Quarterly Newsletter of the Florida Chapter of the Association of Professional Genealogists

Friday, March 19, 2010

10 July 2007

Identity thieves aren't stealing public genealogy records

Dick Robinson takes an extensive look at how and why lawmakers are closing and restricting the basic tools of genealogists--vital records, especially birth certificates. He concludes that new laws are just hampering genealogical researchers and not actually preventing identity theft or terrorism. This article originally appeared in the May/June 2007 issue of Digital Genealogist, available online by subscription.

Identity thieves aren’t stealing public genealogy records
Why are government officials trying to limit access to those records on and offline?

By Dick Robinson, CG
Copyright © 2007 by Dick Robinson. ALL RIGHTS Reserved.

Genealogical records are our lifeblood. Take them away or limit them, then we can’t research online or in person without difficulties. Restricted access to records is caused by poor funding, increased fees, missing or damaged records, or what some call just a knee-jerk reaction to protect privacy and help prevent terrorism.

Take a look at some headlines on “Public Records in Crisis” during the past year:

Massachusetts Vital Records May Be Closed
There Goes Your Privacy - One Byte at a Time
Access to Public Records Closes at a Frightening Rate
More on the “Ludicrous” Closure of South Dakota Public Records
Colorado Moves to Close Access to Public records

Restricting access to vitals

Many government officials around the country have been trying to restrict access to vital records. That includes birth, marriage, and death data online and in governmental offices. An Associated Press 50-state survey last year showed that 616 new laws restricting access to government records, databases, meetings, and other public information had been passed since Sept. 11, 2001. Only 284 laws had loosened access.

Closing or restricting access to records hampers genealogists. It creates a “widespread fear” of losing public records. Why? Many legislators and public officials believe that closing or limiting access to records will reduce identity theft and help prevent terrorism.

Big problem

ID theft is a big, serious problem. It claims more than 10 million victims a year, costing consumers and businesses $50 billion a year, according to the FBI, in time and money to repair credit records and restore peoples’good names. “Identity theft occurs when your personal information is stolen and used without your knowledge to commit fraud or other crimes,” says the Federal Trade Commission. That information includes credit card, Social Security and driver’s license numbers and other personal information. Many people commonly label vital record misuse as identity theft; others like to use a more specific term, such as birth certificate fraud.

Gen data the problem?

Does genealogical information really contribute to identity theft? Proponents of restricting records say studies show that easy access to vital records significantly contributes to identity theft that may lead to terrorism. But a number of genealogists say that’s not true. There’s no evidence that criminals are stealing data from public records. For the past 20 years, genealogist Richard Pence, former newsletter editor of NGS’ Computer Interest Group, has been challenging anyone to give him a documented case of genealogical data fraud. He says they may involve vital records or genealogies. The documentation may be police or court records or a verifiable news article. Over the years, he’s received “occasional nibbles” that didn’t meet his criteria.

Public officials are just jumping on a runaway band wagon. It started rolling after the terrorists’ 9/11 attack in New York City in 2001. The Millennium Plot terrorists obtained credit cards and drivers’ licenses with stolen data. Where are the facts connecting public vital records that genealogists use to identity theft? genealogists ask. Experienced genealogists never come to a conclusion without proper analysis of all the facts!

No evidence

Michael John Neill, a nationally-known genealogy researcher, speaker, and author says there’s no studies that show easy access to vital records significantly contributes to the identity theft problem.

Several reasons may be responsible for the belief that limiting access to public vital records may help prevent identity theft or even terrorism. Many legislators, even those sponsoring bills limiting access to vital records, don’t know all that’s in the bill and how it will affect genealogists. Sometimes when bills are passed, many governmental workers may misinterpret or not evenly apply law restricting public records.

A number of state legislators push for limiting access to vital records when they don’t really understand the situation, critics say. When an Indiana bill was filed last year to limit access to death information, Leland Meitzler wrote, “Another do-gooder congressman [legislator] has it figured that limiting access to death data is in some way going to protect folks from identity theft. It’s too bad that these legislators don’t take time to study the facts….before they try to show that they’re actually doing something in the statehouse.”

“Sadly,” says Pence, a former journalist, “it is the media. The media accepts at face value the cries of alarm from those who are making a living by scaring the bejabbers out of the public.” He cites what he believes is a flawed 2003 survey by the Federal Trade Commission that showed 27 million identity theft victims in the past five years.

Connecticut professional genealogist Dr. Robert L. Rafford blames a national association of state vital records offices for spreading misleading information about birth certificate fraud. He says the National Association for Public Health Statistics and Information Systems does not document its statement that implies that studies of the federal Inspector General “encourages change in access to birth certificates….” The 2000 study of the U.S. Department of Health and Human Services, Offices of Inspector General reviewed previous federal reports on birth certificate fraud since 1976, with no mention of limiting access to them.

Standard documents recommended

In the absence of studies linking public vital records and fraud, let’s also take a look at the classic example of identity theft and terrorism. The 9/11 commission extensively studied what could be done to prevent another terrorists’ attack. In its 585-page report, the main recommendation of the commission on identify theft was that birth certificates and drivers license formats be the same in every state. These documents are the bread and butter tools of identity thefts. Authorities often do not recognize fakes because there are so many formats used. What was not said is important for genealogists. They did not suggest that access to public birth certificates or other vitals records be restricted.

Doesn’t make sense

Further, genealogists complain that vital record restrictions just don’t make sense. Identity thieves typically steal credit card, driver’s license, and social security numbers of many people at once. They don’t try to get individual records like birth certificates through vital records departments, according to Neill. They don’t diligently search for vital records on microfilm like genealogists do. For thieves, it’s just not practical to spend hours getting copies of public vital records of their victims, says Neill.

Hackers, employees to blame

Instead, you often hear about computer hackers or some unscrupulous employee stealing valuable personal data. Rafford says he concludes from his research that “a tremendous percentage of identity thefts” are done by governmental, banking, and data processing employees who don’t need vital certificates. For example, the media reported in late March of this year that hackers stole 45.7 million credit card numbers from shoppers at T.J. Maxx and Marshalls stores. They also got numbers for drivers’ licenses and military identification cards of another 455,000 people.

ID theft stories foster warnings

Neill says that such stories foster warnings about protecting personal data. You may be advised to shred discarded personal information or never give personal data to unsolicited e-mail from financial institutions. “Rarely is one told to go to the courthouse and shred your birth certificate so someone cannot make a copy of it,” jests Neill. In fact, you likely won’t see any terrorists or identity thieves there either. They rarely, if ever, go to any of the 10,000 different agencies here that can issue birth certificates.

Causes of ID theft

It’s just easier to get doctored birth certificates or other fake documents at a host of websites. Thieves do not search your garbage for personal data as much anymore or steal wallets or purses as often. They can just get about anything they need online cheap. In secret chat rooms, they openly trade stolen data worldwide as it crawls by on stock-like tickers, reports MSNBC’.com’s “Red Tape Chronicles.” A related NBC Dateline investigation quoted an expert who said thieves pay as little as $5 to buy someone’s name, address, Social Security number, credit card number, and pin number.

Where do they get that data? Much of it comes from stolen laptop computers and from hackers who break into systems of large and small companies, says the expert. Identity theft today with computers appears to be much easier than ever before. So why would thieves resort to combing public vital records? Genealogists know how hard it is sometimes for them to confirm that they have found a certain person’s vital record. Imagine, says P
ence, how hard it would be for a crook who knows nothing about genealogy to coordinate data from vital records to commit a crime. Should online genealogists fear having their identity or personal data compromised? Pence answers, “It never hurts to be careful, but the danger of having one’s identity stolen is almost nonexistent.”

Stealing from the dead

Other ID thieves steal information about the dead. They can get names and addresses from obituaries. Then they buy their Social Security numbers and other personal data on the Internet for only $15 or so. With this information, they can get credit cards or open checking accounts or buy merchandise in the names of deceased people, according to scam expert Sid Kircheimer. Experts advise that you should not give the deceased’s day and month of birth (provide just the year) in obituaries and to notify credit agencies and credit card companies right after someone dies. Send them their death certificate, he advises.

Some people believe that genealogy websites contribute to identity theft. A couple of years ago the Utah attorney general claimed that family history websites were feeding ID thieves with social security numbers (SSN). But Pence says that that if someone used a SSN in the Social Security Death Index they would likely be caught by financial institutions who routinely check the same database.

What can be done

In today’s world, it is not clear what information is private. In genealogy, though, for people born since the last public U.S. Census in 1930, all data is usually considered private except the surname and gender. Pence advises never post online or give information to others about living people, including the importing and exporting of GEDCOM files.

Instead of restricting public records, Rafford recommends that government and private companies do a better job of policing its employees. He notes that many states have taken some action. States generally restrict birth records. Florida, for example, allows the child on the certificate or the child’s parent, guardian or legal representative to obtain birth certificates. All birth certificates become public record 100 years following birth.

Rafford’s state of Connecticut only allows members of approved genealogical societies who present photographic identification to see or receive birth records less than 100 years old. California issues birth and death certificates stamped “Informational, Not a Valid Document to Establish Identity.” Several years ago California took down its online index of vital records and prohibited its agencies from selling them. However, they had been widely distributed, and are sold today online by private companies, according to Pence. He says the sales have resulted no reports of fraud.

States are also trying to decide whether to provide public records online 24 hours a day or just when county courthouses are open. Florida temporarily banned court records on the Internet while the pros and cons were studied. States also must now follow the federal Intelligence Reform and Terrorism Prevention Act of 2004. It prevents most public access to birth and death certificates for 70 to 100 years. The law allows states to set up its own rules and decide whether to provide an exception for genealogical and historical societies.

“Family historians need to be on the forefront of making it clear to our elected officials that access to vital records is not the real problem,” Neill writes on his website. Other genealogists say why close or limit access to records and punish people who don’t misuse them? It will just hamper genealogical researchers and not stop identity theft.

Dick Robinson is a certified genealogist, personal historian, and author of books and national magazine articles. He is legislative chair of the Florida State Genealogical Society and Florida Liaison to the Records Preservation & Access Committee of the Federation of Genealogical Societies and National Genealogical Society. Robinson, a professional journalist who was nominated for the Pulitzer Prize, has written several articles on records preservation and access. He is the founding president of the Florida Chapter of the Association of Professional Genealogists.