monogram knew it was taking a risk on those accounts. About a month 
after the Old Navy account was maxed out, Berry received a 
computer-generated letter from Monogram. The company expressed its 
uncertainty and asked Berry to tell it whether a mistake had been made.

"Dear Cardholder," it began. "We have recently opened up a credit card 
account, in your name, with OLD NAVY. Since, the address in the 
application did not match the address contained in the consumer credit 
bureau report, we are writing to you to confirm that the credit card 
account was opened at your request.

"If you did apply for this account, you do not need to respond."

When Berry called Monogram, a representative assured him the Old Navy 
account would be closed and the charges removed from his credit report 
within six weeks. Berry felt better after hanging up the phone -- a 
sense of relief that wouldn't last long.



Identity theft is perhaps the most glaring symptom of the ills that 
have accompanied the data revolution of the 1990s. Bounced checks. Loan 
denials. Harassment from debt collectors. Victims of identity theft -- 
and there are millions of them -- are often haunted by the consequences 
for years.

Some government officials estimate that as many as 750,000 people a 
year are victimized. Others think that number is way too low. Last 
month Gartner Inc., a business research group, estimated that 7 million 
Americans have fallen prey to identity thieves in the past year alone, 
an extraordinary figure mirrored by a new survey from Privacy & 
American Business, an industry-funded think tank. Another study, by 
Star Systems, a company that facilitates the majority of U.S. ATM 
transactions, suggests that almost 12 million Americans in all, or 
about one in 19 adults, have been hit by such fraud.

David Medine, a former Federal Trade Commission and White House 
official, and now a leading information law specialist at the law firm 
Wilmer, Cutler & Pickering, has an unscientific test he uses to judge 
the extent of the problem. He asks friends at Washington parties if 
they've been a victim or know a victim. These days, Medine says, almost 
everyone has a horror story to contribute to the conversation. "You 
have this seemingly low-level crime that, cumulatively, is a national 
crisis," Medine says.

The financial costs are staggering, though no one can put a precise 
dollar figure on them. Star Systems estimates the losses at $24 
billion, the vast majority in the past decade, a burden shouldered 
largely by the nation's financial institutions as a cost of doing 
business.

They are well aware that identity thieves are growing not only more 
numerous, but more menacing. Scam artists and grifters have been joined 
by criminal groups from abroad and street gangs that once specialized 
in robberies or extortion. And as September 11 made plain, identity 
theft also has become a favored technique of terrorists. Often using 
documents generated by desktop computers, they take on fake names, 
Social Security numbers, birth certificates and driver's licenses in 
schemes to cloak themselves and raise money for their operations. It 
is, law enforcement authorities agree, frighteningly easy for them to 
get away with it.



The nature of identity has always been the stuff of mystery stories and 
film noir. One of the great American novels of the 20th century, The 
Great Gatsby, has questions about the mutability of identity at its 
core. Now those same issues have become the stuff of national security 
debates.

One of the most vexing questions facing those responsible for making 
life in America safe from crime and terror is this: How can we prove 
that someone is who he or she claims to be? For most of our history, 
that was fairly easy to answer for the majority of Americans. We 
defined individuals' identities by their parents, siblings and friends. 
By the town they lived in and the schools they attended. By the clubs 
and organizations they joined. In many cases we knew them by sight, or 
at least knew someone who could vouch for them. Those who wanted to 
remake themselves, to break free of the bonds of their own histories, 
had to move away.

In our lifetimes, all that has faded away, as Americans conduct more 
and more business electronically, move from town to town and job to 
job, and generally know one another less well. Now, as often as not, 
the practical terms of our identities are defined by "data elements" 
contained in hundreds or thousands of computers.

Our Social Security numbers and addresses. Our mothers' maiden names 
and middle initials. Our birth dates and the special numbers and 
nicknames we use as our passwords. The things we buy, the cars we own 
and the way we use our credit cards. These details, combined just so by 
computers and analysts, now authenticate us in the way that personal 
links used to, serving as virtual keys to financial accounts, retail 
outlets, communication, air travel and government services.

"What are the last four digits of your Social Security number?" we are 
asked. "What's your Zip code?"

The problem is, the "data elements" required to authenticate customers 
on the fly are often available to criminals at little or no cost, 
sometimes openly on the Web, other times for fees from information 
brokers.

The brokers, who run the gamut from legitimate businesses to 
questionable characters operating out of their living rooms, peddle all 
sorts of personal information for as little as $25 a pop. Some even 
manage to get their hands on credit reports, which are especially 
prized by identity thieves. In November, federal prosecutors arrested 
three men who had stolen some 30,000 credit reports for resale and use 
in identity theft schemes.

Then there are the hackers skilled at stripping computers of names, 
Social Security numbers and financial records. In one recent case, 
hackers plundered 10 million Visa, MasterCard and American Express 
numbers from a company that processes transactions for merchants. Card 
holders didn't learn about the intrusion until the FBI jumped in to 
investigate.

Bob Blakley, chief scientist for security and privacy at IBM Tivoli 
Systems, a software maker, says that most Americans mistakenly assume 
their old notions of identity still apply, that computers and clerks 
can accept at face value an individual's answer to the question: Who 
are you? "That's really a profoundly false view of the way that 
identity works," says Blakley, who recently served on a National 
Academy of Sciences group examining these issues. "There's a great deal 
more opportunity for confusion. It's really complicated to sort out 
who's who."



Sometime in the spring of 2002, a man posing as Michael Berry moved 
into Bay Run II apartments, a working-class complex in Orlando. He'd 
come from California and sublet the place from a friend of a relative.

His real name was Demorris Andy Hunter, a convicted killer who'd spent 
13 years in Folsom State Prison for a 1985 murder. He looked nothing 
like Berry, a big man with pale Irish skin who stands six feet tall and 
weighs close to 200 pounds. Hunter was smaller -- only 5 feet 7 inches 
and 150 pounds -- and African American. A police photo of Hunter shows 
a tired-looking man with a shaved head and a slight scowl.

None of those differences mattered when Hunter showed up in Orlando. 
People assumed the California driver's license with Berry's name and 
Hunter's photo was legitimate. A fake Social Security card displaying 
Berry's number also passed muster. Those documents helped Hunter get a 
job at B's, a barbecue joint where he washed dishes and bused tables.

Bay Run residents who met the man calling himself Michael Berry 
considered him a friendly if somewhat wary character. Soon after moving 
in, he was attending parties and getting to know some of his neighbors. 
One of his new friends was Theresa Green, a part-time hospital 
secretary who lived one floor up with her 14-year-old son.

On May 25, 2002, he and Green attended a party in an apartment in the 
same building that ran into the early morning hours. According to those 
who attended, the two drank copiously and danced to the loud music 
until the party ended at about 2:30 a.m. But Green didn't want to 
leave, and when Hunter pulled her away, the two started arguing and 
somehow fell down a set of stairs. Later, their yelling could be heard 
through the walls of her apartment.

About 7 a.m. that morning, Hunter approached Joseph Butler, the 
neighbor who had had the party. Hunter gave him keys to a borrowed van 
and, without explaining why, asked that he follow him to a drugstore in 
a suburban town more than 15 miles away. Hunter drove Green's white 
Oldsmobile, but she wasn't around.

After leaving Green's car in the drugstore parking lot, Hunter dropped 
Butler off and disappeared in the van. Green was found early the next 
day. She was dead, stuffed into the trunk of her own car. It appeared 
she'd been strangled.

Orlando homicide detectives Roy Filippucci and Barbara Bergin received 
pages on Memorial Day afternoon. When they went to Green's apartment 
they found drywall broken in one spot and some personal items on her 
bed that had been rifled through. When the two made the rounds in the 
neighborhood, talking to people who knew Green, they turned up a 
suspect in no time: a man named Michael Berry.



With a felt-tip pen, Berry outlined several lines of charges noted on 
his Trans Union Personal Credit Report and Score. "NOT ME!," he 
sketched in. "FRAUD." He circled the last word five or six times out of 
frustration, as he thought about what to do next.

It was spring 2002, about the time that his impersonator had moved to 
Orlando, and as usual Berry was working to offset the damage.

He had lost count of the telephone calls he had made to the credit 
bureaus, the banks and the stores that had drawn him unwillingly into 
their business. He had filled white legal pads on his desk with contact 
names, reference numbers tagging his complaints, and dollar amounts.

His boss and co-workers knew about his trouble and now and then asked 
for updates or offered to help him. To make up for all the time he was 
spending on the telephone and writing letters, he worked later each 
day. His usual 60-hour workweek grew even longer.

"I was totally in war room mode," Berry says. "Every single day I was 
calling . . . The applications were pouring in every single day."

His notes show that from December to May, there were new requests for 
cards from MBNA and Household Bank, two of the nation's largest credit 
issuers. One came in for Macy's. Another report alerted him to the fact 
that someone was trying to open a Cingular cell phone account in his 
name.

Berry noticed the thief's methods changing, growing cheekier with time. 
In some applications, the thief started to use Berry's parents' address 
and his birth date. Someone also was making up information about him, 
writing on one application that he was a lawyer who worked for the City 
of Los Angeles and earned $75,000 a year.

It was a grind, but it seemed like Berry was making headway. He had 
placed a "fraud alert" in all his credit report files, a service that 
tells companies inquiring about creditworthiness to be careful in 
granting additional credit or new loans. "I felt like I was getting 
near victory, when I was catching them before they were being issued," 
he says. "I absolutely thought the worst of this is over."

In fact, his troubles were just cresting.

Berry discovered that he had almost no legal standing as a victim to 
make a formal report to authorities. That realization dawned on him 
when he called Det. Dave Harned, a veteran in the Commercial Crimes 
Division of the Los Angeles Police Department.

Harned takes all the calls about identity theft and directs them to the 
right place. He made it clear where Berry's report was going: into an 
inactive file. Not only was Berry not a Los Angeles resident, Harned 
told him, his claims didn't come close to meeting the department's 
informal threshold for investigation. "We wait for the retailers or 
credit bureaus to make a report," he told Berry.

Berry tried persuading Harned to change his mind, explaining that he 
knew exactly where all the fraudulent mail was going. "Even if you have 
an address, you have to prove he did it," Harned explained later. 
"People call me every day and say, 'I've got an address. We've solved 
the case.'"

Though he couldn't offer Berry much help, Harned likens identity theft 
to "financial rape," and blames it on the financial and data-driven 
businesses that traffic so freely in personal information. "The credit 
card companies and everybody else make it so easy," Harned says.

His department has resources to investigate only a tiny fraction of the 
100-plus identity theft complaints it receives every day. "You almost 
have to pick and choose what case you're going to work, because of the 
volume," he says, adding, "Last year was bad, but this year is going to 
be worse."



The reasons for the surge in identity theft are complex. But the 
problem ultimately comes down to a few salient facts. For one, we are 
awash in information about ourselves. Twenty-four hours a day, every 
day of the year, the credit bureaus, information services, groceries, 
pharmacies, toll collectors, banks and other institutions gather 
information about us. They build models about what we are likely to buy 
and, sometimes, learn more about us in refined mercantile terms than we 
know ourselves. They often resell or share information about us.

At the same time, the institutions responsible for safeguarding all 
this data often do a poor job of it, according to regulators, consumer 
advocates and privacy specialists. The information industry, including 
brokers, marketers and credit bureaus, has steadfastly and successfully 
opposed much government regulation in recent years, arguing that it 
would make life less convenient and more costly.

The data revolution has indeed spurred an explosion in new credit 
opportunities. Those who once could not afford to borrow, or were not 
given access to loans, can now get credit cards in the time it takes to 
buy a pair of shoes or a T-shirt, thanks to electronic networks, the 
credit reporting system and regulatory changes over the years. Banks 
such as 1st American claim they can provide "preapproved" credit cards, 
via the World Wide Web, in under three minutes.

Credit issuers drum up business through junk mail solicitations, almost 
5 billion of them last year, according to a company called Synovate, 
which tracks such offers. Never mind that only a fraction of the people 
who receive these pitches embrace them or that they have made life 
easier for identity thieves, who sometimes search through mailboxes as 
a starting point in their scams. Many of these offers come from banks 
that have no tellers, no branches, no people at all of the sort that 
once came to know customers over a period of many years.

 From the standpoint of credit card issuers, the solicitations have been 
a roaring success. There are now more than 3 billion Visa and 
MasterCard cards in circulation around the world, generating huge 
profits for the companies that issue them. Two-thirds of all American 
adults have credit cards now, about 10 on average.

The problem is security, or the lack of it. Peter Tosches, a spokesman 
for Monogram, says that retailers, in a desire to make things easy for 
customers, will often approve credit cards for individuals who provide 
only a picture ID and an unverified Social Security number. While 
companies like Monogram try to guard against identity fraud in such 
circumstances, Tosches says, the thieves have become increasingly 
sophisticated in sidestepping security measures.

The credit bureaus also have a checkered history of responding to 
complaints about identity theft and mistakes. After years of 
complaints, Congress amended the Fair Credit Reporting Act in 1996 to 
force credit bureaus to be more responsive to individuals, particularly 
those worried about mistaken reports. Among other things, the bureaus 
were supposed to provide easy access to their clerks by maintaining 
toll-free telephone lines. They didn't do a good enough job, at least 
according to the FTC.

Despite the clear message from Congress, hundreds of thousands of 
telephone calls to the three credit bureaus went unanswered, or met 
with a busy signal. In January 2000, the bureaus paid $2.5 million to 
settle FTC charges that they were not properly responsive. Many people 
complain they still aren't.

In one eye-opening case, an Oregon woman named Judy Thomas sued Trans 
Union for allowing errors to remain on her credit report. She spent six 
years calling and writing to the company, trying to get Trans Union to 
permanently remove damning details -- such as unpaid bills -- that 
belonged on another woman's report. Court records showed Trans Union 
mistakenly assumed Thomas was the other woman. Her report would be 
fixed one month only to show up tainted again several months later.

After hearing her story, a federal jury awarded Thomas $5.3 million 
last year for her trouble. While the judge reduced the award to $1.3 
million, it was still a record. Trans Union wrote a check to Thomas 
earlier this year.

Evan Hendricks, a consumer advocate and editor of the Privacy Times 
newsletter, testified on Thomas's behalf and believes her problem was 
related to the fact that so much of our information is processed 
automatically by computers, not people. "Human beings cost money that 
the credit bureaus and the credit granters don't want to spend," he 
explains. "That's why this is going to get worse before this gets 
better."



Identity theft is almost laughably easy to commit, and terribly 
difficult to prevent. Consider the strange case of James Rinaldo 
Jackson, a genial con artist from Memphis, Tenn. He knew that major 
financial institutions routinely gave out confidential customer account 
information to callers.

Standing before federal judge Deborah Batts in Manhattan two years ago, 
Jackson described how he easily took advantage of that porous security, 
duping information brokers, banks, credit card companies and even a 
funeral home. Before he was caught in a sting operation, he netted some 
$730,000 in diamonds and Rolex watches by using the information he 
gleaned.

Jackson got the idea from a magazine ad that showed glinting diamonds 
for sale online. As he looked at the slick photos, he thought, "I would 
sure like to get some of these diamonds to just have." He described how 
he gathered bits and pieces of information about his targets, including 
Gordon Teter, the late chairman of Wendy's International Inc.; Nackey 
Loeb, the now-deceased president and publisher of the Manchester, N.H., 
Union Leader; and other corporate executives.

Starting with an online version of Who's Who in America, he turned to 
information brokers, paying them $50 and $100 for Social Security 
numbers and banking details. With some of the basics in hand, he called 
his targets' banks and persuaded clerks to hand over account numbers. 
That enabled Jackson to tap the accounts directly over the phone, 
sidestepping the need to talk to clerks the next time around.

Then it was a simple matter of calling dealers, ordering the jewels and 
wiring the money. He had his booty sent to hotels, to which he 
dispatched a confederate to pick up the packages. "Amazing, Mr. 
Jackson, absolutely amazing," Batts said. "Keep going."

He told Batts that MasterCard, Visa and American Express, along with 
banks in Ohio, New York and New Hampshire, all got taken in.

In the parlance of law enforcement, his specialty is known as "pretext 
calling" -- using scraps of personal information to trick clerks on the 
telephone into divulging even more information. It's an old con that's 
become easier than ever.

Jackson was so good -- and security at his targets was so weak -- that 
he convinced the Fifth Third Bank in Ohio to wire almost $300,000 from 
Teter's accounts to diamond and watch merchants. He also changed 
Teter's billing addresses to Jonesboro, Ark.

Robert Dunn, his attorney, said Jackson would have been stopped much 
earlier had the companies required passwords before sharing customers' 
information or allowing him to act on the accounts. "That simple screen 
would have thwarted much of what he was able to accomplish," Dunn said.

Regulators and law enforcement officials had warned financial 
institutions years ago that identity thieves and information brokers 
were tricking clerks into giving them access to individuals' financial 
information. They urged banks to require customers to use passwords or 
codes instead of Social Security numbers, mothers' maiden names and 
other widely available personal information to identify themselves when 
calling. But for years, many financial institutions didn't bother.

"We don't want to make it difficult for customers to get access to 
their accounts," Robin Warren, then a privacy executive at Bank of 
America Corp., said before Jackson was sentenced. "Customers get 
irritated."



In the days after Green's death, Barbara Bergin made the case a 
mission, and she worked all hours tracking down the killer. She is an 
aggressive cop who rides Harley-Davidson motorcycles, a 20-year veteran 
of the Orlando department who worked her way up from beat patrol to the 
homicide squad. She also is charming and knows how to work her sources. 
After coming up with Berry's name and some details about the killer, 
she sent off a request to California authorities for Berry's 
fingerprints, a copy of his license and a photo. On June 2, Bergin got 
a hit on some records in California. But there was a problem. The 
Michael Berry she was looking for was a short African American guy. The 
records she received showed the real Berry.

With help from neighbors who'd heard Hunter mention his previous jail 
time, and from a California official who searched through records on 
her behalf, Bergin turned up Hunter's real name from scraps of evidence 
she had found. She also discovered the case was more sordid than she 
thought. Hunter also was wanted for the slaying of an Oakland, Calif., 
woman named Ivora Denise Huntly, who'd been shot two months before 
Green's death. California authorities believe Hunter killed Huntly as 
she tried to prevent him from beating his girlfriend.

The next day Bergin called the real Berry at his office in Arlington. 
"There's a serious problem here," she told him. She was putting out a 
national warrant for Hunter's arrest on murder charges, and would use 
Berry's name as his alias. "Things could be very bad for you."

Berry was scared, and he didn't know what to do. "This was the first 
indication I had this wasn't just a fraud problem. This was someone who 
was killing people, posing as me."

Bergin explained the warrant meant that he, the real Michael Berry, 
could be picked up for murder. The law enforcement computers would tell 
officers they were looking for a black man. But cops are so used to 
getting reports marred by mistakes, she said, they might ignore that 
detail if they had the right name.

The two agreed he should get letters from police in Orlando and 
Oakland, testifying to his real identity, which he obtained in the 
coming weeks. "The last thing I wanted, after everything he had been 
through, was for him to be on the ground, at gunpoint, in handcuffs," 
Bergin explains. "That could very well happen."



Michael Berry hurtled west on I-66, sitting in the passenger seat of a 
friend's car. With music blaring on the stereo, Berry tried hard to 
loosen up and think about the meal he was about to have at the Inn at 
Little Washington, a gastronomic mecca he had long dreamed of visiting.

It wasn't working. Ever since he'd received the call a few days before 
from Bergin, he'd worried he might be mistaken for a killer. In the 
mornings, he feared he could be stopped while driving his car. Even now 
he wondered what would happen if police asked for his ID.

He was pulled out of his reverie by the buzzing of his cell phone. When 
he checked his messages, he heard the voice of his friend Arthur 
Estopinan, chief of staff to Florida Rep. Ileana Ros-Lehtinen. "Hey, 
Mike, it's Art," the message said. "You were just the lead story on 
'America's Most Wanted.'" Berry called him back and grew lightheaded as 
Estopinan described the episode he'd just watched.

"America's Most Wanted" features detailed crime reports and information 
about fugitives. It urges viewers to call in with tips about suspects, 
and the show's host, John Walsh, boasts that he has helped authorities 
capture more than 750 people wanted for crimes.

On this particular night, Walsh did an episode on Demorris Hunter. 
"Let's get down to business. We got to stop a real lady killer," said 
Walsh, wearing a leather jacket, in a jazzy segment to begin the show. 
A photo of Hunter filled the screen.

"Hunter uses the alias Michael Berry," Walsh said. "Look out, Hunter. 
Now you're our prey, because the manhunt starts right now!"

"Oh my God," Berry exclaimed to Estopinan, "every policeman in America 
is going to be after me."

The next morning, Berry drove to work and clicked his way to the 
"America's Most Wanted" Web site. When he saw Hunter's photograph, he 
actually laughed. "So this is the son of a bitch who is pretending to 
be me," he murmured, incredulous that he could get away with the 
impersonation. "He's not even my height." And he definitely wasn't the 
man he'd seen outside that house in South Central L.A.

Then Berry looked at Hunter's biographical material. Once again, he 
couldn't believe what he was looking at. Below a line naming Berry as 
Hunter's alias was Berry's Social Security number. "I'm not looking at 
my Social Security number on the World Wide Web," Berry thought. "I'm 
dreaming. I cannot be looking at this. Any person in the world can be 
looking at this page right now." (Officials at the show later said 
police suggested including it as a detail that might lead to Hunter's 
arrest.)

Berry wrote an e-mail to an address set up for crime tips and asked 
that the number be removed from the site. To help out, his sister did 
the same thing. "I never got a response," he says. His parents called 
the show over the next few days, but never got calls back in response 
to their messages.

Finally, they said, they turned to an aide in Sen. Dianne Feinstein's 
office in California, who called the show on Berry's behalf. Berry's 
Social Security number was removed from the Web site.



As horrified as Berry was about being caught up in a financial tangle 
with a convicted killer, it was nothing compared with the dismay of law 
enforcement and intelligence officials after September 11, 2001.

For some time, the FBI could not say exactly who the hijackers really 
were. In their quest, agents resorted to low-tech investigative 
techniques, knocking on doors and handing out grainy photographs of the 
suspects, even as they pored through a sea of electronic intelligence.

Suddenly, identity theft wasn't just a consumer issue anymore. It was 
an aspect of global terrorism. The hijackers used phony identification, 
Social Security numbers and birth dates to establish bank accounts and 
set up their lives in the United States. Landlords, flight schools, 
banks and other institutions took them at their word.

Seven of the hijackers got identification cards through the Virginia 
Department of Motor Vehicles even though none of the seven lived in the 
state. They took advantage of rules allowing individuals to meet 
residency requirements with a simple notarized letter. The system had 
long been abused by immigrants seeking to establish themselves in the 
region -- with help from immigration lawyers and local notaries. But 
despite warnings from the FBI and DMV investigators, the department 
maintained the system as a convenience until shortly after September 
11.

"We were seeking to balance legitimate needs with the potential for 
fraud," agency spokeswoman Pam Goheen explains.

The link between terrorism and identity crimes goes much deeper. 
Specialists believe that such fraud is becoming a chief source of 
income for terrorists. Money raised through credit card scams, the 
resale of goods purchased under assumed names and other types of 
identity fraud enables cells to remain free of any financial ties to 
their leaders or patron states.

Authorities allege that al Qaeda terrorists, for example, took on bogus 
identities to run a credit card scam in Spain to raise money for their 
attacks. They also allegedly used stolen telephone cards and IDs to 
communicate with colleagues in the Middle East.

Dennis Lormel, chief of the FBI's terrorist financial review group, 
underscored the point when he told Congress that identity fraud posed a 
looming national security problem. Not much has changed in the months 
since he testified, he says. "I don't think people have really gotten 
the message. We have known terrorists out there who are exploiting 
identity theft and identity fraud vulnerabilities."

Ahmed Ressam, a member of an Algerian group with close ties to Osama 
bin Laden, for instance, was caught in December 1999 at the 
U.S.-Canadian border with a trunkful of explosives. He had assumed the 
name Benni Norris, which he used to obtain a passport and open bank 
accounts. He also got a false birth certificate and a student ID.

A member of the Armed Islamic Group, or GIA, Ressam told authorities 
that he relied on welfare and petty crime, including credit card fraud 
and trafficking in identity documents, to support himself in Montreal. 
He was linked to a theft ring suspected of funneling money to radical 
Islamic groups around the world. Authorities believe the ring stole 
more than 5,000 items, including computers, cellular phones, passports 
and credit cards, with the goal of financing Muslim extremist groups.

"Identity theft -- credit card theft, bank fraud -- is hugely important 
to al Qaeda, as it is to many terror groups. I've been astonished that 
there's been so little attention paid to it," Magnus Ranstorp, director 
of the Center for the Study of Terrorism and Political Violence at the 
University of St. Andrews in Scotland, said in an interview with 
Newsweek magazine. "The pattern was very clear within the North African 
contingent of al Qaeda members operating in Europe. Every time you 
arrest one of them he has 20 different identities and 20 different 
credit cards."



By the time he flew out to Los Angeles in June last year, Berry was out 
of patience. He needed to see for himself the address that mocked him 
from the pages of his credit reports. Maybe it wouldn't do any good, 
but maybe going to the house would turn up evidence that would spur an 
investigation of the case. If nothing else, it would help Berry feel in 
control of his life again.

As he drove into South Central Los Angeles, he wondered how he'd been 
targeted. He had once been treated for his testicular cancer not far 
away at UCLA Medical Center. Had someone there shared his information? 
Could it have been a state motor vehicle official? Someone in a credit 
bureau?

He called Janie Haskill, a close friend who'd once served as Berry's 
vice principal at an elementary school in central California. She often 
serves as a sounding board for Berry's ideas, and he loves her sense of 
humor.

On this day, she served as a security blanket for a determined but 
frightened man. Speaking on his cell phone from his car, he described 
for her the house and the man in the sunglasses. He was still 
describing the scene to her when a sharp-looking young man in a Lexus 
sedan pulled up to the house.

The fellow on the lawn disappeared inside for a moment, reappeared and 
walked into the street. He handed the visitor in the Lexus a six-inch 
stack of mail. Berry watched in rueful, bitter amazement. "I wonder how 
many of those letters have credit cards with my name on them," he 
thought to himself.

Then the two men looked directly at Berry, and he almost lost his cool. 
"I'm scared," he admitted to Haskill. "I want you to know if anything 
happens."

"This is wrong," she hissed back. "Michael, get the hell out of there."



While legislators, law enforcement authorities and entrepreneurs 
recognize the problem of identity theft, they can't agree on what to do 
about it.

After September 11, many people called for a national ID card, 
including technology guru Larry Ellison and Harvard law professor Alan 
M. Dershowitz. The American Association of Motor Vehicle Administrators 
also started working on a plan to create a de facto national ID system 
that would link state databases to uniform, high-tech driver's licenses 
containing computer chips, bar codes and biometric identifiers, such as 
fingerprints or iris scans.

Government agencies, including the new Transportation Security 
Administration, have begun requiring workers to use such hardened IDs. 
Before 9/11, the Pentagon had already begun issuing some 4 million 
plastic "smart cards" containing name, rank, photograph and 
fingerprint.

But despite widespread support at first for some sort of national ID 
system -- some surveys found that in the fall of 2001, almost seven of 
10 people welcomed one -- the idea foundered. Technical problems and, 
more important, a long-standing aversion to the concept undermined 
enthusiasm. Some critics invoked the specter of Nazi tyranny, bristling 
at the notion of authorities demanding, "Your papers, please."

Since the attacks, there also has been growing use of digital 
fingerprint, face recognition and iris-scanning systems to confirm 
identity at businesses, schools and other facilities. There are other 
technological solutions in the works, some that have begun stirring 
other kinds of privacy concerns.

Data giants like ChoicePoint, Lexis-Nexis and Acxiom are among many 
companies willing to use vast caches of personal information to help 
airports, retailers, police and other authorities determine, instantly, 
whether someone is who they claim to be. The aviation screening system 
known as CAPPS II will rely on some of those same companies to sweep 
through databases and check whether a particular passenger is "rooted 
in the community." In addition to identifying information in credit 
reports, the system will analyze passengers' travel reservations, 
housing information, family ties and other personal information to 
authenticate passengers' identities.

Banks and other financial institutions, meanwhile, must now verify the 
identities of new customers and make records of customer transactions 
available to law enforcement and counterterrorism officials upon 
request. Some banks are turning to commercial services to authenticate 
the identities of their customers; others are banding together to 
create their own verification systems.

Congress also intends to go at the issue, but credit bureaus and 
information services are expected to fight hard against any legislation 
that might curb their use of data. Five years ago, Congress did approve 
legislation establishing identity theft as a federal crime and giving 
law enforcement authorities more powers to prosecute.

The problem, says Medine, the information law specialist, is that few 
agencies make extensive use of the authority. Investigations are costly 
and the rewards, in terms of media attention, are relatively scanty. 
The number of prosecutions by state and federal authorities, including 
the FBI, Secret Service and Postal Inspection Service, has increased. 
But they're not close to keeping pace with the crime, Hendricks and 
other consumer advocates say.

The FTC was very aggressive in drawing attention to the problem a few 
years ago. It created a database of fraud claims by victims, setting up 
a system online called the Consumer Sentinel Network to give law 
enforcement agencies access to the tips and complaints. Fewer than 600 
of some 18,000 agencies across the country have signed up for the 
service.

Sen. Feinstein has already proposed at least four related bills, 
including legislation that would penalize credit card companies that 
ignore reports of fraud. Alabama Sen. Richard Shelby plans to address 
the issue this year as part of efforts to reauthorize several recent 
provisions of the Fair Credit Reporting Act, the 1970 law that governs 
how credit bureaus can use personal financial information.

Shelby, an intelligence specialist and one of the most savvy privacy 
advocates on the Hill, considers identity theft a major threat to 
individuals and to security. But he faces a tough battle if he wants to 
make any substantive changes. More than a dozen bills were introduced 
in the last legislative cycle. None of them passed.



Earlier this year, Berry got an e-mail from an acquaintance who knew 
about his case. It included a copy of a wire service account of how 
police and the FBI captured Hunter in Houston on February 21. Police 
found the van Hunter had been driving in Orlando, burned and abandoned, 
not far from the house where he was captured.

Since then, Hunter has been moved to Alameda County, Calif., and is 
awaiting trial in the Oakland murder case. The Orlando charges are 
still pending.

Apart from confirming that Hunter impersonated Berry, authorities still 
know little about the identity theft or who the mastermind was. As of 
early this summer, they had not conducted an investigation, or filed 
any charges. Berry may never find out how Hunter latched onto his 
Social Security number and driver's license. Or who was living in that 
bungalow on 12th Avenue. Or how many people were filling out credit 
card applications in his name.

Hunter is behind bars, but Berry is still wrestling with the mess made 
of his finances. One charge -- $462 to Pacific Bell -- has been 
particularly troublesome. Before Berry could get the debt erased, it 
was sent to a collection agency, a red flag on any credit report. An 
immediate casualty: Berry's Chase MasterCard Platinum credit card. Even 
though it was Chase that had tipped Berry off to the identity theft, 
the bank decided that he was somehow responsible for his troubles. 
Viewed now as a credit risk, Berry was given a choice: Pay a much 
higher interest rate or close out the card. He closed it out.

And while most of the fraudulent charges have been removed from two of 
his credit reports, the third remains marred by purchases he didn't 
make. Berry continues to fill out form after form to take care of the 
problem. Each says essentially the same thing: that it was a thief and 
not Berry who made the charges.

"I'm still dealing with the paperwork," Berry wrote in a recent e-mail. 
"It is a total and complete nightmare, and completing the paperwork 
alone could easily be my full-time job."

He still carries around the letters he obtained from police in Oakland 
and Orlando, neatly folded in a black leather wallet. "Michael D. Berry 
is not the felon fugitive that is being sought by several agencies," 
says the well-worn missive from the Orlando police. "It is our 
intention to clear any confusion as to Mr. Berry's identity."

The police have assured him that he doesn't need the letters anymore. 
Somehow, though, he can't bring himself to throw them away.
How to Protect Yourself


To reduce the risk of falling victim to identity thieves, consider 
these recommendations from the Federal Trade Commission and a nonprofit 
group called the Privacy Rights Clearinghouse:

* Check your credit report once or twice a year. Unfamiliar or missing 
transactions may signal trouble. You can order the reports for a small 
fee online or over the telephone.

* Use your Social Security number sparingly and do not carry it in your 
wallet or purse. Never provide that number -- or other sensitive 
personal information -- to telephone callers or people online unless 
you initiated the contact.

* Destroy credit card receipts to ensure a "Dumpster diver" doesn't 
find them. Also destroy unwanted offers of preapproved credit, which 
contain details that make life easier for identity thieves.

* Close out unused or little-used credit card accounts.

* If you suspect you have been victimized, immediately contact the top 
three credit bureaus. They will mail out credit reports for free to 
people who believe they are victims, and they will place fraud alerts 
on the suspected victims' accounts. Equifax: 888-766-0008; Experian: 
888-397-3742; Trans Union: 800-680-7289.

For more information on identity theft, go to www.consumer.gov/idtheft, 
the FTC's Web site; www.privacyrights.org/identity.htm, a site 
maintained by the Privacy Rights Clearinghouse; or 
www.cdiaonline.org/consumers2.cfm, a site created by the Consumer Data 
Industry Association, which represents the credit bureaus. -- R.O.

Robert O'Harrow Jr. is on leave from The Post to write a book on 
technology, surveillance and the war on terrorism, with support from 
the Center for Investigative Reporting. He will be fielding questions 
and comments about this article at 1 p.m. Monday on 
www.washingtonpost.com/liveonline.



More information about the FoRK mailing list