Open-Records Quirks Linked to I.D. Theft

Savvy thieves are using the Internet and finding loopholes in the law to steal identities from the living and the dead, a problem becoming increasingly pervasive in spite of efforts to stop it.

In one case that could be likened to stealing a bank safe in broad daylight for sheer audacity, someone requested 4,577 copies of birth certificates from an Ohio office whose employees, by law, had to provide the documents despite their suspicions.

“It wasn’t for personal use; I can guarantee that,” said Mark Kassouf, Ohio Department of Health chief fraud officer. “They were looking at those to find ideal candidates for identity theft.”

Ohio and about 14 other open-records states face a dilemma involving birth and death records. State officials say they’ve closed some loopholes in the law that can leave residents vulnerable to identity theft or the country vulnerable to terrorism. But they and federal authorities also say the document fraud problem is growing.

Meanwhile, adoptee and genealogy groups are pushing for more access to birth and death indexes, the records that thieves use to request documents in someone else’s name.

In law enforcement circles, those documents are called breeder documents, because criminals use them to breed a financial clone of an identity theft victim or proof of citizenship.

Government documents fraud played a part in 17,192 cases of identity theft reported in 2003, up 4,246 from the previous year, according to the Federal Trade Commission, which tracks identity theft. Overall, the fraud accounted for 8% of nearly 215,000 cases of identity theft reported by consumers in 2003.

The FTC said its numbers may understate the problem because consumers often don’t know how fraud against them was committed.

Atty. Gen. John Ashcroft said recently that identity theft costs the U.S. economy an estimated $50 billion a year.

The dilemma is complicated by the fact that vital statistics records are kept in a decentralized system at state and local levels. States try to close loopholes by using security paper, seals and applications for access, but getting records registrars to comply is another matter, said Richard McCoy, director of public health statistics for Vermont.

His state has almost 250 town clerks who can issue copies of certificates. About a dozen of them don’t use security paper because it’s more expensive, McCoy said. State law doesn’t require security paper. “That is frustrating because it does open us up to fraud issues,” he added.

Judith Collins, director of the Identity Theft University-Business Partnership at Michigan State University’s School of Criminal Justice, said the tools for breeder documents fraud are readily available. She and her staff track identity theft online, train law enforcement officers and assess risks for businesses.

As part of their research, her staff printed a 3 1/2 -inch-thick binder full of thousands of names and Social Security numbers from the Internet.

“Identities are out there,” Collins said. “Data is going to be increasingly kept in databases. The answer is to secure the borders of those businesses who have the databases, to ensure the people working in their business are honest.”

Keeping vital statistics in electronic databases is a priority for the National Assn. for Public Health Statistics and Information Systems in Silver Spring, Md., said Kenneth Beam, executive director. But, he said, those databases should be for government eyes only. Beam said national databases would help prevent breeder documents fraud by allowing government employees to check the validity of other states’ documents against the electronic record.

A recent report by the Sept. 11 commission that investigated the 2001 terrorist attacks recommended such a federal system for issuing birth certificates.

At last count in 2002, Beam’s association knew of 14 open-records states, he said.

Last summer, Ohio increased copying fees for certificates, and required an application and that all state offices use the same security paper and seals.

In 2002, California limited access by requiring that the state registrar produce separate birth and death indexes for public view that didn’t list Social Security numbers or other sensitive information. The legislation’s sponsor showed Senate colleagues that she could go to a genealogy website and find her mother’s maiden name -- a common identifier at banks.

In similar fashion, Texas removed its indexes from the state’s website in 2003, citing fraud concerns.

Still, the problem isn’t going away. Ohio is told by the regional Passport Agency and Department of Homeland Security that its documents are part of a large fraud problem, Kassouf said. He said he expects to see a problem with death certificates, which list Social Security numbers.

As fraud concerns lead open-records states to restrict access, adoptee organizations are pushing for the opposite, said Adam Pertman, executive director of the Evan B. Donaldson Adoption Institute in New York, a national nonprofit dedicated to improving adoption policy. He said people who could prove they were adoptees should have access to indexes because they often can’t get what they seek from one birth or death record.

Jack Brissee, chairman of the vital records, access and preservation committee of the National Genealogical Society, said genealogists need access as well.

“We’re hurting because of concerns about identity theft, which we don’t engage in,” he said. “The type of information we need isn’t contributing to identity theft.”

But open access to that information can lead to identity theft and aid terrorists by helping them secure U.S. passports, said Stuart Patt, spokesman for the State Department’s Bureau of Consular Affairs. All but one of the Sept. 11 hijackers had some form of U.S. identification. Some documents were obtained through fraud.

“The biggest concern is that someone who is trying to conceal his true identity and his true nationality would suddenly have what is essentially the best proof of American citizenship,” Patt said.