Meet Michael Berry: political activist, cancer survivor, creditor’s dream. Meet Michael Berry: scam artist, killer, the real Michael Berry’s worst nightmare.
And so begins Identity Crisis, a Washington Post cover story about privacy and identity theft.
Meet Michael Berry: political activist, cancer survivor, creditor’s dream. Meet Michael Berry: scam artist, killer, the real Michael Berry’s worst nightmare
By Robert O’Harrow Jr.
Sunday, August 10, 2003
Michael Berry prowled the streets of South Central Los Angeles in a rented silver Volvo, searching for a clue. He turned onto a residential street called 12th Avenue, peered at each home and then slowed the car almost to a stop. His heart fluttered.
Off to his left was the address that had obsessed him for months. He saw a well-tended bungalow with crisp green grass. Watering the lawn was a man covered in tattoos and wearing a sleeveless undershirt and aviator sunglasses, who watched closely as Berry drove by.
“Oh crap, I didn’t do this right,” Berry muttered to himself, gripping the steering wheel a little tighter and trying not to stare back.
He had come 2,700 miles from his townhouse in Arlington to scope out the place that somehow had appeared on credit reports as his new home. Some cretin using the address had opened at least 15 new credit card accounts in Berry’s name and run up thousands of dollars in bills for clothing, flowers, gasoline and telephone calls.
Berry had always taken pride in paying his bills on time. At 33, he was the chief operating officer of the Independent Women’s Forum, a conservative women’s group, mingling regularly with Washington lawmakers and Republican activists. The theft of his identity was changing everything: threatening not just his credit rating, which was in tatters, but his respectability, his very sense of himself as a man firmly in control of his own life. Now, as he drove by the tidy house in L.A., he was at a loss. “I felt,” he says, “totally helpless.”
He had tried to report the financial problems to L.A. police. Because he wasn’t a resident, and the fraud was not considered large enough, they brushed him off over the telephone. When he called police in Arlington, a friendly officer took his report. But he got no promises. Arlington, the officer said, had no jurisdiction in California.
Berry pulled up the street, turned the car around and parked. Pretending to do paperwork in his lap, he kept watch for anything suspicious. “Be careful,” he told himself. “Sit back and watch.”
He had good reason to take care. Just days before, he’d learned from a Florida homicide detective that a man who had assumed his persona — using his Social Security number and carrying a driver’s license with his name — was a convicted murderer who was wanted for fresh killings in two states. That meant that Berry, the real Berry, was liable to be taken into custody as a wanted man at any time.
Sitting in his office in south Arlington, Berry dialed a toll-free number and waited for the computerized voice at Chase Manhattan Bank to prompt him. He punched in the number of his Chase Platinum MasterCard. It was early January 2002, six months before his visit to Los Angeles, and he was trying to consolidate his debts onto one low-interest card.
He sat back in his chair as he told the clerk his current income and how much credit he wanted. When he hung up, he was certain the bank would comply, because he had never missed a payment, even when he was between jobs. A few days later, he heard the news. He was rejected. “I’m sorry,” the clerk told him. “You have opened too many cards lately.”
Berry was puzzled, but not particularly upset. “This is a mistake,” he thought. He’d get it fixed. Determined by nature, Berry was used to working through problems and, eventually, getting where he wanted to be.
As an undergraduate at the University of Southern California, he’d found his way into the state headquarters of the 1988 Bush-Quayle campaign, landing a volunteer job recruiting and coordinating college activists. He became head of the Trojan College Republicans at USC, one of the state’s largest college political groups. After transferring to Pepperdine University in his junior year, Berry parlayed his burgeoning Rolodex into prestigious internships at Ronald Reagan’s post-White House office and in the Bush administration, where he worked as an advance man for Vice President Quayle.
He had every intention of staying in Washington as a political operative. But he cut short his plans after his father had a heart attack. He moved back to his home town in central California and took a job as a teacher, following in the footsteps of his father. Not long after, Berry faced his own health crisis. He was diagnosed with testicular cancer at the age of 24. For a time, he thought he might die. His doctors urged him to donate sperm in case he wanted a family someday. Then they removed one testicle and prescribed radiation therapy.
The treatments that cured Berry also nauseated him and sapped his vitality. But after the ordeal was over, he worked his way through the education bureaucracy and became an elementary school principal. He never lost interest in politics, though, and decided to move back to D.C. a few years ago. He became a special assistant to Texas Sen. Kay Bailey Hutchison on the Hill before moving over to the Independent Women’s Forum.
Michael Berry, in his Arlington office, knows Washington’s ins and outs, but he’d never encountered anything like the mess created when his idenity was stolen. (Photograph by David Deal)
Berry tried to put his savvy to work for him. After the rejection from Chase, he made a round of calls to the top three credit bureaus, Trans Union, Experian and Equifax, companies that operate near the center of the U.S. economy. Working with banks, retailers, landlords, car dealerships and an array of other enterprises, the credit bureaus collect and share extraordinarily rich financial details about nearly every adult in America: where we live, how much money we owe and to whom, and whether we pay our bills on time.
Credit bureaus sold some 1.2 billion credit reports in the United States last year, more than double the number a decade ago. Many of the transactions that characterize American life depend on those reports. They are factored into mortgage loans and credit offers, used to weed out risky tenants and screen people for mobile phone service. Some identifying personal information in them, including addresses and Social Security numbers, also has helped fill the reservoirs of information brokers, who resell data to lawyers, debt collectors and jilted spouses searching for wayward mates. The reports are also perfect fodder for identity thieves.
The credit bureaus mailed Berry his own reports, which were sullied by all kinds of purchases he hadn’t made. According to the credit agencies’ computers, he had sought, received and quickly used thousands of dollars in instant credit from Gap and Old Navy. He had maxed out a $1,500 limit obtained a few weeks before from the QVC shopping channel. He had charged hundreds of dollars’ worth of gas in the Los Angeles area on a new Exxon card, along with $462 on a new phone line in Riverside, Calif.
Anxiety surged through Berry at these revelations. He’d been paying off his car loan early and sharing a townhouse with two roommates to save money, but he knew all the wild spending attributed to him would damage his credit rating. If he didn’t get this cleared up, he might have trouble buying a house.
Berry discovered from other businesses that his fictive counterpart had sent hundreds of dollars’ worth of roses and a stuffed bear to a Los Angeles woman named Joann. “These flowers are from You Know Who,” read the note that accompanied the flowers. “I love you a lot and your conversation.” A few days later, You Know Who sent another pile of roses to a woman named Maisha, this time with a contrite note attached: “I am sorry for lying, cheating, being selfish.”
It was as though You Know Who — and maybe others — was in a spending frenzy, trying to squeeze as much money as possible out of Berry’s identity before the scam was shut down. In some cases, the fraud artist or artists got cute, using “Bebe Hooker” as his spouse’s name on one credit application, and “Lucy Love” as his mother’s maiden name on another. But the incorrect information didn’t get in the way of the applications being approved.
Old Navy had decided to open a new account, in January 2002, for instance, even though the man impersonating Berry used the wrong address. At the same time, the company that issues cards for Old Navy — Monogram Credit Card Bank of Georgia, a subsidiary of General Electric Capital Corp. — also had granted the impostor credit cards for Exxon, Gap and QVC.
Monogram knew it was taking a risk on those accounts. About a month after the Old Navy account was maxed out, Berry received a computer-generated letter from Monogram. The company expressed its uncertainty and asked Berry to tell it whether a mistake had been made.
“Dear Cardholder,” it began. “We have recently opened up a credit card account, in your name, with OLD NAVY. Since, the address in the application did not match the address contained in the consumer credit bureau report, we are writing to you to confirm that the credit card account was opened at your request.
“If you did apply for this account, you do not need to respond.”
When Berry called Monogram, a representative assured him the Old Navy account would be closed and the charges removed from his credit report within six weeks. Berry felt better after hanging up the phone — a sense of relief that wouldn’t last long.
Identity theft is perhaps the most glaring symptom of the ills that have accompanied the data revolution of the 1990s. Bounced checks. Loan denials. Harassment from debt collectors. Victims of identity theft — and there are millions of them — are often haunted by the consequences for years.
Some government officials estimate that as many as 750,000 people a year are victimized. Others think that number is way too low. Last month Gartner Inc., a business research group, estimated that 7 million Americans have fallen prey to identity thieves in the past year alone, an extraordinary figure mirrored by a new survey from Privacy & American Business, an industry-funded think tank. Another study, by Star Systems, a company that facilitates the majority of U.S. ATM transactions, suggests that almost 12 million Americans in all, or about one in 19 adults, have been hit by such fraud.
David Medine, a former Federal Trade Commission and White House official, and now a leading information law specialist at the law firm Wilmer, Cutler & Pickering, has an unscientific test he uses to judge the extent of the problem. He asks friends at Washington parties if they’ve been a victim or know a victim. These days, Medine says, almost everyone has a horror story to contribute to the conversation. “You have this seemingly low-level crime that, cumulatively, is a national crisis,” Medine says.
The financial costs are staggering, though no one can put a precise dollar figure on them. Star Systems estimates the losses at $24 billion, the vast majority in the past decade, a burden shouldered largely by the nation’s financial institutions as a cost of doing business.
They are well aware that identity thieves are growing not only more numerous, but more menacing. Scam artists and grifters have been joined by criminal groups from abroad and street gangs that once specialized in robberies or extortion. And as September 11 made plain, identity theft also has become a favored technique of terrorists. Often using documents generated by desktop computers, they take on fake names, Social Security numbers, birth certificates and driver’s licenses in schemes to cloak themselves and raise money for their operations. It is, law enforcement authorities agree, frighteningly easy for them to get away with it.
The nature of identity has always been the stuff of mystery stories and film noir. One of the great American novels of the 20th century, The Great Gatsby, has questions about the mutability of identity at its core. Now those same issues have become the stuff of national security debates.
One of the most vexing questions facing those responsible for making life in America safe from crime and terror is this: How can we prove that someone is who he or she claims to be? For most of our history, that was fairly easy to answer for the majority of Americans. We defined individuals’ identities by their parents, siblings and friends. By the town they lived in and the schools they attended. By the clubs and organizations they joined. In many cases we knew them by sight, or at least knew someone who could vouch for them. Those who wanted to remake themselves, to break free of the bonds of their own histories, had to move away.
In our lifetimes, all that has faded away, as Americans conduct more and more business electronically, move from town to town and job to job, and generally know one another less well. Now, as often as not, the practical terms of our identities are defined by “data elements” contained in hundreds or thousands of computers.
Our Social Security numbers and addresses. Our mothers’ maiden names and middle initials. Our birth dates and the special numbers and nicknames we use as our passwords. The things we buy, the cars we own and the way we use our credit cards. These details, combined just so by computers and analysts, now authenticate us in the way that personal links used to, serving as virtual keys to financial accounts, retail outlets, communication, air travel and government services.
“What are the last four digits of your Social Security number?” we are asked. “What’s your Zip code?”
The problem is, the “data elements” required to authenticate customers on the fly are often available to criminals at little or no cost, sometimes openly on the Web, other times for fees from information brokers.
The brokers, who run the gamut from legitimate businesses to questionable characters operating out of their living rooms, peddle all sorts of personal information for as little as $25 a pop. Some even manage to get their hands on credit reports, which are especially prized by identity thieves. In November, federal prosecutors arrested three men who had stolen some 30,000 credit reports for resale and use in identity theft schemes.
Then there are the hackers skilled at stripping computers of names, Social Security numbers and financial records. In one recent case, hackers plundered 10 million Visa, MasterCard and American Express numbers from a company that processes transactions for merchants. Card holders didn’t learn about the intrusion until the FBI jumped in to investigate.
Bob Blakley, chief scientist for security and privacy at IBM Tivoli Systems, a software maker, says that most Americans mistakenly assume their old notions of identity still apply, that computers and clerks can accept at face value an individual’s answer to the question: Who are you? “That’s really a profoundly false view of the way that identity works,” says Blakley, who recently served on a National Academy of Sciences group examining these issues. “There’s a great deal more opportunity for confusion. It’s really complicated to sort out who’s who.”
Sometime in the spring of 2002, a man posing as Michael Berry moved into Bay Run II apartments, a working-class complex in Orlando. He’d come from California and sublet the place from a friend of a relative.
His real name was Demorris Andy Hunter, a convicted killer who’d spent 13 years in Folsom State Prison for a 1985 murder. He looked nothing like Berry, a big man with pale Irish skin who stands six feet tall and weighs close to 200 pounds. Hunter was smaller — only 5 feet 7 inches and 150 pounds — and African American. A police photo of Hunter shows a tired-looking man with a shaved head and a slight scowl.
None of those differences mattered when Hunter showed up in Orlando. People assumed the California driver’s license with Berry’s name and Hunter’s photo was legitimate. A fake Social Security card displaying Berry’s number also passed muster. Those documents helped Hunter get a job at B’s, a barbecue joint where he washed dishes and bused tables.
Bay Run residents who met the man calling himself Michael Berry considered him a friendly if somewhat wary character. Soon after moving in, he was attending parties and getting to know some of his neighbors. One of his new friends was Theresa Green, a part-time hospital secretary who lived one floor up with her 14-year-old son.
On May 25, 2002, he and Green attended a party in an apartment in the same building that ran into the early morning hours. According to those who attended, the two drank copiously and danced to the loud music until the party ended at about 2:30 a.m. But Green didn’t want to leave, and when Hunter pulled her away, the two started arguing and somehow fell down a set of stairs. Later, their yelling could be heard through the walls of her apartment.
About 7 a.m. that morning, Hunter approached Joseph Butler, the neighbor who had had the party. Hunter gave him keys to a borrowed van and, without explaining why, asked that he follow him to a drugstore in a suburban town more than 15 miles away. Hunter drove Green’s white Oldsmobile, but she wasn’t around.
After leaving Green’s car in the drugstore parking lot, Hunter dropped Butler off and disappeared in the van. Green was found early the next day. She was dead, stuffed into the trunk of her own car. It appeared she’d been strangled.
Orlando homicide detectives Roy Filippucci and Barbara Bergin received pages on Memorial Day afternoon. When they went to Green’s apartment they found drywall broken in one spot and some personal items on her bed that had been rifled through. When the two made the rounds in the neighborhood, talking to people who knew Green, they turned up a suspect in no time: a man named Michael Berry.
With a felt-tip pen, Berry outlined several lines of charges noted on his Trans Union Personal Credit Report and Score. “NOT ME!,” he sketched in. “FRAUD.” He circled the last word five or six times out of frustration, as he thought about what to do next.
It was spring 2002, about the time that his impersonator had moved to Orlando, and as usual Berry was working to offset the damage.
He had lost count of the telephone calls he had made to the credit bureaus, the banks and the stores that had drawn him unwillingly into their business. He had filled white legal pads on his desk with contact names, reference numbers tagging his complaints, and dollar amounts.
His boss and co-workers knew about his trouble and now and then asked for updates or offered to help him. To make up for all the time he was spending on the telephone and writing letters, he worked later each day. His usual 60-hour workweek grew even longer.
“I was totally in war room mode,” Berry says. “Every single day I was calling . . . The applications were pouring in every single day.”
His notes show that from December to May, there were new requests for cards from MBNA and Household Bank, two of the nation’s largest credit issuers. One came in for Macy’s. Another report alerted him to the fact that someone was trying to open a Cingular cell phone account in his name.
Berry noticed the thief’s methods changing, growing cheekier with time. In some applications, the thief started to use Berry’s parents’ address and his birth date. Someone also was making up information about him, writing on one application that he was a lawyer who worked for the City of Los Angeles and earned $75,000 a year.
It was a grind, but it seemed like Berry was making headway. He had placed a “fraud alert” in all his credit report files, a service that tells companies inquiring about creditworthiness to be careful in granting additional credit or new loans. “I felt like I was getting near victory, when I was catching them before they were being issued,” he says. “I absolutely thought the worst of this is over.”
In fact, his troubles were just cresting.
Berry discovered that he had almost no legal standing as a victim to make a formal report to authorities. That realization dawned on him when he called Det. Dave Harned, a veteran in the Commercial Crimes Division of the Los Angeles Police Department.
Harned takes all the calls about identity theft and directs them to the right place. He made it clear where Berry’s report was going: into an inactive file. Not only was Berry not a Los Angeles resident, Harned told him, his claims didn’t come close to meeting the department’s informal threshold for investigation. “We wait for the retailers or credit bureaus to make a report,” he told Berry.
Berry tried persuading Harned to change his mind, explaining that he knew exactly where all the fraudulent mail was going. “Even if you have an address, you have to prove he did it,” Harned explained later. “People call me every day and say, ‘I’ve got an address. We’ve solved the case.'”
Though he couldn’t offer Berry much help, Harned likens identity theft to “financial rape,” and blames it on the financial and data-driven businesses that traffic so freely in personal information. “The credit card companies and everybody else make it so easy,” Harned says.
His department has resources to investigate only a tiny fraction of the 100-plus identity theft complaints it receives every day. “You almost have to pick and choose what case you’re going to work, because of the volume,” he says, adding, “Last year was bad, but this year is going to be worse.”
The reasons for the surge in identity theft are complex. But the problem ultimately comes down to a few salient facts. For one, we are awash in information about ourselves. Twenty-four hours a day, every day of the year, the credit bureaus, information services, groceries, pharmacies, toll collectors, banks and other institutions gather information about us. They build models about what we are likely to buy and, sometimes, learn more about us in refined mercantile terms than we know ourselves. They often resell or share information about us.
At the same time, the institutions responsible for safeguarding all this data often do a poor job of it, according to regulators, consumer advocates and privacy specialists. The information industry, including brokers, marketers and credit bureaus, has steadfastly and successfully opposed much government regulation in recent years, arguing that it would make life less convenient and more costly.
The data revolution has indeed spurred an explosion in new credit opportunities. Those who once could not afford to borrow, or were not given access to loans, can now get credit cards in the time it takes to buy a pair of shoes or a T-shirt, thanks to electronic networks, the credit reporting system and regulatory changes over the years. Banks such as 1st American claim they can provide “preapproved” credit cards, via the World Wide Web, in under three minutes.
Credit issuers drum up business through junk mail solicitations, almost 5 billion of them last year, according to a company called Synovate, which tracks such offers. Never mind that only a fraction of the people who receive these pitches embrace them or that they have made life easier for identity thieves, who sometimes search through mailboxes as a starting point in their scams. Many of these offers come from banks that have no tellers, no branches, no people at all of the sort that once came to know customers over a period of many years.
From the standpoint of credit card issuers, the solicitations have been a roaring success. There are now more than 3 billion Visa and MasterCard cards in circulation around the world, generating huge profits for the companies that issue them. Two-thirds of all American adults have credit cards now, about 10 on average.
The problem is security, or the lack of it. Peter Tosches, a spokesman for Monogram, says that retailers, in a desire to make things easy for customers, will often approve credit cards for individuals who provide only a picture ID and an unverified Social Security number. While companies like Monogram try to guard against identity fraud in such circumstances, Tosches says, the thieves have become increasingly sophisticated in sidestepping security measures.
The credit bureaus also have a checkered history of responding to complaints about identity theft and mistakes. After years of complaints, Congress amended the Fair Credit Reporting Act in 1996 to force credit bureaus to be more responsive to individuals, particularly those worried about mistaken reports. Among other things, the bureaus were supposed to provide easy access to their clerks by maintaining toll-free telephone lines. They didn’t do a good enough job, at least according to the FTC.
Despite the clear message from Congress, hundreds of thousands of telephone calls to the three credit bureaus went unanswered, or met with a busy signal. In January 2000, the bureaus paid $2.5 million to settle FTC charges that they were not properly responsive. Many people complain they still aren’t.
In one eye-opening case, an Oregon woman named Judy Thomas sued Trans Union for allowing errors to remain on her credit report. She spent six years calling and writing to the company, trying to get Trans Union to permanently remove damning details — such as unpaid bills — that belonged on another woman’s report. Court records showed Trans Union mistakenly assumed Thomas was the other woman. Her report would be fixed one month only to show up tainted again several months later.
After hearing her story, a federal jury awarded Thomas $5.3 million last year for her trouble. While the judge reduced the award to $1.3 million, it was still a record. Trans Union wrote a check to Thomas earlier this year.
Evan Hendricks, a consumer advocate and editor of the Privacy Times newsletter, testified on Thomas’s behalf and believes her problem was related to the fact that so much of our information is processed automatically by computers, not people. “Human beings cost money that the credit bureaus and the credit granters don’t want to spend,” he explains. “That’s why this is going to get worse before this gets better.”
Identity theft is almost laughably easy to commit, and terribly difficult to prevent. Consider the strange case of James Rinaldo Jackson, a genial con artist from Memphis, Tenn. He knew that major financial institutions routinely gave out confidential customer account information to callers.
Standing before federal judge Deborah Batts in Manhattan two years ago, Jackson described how he easily took advantage of that porous security, duping information brokers, banks, credit card companies and even a funeral home. Before he was caught in a sting operation, he netted some $730,000 in diamonds and Rolex watches by using the information he gleaned.
Jackson got the idea from a magazine ad that showed glinting diamonds for sale online. As he looked at the slick photos, he thought, “I would sure like to get some of these diamonds to just have.” He described how he gathered bits and pieces of information about his targets, including Gordon Teter, the late chairman of Wendy’s International Inc.; Nackey Loeb, the now-deceased president and publisher of the Manchester, N.H., Union Leader; and other corporate executives.
Starting with an online version of Who’s Who in America, he turned to information brokers, paying them $50 and $100 for Social Security numbers and banking details. With some of the basics in hand, he called his targets’ banks and persuaded clerks to hand over account numbers. That enabled Jackson to tap the accounts directly over the phone, sidestepping the need to talk to clerks the next time around.
Then it was a simple matter of calling dealers, ordering the jewels and wiring the money. He had his booty sent to hotels, to which he dispatched a confederate to pick up the packages. “Amazing, Mr. Jackson, absolutely amazing,” Batts said. “Keep going.”
He told Batts that MasterCard, Visa and American Express, along with banks in Ohio, New York and New Hampshire, all got taken in.
In the parlance of law enforcement, his specialty is known as “pretext calling” — using scraps of personal information to trick clerks on the telephone into divulging even more information. It’s an old con that’s become easier than ever.
Jackson was so good — and security at his targets was so weak — that he convinced the Fifth Third Bank in Ohio to wire almost $300,000 from Teter’s accounts to diamond and watch merchants. He also changed Teter’s billing addresses to Jonesboro, Ark.
Robert Dunn, his attorney, said Jackson would have been stopped much earlier had the companies required passwords before sharing customers’ information or allowing him to act on the accounts. “That simple screen would have thwarted much of what he was able to accomplish,” Dunn said.
Regulators and law enforcement officials had warned financial institutions years ago that identity thieves and information brokers were tricking clerks into giving them access to individuals’ financial information. They urged banks to require customers to use passwords or codes instead of Social Security numbers, mothers’ maiden names and other widely available personal information to identify themselves when calling. But for years, many financial institutions didn’t bother.
“We don’t want to make it difficult for customers to get access to their accounts,” Robin Warren, then a privacy executive at Bank of America Corp., said before Jackson was sentenced. “Customers get irritated.”
In the days after Green’s death, Barbara Bergin made the case a mission, and she worked all hours tracking down the killer. She is an aggressive cop who rides Harley-Davidson motorcycles, a 20-year veteran of the Orlando department who worked her way up from beat patrol to the homicide squad. She also is charming and knows how to work her sources. After coming up with Berry’s name and some details about the killer, she sent off a request to California authorities for Berry’s fingerprints, a copy of his license and a photo. On June 2, Bergin got a hit on some records in California. But there was a problem. The Michael Berry she was looking for was a short African American guy. The records she received showed the real Berry.
With help from neighbors who’d heard Hunter mention his previous jail time, and from a California official who searched through records on her behalf, Bergin turned up Hunter’s real name from scraps of evidence she had found. She also discovered the case was more sordid than she thought. Hunter also was wanted for the slaying of an Oakland, Calif., woman named Ivora Denise Huntly, who’d been shot two months before Green’s death. California authorities believe Hunter killed Huntly as she tried to prevent him from beating his girlfriend.
The next day Bergin called the real Berry at his office in Arlington. “There’s a serious problem here,” she told him. She was putting out a national warrant for Hunter’s arrest on murder charges, and would use Berry’s name as his alias. “Things could be very bad for you.”
Berry was scared, and he didn’t know what to do. “This was the first indication I had this wasn’t just a fraud problem. This was someone who was killing people, posing as me.”
Bergin explained the warrant meant that he, the real Michael Berry, could be picked up for murder. The law enforcement computers would tell officers they were looking for a black man. But cops are so used to getting reports marred by mistakes, she said, they might ignore that detail if they had the right name.
The two agreed he should get letters from police in Orlando and Oakland, testifying to his real identity, which he obtained in the coming weeks. “The last thing I wanted, after everything he had been through, was for him to be on the ground, at gunpoint, in handcuffs,” Bergin explains. “That could very well happen.”
Michael Berry hurtled west on I-66, sitting in the passenger seat of a friend’s car. With music blaring on the stereo, Berry tried hard to loosen up and think about the meal he was about to have at the Inn at Little Washington, a gastronomic mecca he had long dreamed of visiting.
It wasn’t working. Ever since he’d received the call a few days before from Bergin, he’d worried he might be mistaken for a killer. In the mornings, he feared he could be stopped while driving his car. Even now he wondered what would happen if police asked for his ID.
He was pulled out of his reverie by the buzzing of his cell phone. When he checked his messages, he heard the voice of his friend Arthur Estopinan, chief of staff to Florida Rep. Ileana Ros-Lehtinen. “Hey, Mike, it’s Art,” the message said. “You were just the lead story on ‘America’s Most Wanted.'” Berry called him back and grew lightheaded as Estopinan described the episode he’d just watched.
“America’s Most Wanted” features detailed crime reports and information about fugitives. It urges viewers to call in with tips about suspects, and the show’s host, John Walsh, boasts that he has helped authorities capture more than 750 people wanted for crimes.
On this particular night, Walsh did an episode on Demorris Hunter. “Let’s get down to business. We got to stop a real lady killer,” said Walsh, wearing a leather jacket, in a jazzy segment to begin the show. A photo of Hunter filled the screen.
“Hunter uses the alias Michael Berry,” Walsh said. “Look out, Hunter. Now you’re our prey, because the manhunt starts right now!”
“Oh my God,” Berry exclaimed to Estopinan, “every policeman in America is going to be after me.”
The next morning, Berry drove to work and clicked his way to the “America’s Most Wanted” Web site. When he saw Hunter’s photograph, he actually laughed. “So this is the son of a bitch who is pretending to be me,” he murmured, incredulous that he could get away with the impersonation. “He’s not even my height.” And he definitely wasn’t the man he’d seen outside that house in South Central L.A.
Then Berry looked at Hunter’s biographical material. Once again, he couldn’t believe what he was looking at. Below a line naming Berry as Hunter’s alias was Berry’s Social Security number. “I’m not looking at my Social Security number on the World Wide Web,” Berry thought. “I’m dreaming. I cannot be looking at this. Any person in the world can be looking at this page right now.” (Officials at the show later said police suggested including it as a detail that might lead to Hunter’s arrest.)
Berry wrote an e-mail to an address set up for crime tips and asked that the number be removed from the site. To help out, his sister did the same thing. “I never got a response,” he says. His parents called the show over the next few days, but never got calls back in response to their messages.
Finally, they said, they turned to an aide in Sen. Dianne Feinstein’s office in California, who called the show on Berry’s behalf. Berry’s Social Security number was removed from the Web site.
As horrified as Berry was about being caught up in a financial tangle with a convicted killer, it was nothing compared with the dismay of law enforcement and intelligence officials after September 11, 2001.
For some time, the FBI could not say exactly who the hijackers really were. In their quest, agents resorted to low-tech investigative techniques, knocking on doors and handing out grainy photographs of the suspects, even as they pored through a sea of electronic intelligence.
Suddenly, identity theft wasn’t just a consumer issue anymore. It was an aspect of global terrorism. The hijackers used phony identification, Social Security numbers and birth dates to establish bank accounts and set up their lives in the United States. Landlords, flight schools, banks and other institutions took them at their word.
Seven of the hijackers got identification cards through the Virginia Department of Motor Vehicles even though none of the seven lived in the state. They took advantage of rules allowing individuals to meet residency requirements with a simple notarized letter. The system had long been abused by immigrants seeking to establish themselves in the region — with help from immigration lawyers and local notaries. But despite warnings from the FBI and DMV investigators, the department maintained the system as a convenience until shortly after September 11.
“We were seeking to balance legitimate needs with the potential for fraud,” agency spokeswoman Pam Goheen explains.
The link between terrorism and identity crimes goes much deeper. Specialists believe that such fraud is becoming a chief source of income for terrorists. Money raised through credit card scams, the resale of goods purchased under assumed names and other types of identity fraud enables cells to remain free of any financial ties to their leaders or patron states.
Authorities allege that al Qaeda terrorists, for example, took on bogus identities to run a credit card scam in Spain to raise money for their attacks. They also allegedly used stolen telephone cards and IDs to communicate with colleagues in the Middle East.
Dennis Lormel, chief of the FBI’s terrorist financial review group, underscored the point when he told Congress that identity fraud posed a looming national security problem. Not much has changed in the months since he testified, he says. “I don’t think people have really gotten the message. We have known terrorists out there who are exploiting identity theft and identity fraud vulnerabilities.”
Ahmed Ressam, a member of an Algerian group with close ties to Osama bin Laden, for instance, was caught in December 1999 at the U.S.-Canadian border with a trunkful of explosives. He had assumed the name Benni Norris, which he used to obtain a passport and open bank accounts. He also got a false birth certificate and a student ID.
A member of the Armed Islamic Group, or GIA, Ressam told authorities that he relied on welfare and petty crime, including credit card fraud and trafficking in identity documents, to support himself in Montreal. He was linked to a theft ring suspected of funneling money to radical Islamic groups around the world. Authorities believe the ring stole more than 5,000 items, including computers, cellular phones, passports and credit cards, with the goal of financing Muslim extremist groups.
“Identity theft — credit card theft, bank fraud — is hugely important to al Qaeda, as it is to many terror groups. I’ve been astonished that there’s been so little attention paid to it,” Magnus Ranstorp, director of the Center for the Study of Terrorism and Political Violence at the University of St. Andrews in Scotland, said in an interview with Newsweek magazine. “The pattern was very clear within the North African contingent of al Qaeda members operating in Europe. Every time you arrest one of them he has 20 different identities and 20 different credit cards.”
By the time he flew out to Los Angeles in June last year, Berry was out of patience. He needed to see for himself the address that mocked him from the pages of his credit reports. Maybe it wouldn’t do any good, but maybe going to the house would turn up evidence that would spur an investigation of the case. If nothing else, it would help Berry feel in control of his life again.
As he drove into South Central Los Angeles, he wondered how he’d been targeted. He had once been treated for his testicular cancer not far away at UCLA Medical Center. Had someone there shared his information? Could it have been a state motor vehicle official? Someone in a credit bureau?
He called Janie Haskill, a close friend who’d once served as Berry’s vice principal at an elementary school in central California. She often serves as a sounding board for Berry’s ideas, and he loves her sense of humor.
On this day, she served as a security blanket for a determined but frightened man. Speaking on his cell phone from his car, he described for her the house and the man in the sunglasses. He was still describing the scene to her when a sharp-looking young man in a Lexus sedan pulled up to the house.
The fellow on the lawn disappeared inside for a moment, reappeared and walked into the street. He handed the visitor in the Lexus a six-inch stack of mail. Berry watched in rueful, bitter amazement. “I wonder how many of those letters have credit cards with my name on them,” he thought to himself.
Then the two men looked directly at Berry, and he almost lost his cool. “I’m scared,” he admitted to Haskill. “I want you to know if anything happens.”
“This is wrong,” she hissed back. “Michael, get the hell out of there.”
While legislators, law enforcement authorities and entrepreneurs recognize the problem of identity theft, they can’t agree on what to do about it.
After September 11, many people called for a national ID card, including technology guru Larry Ellison and Harvard law professor Alan M. Dershowitz. The American Association of Motor Vehicle Administrators also started working on a plan to create a de facto national ID system that would link state databases to uniform, high-tech driver’s licenses containing computer chips, bar codes and biometric identifiers, such as fingerprints or iris scans.
Government agencies, including the new Transportation Security Administration, have begun requiring workers to use such hardened IDs. Before 9/11, the Pentagon had already begun issuing some 4 million plastic “smart cards” containing name, rank, photograph and fingerprint.
But despite widespread support at first for some sort of national ID system — some surveys found that in the fall of 2001, almost seven of 10 people welcomed one — the idea foundered. Technical problems and, more important, a long-standing aversion to the concept undermined enthusiasm. Some critics invoked the specter of Nazi tyranny, bristling at the notion of authorities demanding, “Your papers, please.”
Since the attacks, there also has been growing use of digital fingerprint, face recognition and iris-scanning systems to confirm identity at businesses, schools and other facilities. There are other technological solutions in the works, some that have begun stirring other kinds of privacy concerns.
Data giants like ChoicePoint, Lexis-Nexis and Acxiom are among many companies willing to use vast caches of personal information to help airports, retailers, police and other authorities determine, instantly, whether someone is who they claim to be. The aviation screening system known as CAPPS II will rely on some of those same companies to sweep through databases and check whether a particular passenger is “rooted in the community.” In addition to identifying information in credit reports, the system will analyze passengers’ travel reservations, housing information, family ties and other personal information to authenticate passengers’ identities.
Banks and other financial institutions, meanwhile, must now verify the identities of new customers and make records of customer transactions available to law enforcement and counterterrorism officials upon request. Some banks are turning to commercial services to authenticate the identities of their customers; others are banding together to create their own verification systems.
Congress also intends to go at the issue, but credit bureaus and information services are expected to fight hard against any legislation that might curb their use of data. Five years ago, Congress did approve legislation establishing identity theft as a federal crime and giving law enforcement authorities more powers to prosecute.
The problem, says Medine, the information law specialist, is that few agencies make extensive use of the authority. Investigations are costly and the rewards, in terms of media attention, are relatively scanty. The number of prosecutions by state and federal authorities, including the FBI, Secret Service and Postal Inspection Service, has increased. But they’re not close to keeping pace with the crime, Hendricks and other consumer advocates say.
The FTC was very aggressive in drawing attention to the problem a few years ago. It created a database of fraud claims by victims, setting up a system online called the Consumer Sentinel Network to give law enforcement agencies access to the tips and complaints. Fewer than 600 of some 18,000 agencies across the country have signed up for the service.
Sen. Feinstein has already proposed at least four related bills, including legislation that would penalize credit card companies that ignore reports of fraud. Alabama Sen. Richard Shelby plans to address the issue this year as part of efforts to reauthorize several recent provisions of the Fair Credit Reporting Act, the 1970 law that governs how credit bureaus can use personal financial information.
Shelby, an intelligence specialist and one of the most savvy privacy advocates on the Hill, considers identity theft a major threat to individuals and to security. But he faces a tough battle if he wants to make any substantive changes. More than a dozen bills were introduced in the last legislative cycle. None of them passed.
Earlier this year, Berry got an e-mail from an acquaintance who knew about his case. It included a copy of a wire service account of how police and the FBI captured Hunter in Houston on February 21. Police found the van Hunter had been driving in Orlando, burned and abandoned, not far from the house where he was captured.
Since then, Hunter has been moved to Alameda County, Calif., and is awaiting trial in the Oakland murder case. The Orlando charges are still pending.
Apart from confirming that Hunter impersonated Berry, authorities still know little about the identity theft or who the mastermind was. As of early this summer, they had not conducted an investigation, or filed any charges. Berry may never find out how Hunter latched onto his Social Security number and driver’s license. Or who was living in that bungalow on 12th Avenue. Or how many people were filling out credit card applications in his name.
Hunter is behind bars, but Berry is still wrestling with the mess made of his finances. One charge — $462 to Pacific Bell — has been particularly troublesome. Before Berry could get the debt erased, it was sent to a collection agency, a red flag on any credit report. An immediate casualty: Berry’s Chase MasterCard Platinum credit card. Even though it was Chase that had tipped Berry off to the identity theft, the bank decided that he was somehow responsible for his troubles. Viewed now as a credit risk, Berry was given a choice: Pay a much higher interest rate or close out the card. He closed it out.
And while most of the fraudulent charges have been removed from two of his credit reports, the third remains marred by purchases he didn’t make. Berry continues to fill out form after form to take care of the problem. Each says essentially the same thing: that it was a thief and not Berry who made the charges.
“I’m still dealing with the paperwork,” Berry wrote in a recent e-mail. “It is a total and complete nightmare, and completing the paperwork alone could easily be my full-time job.”
He still carries around the letters he obtained from police in Oakland and Orlando, neatly folded in a black leather wallet. “Michael D. Berry is not the felon fugitive that is being sought by several agencies,” says the well-worn missive from the Orlando police. “It is our intention to clear any confusion as to Mr. Berry’s identity.”
The police have assured him that he doesn’t need the letters anymore. Somehow, though, he can’t bring himself to throw them away.
How to Protect Yourself
To reduce the risk of falling victim to identity thieves, consider these recommendations from the Federal Trade Commission and a nonprofit group called the Privacy Rights Clearinghouse:
* Check your credit report once or twice a year. Unfamiliar or missing transactions may signal trouble. You can order the reports for a small fee online or over the telephone.
* Use your Social Security number sparingly and do not carry it in your wallet or purse. Never provide that number — or other sensitive personal information — to telephone callers or people online unless you initiated the contact.
* Destroy credit card receipts to ensure a “Dumpster diver” doesn’t find them. Also destroy unwanted offers of preapproved credit, which contain details that make life easier for identity thieves.
* Close out unused or little-used credit card accounts.
* If you suspect you have been victimized, immediately contact the top three credit bureaus. They will mail out credit reports for free to people who believe they are victims, and they will place fraud alerts on the suspected victims’ accounts. Equifax: 888-766-0008; Experian: 888-397-3742; Trans Union: 800-680-7289.
For more information on identity theft, go to www.consumer.gov/idtheft, the FTC’s Web site; www.privacyrights.org/identity.htm, a site maintained by the Privacy Rights Clearinghouse; or www.cdiaonline.org/consumers2.cfm, a site created by the Consumer Data Industry Association, which represents the credit bureaus. — R.O.
Robert O’Harrow Jr. is on leave from The Post to write a book on technology, surveillance and the war on terrorism, with support from the Center for Investigative Reporting. He will be fielding questions and comments about this article at 1 p.m. Monday on www.washingtonpost.com/liveonline.
2003 The Washington Post Company