Custom Search

October 13, 2011

Known Victims of Georgia Identity Theft Ring Total Nearly 9,000!

A Georgia identity theft ring has nearly 9,000 victims!  The current number of victims of the alleged identity theft ring centered in Suwanee, Georgia stands at 8,965 and includes people from Georgia to California.

Apparently, the identity theft ring ran a bogus tax preparation service that was submitting false tax returns for unknowing victims.  The scheme caused one victim, Jeanette Adams of Georgia, to get stuck with a $2400 tax bill.  A retired nurse, Adams struggled to keep a roof over her head and pay for her medicines while paying back the IRS for taxes she did not owe.  Unfortunately, no one would help her.  Only later did she find out she was a victim of identity theft.

Authorities discovered the identity theft ring when they served a search warrant on the home of Annette Ford of Suwanee, Georgia.  During their search, which was triggered by an investigation of some stolen checks, police found stacks of fraudulent tax returns, stolen checks and a legal pad containing handwritten notes of names, birth dates and Social Security numbers.

Ford has plead guilty in federal court.  Three others have also been charged.

I have seen more and more tax return identity theft over the last few years.  Unfortunately, there is usually no one to sue, since the debt rarely show up on the victim's credit reports.  The FCRA therefore is no help to those victims.  And the actual criminals usually are either never located or are judgment proof, making a civil suit against the criminals a waste of time.

October 11, 2011

Operation Swiper busts largest identity theft scheme in U.S. history

Who says the economy is struggling?  One identity theft ring that involved more than 100 criminals spent more than $13 million on iPads, iPhones, computers, watches and even swanky handbags from Gucci and Louis Vuitton.  The only problem - they used their victims' credit to make the purchases.

A sixteen month investigation, dubbed "Operation Swiper", led to charges against 111 suspects, 86 of whom have been arrested thus far.  The identity theft ring was run out of Queens, New York but stretched all over the globe, including China, Europe, Africa and the Middle East.

Employees at banks, restaurants and retail stores would start the identity theft by "skimming" the credit card data of customers (i.e. steal the information when they swiped the card, often by using a special machine to do so).  Members of the ring would also steal credit card information online. 

The information was then used to forge credit cards, which were placed in the hands of criminal shoppers, who would make the high end purchases identified above.  The items bought (but never paid for) would then be sold overseas for pure profit.

The credit card companies in the U.S. could have prevented a lot of this by installing anti-skimming micro chips in their cards.  Credit card companies overseas already install these chips so it must be feasible.  The untold number of identity theft victims I am sure would have appreciated this extra protection, had the credit card companies been wise enough to have implemented it.  Maybe losing out on over $13 million just from one ring will get their attention.

As always, any victims of this identity theft ring that need help can contact me through this blog or via e-mail to ckittell@merkel-cocke.com.  I have represented identity theft victims in NY before and thus know some good FCRA attorneys in NY that may be willing to help.

October 04, 2011

Horrible - TriCare refuses to provide credit monitoring to the victims of its data breach

TriCare is a healthcare program that provides healthcare coverage to uniformed service members, retirees and their families.  Last month, a number of TriCare's computer backup tapes were stolen from the vehicle of an employee of Science Applications International Corp.  The tapes contained the personal information (including Social Security numbers) and health information of 4.9 million beneficiaries.

Typically, companies that allow such massive data breaches to occur will offer free credit monitoring services to the victims of its negligence.  But not TriCare.  Its refusing to do the right thing.

According to TriCare, it was not offering credit monitoring services because "retrieving the data on the tapes would require knowledge of and access to specific hardware and software and knowledge of the system and data structure."  Hog wash.  Does TriCare not realize what the technologically savvy can do with computers these days?  It wouldn't take a moderately skilled hacker any time at all to successfully access the information on those tapes.

TriCare, get your head out of the sand and offer the credit monitoring service to your victims.  Its not much, but its at least something.

October 01, 2011

New scam involving Equifax

The Better Business Bureau serving eastern North Carolina is warning consumers on its website about a new scam involving Equifax.  Business are apparently receiving faxes that appear to be from Equifax, one of the three major consumer reporting agencies, but are actually from scammers.  The faxes seek sensitive financial information and asks the businesses to fax the information back to "Equifax" - but its not Equifax who is sending the faxes.  The faxes are fraudulent and should be ignored.

Just an FYI - before you ever respond to any solicitation for personal or private information, confirm with the alleged source that the request is legitimate.

September 30, 2011

Slow news day ...

... in the FCRA world.  But here are a few articles worth a quick look:

An article by Holly Culhane about concerns over Social Intelligence - a CRA that publishes reports to potential employers (and presumably others) utilizing "deep searches" of consumers' social networking sites such as FaceBook and MySpace. - http://www.bakersfield.com/news/business/economy/x2000241818/HOLLY-CULHANE-Beware-Internet-background-checks-have-risks

A Washington Post article about an FDIC probe of Discover Card's sales practices, including its marketing of its identity theft protection services - http://www.washingtonpost.com/business/industries/discover-faces-fdic-enforcement-after-probe-on-sales-practices-for-credit-id-theft-protection/2011/09/29/gIQAjEnc7K_story.html

A man sues his bar (CRAAAAZY, I know!) because they published his credit card's expiration date on multiple receipts over a period of time - this one's a stretch even for me.  Here's the article - http://www.baltimoresun.com/entertainment/music/midnight-sun-blog/bs-ae-koopers-lawsuit-0930-20110929,0,5085973.story

Enjoy!

September 29, 2011

Goldman Sachs got hacked

Hackers going by the twitter name of @CabinCr3w were apparantly able to hack Goldman Sachs' computer system.  The hackers sent off a tweet that directed followers of their twitter account to the Pastebin website.  The Pastebin website allows users to paste information to the website anonymously, where it is stored for a period of time.

The hackers pasted the personal information of Goldman Sachs CEO Lloyd Blankfein, including his age, recent addresses, education and even a listing of the legal cases he has been involved in.  The pasted information also included the e-mail addresses and titles of more than eighty employees of Goldman Sachs. 

Thousands at risk of identity theft from stolen laptop

A stolen laptop has put thousands of former patients of two Minnesota medical care providers at risk of identity theft.  A laptop containing the personal identifiers and other private information of approximately 14,000 patients of Fairview Health Services and 2,800 patients at North Memorial Medical Center, both of Minneapolis, was stolen out of a locked car located in the parking lot of a Minneapolis restaurant.

What's worse?  The data on the computer was not even encrypted.  In this electronic age, there's simply no excuse for massive amounts of personal identifiers not to be encrypted.

What's worse than that?  The medical care providers knew of the stolen laptop mere days after it was stolen on July 25 but are just now taking steps to inform the patients of the privacy breach.  Two months worth of proactive measures are now lost to these victims.

"Obviously, we take this event seriously," said Dr. Mark Werner, one of the senior physician leaders at Fairview. "It's deeply regrettable."

Obviously not.  Or you would have informed these patients whose identities your company exposed much, much sooner.  Just this week, two months too late, letters are being sent to those potentially affected, informing them of what happened and offering free services to protect them from identity theft.

The medical care providers claim "there's no evidence that the information has been misused."  Well, of course there's no evidence of any misuse.  You've kept the only people (other than the identity thieves) that would know of the misuse in the dark for the past two months.  Its very likely the identity thieves have already run amok using the credit histories of their victims and, if the victims are even aware of the theft of their identities, they have not linked the crime to the gross negligence of their medical care providers in failing to properly secure their personal identifiers. 

Give it a few more months (assuming those letters really do go out this week) and I bet there will be truckloads of "evidence of misuse". 

To those unfortunate victims of Fairview Health Services and North Memorial Medical Center, you need to check your credit reports, aggressively dispute any errors (whether resulting from identity theft or not) and then hire an attorney versed in the intricacies of the Fair Credit Reporting Act to represent you against the medical care providers who breached your trust and against any credit bureau or furnisher who refuses to correct your credit histories.  If you need the name of a good FCRA attorney in Minnesota, contact me and I will be happy to provide one.

September 28, 2011

Trans Union takes on Asset Acceptance

Trans Union has filed a lawsuit in the Circuit Court of Cook County, Illinois (i.e. Chicago - TU's home town) against Asset Acceptance, a collection agency notorious among us FCRA and FDCPA lawyers for reporting incorrect information and being pretty ruthless, immoral and unethical in its collection tactics.  For instance, I have sue Asset Acceptance many times.  I can think of one client who I have represent in not one, not two but three lawsuits against Asset Acceptance due to its illegal collection attempts against him.

Apparently, Trans Union's lawsuit against Asset Acceptance arises from a federal class action filed against Asset Acceptance alone.  This case is styled "Johnny Wang v. Asset Acceptance, LLC," Case No. C09-04797 SI in the U.S. District Court for the Northern District of California.  According to Trans Union, Asset Acceptance's reporting of incorrect information to Trans Union to be included in the credit reports it generates led to Trans Union being added as a co-defendant with Asset Acceptance in the class action.  This opened Trans Union up to some major financial exposure.

According to Trans Union's Complaint, which I have seen a copy of, at some point Asset Acceptance informed Trans Union that it "had some serious problems" with a file on 5.7 million consumers that it had previously reported to Trans Union for inclusion on Trans Union's credit reports regarding those 5.7 million consumers.  In particular, Asset Acceptance suspected that disputed accounts it had reported to Trans Union did not include the changes made as a result of the disputes.

Since Trans Union had already incorporated these accounts into its credit history database, it informed Asset Acceptance that it was removing all of Asset Acceptance's accounts from it database and that Asset Acceptance needed to re-report to Trans Union (correctly this time) all of its accounts.  But instead of providing corrected information, Asset Acceptance again provided incorrect information to Trans Union.

Trans Union was then added as a Defendant to the Johnny Wang federal class action, prompting Trans Union to sue Asset Acceptance for indemnification pursuant to its contract with Asset Acceptance that required Asset Acceptance to report correct information to Trans Union.

I'm not sure why Trans Union is surprised that Asset Acceptance is reporting incorrect information.  Like most junk debt buyers, Asset Acceptance has little if any proof to back up the debts it claims it is owed by consumers.  Yet, these bottom feeding junk debt buyers routinely "verify" to Trans Union and the other credit bureaus that the debts they report are indeed owed, even though they have no proof to back it their so called "verification".  If Trans Union really wanted the credit reports it generates regarding consumers to be more accurate, it would bar Asset Acceptance and the other junk debt buyers from including their accounts on Trans Union credit reports until such time as these companies actually present proof of the debts they claimed they are owed.  Until then, Trans Union's credit reports will continue to be chock full of inaccuracies.

Identity thieves go high tech

Do you think you are safe because you shred your credit card bills (after paying them of course), change your password often and don't respond to e-mails from banks where you've never been a customer?  Think again.  Identity thieves are now using a new high tech device to take advantage of new features on credit cards.  This new device, which costs less than $100, allows identity thieves to electronically pick your pocket without ever touching you.

Newer credit and debit cards, as well as some driver's licenses and passports, are being made with radio frequency identity chips that transmit information.  This relatively new feature has opened up an opportunity for identity thieves to use a small device to intercept the signals being transmitted by getting close to you, within 7 feet, from what I am told.  Thus, sporting events (like the Cubs/Cardinals game I went to over the weekend) are treasure troves, since at any time you are within 7 feet of multiple people. 

Many of the banks/credit card companies whose cards use these new identity chips offer protective sleeves for the credit cards.  But for those of us who already have a "George Costanza wallet" issue - see http://www.youtube.com/watch?v=yoPf98i8A0g if you don't understand the reference - this is not a good option.  Another option is a whole new type of billfold - a new type that is made of lighweight steel.  Never tried a wallet like that myself, but it is said to hamper the success of this type of identity theft.

As I have said before, there is no fool proof way to prevent identity theft.  Do your best, but be prepared to take action if and when it happens to you.  Dispute the fraudulently opened accounts early and often, with as much detail and supporting proof as you can.  And, when that doesn't work, hire someone like me to sue the credit bureaus and/or fraudulent credit grantors using the protections of the Fair Credit Reporting Act.  Only in a courtroom are your rights equal to the power of these corporations.

July 23, 2011

More about the social network credit bureau

I wrote previously about a new consumer reporting agency called the Social Intelligence Corporation that mines date from social networking websites such as Facebook and MySpace to build a consumer report about you.  My previous post is here - http://fcralawyer.blogspot.com/2011/06/social-intelligence-new-social-network.html

The latest article which provides a good bit of detail of how the Social Intelligence Corporation will operate is here - http://www.law.com/jsp/cc/PubArticleCC.jsp?id=1202501431464&How_Do_FTCApproved_Social_Media_Background_Checks_Work

July 20, 2011

Identity thief arrested at her own wedding

When the audience was asked whether anyone objected to this marriage, the police said "we do!".  A woman was arrested at her own wedding on a Michigan warrant for identity theft recently.  Police actually allowed Tammy Lee Hinton of Port Richey, Michigan to finish her wedding before hauling her off to jail.  She was held for less than half an hour before the new hubby bailed her out.  Wonder if he had some wedding cake on the way to the jail?

According to authorities Hinton used a computer to commit her crimes and charged around $3,000 in utility bills under her victim’s name in 2009. However when she learned there was a warrant for her arrest in Michigan, she fled to Florida.

Way to start off a marriage, huh?

Way to go Senator Gillibrand!

Talk about a no brainer.  U.S. Senator Kirsten Gillibrand from New York is pushing legislation that will force the removal of Social Security numbers from Medicare cards and communications from Medicare.


Forty million Americans carry Medicare cards with their Social Security number on them.  They also receive letters and other communications from Medicare that include their Social Security numbers.  As a result, these people are at an increased risk of identity theft if their cards or communications from Medicare are compromised.


“Listing Social Security numbers on Medicare cards needlessly leaves millions of New Yorkers susceptible to identity theft,” said Gillibrand. “We must protect Medicare beneficiaries by deterring identity theft. Removing Social Security numbers from Medicare cards is simple step to help keep our seniors personal information secure.”


The proposed legislation, aptly named the Social Security Number Protection Act, would eliminate the display of Social Security numbers on Medicare cards and would stop the Department of Health and Human Services from collecting Social Security numbers and from listing Social Security numbers in communications to Medicare beneficiaries.  


I think this legislation is long overdue and, based on what I've read (which does not include the text of the proposed legislation), is a no brainer.  Good to see someone in Washington proposing something useful.  Good job, Senator Gillibrand!

Credit Scores Disclosed for Free Starting Tomorrow ...

but only when you suffer an adverse action based on a credit report, such as when your credit application is denied.

Starting tomorrow, July 21, 2011, the latest amendments to the Fair Credit Reporting Act go into effect.  The new amendments require lenders or other users of credit scores to include those scores on their adverse action letters they send consumers who suffer the adverse actions.  The publication of the score will be in addition to the reasons for the adverse action and the identity of the consumer reporting agency whose report was used in the decision to deny credit already required to be part of the adverse action letter.

This is a helpful change to the law.  Before, consumers would only know what score was assigned to them during a credit application if litigation resulted and the lender's files were subpoenaed.  Scores purchased even thirty seconds later from the consumer reporting agency could bear little resemblance to the score used in the adverse action, since lenders often use their own credit scoring models, which differ from the credit scoring models used by the CRAs.  If you do buy a score, buy it directly from FICO, as that's the scoring model most lenders use.

July 19, 2011

Is your child a victim of ID theft?

Identity thieves are not ones to discriminate based on age.   In fact, some of their favorite targets are children.  This is so for various reasons, not the least of which is that their crime is likely to go undiscovered longer if the ID theft victim is a child.

A recent study performed by Debix, an identity theft monitoring company, found that 4000 children's identities had been stolen or otherwise compromised out of only 40,000 children surveyed.

So what do you do to protect your children's identity?  First, when your child turns 16, check his credit report.  This should leave enough time to correct any errors caused by any identity theft before the child starts college and starts needing credit in his own name.

Second, watch out for any early signs of identity theft.  If your minor son or daughter starts getting collection calls or preapproved credit offers, then you should request his credit reports from the Big Three to see what's up.

When you request the report, the credit bureaus should respond that there is no report regarding your child.  If they have a report, then your child is either the victim of identity theft or a mixed file.  How do you tell the difference?  Two ways - first, if all three bureaus have a file on your child, its probably identity theft.  If only one has a file, its likely a mixed file.  But, the only way to know for sure is to contact the creditors who appear on the report and find out what Social Security number was used to open the accounts.  If its your child's SSN, then he or she is a victim of identity theft.  If its a different but similar SSN, its a mixed file and all the blame lies with the credit bureau's faulty matching logic.

In either scenario, the first step after learning of the problem is to dispute the errors to the credit bureaus in writing.  If that doesn't work, after multiple tries, then you need to hire someone like me to sue the bureaus' for your child.  Remember, I'm only an e-mail away.

July 18, 2011

The Fourth Credit Bureau?

If you have been reading this blog much, you have probably seen me refer to Equifax, Experian and Trans Union as the Big Three.  They could also be called the Three Stooges, but I'd hate to insult Moe, Larry and Curly.

But what a lot of people don't realize is that there are many, many consumer reporting agencies outside of the Big Three.  I was reminded of this recently when I read a Washington Post article entitled "Five Facts about the Fourth Bureau".  At first I thought there might be a new bureau emerging (kind of like Shemp, the fourth stooge).  Instead, the article lumps together all the smaller, unorthodox consumer reporting agencies as the "fourth bureau".

The other bureaus tend to cover topics that are missed by the Big Three.  Some can be seen as niche market CRAs, such as the ones that collect information about rent paying history, which they then sell to potential landlords.  Other types of information collected by the "fourth bureau" are payment histories regarding utilities payments, cellphone bills, magazine subscriptions and gym memberships.  Some even keep up with whether consumers return their rental movies on time.  Others include companies that compile investigative consumer reports and that provide criminal history type reports that can be used for background checks.

These smaller bureaus can play important roles as over 30 million U.S. consumers don't show up in the Big Three's databases.  These consumers are in a credit morass, as they can not get a loan without a credit history and can not get a credit history without getting loans.  But they can rent apartments, rent movies, sign up for utilities, etc.  The payment histories generated by these actions can sometimes be used in place of a more traditional credit report.

But these types of payment histories can also hurt a consumer's chances of getting credit if they do not reflect a responsible payment pattern, or if they contain damaging errors, which they are apt to contain.  Approximately 25% or more of the Big Three's reports contain damaging errors, so the other bureaus are likely to have a similar error rate.  The good news ... even though these companies are not the "Big Three", they are still subject to the vast majority of the requirements of the Fair Credit Reporting Act, including the requirement that they provide to consumers upon request a complete report of all information in their database about the consumer and 15 U.S.C. 1681i's requirement that they reasonably investigate consumer's disputes of inaccurate information.

The down side ... to get your report from the small bureaus will cost you some money (approximately $11) since the yearly free credit report requirement only applies to the Big Three.  Consumers can also get a free credit report from any CRA if they are denied credit (or suffer some other adverse action) as a result of the contents of the CRA's report.

The same rules regarding disputing errors also apply to the "fourth bureau" ... namely disputing in writing and dispute often.  If that doesn't work, hire someone like me to sue for damages resulting from the errors (which usually also includes the benefit of a corrected credit report.  Funny how a lawsuit will do things that a multitude of even the best dispute letters can not.)  If any of  you need help with the Big Three or the "fourth bureau", I'm only an e-mail away.

July 17, 2011

Starbucks' new iPhone app a risk for identity theft?

According to 9News.com (Colorado's News Leader), Starbucks' new iPhone app, that allows iPhone users to pay for purchases, check gift card balances and purchase gift cards for others, is causing identity theft concerns.

Actually, the identity theft concerns are not really related to Starbucks' app as the concerns would apply to many apps.  Any app that encourages the storage of personal financial information (i.e. credit card info, passwords, etc.) on a mobile device increases the chances of identity theft, just because mobile phones are easier to lose than a desktop computer.  Just ask my niece, who loses her cell phone at what seems like a rate of one a month.  But that's a subject for another blog.

One of the next waves of technology will no doubt be some way to pay for purchases using your cell phone rather than a credit card.  But the trade off for something so convenient is the increased risk of identity theft.  Just like the trade off of being able to receive instant credit decisions while you wait to buy a toaster at Sears is that the decision must be based on information that can be transmitted to Sears while you wait.

True story - I once had a client who was unable to purchase a toaster on credit at a Sears because of an error on his credit report.  The defendant in the case was Experian, one of the three national credit bureaus.  Their argument regarding the credit denial was that he was not denied credit due to the error but due to the statement added to his credit report regarding the error, indicating that he was an identity theft victim and that he should be called at his home number to verify his identity before being granted credit.  In the case of instant credit, he would never be home to receive the verification call, since he would be out shopping, waiting for the credit decision.  Kind of a catch 22, huh?  Client should have used his cell phone number but, then again, this was back before everyone had cell phones.

Anyway, the trade off for "instant" stuff is almost always going to be an increased risk of something such as identity theft.  The trick is first recognizing the increased risk and then building safeguards into the app to handle the increased risk.  Hopefully, the apps of Starbucks and others take this into account when designing their apps.

June 28, 2011

Identity theft - the latest summer risk for kids?

Its summer.  I know this due to the repeated "I'm bored" comments I hear from my nine year old.

Summer also brings additional risk of identity theft to children.  Thanks to the additional free time caused by the long days of summer, children spend more time in front of the computer or on their internet capable cell phones.  With this additional time online comes the additional risk of identity theft.

Why would an identity thief want to steal the identity of a child?  Basically because the child's credit history is a blank slate and can be misused longer than an adult's credit history, since the kid is not out doing the things that cause identity theft victims to learn of the theft of their identity, like applying for credit.

“The younger the victim, the more time these thieves have to exploit the child’s identity,” said Sandy Chalmers, Administrator of the Wisconsin Division of Trade and Consumer Protection. “Identity theft against a child can go undetected for years and do a lot of damage to their good name.”


So, parents, please warn your kids not to give out personal information online unless and only if its to a reliable source.  And, be sure to monitor what your kids are doing online.  A little bit of prevention can prevent a lot of problems later on.

June 27, 2011

Social Intelligence - a new social network credit bureau?

According to a recent article on pcworld.com, the Federal Trade Commission has authorized a new company called "Social Intelligence" to conduct background checks of consumers based not on their credit or criminal histories, but instead using the online social network activity.  This means there is yet another way that your online activity (or posts online regarding your less than stellar offline activity) can affect consumers' ability to land a job.

It was a big deal when companies started running a credit report on job applicants during the vetting process.  But this made sense.  Sometimes its because the job applicant would be handling large sums of money and, if they are in deep debt, they may be more likely to embezzle from the company.

This is even bigger.  Now, a potential employer doesn't have to expend its own resources to check your online identity, it can hire Social Intelligence to do it for you.  According to the PC World article, the potential employer would indicate what type of activity its worried about (i.e. illegal drug use, racism, or other illegal activity) and then Social Intelligence would allegedly only report back to the potential employer about anything it found related to those areas of concern.

But, in reality, Social Intelligence would be a consumer reporting agency (as defined by the Fair Credit Reporting Act) and thus would have to comply with the requirements of the Fair Credit Reporting Act, including maintaining its database of information in such a way that the reports it generates are done so utilizing "reasonable procedures to assure maximum possible accuracy" and that it would have to perform reasonable investigations of any disputes made by the consumer of items reported to the potential employer.

How, pray tell, is Social Intelligence going to perform a "reasonable investigation" of the online content?  That's got potential for some interesting case law.

The moral of the story, though, is to quit posting your business on Facebook and quit tweeting from the bar, etc.  Limit your Facebook posts to the kind of things an employer wants to see - i.e. things that demonstrate stability and maturity, not childish or inappropriate behavior.  This isn't new advice.  I've been telling clients for a while to watch what they post (and to make their profiles "private" to limit access to what they do post), because defense lawyers have started trolling plaintiff's facebook and other online profiles for juicy information to use against them later.

So, listen up folks, watch what you post 'cause it could come back to haunt you.

June 04, 2011

Horrible decision on s-2(b) claim

A bad decision was rendered recently, dismissing a consumer's claim against a furnisher who failed to perform a reasonable investigation of the consumer's dispute of the collection of a fraudulently opened account.

In Healey v. Trans Union, a decision rendered May 18, 2011, by the United States District Court for the Western District of Washington threw out a consumer's 15 U.S.C. 1681s-2(b) claim against a furnisher because the Court found that the furnisher's investigation, which was non-existent as best as I can tell, was sufficient.

Healey was the victim of identity theft.  The impostor opened an account with Sprint, which eventually resulted in the fraud Sprint account being sold to DRS, a collection agency.  Despite numerous disputes made by Healey to DRS regarding the fraudulent nature of the collection account, DRS continued to report the account to the credit bureaus for inclusion on Healey's credit reports.

Healey then disputed the DRS collection account to the credit bureaus, including Trans Union and Experian, pursuant to 15 U.S.C. 1681i.  Apparently, Healey did not possess evidence that Trans Union forwarded the 1681i dispute to Trans Union and thus could not establish that DRS's requirement to perform a reasonable investigation of the dispute pursuant to 15 U.S.C. 1681s-2(b) was ever triggered.  Thus, dismissal of the s-2(b) claim against DRS relating to the Trans Union dispute was proper.

However, the dismissal of the s-2(b) claim related to the Experian dispute is another matter.  There was proof that Experian complied with 1681i and forwarded the dispute to DRS.  However, the Court found that summary judgment was appropriate because there was no evidence regarding what exactly DRS did to investigate and it was Healey's duty to establish that DRS' investigation was not reasonable.  DRS obviously failed to include in its "investigation" a review of its own files regarding Healey's previous disputes.  As a result, it is clear that DRS did not perform even the most elementary investigation of Healey's dispute to Experian regarding the DRS collection.  However, the Court did not think so and, as a result, wrongly (in my opinion) granted summary judgment.

Unfortunately for Healey, it was a sad day for justice in the western district of Washington.

April 19, 2011

Photo Contest


Cute pic, huh?  This is my 3 year old son in his "frog" hat.  He's in a photo contest on Facebook and I would appreciate all your votes.  Here's how you vote.  You must first "like" the photographer's Facebook page at Studio 8 One 8.  You then must also "like" my son's pic.  Do both and you have officially voted for my cute little boy.  Fail to do either and your vote won't count, much like a hanging chad.  

Thanks a TON!

April 01, 2011

March 31, 2011

Interesting experiment regarding what personal data is left on discarded or sold cell phones

An interesting experiment conducted by a company called CPP regarding second hand cell phones to determine what treasure troves of personal identifiers an identity thief would find.  The results of the experiment were disheartening (well, except maybe for me - I call the results "job security".  :)

"Life assistance company CPP purchased second hand mobile phones and SIM cards through Ebay and used electronic shops. The experiment examined what personal data was available on the mobile handsets purchased and whether this information could be used to commit identity fraud.

Alarmingly the experiment revealed 247 pieces of personal data were left on a range of mobile phones and SIM cards, leaving previous owners open to the risk of identity theft. Information found included:

• Credit and debit card PIN numbers

• Bank account details

• Passwords

• Phone numbers

• Company information

• Log in details to social networking sites, such as Facebook and LinkedIn.

The experiment also revealed 81% of those questioned claim to have wiped their mobile phone before selling on and that six out of ten people were confident that all their personal details have been removed. However 54% of mobiles and SIM cards were found to contain sensitive information, unknowingly putting people at risk of identity theft.

The life assistance company's findings were supported by data that found 50% of second hand mobile phone owners said they had found personal data when they had purchased second hand mobile phones or SIM cards.

Most people claim to have wiped their mobile handsets manually, which security experts acknowledge leaves information intact and retrievable and therefore at risk of id fraud.

Mobile data expert from CPP, Danny Harrison said: "This report is a shocking wake up call and shows how mobile phones can inadvertently cause people to be careless with their personal data and put them as risk of identity fraud.

"With the rapid technology advancements in the smartphone market and new models released by manufactures multiple times a year, consumers are upgrading their mobiles more than ever and it is imperative people take personal responsibility to properly manage their own data."

Danny continues, "If they do sell or recycle them online or even give them to friends and family, they need to ensure they remove all their personal information thoroughly and consider the serious consequences of not doing so, such as being a victim of id theft."

Jason Hart, Senior Vice President of CRYPTOCard who was commissioned by CPP to carry out the experiment said, "The safest way to remove all of your data from a mobile phone or SIM card is to totally destroy the SIM and double check to ensure that all content has been removed from your phone before disposal. With new technology does come new risks and our experiment found that newer smartphones have more capabilities to store information and that information is much easier to recover than on traditional mobiles due to the increase of applications."

CPP's top tips on wiping your mobile phone of personal information to prevent identity theft:

1. Restore all factory settings - this is the first step that you should take as it is the easiest precaution before disposing of the unit, but factory resets are far from permanent so follow steps 2 - 4 to protect your data

2. Remove your SIM card and destroy it

3. Delete back-ups - even if your smartphone, PDA or laptop data is securely removed from the mobile device, it can continue to exist on a back up somewhere else

4. Log out and delete- make sure you have logged out of all social networking sites, emails, wireless connections, company networks and applications. Once you are logged out make sure you delete the password and connection

5. Various passwords - avoid using the same ID/password on multiple systems and storing them on your mobile phone, if you are going to store them on your phone use a picture that reminds you of the password

6. If you are selling on your phone ensure you ask for it to be wiped to be on the safe side

7. Don't store vast amounts of personal information on your mobile phone / SIM

8. Make sure you check your bank statements regularly to monitor for suspicious transactions

9. Remember the Golden Rule: Identity thieves are experts at spotting an opportunity to steal your identity and only need a few personal details

10. If you want more information on how to protect yourself from id fraud or see how these experiments worked, please visit CPP's blog"
Cell phones are the only electronic items that you need to wipe clean before discarding.  You should do the same with any electronic device - PDAs, computers, even copying machines these days store information.  Today's copiers, for instance, don't copy, they scan and print.  The documents they scan stay on their memory, whether its a hard drive or some other type of storage device.  People who buy used copiers potentially have access to thousands of pages of previously copied documents.  Scary, huh?

The whole article can be found at http://pr-usa.net/index.php?option=com_content&task=view&id=669843&Itemid=29.

March 30, 2011

Tips for avoiding Identity Theft when shopping online

Here are some tips from http://www.retail-digital.com/ regarding how to avoid identity theft when shopping online.  I especially agree with tip # 2 - why risk your money when you can risk the credit card company's?!

1. Keep your internet security up-to-date

Updating your internet security, keeping your operating system and browser updated and securing your internet connection can all help to greatly minimise the possibility of a security breach. It is also important to regularly run anti-virus software.

2. Use a credit card over a debit card

Where possible use your credit card instead of a debit card for online purchases. This is important for two reasons. Firstly, if you do become a victim of online fraud and your personal information is stolen, the worse they can do is run up charges on your card. With a debit card this would mean they could drain your bank account. Credit cards are usually easier to dispute fraudulent charges over debit cards and also offer you an extra layer of security.

3. Use secure shopping sites

Always make sure that you use a secure site when submitting information like your credit card details online. Secured websites can be distinguished from unsecure sites in two ways. They use something called SSL and are usually identified by the display of a padlock or other icon in the address bar. The URL of secure starts should also start with https. Secure sites ensure that your personal information is encrypted as it travels across the web. If you are ever unsure, do not use it.

4. Be vigilant

Check your bank statements every month. Research shows that identity thieves often do a test charge to see the card works or not and may not take a lot of money out until months later. By monitoring your account regularly you can notice any suspicious account early and take action before more damage can be done.

March 27, 2011

Where Have I Been?

You may be wondering about the lack of posts recently.  Just so happens that I had several trials scheduled one every other week for the past several weeks.  I got trial ready for three of them, only to have two settle and one get postponed at the last minute.  The other did go to trial and resulted in a $250,000 verdict for my client.

The case involved injuries that my client suffered when she slipped and fell at the buffet in the Gold Strike Casino.  The proof at trial showed that the Gold Strike Casino's drink machine (which the "brass" at Gold Strike claimed did not exist, despite my client, her husband, her son and an honest Gold Strike employee all testified was there) was leaking and had been leaking for some time.  Apparently, the drink machine had leaked earlier in the day, resulting in Gold Strike employees cleaning up the water from the buffet's tile floor.  The employees, however, did not fix the leak, which resulted in additional water leaking onto the buffet floor.  My client's husband and son, who entered the buffet line about 20 minutes before my client, saw the water on the floor.

When my client returned from the restroom, she went directly to the buffet line, slipped in the water and broke her right elbow.  The injuries suffered by my client were severe, resulting in a permanent range of motion loss of 10 degrees.  Ten degrees may not sound like much, but it keeps her from doing various activities of daily living and will for the rest of her life.

While I asked for nearly twice as much as what the jury eventually awarded my client, Gold Strike thinks the verdict is completely unfair.  Crazy, I know, but that's what they think.  In my opinion and in the opinion of everyone I have told about the verdict, it is completely fair and deserved by my client.  Gold Strike needs to get over it and realize that, unlike the gamblers in its casinos, my client got a fair shake and won.  Justice prevailed.

I still have another trial in a couple of weeks and Gold Strike's post trial motions to respond to, but hopefully I will have more time to post in the near future.

February 15, 2011

New identity theft protection in Indiana causing problems

From an article by Joe Astrouski on wthitv.com -


TERRE HAUTE, Ind. (WTHI) - A new system at the Indiana Bureau of Motor Vehicles designed to prevent identity theft has left some unable to cash checks or fill prescriptions.

Under the system, when someone orders a driver’s license or identification card, he or she is given a temporary identification slip to use for driving and voting for ten business days.

In the meantime, the state checks the person’s documents and photograph.

“It gives us time to accurately check the documents that are being presented to us as well, as well as do some facial recognition,” said Graig Lubsen, a BMV spokesman.

That time proved expensive for Kevin Mulikins, when he tried cashing a paycheck with the temporary ID.

“They wouldn’t cash it,” he said. “When I went to Wal-Mart to get a prescription, they wouldn’t fill it because they said it wasn’t valid ID.”

Mulikins said he had to spend $50 at a check cashing center to get his check cashed.

Lubsen said the temporary slips are not considered valid identification since they have been issued before the state could confirm the holder’s identity.

He said businesses can decide whether to accept the temporary IDs.

“It’s up to each business whether they want to accept these as proof of identity,” Lubsen said.

That inconsistency, together with the temporary card’s use for voter identification, has Mulikins concerned.

“It says it’s valid for voter registration,” Lubsen said. “If it’s valid for voter registration, why isn’t it valid to cash a check or get a prescription?”

February 14, 2011

Honestly.com - a new CRA?

15 U.S.C. 1681a(d) defines a consumer report as "any written, oral, or other communication of any information by a consumer reporting agency bearing on a consumer's credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living which is used or expected to be used or collected in whole or in part for the purpose of serving as a factor in establishing the consumer's eligibility for (A) credit or insurance to be used primarily for personal, family, or household purposes; (B) employment purposes; or (C) any other purpose authorized under section 604 [§ 1681b]."

15 U.S.C. 1681f defines a consumer reporting agency as "any person which, for monetary fees, dues, or on a cooperative nonprofit basis, regularly engages in whole or in part in the practice of assembling or evaluating consumer credit information or other information on consumers for the purpose of furnishing consumer reports to third parties, and which uses any means or facility of interstate commerce for the purpose of preparing or furnishing consumer reports."

Based on these definitions, I think http://www.honestly.com/ is a new CRA and thus subject to the provisions of the FCRA. 

What is honestly.com, you ask?  According to their website, "Honestly.com is an online resource for building, managing, and researching professional reputation, using community-contributed, professional reviews. Honestly.com reviews help you get the inside scoop on other business professionals, providing candid assessments of coworkers, potential hires, business partners, and more. By contributing Honestly.com reviews, you can share your knowledge of other professionals, giving credit where credit is due, and valuable feedback where needed."

In other words, you supply the scoop on past and current co-workers, professionals you have had dealings with, etc.  Honestly.com then assembles that data into a professional reputation about that particular person, so you can determine whether you want to do business with or work with that person.  Sounds like it falls squarely within the definition of consumer reporting agency to me.  Wonder if Honestly.com realizes that?

If Honestly.com is a CRA, that means they must comply with the requirements of the FCRA, including providing complete copies of your consumer report on request (and payment of a small fee) and investigating any disputes made by consumers regarding the contents of the consumer's consumer report.  Wonder if Honestly.com is set up to handle requests from consumers for copies of their credit reports and/or to investigate disputes made regarding errors in their reports?  Anybody know?  Anybody game to find out?

February 12, 2011

More on Google v. Bing

I recently posted about Bing's theft of Google's identity - see http://fcralawyer.blogspot.com/2011/02/has-yahoos-bing-been-stealing-googles.html - so I thought I would also report on the below subject, even though it really has nothing to do with the FCRA (although it does involve Experian).  I just found it interesting and thought you might as well.

Recently, Experian's Hitwise, which allegedly tracks the performance of different search engines including Google and Bing, reported that Bing was more accurate than Google.  This sent shockwaves through the internet techie world.  But a closer examination reveals that Experian's Hitwise made a pretty big leap to get to this conclusion.  Instead of giving you my own thoughts, I'd rather point you to a post by Chris Richardson which I think is spot on - particularly in comparing Experian's methodology to Office Space's "Jump to Conclusion Mat".   Hilarious.

Chris Richardson's article can be found here - http://www.webpronews.com/topnews/2011/02/09/concerning-bings-more-accurate-than-googles-search-results.  Enjoy!

According to one study, volume of identity theft dropped last year ... or did it?

According to Bloomberg News, the cost of identity theft fraud dropped in 2010 by 34% to $37 billion, the lowest since 2003 when Javelin Strategy & Research began tracking such information.  Good news, right?

Well, not so fast.  Once again, the definition of identity theft that is used to make this calculation is broad, possibly skewing the results.  Javelin's definition apparently includes such things as account take over, which in essence is not identity theft but merely the use of someone else's account.  In an account take over situation, the criminal does not utilize the name, SSN or other personal identifiers of a victim to open a new account in the victim's name.  Instead, the perpetrator merely accesses an already existing account of the victim, making charges with the victim's already existing credit or debit card.  The cost caused by this type of fraud is much less than the cost of fixing a true name identity theft fraud.

This distinction is born out by the other data reported on by Bloomberg, namely that average out of pocket costs for all types of victims (both true identity theft and account takeover) rose in 2010 to $631, up from $387 in 2009.  Conversely, average out of pocket costs for new account fraud (i.e. what I call true identity theft or true name identity theft) rose from $787 in 2009 to $1,267 in 2010. 

This study also underscores another point that I have made to people in the past, namely that you are more at risk from account take over when you use your debit card than when you use your credit card.  Debit card users put at risk whatever amount of money that's in their respective checking accounts, while credit card users do not risk their money but instead risk the money of the credit card companies.  If you are going to bet, its better to bet with someone else's money, don't you think?

One last point ... I think it is also misleading to think of identity theft or account take over in only the terms of out of pocket loss.  In my 11 plus year experience representing identity theft victims, I can tell you that the out of pocket costs associated with identity theft pale in comparison to the true damage caused by the theft of an identity, from the damage to reputation, the cost of time lost dealing with the problem and the sheer mental anguish caused by losing control over one's finances and the sense of betrayal, mistrust and paranoia caused by identity theft.

Here's a link to Bloomberg's full article - http://www.fa-mag.com/fa-news/6819-identity-theft-fraud-falls-34-victims-pay-more.html.

Can answering 2 simple questions on Facebook really give ID thieves the key to figuring out your SSN?

No.  Despite an article I just read on Cincinnati's Fox19.com.  This is just not accurate, or at least not in the manner in which Fox19.com claims.

According to Fox19.com, truthfully answering the Facebook profile questions regarding where you were born and how old you are gives identity thieves enough information to reverse engineer your Social Security number.  While the answers to those questions might accidently help an identity thief guess your SSN, its not that much help and not for the reasons Fox19 claims.

The Fox19.com article claims that the first three numbers of your SSN are based on where you were born.  If that were true, then, yes, correctly providing the city and state where you were born would help ID thieves guess the first three digits of your SSN.

BUT ... the first three digits are not based on where you were born but instead are based on the zip code given on your SSN application.  So it could be in the state where you were born.  But in many, many instances, that's not so. 

For instance, I was born in Louisiana.  At the time that I was born, my parents and siblings lived in Arkansas.  However, we moved to Mississippi when I was four years old and, after moving to the Magnolia State, my parents applied for my SSN.  So the first three digits of my SSN match one of the various sets of 3 digit numbers for Mississippi, not Louisiana where I was born or Arkansas where my family was living when I was born.

Another example - my wife was born in Tennessee but her family lived at the time in Mississippi.  Apparently, her parents also applied for her SSN in Mississippi, because the first three numbers of her SSN also match one of the 3 digit Mississippi combinations, but not the same 3 digit combination that I have.

So its simply not as easy as knowing where you are born.

As for the second part of your SSN, called the grouping, correspond to when you applied for your SSN, which does not necessarily relate to when you were born.  For instance, my grouping would be approximately 4 years after I was born.  My daughter's SSN was also not requested when she was born but years later.  Some people get their kids' SSNs as soon as they are born only to lose them later and have to do it all over again.

So feel free to be honest on Facebook about where and when you were born, unless of course you don't want the internet knowing how old you really are.

A new low

Can you believe this?  A total of six identity thieves plead guilty recently to stealing the identity of more than 50 residents of Maryland, which resulted in the theft of more than $200,000.  The scheme involved defrauding banks in Maryland and five other states and the withdrawal of money from people's personal bank accounts.

Here's the shocking part.  The identity thieves followed funeral processions in order to rob cars parked at cemetaries of credit cards, driver's licenses and social security cards.  They aslo broke into cars parked outside churches, gyms, day care centers and parks.  How brazen and low down is that?  Imagine going to a loved one's funeral, already the victim of grief, only to be victimized again by unscrupulous identity thieves?!
The identity thieves used the information from the stolen cards to get information on personal accounts from banks. Prosecutors said one of the suspects worked at a bank and helped his friends get checks made out to the men in the scheme. The men would then visits the victims' banks and impersonate the people on the cards, sometimes putting on wigs, prosecutors said.

Sickening.

February 08, 2011

Site steals 250,000 Facebook profiles to raise awareness of online ID theft

Interesting way to raise awareness of the risks of online identity theft - article is by Michelle Castillo and can be found at http://techland.time.com/2011/02/04/site-steals-250000-facebook-profiles-for-a-social-experiment/

You might be signed up for Lovely-Faces.com's dating services and not only know it. Website creators Paolo Cirio and Alessandro Ludovico took information from 250,000 Facebook users and used it to create their project which uses facial recognition technology to categorize users into the kinds of people they look like they would be. Problem is they didn't ask permission first from the profile owners, but they claim since it's part of a "social experiment" it should be fine.

The site's not really a dating site. On Face to Facebook, the minds behind Lovely-Faces.com explain that the website was created to prove how virtual identity is increasingly unstable when you consider how easy identity theft is online and how companies can easily take advantage of this information, with or without Facebook's permission. On the Theory section of the website, they elaborate:

And it'll eventually mutate, from a plausible translation of real identities into virtual management, to something just for fun, with no assumed guarantee of trust, crumbling the whole market evaluation hysteria that surrounds the crowded, and much hyped, online social platforms.

Facebook isn't pleased with this use of their data, even though Lovely-Faces.com promises that they will remove anyone who wants their picture taken off the site. “Scraping people's information violates our terms,” Facebook's director of policy communications Barry Schnitt said to Wired. “We have taken, and will continue to take, aggressive legal action against organizations that violate these terms. We're investigating this site and will take appropriate action.”

February 07, 2011

Google sponsoring contest to strengthen Chrome against identity theft hacks

Google is sponsoring a $20,000 hacking contest for the purpose of testing the defenses of Chrome, its internet browser, against identity theft hackers.  This year's hacking contest is called "Pwn2own".  The first researcher who is able to exploit Chrome will receive a prize of $20,000.

Pwn2own participants will also attempt to exploit Windows 7 or the Mac OS X, as well as web browsers Internet Explorer, Firefox and Safari.  The first Pwn2own participant who is able to hack Internet Explorer, Firefox, and Safari will receive a prize of $15,000.

The purpose of Pwn2own is for Google to learn any weakness in Chrome's defenses before it can be  victimized by hackers and other individuals involved in identity theft crimes, which could cost Google millions.
The benefit of Pwn2own is that it gives Google the opportunity to identify Chrome’s weaknesses in dealing with hackers and indent theft offenders now rather than later.

February 05, 2011

New feature

Just added a new feature to the blog.  Its called a "flag counter" and its located on the right hand side of the blog.  Basically, it tracks the people who visit this site and sorts them by their country's flag.  Wish I had found this little gizmo earlier, as I have seen people from all over the world visit this site, which I always thought odd for a site dedicated to a law that has no effect outside the boundaries of the United States. 

So don't think there have only been folks from the U.S. visiting this site.  I predict within a week that there will be multiple countries identified on the flag counter.

February 04, 2011

Below are the contents of a letter I received yesterday from Elizabeth Warren, Assistant to the President and Special Advisor to the Secretary of the Treasurey on the Consumer Financial Protection Bureau (CFPB) that was created in the first portion of President Obama's term.  Apparently, they are hard at work getting the CFPB up and running.

Dear Colleague,

In July 2010, Congress created a new federal agency to protect American consumers. The Consumer Financial Protection Bureau will be a cop on the beat, working to make consumer financial markets work better for American families. As the first new consumer agency of the 21st century, we can communicate directly with the people we serve.

Today, that work is just beginning. We’re moving quickly—building a terrific team, finding office space, and unpacking a lot of boxes.

Things aren’t all in place yet, but we don’t want to delay reaching out to the people who care about this agency. We’re excited to announce the launch of our website, ConsumerFinance.gov, for one very important reason – to start a conversation with you. With the launch of our site, we will be Open for Suggestions.

We hope you are eager to learn what this new agency will do and how it might affect you. In turn, we are definitely eager to hear what you have to say. Starting today, you can use the Internet to send us your best suggestions and questions for the bureau:

If you have a video camera, record a YouTube video and upload it as a response to our welcome video at http://www.youtube.com/CFPB.

If you like Twitter, tweet your suggestion using the hashtag #CFPB. You can also follow us at http://www.twitter.com/CFPB.

If you are on Facebook, you can “Like” us at http://www.facebook.com/CFPB, and post your suggestion on our wall.

If you want to use our website, you can post suggestions at http://www.consumerfinance.gov/openforsuggestions.

In the coming days and weeks, staff who are building this new agency will record direct video responses to some of the most frequent questions and most interesting suggestions. You’ll see the faces and meet the people who come to work every day to make a difference for the American people. We look forward to getting to know a little more about you, too. More is coming, so be sure to check back at http://www.consumerfinance.gov/openforsuggestions throughout the coming weeks.

Open for Suggestions is just one way that we plan to keep our conversation going with you. Be funny! Be creative! Most of all, be real about what matters to you. This is a great chance to go into your community with a camera, laptop, or mobile phone, or just a pen and paper, and help others participate. Involve your friends, your family, your colleagues and classmates, your faith community, and anyone you know who might be counting on this agency for information and help.

If you aren’t ready with a specific comment, that’s OK. Just let us know you are there—and stay in touch.

We can’t do it without you.

Thanks,

Elizabeth Warren
Go to their new website and make your concerns heard.

February 03, 2011

Has Yahoo's Bing been stealing Google's identity?

Being a lifelong fan of both baseball and following politics, I often read the blog postings of Nate Silver, who started out as a baseball statistician but began using his analytic ability to predict the outcome of elections through analyzing various political polls.  His blog started out on its own but is now a part of the NY Times website.  He recently posted the following, which I found interesting and hope you do too:

I certainly do not have any expertise in Web search. I can claim some, however, in another area that is highly relevant to it: trying to optimize the performance of statistical algorithms.


In my case, the algorithms are designed to predict the outcome of elections. FiveThirtyEight’s algorithm to forecast U.S. House races, for instance, considers several different “ingredients”– like polls, fund-raising data, and demographic data — and mixes them together in such a way as to maximize the accuracy of the forecasts. Although there are a few nuances one needs to consider, for the most part this is based on which combination of ingredients would have produced the best forecasts in past elections.

Search is similar. The search engines are trying to predict the relevance of the results generated by each query. (How is relevance determined? Basically just by what a human being finds most relevant, which can be measured either through objective data, like how many clicks each link generates, or through testing that asks users for a subjective evaluation of the quality of different results.) There are different inputs that the search engines can consider to rank results — for instance, the text contained on each Web site, its traffic statistics, and the behavior of previous users of the search engine — and they can mix these in different ratios depending on what seems to do be doing the best job of maximizing performance.

A big controversy erupted Tuesday in search: Google accused Microsoft’s search engine, Bing, of cheating off of it. The rather clever way in which they determined this is by manually inserting nonsensical results in response to nonsensical queries. For instance, in response to the gibberish string of characters “uegosdeben1ogrande,” Google rigged its algorithm to return a link to a site selling hip-hop jewelery as the “best” response. This could not plausibly be arrived at unless another search engine were using Google’s results as one of their ingredients. But for several of these queries, lo and behold, Bing returned exactly the same results that Google did.

Microsoft has not really disputed the claim — instead, they’ve said that it’s not such a big deal. Yes, Google search results — which it obtains by tracking the behavior of people who use its Internet Explorer 8 toolbar, perhaps along with other means — are one of the inputs that Bing uses, Microsoft says. But it also uses more than 1,000 others. The reason that Google’s results appear verbatim in response to nonsense queries like “uegosdeben1ogrande” is because in such a case, only the Google results are “relevant”; the other 999 variables don’t shed any light on the problem.

Let me try to referee this dispute. I’m not going to weigh in on the legality or even necessarily the ethics of this — I’m just trying to consider what makes for better search.

Microsoft’s defense boils down to this: Google results are just one of the many ingredients that we use. For two reasons, this argument is not necessarily convincing.

First, not all of the inputs are necessarily equal. It could be, for instance, that the Google results are weighted so heavily that they are as important as the other 999 inputs combined.

And it may also be that an even larger fraction of what creates value for Bing users are Google’s results. Bing might consider hundreds of other variables, but these might produce little overall improvement in the quality of its search, or might actually detract from it. (Microsoft might or might not recognize this, since measuring relevance is tricky: it could be that features that they think are improving the relevance of their results actually aren’t helping very much.)

Second, it is problematic for Microsoft to describe Google results as just one of many “signals and features”. Google results are not any ordinary kind of input; instead, they are more of a finished (albeit ever-evolving) product, one which itself is made up of hundreds of different “signals and features”, which have already been combined together in such a way as to maximize performance in response to the exact same queries that Bing is getting.

Imagine that you opened an Italian restaurant across the street from Mario Batali’s Lupa. It would be one thing if you merely took inspiration from Lupa’s spaghetti carbonara — if you tried to use some of the same ingredients and some of the same techniques. Maybe you’d even go so far as to track down the butcher who sells Mr. Batali his pancetta. All of this would be in the spirit, most of us would think, of good ol’ American competition.

But this is more like, when a customer orders the carbonara, sending a runner across the street to order a plate of it at Lupa, reheating it, and then maybe adding some mushrooms or snow peas. The alterations you made to the dish, whether slight or substantial, might not be all that likely to make it better: it would be hard to improve on Mr. Batali’s carbonara (if peas really made the dish yummier, wouldn’t he already have included them in the recipe?), just as it would be hard to improve on Google’s search results.

There are certainly cases, of course, in which a finished product can made better. In the algorithms that we use to forecast U.S. House races, for instance, one of the inputs is the race ratings (such as “toss-up” or “leans Republican”) generated by outside agencies like Cook Political and CQ Politics. These, essentially, already constitute finished products, since these groups are already trying to weigh a number of different factors together to optimize them.

What we’ve found is that the ratings generated by these groups are very good, and that it would be hard to improve on them by using statistical inputs alone. (This is not the case for Senate or gubernatorial races, where the polling is much more abundant and much more reliable, but it is the case for House races.) However, a combination of these race ratings and statistical inputs (not necessarily weighted equally — the race ratings make up something like 20 percent of the FiveThirtyEight forecasts) does slightly better than either one taken alone.

There are undoubtedly many improvements that Microsoft has in fact made to search; there are a lot of very, very smart engineers there, after all, and I’m sure they have come across a few tricks that Google hasn’t. Also, there are some cases in which Microsoft has access to proprietary data that Google does not. For instance, because Microsoft makes software products, they probably have a good understanding of what things a user does when — as has been known to happen on occasion — Windows Vista crashes. They may therefore do better than Google in responding to queries for technical support, something which search engines are often quite poor at. Bing, also, runs a travel site (which is very good), whereas Google does not, so they might do better in responding to a query like “best fare JFK LAX“.

How much value Microsoft’s engineers are ultimately adding is hard to say. Both they and Google are extremely circumspect about revealing any detail about their algorithms. And in contrast to election forecasts — where it’s fairly straightforward to evaluate performance (who called more races right?) — it is hard to measure the efficacy of a set of search results.

Still, Google has spent many, many years trying to perfect search — probably an order of magnitude more man-hours than Microsoft has. To the extent that Bing’s results are competitive with Google’s across the broad spectrum of potential searches, one wonders how much this is because they are simply using Google’s data.

This article can be found at http://fivethirtyeight.blogs.nytimes.com/2011/02/02/how-much-does-bing-borrow-from-google/ and Nate's blog can be found at http://fivethirtyeight.blogs.nytimes.com/.  If you are a fan of politics, you should really check it out.

February 02, 2011

Experian credit reports to include positive rental payments

Potentially good news for renters - Experian credit reports are to include positive rental payments.  As far as I know, Experian is the first of the credit bureaus to take this big step.

In the past, only negative information about a renter's payment history was included on credit reports.  That meant that the segment of the population, which often included those trying to establish their credit history (i.e. college students or those just starting out), did not get the benefit to their credit history of their timely rent payments.  Only if their payments were late would the rental payments show up on a credit report.  Obviously, the late payments would damage the credit history of the renter whereas those renters who made their rent payments on time did not see those timely rental payments show up at all in their credit history.

No more.  Now Experian is going to include the positive rental payment history of many consumers on its credit reports.  Here's the details straight from Experian's website -

On-time rental payments now help boost credit scores

In the past, only negative rental payment data such as evictions and collections were reported to consumer reporting agencies. Therefore, your on-time rental payments never helped boost your credit scores, unlike credit card, mortgage or car payments that help raise credit scores when paid on time.

But this has changed now that Experian® will be including positive rental data in consumer credit reports. The addition of this data is a tremendous benefit to anyone who rents, especially those who are non-credit-active, cash-based consumers.

Key Benefits to Consumers

Establish or rebuild your credit — You can now make your continuous on-time rental payments count towards establishing or rebuilding your credit

Qualify for what you deserve — If you were previously unable to qualify for a lease or credit product due to a thin credit file you will now be able to demonstrate past rental payment history and qualify for what you deserve

How It Works

Experian RentBureau receives updated rental payment data every 24 hours from its national network of property management companies. In order for this data to be included in your credit file, your property management company must contribute its rental history data to Experian RentBureau.

Experian recognizes the value of having a good rental payment history. Please contact your property management company and ask them to contribute their data to Experian RentBureau.
If reported accurately, this development could help millions of consumers who otherwise have little or no credit history begin to build a credit history and become homeowners if they so desire.  Of course, if the rent payment history is reported inaccurately in an adverse manner, the damage done to a developing credit history could be disastrous.  Fortunately, the FCRA should help protect victims of rent payment reporting errors in the same manner as it helps rectify credit reporting errors of other kinds.

February 01, 2011

An interesting article about an identity theft ring based out of a federal prison, straight from http://7thspace.com/headlines/370211/inmate_sentenced_in_ohio_for_running_identity_theft_ring_from_prison.html

"The man who led an identity-theft ring that ran up a quarter-million dollars worth of charges from inside a federal prison was sentenced to more than 14 years in prison, Steven M Dettelbach, United States Attorney for the Northern District of Ohio, announced today. “The defendant thought he found a way to occupy his time in prison,” Dettelbach said. “With this prosecution and this sentence, he’ll have lots more time to learn to follow the rules.” Dimorio McDowell, age 34, of Atlanta, Georgia, previously pled guilty to aggravated identity theft and conspiracy to commit wire fraud and bank fraud. McDowell was an inmate at Fort Dix Federal Correctional Institution at the time of the scheme, which took place between August 2009 and April 2010.

United States District Judge Donald Nugent ordered McDowell’s 174-month sentence on this case begin in 2014, when he completes the current sentence that resulted in his incarceration at Fort Dix. McDowell was the ringleader who obtained personal information on people who had credit card accounts at various retailers, including Best Buy, Home Depot, JC. Penney, Lowe’s, Macy’s, Nordstrom’s, Saks Fifth Avenue, Sears and Staples, according to court documents. McDowell contacted the retailers and impersonated the true account holders, store employees, or corporate fraud investigators.
He used information about the account holders, such as name, address, or Social Security number during those calls to obtain additional information about them and adding co-conspirators names as authorized users of the accounts, thus taking over the accounts, according to court documents. After taking over the accounts, adding additional users to the accounts and opening new accounts, McDowell communicated with his co-conspirators, all of whom lived in the Cleveland area. McDowell continued to run his scheme from prison even after he was charged and after he pled guilty. He also posed as a deputy United States Marshal over the telephone and attempted to have prisoners moved, according to information presented during the sentencing hearing.
Overall, the ring purchased more than $254,000 worth of merchandise as part of their scheme, according to court documents. Also charged in the case are: Andre Reese, 37; Jeffery McClain, 39; Kevin McBride, 34; Michael Sailes, 51; Edwin Peavy, 52; Daniel Ashford, 37; James L Wiggins, 47, and Jay Williams, 27, all of Cleveland, Ohio. All have entered guilty plea to charges against them. This prosecution is the result of cooperation from a number of law enforcement agencies who identified the defendants, gathered the evidence and prepared the case for prosecution.
The investigative team included the Federal Bureau of Investigation’s Cleveland Division and Trenton Resident Agency, the United States Bureau of Prisons, the Postal Inspection Service, Bath Township Police Department, Stow Police Department, Mentor Police Department and other state and local law enforcement agencies. The case was prosecuted by Assistant United States Attorney Matthew B Kall. “This case is a stark reminder about the need to protect yourself from identity theft and fraud,” Dettelbach said. “I want to thank the FBI, the Bureau of Prisons and all our partners who made prosecuting this case possible.”