Security is a growth industry

Identity Theft and Vital Records

Security businesses are growing by leaps and bounds. There are tens of thousands of people newly involved in this business, and there are literally billions of tax dollars at stake for those fortunate enough to cash in on this surfeit in public and private sectors, especially in the field of technology development. The sale of insurance against identity theft alone is a cottage industry. Accompanying this meteoric burgeoning are spectacular claims of the need for security against “identity theft,” however that may be defined.

While it would be folly to dismiss all claims of threats to our land, our material possessions and our “identities,” it would be equally foolish to believe all the statistics and clatter about these claims. There is much self-serving “Henny-Pennyism”[1] in the hyperbole we hear and read about identity theft and it is prudent to demand precise documentation from industry sales associates and governmental agencies of all claims about the subject. Those who have the most to gain by selling their services may be unwittingly or carelessly misleading the public.

RECENT TRENDS INCREASE ALARM – BUT CAUTION IS SUGGESTED

It is understandable that there is widespread fear by almost all citizens concerning this subject. In the past decade, three trends have coalesced to exaggerate our alarm:

1. intensified focus on personal privacy, especially in medical concerns;

2. increased concern that the Internet has made dissemination of information around the globe instantaneous; and,

3. the September attacks on our country by terrorists who forged documents to assume false identities.

As an example of concern over privacy and the dissemination of information via the Internet, a number of records have been made freely available online, such as the New York City voter registration records, which include home addresses. While the records have been public for many years, the easy availability of them around the world simply caused increasing alarm for many citizens, causing many to rethink which records should be public.[2]

And it is equally understandable that legislatures and agencies whose job it is to protect us do something about these concerns. But one caution we must exercise is the temptation to offer knee-jerk reactions and simplistic mechanisms to address our fears. Sometimes the “solutions” proffered in response to dire problems themselves lead to more problems. One such knee-jerk responses is the effort to close or severely restrict public access to vital records.

STUDIES OF IDENTITY THEFT

The phrase “identity theft” is itself misleading. Our identities are not stolen or taken from us; others impersonate us for criminal purposes. We still have our “identities,” but the implication that something is taken from us entirely, even for a short period, is not true. A reliable study focusing on birth records and identity theft is a 31-page document issued in September, 2000 that was conducted by June Gibbs Brown of the Department of Health and Human Services, Office of the Inspector General, entitled “Birth Certificate Fraud.”[3] This study alludes to a 1976 study by the Federal Advisory Committee on False Identification (FACF), commissioned by the United States Attorney General, “The Criminal Use of False Identification.” This study labels the problem correctly, but is the source for the pop-labeling of birth certificates as “breeder documents,” i.e., documents which allow the holder to gain “higher” documents of identification such as a driver license and passport, and to obtain “benefits such as resident status, Social Security benefits, loans and other government aid, including Temporary Assistance to Needy Families, Food Stamps, and Medicaid.”

However, it is important to pay close attention to the conclusions stated in this September 2000 study, which are as follows, verbatim:

q Birth Certificates alone do not Provide Conclusive or Reliable Proof of Identity.

q Further, it would be Impractical to Redesign Birth Certificates to Make them Reliable Identification Documents in and of Themselves.

q Some Efforts to Redesign Birth Certificates Might Even be Undesirable.

q Nevertheless, Since Birth Certificates can Play an Important Role in Establishing Identity, Their Integrity Should be Improved.

q In Addition, Federal and State Program Administrators Should Assess the Proofs of Identity They Will Accept.

What is called for in the study is that… “user agencies [i.e., those agencies which use birth records as proof of identity] be vigilant in their detection of fraudulent documents and documents held by imposters. We have included consensus suggestions for improving the birth certificate process and the detection of fraud in the body of the report.” It is important to note that nowhere in the report’s conclusions is there a recommendation that records be closed or severely restricted to the public.

Despite the conclusions of this report, some health departments across the country that control the vital records of their states are calling for records to be closed. One of the sources of much agency animus against birth records may be the National Association for Public Health Statistics and Information Systems.[4] This organization offers a “report” from its Internet homepage entitled “Limited Access to Vital Records.” It is worthwhile to quote this in full (with bold added for emphasis):

NAPHSIS Standard

Title: Limited Access to Vital Records

Background:

In the United States there has been an increase in the fraudulent use of vital records (e.g. birth and death certificates). This fraudulent use is directly linked to identity theft which is the fastest growing white collar crime in the United States. Numerous studies have been conducted over the years and have found that birth certificates are used as “breeder documents” to create new identities. The birth certificate in some cases is a key to obtaining a social security card, driver’s license and credit cards for use to commit crime. The perpetrator knows this and uses the system to his or her advantage.

The ability of one to obtain birth certificates for illegal purposes is aided when access to those birth certificates is not questioned or even challenged. Of the 50 states, 14 have open access on either a state and or local level to the birth certificates they archive. This is an area of great concern and should be at all levels of government as well as for the person for whom state and local government retain and issues, upon request, their birth certificate to anyone that makes application.

Certified copies of original birth certificates are used in most birth certificate fraud cases. The Passport offices and Immigration and Naturalization Services have experienced 85 percent and 90 percent respectively of fraud cases involving bona fide birth certificates.

In September 2000 the Office of the Inspector General prepared a report on “Birth Certificate Fraud” for the Department of Health and Human Services. This report addresses birth certificate fraud and strongly emphasizes that the birth certificate is a “breeder document”. This report is one of a number they have prepared over the years and encourages change in access to birth certificates, on both a local and state level.

Recommendation:

The National Association for Public Health and Information Systems recommends that all states issuing certified copies of vital records will require proper identification and a signed application. Access to these records will be limited to ...“his or her spouse, children, parents, or legal guardian, or their respective authorized representative. Others may be authorized to obtain certified copies when they demonstrate that the record is needed for the determination or protection of his or her personal or property right. The State Agency may adopt regulations to further define those who may obtain copies of vital records.”

This “report” appears to be more a product of hysteria than evidence based on the facts, and there is not one iota of documentation to its claims. It alludes to “[n]umerous studies” to bolster its claims but does not identify a single one, save the September, 2000, report already cited, above, which does not conclude that closing or restricting records is efficacious. It echoes the labeling of birth certificates as “breeder documents” and provides departments of public health around the country with some seemingly legitimate motivation in subsequent efforts to effect legislation closing or severely restricting vital records in their respective states. But its exaggerated conclusion that birth records should be closed is not supported in the United States Department of Health and Human Services report. This author has tried on several occasions to elicit from NAPHSIS what their “numerous studies” are, but they have never answered my telephone calls, e-mails or a letter to their office. This is reason to be highly skeptical of their claim that there are “numerous studies” supporting their conclusions.

What is occurring is a prime example of the misuse of the World Wide Web. One or more vague reports are alluded to as factual studies to back up the conclusions of some in the field of “security.” Without much in-depth discernment, officials in agencies, wishing to show some evidence behind the conclusion they are drawing, allude to these reports in their own reports. Far down the road the legislators who ultimately pass on these conclusions in the form of legislation do so without anyone having done the difficult and time-consuming job of thoroughly checking the facts.

RESEARCH ON IDENTITY THEFT

There is much misinformation being circulated about how birth certificates may be obtained. A recent article featured on the Web site of Minnesota Public Radio, for example, described the case of a man, Dave Feakes, whose identity was stolen by Allan Rick:

To steal Dave Feakes’ identity, he simply called the state of North Dakota and bought a copy of Feakes’ birth certificate, something easily done in most states. Beth Givens, director of the National Privacy Rights Clearinghouse, says it's too easy to get such a critical document.

Givens [stated] “You know once you have somebody's birth certificate, you can get a driver's license, then you can go get a duplicate Social Security number and you've got a full set of documents and you're off and running.”[5]

According to the Web site of the North Dakota Department of Health, birth certificates may not be obtained by telephone.[6] The description of obtaining birth certificates as “easily done” does not fit genealogists’ experience, but the quotation by Director Givens has the effect of promoting the services of the Privacy Rights Clearinghouse and will probably be accepted by most readers as fact, no doubt inspiring those who wish to severely restrict birth certificates.

This article underscores one problem in the current approach to remedies. The real problems lie with any agency, including Departments of Motor Vehicles, that will readily accept a birth certificate as valid proof of a person’s identity. As stated above in the DHHS study, “birth certificates alone do not provide conclusive or reliable proof of identity,” and “federal and state program administrators should assess the proofs of identity they will accept.” Governmental agencies must adopt the more difficult approach of adopting more stringent methods of establishing identities after they have thoroughly examined and performed background checks on each of their workers.

In my research on identity theft, I found the NAPHSIS “report” alluded to many times as the supporting rationale for closing or severely restricting records. For example, the Tennessean, a newspaper with online news, carried an article by staff writer Duren Cheek, entitled “Open Records Access Allows ID Theft, Audit Says.” The article cites a state comptroller’s audit which states that “fraudulent use of vital records is directly linked to identity theft,” and calls on increased restriction of birth records to “only the person listed on the birth certificate or a parent, child, sibling, grandparent ‘or other person who demonstrates a direct and tangible interest and connection,’” citing as its rationale a NAPHSIS “report.”

Searching the Internet for general articles about identity theft will scarcely yield a single mention of vital records in any treatment of the subject. Why is this so? The answer, I believe, is that the use of vital records plays an extraordinarily small role in the overall subject of identity theft and hence is not specifically discussed in any article on the subject that I have seen.

The conclusion that fraudulent use of vital records plays only a small roll in identity theft is underscored by a report issued by the Federal Trade Commission, using statistics from the year 2002.[7] In this report there is not the slightest specific mention of vital records, including birth, marriage, death and fetal death records. According to the FTC report, Massachusetts and Connecticut were almost identical in the incidence of identity theft. New York, with much more restriction placed on access to vital records, had a rate that was 65% higher than Connecticut’s in 2002, and 50% higher in 2003. Since Connecticut has a much lower restriction on access to vital records than New York’s,[8] and Massachusetts records are even more open, one valid conclusion to be drawn is that more restriction to the public access to vital records does not result in a lower rate of identity theft! There are many other factors at play accounting for the incidence of identity theft than just the availability of vital records to the public. The fact is that the conclusion by NAPHSIS and others that closing or severely restricting access to records hinders identity theft is not supported by the evidence.

Finally, the State of Connecticut official report, Identity Theft: A Guide for Connecticut Citizens, published in November, 2004, by the Office of the Victim Advocate,[9] does not refer to vital records at all as problematic in this vexing issue of identity theft.

THE REAL WORLD OF IDENTITY THEFT

A significant number of articles in my research alarmed me to the fact that a tremendous percentage of identity theft cases involve people working on the inside of governmental, banking and other agencies that deal with our private information. These people are operatives who do not need birth or other certificates to steal identities.

For example, one story described a former employee of the State Insurance Fund in New York who was accused of stealing the identities of thousands of people and who used these identities to order at least $100,000 worth of goods. She had access to names, addresses, Social Security numbers and other personal information of thousands of state employees and other people who had contacted the fund.[10]

A New York couple pilfered mailboxes to steal identifying information about thousands of people and used false identities to steal more than $1.5 million from banks and credit card companies. This couple never even needed birth certificates for their scheme.[11]

A group which federal officials believed to be the largest-ever identity theft ring in the country relied on a low-level employee of a Long Island software company and stole the credit histories of more than 30,000 people over a three-year period, emptying bank accounts, taking out false loans and running up charges on credit cards, among other crimes. Philip Cummings was a “’help desk’ worker at a Bay Shore, New York company that provides software for banks and other companies to obtain credit histories from the nation’s three largest credit bureaus.”[12]

Another article read “A janitor at WNYC, the public radio station, was charged with stealing a list of some of the station’s donors and selling it to an identity theft ring with widespread activities…”[13]

Two foreign nationals from Mexico who were manufacturing forged documents were arrested in New York in March 2003 in possession of “’tens of thousands’ of blank Social Security cards, drivers’ licenses from 10 states, alien registration cards, New York City school diplomas, marriage and job certificates for foreign nationals, and an array of printing equipment and supplies for making false ID documents, Customs officials said.”[14]

One of the worst cases occurred in Hartford, Connecticut, in 1996, when the Connecticut Department of Public Health moved its original copies of vital records from its Washington Street offices to another location. A man working for the company hired for this move, James Burke, stole a box of hundreds of birth certificates from the 1960’s and began selling them. He was caught only when he attempted to purchase a handgun in Vermont using one of the birth certificates.[15] The public has never been informed about the progress of this case, and hundreds of the documents may still be missing.

Another case, reported in 2000, cited a man named James Burke, described as a “Pennsylvania man,” who was charged with stealing Social Security numbers from a state office he was involved in moving. This was probably the same man arrested in the Connecticut case, caught again just four years later pursing the same crime of identity theft.[16]

A Connecticut case that alarmed me was that of three women, employees in the Hartford City Department of Vital Records, who pocketed $144,833 over three years on the job, stealing between $200 and $300 per day. Migdonia Sales, Diane Williams and Nikki Henderson were charged in separate incidents. The latter two worked in the assessors’ office in Hartford. If a crime which allegedly involved only underreporting of sales of vital records to the public could continue for such a long time, would it not have been just as easy for a clerk in vital records to have sold certified birth, marriage and death certificates for larger sums of money?

A story in the Hartford Courant of November 10, 2004, reported that one employee of the Department of Motor Vehicles, arrested in August, may have sold 400 driver’s licenses. She is reported to have sold them to illegal aliens in Norwalk, with the help of accomplices. The article states, “According to a complaint sent to the DMV by a Florida businessman, eight of his employees told him they had obtained fraudulent licenses in Connecticut and that the state DMV was a well-known source of the bogus documents.” In fact, the situation was much worse. In 2006, further articles about this incredible criminal enterprise within Connecticut’s own state agency show that more than 1,200 fraudulent licenses were issued between June 2002 and December 2004, of which only 450 have been accounted for. Police believe this criminal conspiracy was perpetrated by at least six DMV employees.[17]

CONCLUSIONS AND SUGGESTIONS

These examples of identity theft should make it clear that there is no evidence that closing or severely restricting public records to the public would have the desired effect of stanching the spread of identity theft. But closing the records would severely hamper genealogists, family historians, reporters and other innocent members of the public from pursuing their pastimes, avocations and professions. The public is an easy target for a “fast fix,” but further restricting public records is not indicated by statistics or actual life events.

What is needed to stem the effect of any “breeder documents” out there is a little in-house “birth control” to staunch the breeding of illicit documents. Government and private companies must police those working inside their agencies where identifying data are available to workers. This would include background checks and more rigorous and efficient supervision of state and other employees. In dealing with the public, the United States Department of State, for example, is very efficient at detecting vital records fraud. Motor Vehicle Departments need to learn the methods and procedures utilized by this federal agency to more effectively deal with those fraudulently obtaining licenses.

Connecticut is far ahead of other states in the security of our vital records. There are a number of safety measures already in place here. For example, we are unique in requiring those wishing to access birth records under 100 years old to belong to genealogical societies “incorporated or authorized by the Secretary of the State to do business or conduct affairs in this state.”

q For access to birth records under 100 years old in Connecticut, Connecticut General Statute §7-51 allows only genealogists holding membership in a Connecticut-incorporated genealogical society to view them, and has since this legislation was passed in 1971.[18]

q The Connecticut Public Health Code, issued by the Connecticut Department of Public Health, calls for a photographic identification of all for access to or issuance of birth certificates.

Other security measures are in place or are in the process of being deployed.

q There is the use of specially engraved paper for birth certificates from the Department of Public Health that should, in my opinion, be used by all Town Clerks and Registrars.

q The use of the “INFORMATIONAL, NOT A VALID DOCUMENT TO ESTABLISH IDENTITY” stamp on birth and death certificates can be made uniform, and we urge lawmakers to make this a provision of the law. California has been offering these since July 1, 2003.

If these were not enough,

q The Town Clerks and Genealogists Action Group (TCGAG), organized in October 2001, composed of Town Clerks and genealogists, meets regularly to discuss and act on issues such as security. Measures are presently being considered to design membership cards that are more secure and to provide ways to better identify valid members of genealogical societies.

q TCGAG has a conflict resolution process pertaining to any issues that arise between genealogists and Town Clerks and Registrars of Vital Records. There have not been any issues pertaining to security and genealogists brought to our attention or made public in the 35 years genealogists have been allowed to access birth records.

q The newly formed Connecticut Coalition of Genealogical Societies, composed of the leaders of most of the genealogical societies in Connecticut, can provide counsel and deliver action regarding enacting greater security regarding the existing laws pertaining to security of birth and other records.

Security is the concern of legislators and public officials as well as the public, and that includes genealogists. We can help each other to provide greater security at home without depriving citizens of the pursuit of the happiness and livelihoods they derive from uncovering their family ancestry.

You may print a copy but please do not duplicate without permission.

This description was written by Dr. Robert L. Rafford and reflects his opinions and observations alone.

The Connecticut Professional Genealogists Council, Inc.

P. O. Box 4273

Hartford, CT 06147-4273

Webmaster – Robert L. Rafford - Please contact me for any corrections or questions about these pages.

This site is best viewed in Microsoft Internet Explorer. Netscape Navigator produces distortions of some text.

This page was last modified 10 May 2006

[1]. “One day Henny-penny was picking up corn in the cornyard when–whack! – something hit her upon the head. ‘Goodness gracious me!’ said Henny- penny; ‘the sky's a-going to fall; I must go and tell the king.’” Quoted from Paul Galdone, Henny Penny.

[2]. Amy Harmon, “As Public Records Go Online, Some Say They’re Too Public,” New York Times, 24 August 2001, page A1.

[3]. Located on the Web at <http://oig.hhs.gov/oei/reports/oei-07-99-00570.pdf>.

[4]. National Association for Public Health Statistics and Information Systems found at <http://www.naphsis.org/>. Click on “Fraud Guidelines” on the upper left of the screen. Its Website describes the organization: “The National Association for Public Health Statistics and Information Systems (NAPHSIS) is a national association of state vital records and public health statistics offices which is based in the Washington, DC area. The association was formed in 1933 to provide a forum for the study, discussion, and solution of problems related to these programs in the respective members' health departments.”

[5]. Dan Gunderson, “Document 7: Identity Theft,” on the Web site of Minnesota Public Radio, 480 Cedar Street, Saint Paul, Minnesota, 55101, located at <http: //news.minnesota.publicradio.org/features/199911/15_newsroom_privacy/idtheft.html>. Beth Givens is described as the “director of the National Privacy Rights Clearinghouse.” That organization is located at 3100 5^th Avenue, Suite B, San Diego, California 92103 and this Web site is located at < http://www.privacyrights.org/index.htm>.

[6]. Web site of North Dakota Department of Health, Division of Vital Records, 600 E. Boulevard Ave., Dept 301, Bismarck, North Dakota 58505-0200, located at <http://www.health.state.nd.us/vital/>.

[7]. On the Web at <http://www.consumer.gov/sentinel/idt_statemap/Connecticut%20CY2002.pdf>.

[8]. After 75 years for birth, and 50 years for death and marriages, New York’s records are open to the public. In Connecticut, all death and marriage records are open to the public and birth records over 100 years old. Birth records under 100 years of age are open to genealogists who hold a valid membership card in an incorporated genealogical society in Connecticut (Connecticut General Statutes 7-51 and 7-51a). In Massachusetts, all vital records are open to the public unless closed by a court (only done in cases of out-of-wedlock births and adoptions).

[9]. State of Connecticut, Identity Theft: A Guide for Connecticut Citizens (Office of the Victim Advocate, November, 2004), available at <http://www.ova.state.ct.us>.

[10]. Stephanie Flanders, “Former State Worker Is Charges in $100,000 Identity Theft Plot,” New York Times, 18 July 2001, page B7.

[11]. Edward Wong, “2 Charged in $1.5 Million Mail Theft Scheme,” New York Times, 8 June 2000, page B8.

[12]. Benjamin Weiser, “Identity Ring Said to Victimize 30,000,” New York Times, 26 November 2002, page 1.

[13]. Lydia Polgreen, “Janitor at WNYC Is Accused of Stealing Donor Information,” New York Times, 27 July 2002, page B2.

[14]. Associated Press, “Phony documents valued at $3 million,” Waterbury Republican-American, Waterbury, Connecticut, 14 March 2003, page 4A.

[15]. [Anonymous], “Police: Mover stole 3,000 birth certificates,” Waterbury Republican-American, Waterbury, Connecticut, 7 October 1997.

[16]. “Man Charged In Theft of Numbers,” Hartford Courant, Hartford, Connecticut, 18 November 2000, sixth edition, page 35, column 1.

[17]. Associated Press, “Arrests Mounting in DMV Probe,” Waterbury Republican-American, Waterbury, Connecticut, Friday, 06 January 2006, page 1.

[18]. For the full text of this statute, click on the text or go to <http://search.cga.state.ct.us/dtsearch_pub_statutes.

Html>. In the box after “Document: contains the phrase,” type the words “genealogical societies.”