Identity Theft
Greater Awareness and Use of Existing Data Are Needed
Gao ID: GAO-02-766 June 28, 2002
Identity theft or identity fraud generally involves "stealing" another person's personal identifying information--such as Social Security Number (SSN), date of birth, and mother's maiden name--and then using the information to fraudulently establish credit, run up debt, or take away existing financial accounts. The Identity Theft and Assumption Deterrence Act of 1998 made identity theft a separate crime against the person whose identity was stolen, broadened the scope of the offense to include the misuse of information as well as documents and provided punishment--generally a fine or imprisonment or both. GAO found no comprehensive or centralized data on enforcement results under the federal Identity Theft Act. However, according to a Deputy Assistant Attorney General, federal prosecutors are using the 1998 federal law. As with the federal act, GAO found no centralized or comprehensive data on enforcement results under state identity theft statutes. However, officials in the 10 states selected for study provided examples of actual investigations or prosecutions under these statutes. Generally, the prevalence of identity theft and the frequently multi- or cross-jurisdictional nature of such a crime underscore the importance of promoting cooperation or coordination among federal, state, and local law enforcement agencies. One of the most commonly used means of coordination, task forces, can have participating agencies from all levels of law enforcement and, in some instances, can have participants from banks and other private sector entities. Although the Social Security Administration's Office of the Inspector General fraud hotline annually receives thousands of allegations involving either (1) SSN misuse or (2) program fraud with SSN misuse potential, the agency concentrates its investigative resources on the latter category of allegations because the protection of the Social Security trust funds is a priority.
Recommendations
Our recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.
Director:
Team:
Phone:
GAO-02-766, Identity Theft: Greater Awareness and Use of Existing Data Are Needed
This is the accessible text file for GAO report number GAO-02-766
entitled 'Identity Theft: Greater Awareness and Use of Existing Data
Are Needed' which was released on July 30, 2002.
This text file was formatted by the U.S. General Accounting Office
(GAO) to be accessible to users with visual impairments, as part of a
longer term project to improve GAO products‘ accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
Report to the Honorable Sam Johnson House of Representatives:
United States General Accounting Office:
GAO:
June 2002:
identity Theft:
Greater Awareness and Use of Existing Data Are Needed:
Awareness and Use of Identity Theft Data:
GAO-02-766:
Contents:
Letter:
Results in Brief:
Background:
No Comprehensive Data on Law Enforcement Results under the Federal
Identity Theft Act, but Case Examples Illustrate Use of the Law:
No Comprehensive Data on Enforcement Results under State Identity Theft
Statutes, but Case Examples Illustrate Use of Such Laws:
Federal, State, and Local Law Enforcement Agencies Use Various Means to
Promote Cooperation or Coordination in Addressing Identity Theft
Crimes:
SSA/OIG Actions to Resolve SSN Misuse and Other Identity Theft-Related
Allegations:
Conclusions:
Recommendation for Executive Action:
Agency Comments:
Appendix I: Objectives, Scope, and Methodology:
Objectives:
Scope and Methodology:
Appendix II: Examples of Cases Prosecuted under the Federal Identity
Theft Act:
Illinois, Northern District, Eastern Division:
Michigan, Western District, Southern Division:
North Carolina, Eastern District:
Ohio, Southern District:
Wisconsin, Eastern District:
Appendix III: Identity Theft Subcommittee Membership:
Appendix IV: Law Enforcement Agencies with Access to Identity
Theft Data Clearinghouse Via Consumer Sentinel:
Appendix V: Military-Related Identity Theft Cases and Plans for Soldier
Sentinel System:
Examples of Military-Related Identity Theft Cases:
Plans to Establish the Soldier Sentinel System:
Appendix VI: Comments from the Department of Justice:
Appendix VII: GAO Contacts and Staff Acknowledgments:
GAO Contacts:
Staff Acknowledgments:
Tables:
Table 1: States That Have Identity Theft Statutes (by Year of
Enactment):
Table 2: Sentencing Provisions of Selected States‘ Identity Theft Laws:
Table 3: Participants in Electronic Crimes Task Force Developed by
Secret Service‘s Washington Field Office:
Table 4: Participants in the Sacramento Valley High-Technology Crimes
Task Force:
Table 5: Allegations Received by SSA/OIG and Investigative Cases
Opened, Fiscal Year 1999:
Table 6: Results, as of April 30, 2002, of SSA/OIG Investigations
Opened in Fiscal Year 1999:
Table 7: Number of Identity Theft Complaints Received by FTC (Nov. 1999
through Sept. 2001) for Selected States:
Table 8: State and Local Agencies Contacted in 10 States:
Table 9: List of Federal Agencies and National Organizations
Represented on the Identity Theft Subcommittee:
Abbreviations:
EOUSA: Executive Office for United States Attorneys:
FBI: Federal Bureau of Investigation:
FTC: Federal Trade Commission:
IRS: Internal Revenue Service:
LEGIT: law enforcement getting identity thieves:
OIG: Office of the Inspector General:
SSA: Social Security Administration:
SSN: Social Security number:
UCR: Uniform Crime Reporting:
June 28, 2002:
The Honorable Sam Johnson
House of Representatives:
Dear Mr. Johnson:
This report responds to your request that we review federal and state
efforts to address identity theft, which has been characterized by law
enforcement as the fastest growing type of crime in the United States.
As noted in our May 1998 report,[Footnote 1] identity theft or identity
fraud generally involves ’stealing“ another person‘s personal
identifying information--such as Social Security number (SSN), date of
birth, and mother‘s maiden name--and then using the information to
fraudulently establish credit, run up debt, or take over existing
financial accounts. Later that year, Congress passed the Identity Theft
and Assumption Deterrence Act of 1998 (the Identity Theft
Act).[Footnote 2] Enacted in October 1998, the federal statute made
identity theft a separate crime against the person whose identity was
stolen, broadened the scope of the offense to include the misuse of
information as well as documents, and provided punishment--generally a
fine or imprisonment for up to 15 years or both. Also, since 1998, most
states have enacted laws that criminalize identity theft. Thus, various
federal and numerous state and local law enforcement agencies are
responsible for investigating identity theft crimes. Relevant federal
agencies include the Secret Service, the Federal Bureau of
Investigation (FBI), and the Postal Inspection Service, as well as the
Social Security Administration‘s (SSA) Office of the Inspector General
(OIG), which receives SSN misuse and other identity theft-related
allegations on its fraud hotline.
The passage of federal and state identity theft legislation indicates
that this type of crime has been widely recognized as a serious problem
across the nation. Now, a current focus for policymakers and criminal
justice administrators is to ensure that these laws are effectively
enforced.
Specifically, in response to your request, this report provides
information on:
* law enforcement results (such as examples of prosecutions and
convictions) under the federal Identity Theft Act;
* law enforcement results under state statutes that, similar to the
federal act, provide state and local law enforcement officials with the
tools to prosecute and convict identity theft criminals;
* the means used to promote cooperation or coordination among federal,
state, and local law enforcement agencies in addressing identity theft
crimes that span multiple jurisdictions; and
* actions taken by the SSA/OIG to resolve SSN misuse and other identity
theft-related allegations received during fiscal year 1999.
To address these questions, we interviewed responsible officials and
reviewed documentation obtained from the Department of Justice and its
components, including the Executive Office for United States Attorneys
(EOUSA) and the FBI; the Department of the Treasury and its components,
including the Secret Service and the Internal Revenue Service (IRS);
the SSA/OIG; and the Federal Trade Commission (FTC). Also, we conducted
a literature search to obtain examples of cases prosecuted under the
federal Identity Theft Act. Regarding state and local law enforcement
efforts, we focused on 10 states--Arizona, California, Florida,
Georgia, Illinois, Michigan, New Jersey, Pennsylvania, Texas, and
Wisconsin--which we judgmentally selected on the basis of having either
the highest incidences of reported identity theft or the longest-
standing applicable statutes. We conducted our work from July 2001 to
May 2002 in accordance with generally accepted auditing standards.
Appendix I presents more details about the scope and methodology of our
work.
Results in Brief:
We found no comprehensive or centralized data on enforcement results
under the federal Identity Theft Act. However, according to a Deputy
Assistant Attorney General, federal prosecutors are using the 1998
federal law. Moreover, in response to our inquiries, Justice Department
Criminal Division officials said that federal prosecutors consider the
Identity Theft Act to be a useful statute because it provides broad
jurisdiction and is another tool to use in combating white-collar or
financial crimes--such as bank fraud, credit card fraud, and mail
fraud--that typically have elements of identity theft. Our review of
selected cases prosecuted under the federal act illustrate that
identity theft generally is not a stand-alone crime. Rather, identity
theft typically is a component of one or more other white-collar or
financial crimes.
As with the federal act, we found no centralized or comprehensive data
on enforcement results under state identity theft statutes. However,
officials in the 10 states we selected for study provided us with
examples of actual investigations or prosecutions under these statutes.
Presented for illustration purposes only, these cases are not
necessarily representative of identity theft crimes in these or other
states. Officials we contacted in these states also noted various
continuing challenges encountered in enforcing identity theft statutes.
For instance, because identity theft is still a ’nontraditional“ crime,
some police departments may be unaware of the importance of taking
reports of identity theft, much less initiating investigations. Also,
it is important that law enforcement resources be allocated to meet
priorities. In this regard, officials in several of the 10 states told
us that limited resources are allocated to priorities such as violent
crimes and drug offenses and, thus, the number of investigators and
prosecutors for addressing identity theft often is insufficient.
Further, according to some of the officials we contacted, because many
identity theft cases present multi-or cross-jurisdictional issues--
such as when a perpetrator steals personal information in one city and
uses the information to conduct fraudulent activities in another city
or state--law enforcement agencies sometimes tend to view identity
theft as being ’someone else‘s problem.“
Generally, the prevalence of identity theft and the frequently multi-or
cross-jurisdictional nature of such crime underscore the importance of
having means for promoting cooperation or coordination among federal,
state, and local law enforcement agencies. One of the most commonly
used means of coordination, task forces, can have participating
agencies from all levels of law enforcement--federal, state, and local-
-and, in some instances, can have participants from banks and other
private sector entities. Another relevant coordination entity is the
U.S. Attorney General‘s Identity Theft Subcommittee, whose membership
includes various federal law enforcement and regulatory agencies, as
well as state and local representation. In 1999, among other purposes,
the Attorney General‘s White Collar Crime Council established the
subcommittee to promote cooperation and coordination in addressing
identity theft cases involving multiple jurisdictions.
Another vehicle for coordination is the FTC‘s Consumer Sentinel
Network, which is a secure, encrypted Web site for use by law
enforcement agencies. In 1999, FTC established a central database (the
Identity Theft Data Clearinghouse) to collect information reported by
identity theft victims. Law enforcement agencies can use the Consumer
Sentinel Network to access the Clearinghouse database and scan consumer
complaints matching certain criteria to determine, for example, if
there is a larger pattern of criminal activity. However, relatively few
law enforcement agencies have used the Consumer Sentinel Network, and
centralized analysis of database information to generate investigative
leads and referrals has also been limited. FTC staff said that the
availability of the database as an aid for law enforcement is still
relatively new and some potential users may still be unaware of this
investigative resource. We are recommending that the Attorney General
have the Identity Theft Subcommittee promote greater awareness and use
of the Consumer Sentinel Network and the Clearinghouse database by all
levels of law enforcement.
While SSA/OIG‘s fraud hotline annually receives thousands of
allegations involving either (1) SSN misuse or (2) program fraud with
SSN misuse potential, the agency concentrates its investigative
resources on the latter category of allegations because the protection
of Social Security trust funds is a priority. In these 2 categories,
SSA/OIG received approximately 62,000 allegations in fiscal year 1999,
and the agency opened investigative cases on 4,636 (about 7 percent) of
these allegations. About three in four of the investigative cases
involved program fraud-related allegations. SSA/OIG statistics for
investigative cases opened in fiscal year 1999 indicate that a total of
1,347 cases had resulted in criminal convictions or other judicial
actions, as of April 30, 2002. During our review, the SSA Inspector
General told us that his office does not have enough investigators to
address all of the SSN misuse allegations received on the agency‘s
fraud hotline. However, FTC staff noted that, starting in February
2001, FTC began to routinely upload information from SSA/OIG‘s fraud
hotline about these allegations into FTC‘s Identity Theft Data
Clearinghouse, thereby making the information available to law
enforcement agencies via the Consumer Sentinel Network.
In a letter dated June 19, 2002, the Department of Justice generally
agreed with the substance of this report and the recommendation made.
Further, Justice noted several actions that it has taken or will take
to directly address the recommendation.
Background:
Under the federal Identity Theft Act, a criminal offense is committed
if a person ’knowingly transfers or uses, without lawful authority, a
means of identification of another person with the intent to commit, or
to aid or abet, any unlawful activity that constitutes a violation of
Federal law, or that constitutes a felony under any applicable State or
local law —“ The relevant section of this legislation is codified at 18
U.S.C. § 1028(a)(7)(’fraud and related activity in connection with
identification documents and information“). According to an analysis of
the new law by the United States Sentencing Commission:[Footnote 3]
* Before passage of the 1998 act, the unauthorized use or transfer of
identity documents was illegal under title 18 of the U.S. Code, section
1028--which included subsections (a)(1) through (a)(6). The
unauthorized use of credit cards, personal identification numbers,
automated teller machine codes, and other electronic access devices was
illegal under another section of the U.S. Code--that is, 18 U.S.C. §
1029 (’fraud and related activity in connection with access devices“).
* The addition of subsection (a)(7) to section 1028 expanded the
definition of ’means of identification“ to include such information as
SSN and other government identification numbers, dates of birth, and
unique biometric data (e.g., fingerprints), as well as electronic
access devices and routing codes used in the financial and
telecommunications sectors.
* Under the Identity Theft Act, the new definition of means of
identification includes prior statutory definitions of ’identification
documents.“
According to the United States Sentencing Commission, a key impact is
to make the proscriptions of the new identity theft law applicable to a
wide range of offense conduct, which can be independently prosecuted
under numerous existing statutes. That is, any unauthorized use of
means of identification can now be charged either as a violation of the
new law or in conjunction with other federal statutes.
In further elaboration of the breadth of the definition of means of
identification and its impact, the Sentencing Commission‘s analysis
noted the following:
* The new law covers offense conduct already covered by a multitude of
other federal statutes. The unauthorized use of credit cards, for
instance, is already prosecuted under 18 U.S.C. § 1029, but now also
can be prosecuted under the newly enacted 18 U.S.C. § 1028(a)(7).
* Other examples of offense conduct include providing a false SSN or
other identification number to obtain a tax refund and presenting false
passports or immigration documents by using the names and addresses and
photos of lawful residents or citizens to enter the United States.
In total, according to the Sentencing Commission, the violation of some
180 federal criminal statutes can potentially fall within the ambit of
18 U.S.C. § 1028(a)(7).
Regarding state statutes, at the time of our 1998 report, only a few
states had specific laws to address identity theft. Now, as table 1
shows, 44 states have specific laws that address identity theft, and 5
other states have laws that cover activities included within the
definition of identity theft. Almost one-half (22) of these 49 states
enacted relevant laws in 1999. According to FTC‘s analysis, identity
theft can be a felony offense in 45 of the 49 states that have laws to
address this crime.[Footnote 4]
Table 1: States That Have Identity Theft Statutes (by Year of
Enactment):
Year of enactment: 1996; States with specific laws to address identity
theft: Arizona; Number: 1.
Year of enactment: 1997; States with specific laws to address identity
theft: California and Wisconsin; Number: 2.
Year of enactment: 1998; States with specific laws to address identity
theft: Georgia, Kansas, Massachusetts, Mississippi,[A] and West
Virginia; Number: 5.
Year of enactment: 1999; States with specific laws to address identity
theft: Arkansas, Connecticut, Florida, Idaho, Illinois, Iowa,
Louisiana, Maryland, Minnesota, Missouri, Nevada, New Hampshire, New
Jersey, North Carolina, North Dakota, Ohio, Oklahoma, Oregon,
Tennessee, Texas, Washington, and Wyoming; Number: 22.
Year of enactment: 2000; States with specific laws to address identity
theft: Delaware, Kentucky, Michigan, Pennsylvania, Rhode Island, South
Carolina, South Dakota, Utah, and Virginia; Number: 9.
Year of enactment: 2001; States with specific laws to address identity
theft: Alabama, Alaska, Indiana, Montana, and New Mexico; Number: 5.
Year of enactment: Total; States with specific laws to address identity
theft: [Empty]; Number: 44.
Note: According to the FTC, five other states--Colorado, Hawaii,
Nebraska, New York, and Maine--have laws that cover activities included
within the definition of identity theft but are not coterminous with
it, and one other state (Vermont) is collecting data to consider
enacting possible identity theft legislation.
[A] Mississippi possibly enacted the nation‘s first identity theft
statute (Miss. Code Ann. § 97-19-85), even though it was titled as a
’false pretenses“ statute rather than specifically labeled as an
’identity theft“ statute. Originally enacted in 1993, the statute was
amended in 1998 to include additional identifiers and increase
punishment from a misdemeanor to a felony.
Source: FTC data. Also, note ’a“ is based on our analysis of the
Mississippi statute and a follow-up discussion with an official in the
Mississippi Attorney General‘s Office.
[End of table]
In the view of Justice Department Criminal Division officials, the
enactment of state identity theft laws has multi-jurisdictional
benefits to all levels of law enforcement--federal, state, and local.
In explanation, Justice officials commented that the various state
statutes, coupled with the federal statute, provide a broader framework
for addressing identity theft, particularly when a multi-agency task
force approach is used. The Justice officials noted, for instance, that
it is very plausible for a task force to generate multiple cases, some
of which can result in federal prosecutions and others in state or
local prosecutions.
Generally, law enforcement agencies widely acknowledge that SSNs often
are used as identifiers by thieves to obtain or ’breed“ other
identification documentation. Through its fraud hotline, SSA/OIG
annually receives thousands of allegations of fraud, waste, and abuse.
Most of these allegations are classified by SSA/OIG as involving either
(1) SSN misuse or (2) program fraud that may contain elements of SSN
misuse. In these two categories, SSA/OIG received about 62,000
allegations in fiscal year 1999, about 83,000 allegations in fiscal
year 2000, and about 104,000 allegations in fiscal year 2001. SSA/OIG
officials explained these two categories of allegations as follows:
* Allegations of ’SSN misuse“ include, for example, incidents where a
criminal uses the SSN of another individual for the purpose of
fraudulently obtaining credit, establishing utility services, or
acquiring goods. SSNs are also misused to violate immigration laws,
flee the criminal justice system by assuming a new identity, or obtain
personal information to stalk an individual. Generally, this category
of allegations does not directly involve SSA program benefits.
* On the other hand, allegations of fraud in SSA programs for the aged,
survivors, or disabled often entail some element of SSN misuse. For
example, a criminal may use the victim‘s SSN or other identifying
information for the purpose of obtaining Social Security benefits. When
hotline staff receive this type of allegation, it is to be classified
under the appropriate category of program fraud.
In 1999, SSA/OIG analyzed a sample of SSN misuse allegations and
determined that about 82 percent of such allegations related directly
to identity theft.[Footnote 5] The analysis covered a statistical
sample of 400 allegations from a universe of 16,375 allegations
received by the fraud hotline from October 1997 through March 1999. The
analysis did not cover the other category mentioned previously, that
is, allegations of program-related fraud with SSN misuse potential.
No Comprehensive Data on Law Enforcement Results under the Federal
Identity Theft Act, but Case Examples Illustrate Use of the Law:
There are no comprehensive statistics on the number of investigations,
convictions, or other law enforcement results under the Identity Theft
Act. As noted in our March 2002 report,[Footnote 6] federal law
enforcement agencies generally do not have information systems that
facilitate specific tracking of identity theft cases. For example,
while the amendments made by the Identity Theft Act are included as
subsection (a)(7) of section 1028, Title 18 of the U.S. Code, EOUSA
does not have comprehensive statistics on offenses charged specifically
under that subsection. EOUSA officials explained that, except for
certain firearms statutes, staff are required to record cases only to
the U.S. Code section, not the subsection or the sub-subsection.
Given the absence of comprehensive statistics, we obtained relevant
anecdotes or examples of actual investigations and prosecutions under
the federal statute. For instance, about 2 years after passage of the
Identity Theft Act, a senior Department of Justice official testified
at a May 2001 congressional hearing that U.S. Attorneys‘ Offices
throughout the nation were making substantial use of the new federal
law that recognized identity theft as a separate crime.[Footnote 7] In
testimony, the Justice official said that federal prosecutors had used
the new statute--18 U.S.C. § 1028(a)(7)--in at least 92 cases to date.
One example cited in the testimony involved a defendant who stole
private bank account information about an insurance company‘s
policyholders and used that information to withdraw funds from the
accounts of the policyholders and deposit approximately 4,300
counterfeit bank drafts totaling more than $764,000. The case was
prosecuted in the Central District of California. The defendant pled
guilty to identity theft and related charges and was sentenced to 27
months of imprisonment and 5 years of supervised release.
Another case cited by the Justice official illustrates that identity
theft crimes can have fact-pattern elements encompassing more than one
jurisdiction. The case involved a California resident, who committed
fraudulent acts in the state of Washington by, among other means, using
a Massachusetts driver‘s license bearing the name of an actual person
not associated with the criminal activities. Also, this case further
illustrates that identity theft is rarely a stand-alone crime; rather,
it frequently is a component of one or more white-collar or financial
crimes, such as bank fraud, credit card or access device fraud, or wire
fraud. Pertinent details of this case, prosecuted in the Western
District of Washington, are as follows:
* Over a period of time in 1999 and 2000, the defendant and other
conspirators assumed the identities of third persons without their
consent and authorization and fraudulently used the SSNs and names of
actual persons. Also, the conspirators created false identity
documents, such as state identification cards, driver‘s licenses, and
immigration cards. Using the identities and names of third persons, the
conspirators opened banking and investment accounts at numerous
locations and obtained credit cards.
* The defendant and other conspirators presented and deposited at least
12 counterfeit checks (valued in excess of $1 million) to various banks
and investment companies in western Washington. Also, the conspirators
purchased legitimate cashiers checks, in nominal amounts, and then
altered them to reflect substantially greater amounts. The conspirators
presented or deposited at least five altered checks (worth almost
$350,000) in the Seattle area.
According to Justice, in July 2000, the defendant pled guilty to
committing three felony counts of identity theft, conspiring to commit
wire fraud involving attempted losses in excess of $1 million, and
using an unauthorized credit card.
During our current review, Justice Department Criminal Division
officials told us that federal prosecutors consider the Identity Theft
Act to be a very useful statute. The officials said, for instance, that
prosecutors endorse the statute because it provides broad jurisdiction.
Further, the Justice officials noted that the Identity Theft Act
provides another tool for prosecutors to use, even though in many
instances the defendants may be charged under other white-collar crime
statutes. The officials explained that identity theft is rarely a
stand-alone crime. Thus, cases involving identity theft or identity
fraud may have charges under a variety of different statutes relating
to these defendants‘ other crimes, such as bank fraud, credit card
fraud, or mail fraud. Appendix II summarizes selected federal cases
prosecuted for such multiple charges, including charges of violations
of 18 U.S.C. § 1028(a)(7).
No Comprehensive Data on Enforcement Results under State Identity Theft
Statutes, but Case Examples Illustrate Use of Such Laws:
As with the federal Identity Theft Act, we found no centralized or
comprehensive data on enforcement results under state identity theft
statutes. However, officials in selected states provided us with
examples of actual cases illustrating the use of such statutes. Also,
officials in these states noted various challenges encountered in
enforcing identity theft statutes--challenges involving topics such as
the filing of police reports, the use of limited resources, and the
resolution of jurisdictional issues.
Case Examples Illustrate Use of State Identity Theft Laws:
The crime of identity theft is not specifically recorded as an offense
category in the FBI‘s Uniform Crime Reporting (UCR) Program.[Footnote
8] Further, our inquiries with various national organizations--the
National Association of Attorneys General, the National District
Attorneys Association, and the International Association of Chiefs of
Police--indicated that these entities do not have comprehensive data on
arrests or convictions under state identity theft laws.
In the absence of national data on enforcement of state identity theft
laws, we contacted officials in 10 states--Arizona, California,
Florida, Georgia, Illinois, Michigan, New Jersey, Pennsylvania, Texas,
and Wisconsin.[Footnote 9] As table 2 shows, each of these 10 states
has a specific statute that makes identity theft a crime and provides
for imprisonment of convicted offenders. The length of imprisonment
varies by state, ranging upward to as long as 30 years.
Table 2: Sentencing Provisions of Selected States‘ Identity Theft Laws:
State: Arizona; State code citation: Ariz. Rev. Stat. § 13-2008;
Sentencing provisions: Imprisonment of 2-1/2 to 12 years.
State: California; State code citation: Cal. Penal Code § 530.5;
Sentencing provisions: Imprisonment not to exceed 1 year, or fines up
to $10,000, or both.
State: Florida; State code citation: Fla. Stat. Ann. § 817.568;
Sentencing provisions: Imprisonment of up to 5 years and fines up to
$5,000, or both. In addition, the defendant may be ordered to pay up to
double the pecuniary gain of the defendant or pecuniary loss of the
victim.
State: Georgia; State code citation: Ga. Code Ann. §§ 16-9-121;
Sentencing provisions: Imprisonment of 1 to 10 years and the defendant
may be ordered to make restitution.
State: Illinois; State code citation: 720 Ill. Comp. Stat. 5/16G;
Sentencing provisions: Imprisonment from 1 to 30 years.
State: Michigan; State code citation: Mich. Comp. Laws § 750.285;
Sentencing provisions: Imprisonment up to 5 years, or fines up to
$10,000, or both.
State: New Jersey; State code citation: N.J. Stat. Ann. § 2C: 21-17;
Sentencing provisions: Imprisonment up to 10 years.
State: Pennsylvania; State code citation: 18 Pa. Cons. Stat. Ann. §
4120; Sentencing provisions: Imprisonment up to 10 years, or fines up
to $25,000, or both.
State: Texas; State code citation: Tex. Penal Code § 32.51; Sentencing
provisions: Imprisonment up to 10 years and a fine not to exceed
$10,000.
State: Wisconsin; State code citation: Wis. Stat. § 943.201; Sentencing
provisions: Imprisonment up to 10 years, or fines up to $10,000, or
both.
Source: GAO summary of state statutes.
[End of table]
As with the national organizations we contacted, state officials could
not provide aggregate data on law enforcement results (e.g., total
number of arrests, prosecutions, or convictions) under their respective
state‘s identity theft statute. However, the officials were able to
provide us with examples of actual cases prosecuted under these
statutes. The following sections discuss case examples for three
states--California, Michigan, and Texas. Presented for illustration
purposes only, these cases are not necessarily representative of
identity theft crimes in these or other states. Also, as with federal
cases, the state case examples also indicate that identity theft can be
a component of other crimes, such as check and credit card fraud, as
well as computer-related crimes.
California: High Prevalence of Identity Theft:
Effective January 1, 1998, under section 530.5 of the California Penal
Code, any person ’who willfully obtains personal information — of
another person without the authorization of that person, and uses that
information for any unlawful purpose, including to obtain, or attempt
to obtain credit, goods, services, or medical information in the name
of the person without the consent of that person, is guilty of a public
offense.“[Footnote 10] According to the officials we contacted in
California, there is not a centralized source of aggregate or statewide
statistics regarding the number of investigations, arrests, or
prosecutions under California‘s identity theft statute. However,
federal law enforcement officials told us that, relative to many other
states, the prevalence of identity theft appears to be high in
California. The federal officials also commented that new or different
types of identity theft schemes often appear to originate on the west
coast and then spread east.
Regarding identity theft cases handled at the state level, in October
2001, one California deputy attorney general told us that she was
handling four active cases, and she commented that these were a ’tiny
drop in the bucket“ in reference to prevalence. Further, she noted that
the four active cases had one thing in common, that is, the number of
victims was ’in the hundreds“ or even ’never ending.“ Also, in October
2001, another California deputy attorney general told us that, at an
identity theft conference hosted by the California attorney general in
May 2001, two local law enforcement agencies reported thousands of
active cases. Specifically, the Los Angeles County Sheriff‘s Office
reported 2,000 active cases, and the Los Angeles Police Department
reported 5,000 active cases.
More recently, in March 2002, we contacted the Los Angeles Police
Department to obtain updated information. According to the detective
supervisor of the Identity Theft and Credit Card Squad, over 8,000
cases of identity theft were reported to the department in calendar
year 2001. He estimated that about 70 percent of these identity theft-
related cases involved utility or cellular telephone fraud and the
other 30 percent involved credit card fraud and check fraud. Further,
the detective supervisor said that the department accepts reports of
identity theft only if the victim is a resident of Los Angeles.
Michigan: Cases under the State‘s 5-year Felony Statute:
Michigan‘s identity theft statute--codified at Mich. Comp. Laws §
750.285--was adopted by the state legislature on December 7, 2000, and
became effective April 1, 2001. This new law created a 5-year felony
offense for identity theft, making it illegal for a person to obtain or
attempt to obtain, without authorization, the ’personal identity
information“ of another person with the intent to use that information
unlawfully to (1) obtain financial credit, employment, or access to
medical records or information contained in them; (2) purchase or
otherwise obtain or lease any real or personal property; or (3) commit
any illegal act. One state-level entity that handles investigations and
prosecutions of identity theft is the High Tech Crime Unit of the
Michigan Department of the Attorney General. This unit deals with
computer crimes and crimes committed over the Internet--crimes in which
identity theft is often an aspect.
According to the Michigan assistant attorney general who serves as
Chief of the High Tech Crime Unit, the state‘s first criminal
prosecution under the 5-year felony statute was initiated by the unit
in August 2001. In this case, a woman was charged with stealing
personal identity information from her former employer, using that
information to apply over the Internet for several credit cards, and
making purchases (approximately $1,000) on such cards, without
authorization. The woman pled guilty and was sentenced to 1 year
probation and required to pay restitution. The Chief also said that, as
of June 2002, three other cases were pending under Michigan‘s identity
theft statute.
We also contacted the Office of the Prosecuting Attorney for Oakland
County, Michigan.[Footnote 11] A deputy prosecutor told us that in the
approximately 8 months since Michigan‘s identity theft statute has been
in effect--that is, from April 1, 2001, to the time of our inquiry in
early December 2001--one case had been initiated in Oakland County
under the statute. This official said that the case, which involved a
defendant who had obtained the victim‘s personal information and used
it to apply for a credit card, was still ongoing in the county‘s court
system.
Texas: State Statute Modeled after Federal Law:
Texas‘ identity theft statute--codified at Texas Penal Code § 32.51--
became effective September 1, 1999. Modeled after the federal Identity
Theft Act, a person commits the offense of identity theft under Texas‘
law if he or she ’obtains, possesses, transfers, or uses identifying
information of another person without the other person‘s consent or
with intent to harm or defraud another.“ According to officials we
contacted in Texas, there is not a centralized source of aggregate or
statewide statistics regarding the number of identity theft
investigations, arrests, or prosecutions under Texas Penal Code §
32.51:
In response to our inquiry, the Internet Bureau of the Texas Attorney
General‘s Office reported that it had opened 12 identity theft cases
during the period September 2000 through August 2001. According to an
Internet Bureau official, these cases had resulted in three arrests and
indictments, as of November 2001. In one of these cases, a temporary
employee of a technology company allegedly stole personal identifying
information from the company‘s employee database and provided the
information to an accomplice, who used the information to apply for
bank credit online and collect fees paid by the banks for each
application. Reportedly, the scheme affected hundreds of employees. The
Internet Bureau official told us that each application using a stolen
identity was considered a separate violation and that two suspects had
been criminally charged.
We also contacted the Dallas County District Attorney‘s Office. While
the office did not have any readily available statistics on identity
theft cases, an assistant district attorney said that the office had
handled a variety of identity theft cases, involving check and credit
card fraud, as well as fraudulent purchases of vehicles and the
acquisition of utility services. The assistant district attorney noted
that some of these crimes had been perpetrated by organized rings. One
example cited involved a group of three individuals, who made
approximately $750,000 in illegal transactions in less than 180 days by
using identity fraud coupled with other traditional crimes such as
credit card abuse, forgery of commercial instruments, and securing
loans through deception.
Enforcement Challenges Regarding State Statutes:
Generally, many of the 10 states‘ officials with whom we talked noted
various challenges or obstacles to enforcing identity theft statutes.
As discussed in the following sections, these challenges involved
topics such as the filing of police reports, the use of limited
resources, and the resolution of jurisdictional issues.
Local Police Are Not Always Documenting Identity Theft Crimes Reported
by Victims:
Efforts taken by identity theft victims to file reports with law
enforcement agencies are an important first step in being able to
investigate such crime. Also, police reports can be useful to consumers
who are victims of identity theft and who need to provide documentation
of such to creditors and debt collectors. However, FTC data show that
59 percent of the victims who contacted the FTC during a 12-month
period (Nov. 1999 through Oct. 2000) had already contacted the police,
but 35 percent of these victims reported that they could not get a
police report. Partly because identity theft is still a non-traditional
crime, some police departments are unaware of the importance of taking
reports of identity theft, much less initiating investigations.
To help address this issue, FTC staff, in conjunction with the Identity
Theft Subcommittee (see app. III), began working with the International
Association of Chiefs of Police to encourage police officers to write
police reports for victims of identity theft. As a result, in November
2000, the association adopted a resolution calling for ’all law
enforcement agencies in the United States to take more positive actions
in recording all incidents of identity theft.“ Regarding the need for
more positive actions, the resolution noted that:
’— reports of identity theft to local law enforcement agencies are
often handled with the response …please contact your credit card
company,‘ and often no official report is created or maintained,
causing great difficulty in accounting for and tracing these crimes,
and leaving the public with the impression their local police
department does not care—“:
According to FTC staff, even though the association‘s resolution is not
binding, it sends an important message to police around the country.
Also, FTC staff indicated that the same message has been reinforced by
FTC staff in numerous law enforcement conferences throughout the
nation. FTC data show that 46 percent of the victims who contacted the
FTC in calendar year 2001 reported that they had already contacted a
police department, and 18 percent of these victims reported that they
could not get a police report--which represents a reduction of about
half from the percentage of victims who reported being unable to get a
police report in the November 1999 through October 2000 period.
Despite progress, the importance of police reports is a topic for
continuing focus. For example, in January 2002, a Florida study
reported that some of the state‘s law enforcement agencies ’are
reluctant to take identity theft complaints and do not generate reports
in some cases.“[Footnote 12] Consequently, the study recommended that
’all law enforcement agencies be required to generate a report on
identity theft complaints regardless of their subsequent decision on
whether or not they will investigate the case.“:
Also, during our review, a federal official told us that a continuing
priority of the Attorney General‘s Identity Theft Subcommittee[Footnote
13] is to help educate local police departments about the critical
first step of taking reports from victims of identity theft crime. In
this regard, the Secret Service is developing a police training video
with the cooperation of the FTC, Department of Justice, and the
International Association of Chiefs of Police, which is anticipated to
be completed by September 30, 2002. Among other purposes, the training
video is to emphasize the importance of police reports in identity
theft cases.
State Officials Cited Insufficient Resources as an Obstacle to More
Fully Addressing Identity Theft:
Officials in several of the 10 states included in our study told us
that the level of resources being allocated to investigate and
prosecute identity theft often is insufficient. This observation was
voiced, for example, by a deputy district attorney in California (Los
Angeles County), who told us that there are not enough investigators
and prosecutors to handle the county‘s identity theft cases.
Similar comments were provided to us by a supervisor in the Consumer
Fraud Division of the Illinois Cook County State‘s Attorney‘s Office,
which reportedly is the second largest prosecutor‘s office in the
nation, with over 900 assistant state‘s attorneys. In addition to
noting that more prosecutors and support staff were needed to
effectively combat identity theft, the supervisor commented that funds
were needed for training local police agencies how to handle the more
complex cases involving multiple victims, multiple jurisdictions, and
voluminous documents.
Further, a chief deputy attorney in the Philadelphia District
Attorney‘s Office commented that, given competing priorities and other
factors, there is little incentive for police departments in
Pennsylvania to allocate resources for investigating identity theft
cases. This official said that police departments are more inclined to
use their limited resources for investigating violent crimes and drug
offenses rather than handling complicated identity theft cases that,
even if successfully prosecuted, often lead to relatively light
sentences. In explanation, the chief deputy attorney noted the
following:
* Identity theft cases require highly trained investigators, require
longer-than-usual efforts, and often end without an arrest.
* Also, under the state‘s identity theft statute, the first offense is
a misdemeanor, although identity theft may be a ’lesser included
offense“ with felony charges involving forgery and theft, given that
the fact patterns of these crimes may overlap.
* Even when convictions are obtained, identity theft cases generally do
not result in long sentences. For instance, to get a minimum prison
term of 1 year for an economic crime in Pennsylvania, a defendant
probably would have to steal approximately $100,000. In contrast, a
felony drug case conviction involving more than 2 grams of cocaine or
heroin--an amount with a street value of about $200--has a mandatory
minimum sentence of 1 year of imprisonment.
Despite resource and other challenges, the chief deputy attorney said
that the Philadelphia District Attorney‘s Office does handle identity
theft cases. He estimated, for instance, that the office investigated
about 100 to 200 identity theft cases in calendar year 2000, and he
said these cases represented a ’small fraction“ of the total number of
reported cases in Philadelphia.
State Officials Cited Jurisdiction Issues as an Obstacle to More Fully
Addressing Identity Theft:
According to many of the state and local officials we contacted,
jurisdiction and venue problems are common in identity theft cases. The
officials noted, for instance, that many identity theft cases present
cross-jurisdictional issues, such as when a perpetrator steals personal
information in one city and uses the information to conduct fraudulent
activities in another city or another state. In this regard, an
official in one state told us that law enforcement agencies sometimes
tend to view identity theft as being ’someone else‘s problem.“ That is,
the police department in the victim‘s area of residence refer the
victim to the police department in another county or state where the
perpetrator used the personal information--and, in turn, the remote
police department refers the victim back to the area-of-residence
police department.
To help mitigate this type of problem, some of the states‘ identity
theft statutes have provisions that permit multiple counties to have
jurisdiction. For example, Arizona‘s identity theft statute has a
provision that allows victims to file reports in any jurisdiction
within the state where the theft or related activities arising from the
theft occur. Thus, if a credit card is stolen in Phoenix and used in
Tempe, the victim may file in either jurisdiction. Similarly, Florida
modified its identity theft statute, effective July 1, 2001, to specify
that the crime of identity theft can be investigated and prosecuted in
the county in which the victim resides or where any element of the
crime occurred. Also, during our study, a Wisconsin Department of
Justice official told us that consideration was being given to amending
Wisconsin‘s identity theft law to permit prosecution of such crime in
the jurisdiction of the victim‘s residence, in addition to any
jurisdiction where the stolen personal identity information was
fraudulently used.
Federal, State, and Local Law Enforcement Agencies Use Various Means to
Promote Cooperation or Coordination in Addressing Identity Theft
Crimes:
Many federal, state, and local law enforcement agencies have roles in
investigating and prosecuting identity theft. Federal agencies include,
for example, the FBI, Secret Service, IRS (Criminal Investigation),
Postal Inspection Service, and SSA/OIG, as well as U.S. Attorney
Offices. However, most identity theft crimes fall within the
responsibility of local investigators and prosecutors--such as city
police departments or county sheriffs‘ offices and county district
attorney offices, although state-level agencies, such as state attorney
general offices, also have a role.
Generally, the prevalence of identity theft and the frequently multi-or
cross-jurisdictional nature of such crime underscore the importance of
having means for promoting cooperation or coordination among federal,
state, and local law enforcement agencies. One such means is the
establishment of law enforcement task forces with multi-agency
participation. Other relevant means include a coordinating entity (the
Attorney General‘s Identity Theft Subcommittee) and an information-
sharing database (accessible via the FTC‘s Consumer Sentinel Network)
established with federal leadership. However, as discussed in the
following sections, there are opportunities for promoting greater
awareness and use of the Consumer Sentinel Network.
Law Enforcement Task Forces that Address Identity Theft:
The use of task forces is perhaps the most commonly used means for
promoting cooperation or coordination among law enforcement agencies to
address identity theft cases involving multiple jurisdictions. A main
advantage of task forces, according to Secret Service officials, is
that the pooling of resources and expertise results in more thorough
investigations and better continuity from inception of the
investigations through prosecution. The officials also noted that
improved interagency relationships result in the sharing of
investigative leads, bridging of jurisdictional boundaries, and
avoiding duplication of efforts. Regarding the views of state
officials, a California deputy attorney general, who was working on a
task force that included federal and local law enforcement agencies,
told us that this approach simplified all aspects of multi-
jurisdictional issues, particularly given that each agency has its own
’go to“ person.
Generally, task forces can have participating agencies from all levels
of law enforcement--federal, state, and local--and may also have
private sector representation. The following sections provide examples
of task forces developed by federal (Secret Service) and state
(California and Florida) leadership, respectively. The scope of our
work did not include assessing the effectiveness of these task forces.
Secret Service Task Force Efforts:
At the time of our review, the Secret Service was the lead agency in 38
task forces across the country that were primarily targeting financial
and electronic crimes--categories of crimes that frequently have
identity theft-related elements.[Footnote 14] According to the Secret
Service, electronic crimes task forces concentrate on crimes involving
e-commerce, telecommunications fraud, and computer intrusions
(hacking), as well as cases involving missing and exploited children.
An identity theft-related example is an investigation initiated in
December 2000 by the electronic crimes task force of the Secret
Service‘s New York Field Office. According to Secret Service testimony
presented in May 2001 at a congressional hearing:[Footnote 15]
* The investigation, which was conducted jointly by the Secret Service
and the New York Police Department, determined that the credit card
accounts of many of the nation‘s wealthiest chief executive officers,
as well as many other citizens, had been compromised.
* Using the Internet and cellular telephones, the perpetrators obtained
the victims‘ credit card account numbers and then established
fictitious addresses to conduct fraudulent transactions.
* Also, the perpetrators attempted to transfer approximately $22
million--from the legitimate brokerage and corporate accounts of the
victims--into fraudulently established accounts for conversion to the
perpetrators‘ own use.
Table 3 presents an example of another Secret Service electronic crimes
task force, which was first developed in 1995 by the agency‘s
Washington (District of Columbia) Field Office and has subsequently
grown to include a total of 32 participating law enforcement agencies
and private sector entities.
Table 3: Participants in Electronic Crimes Task Force Developed by
Secret Service‘s Washington Field Office:
Task force participants: Federal law enforcement agencies: Bureau of
Alcohol, Tobacco and Firearms; Customs Service; Defense Criminal
Investigative Service; Department of Housing and Urban Development;
Department of State; Drug Enforcement Administration; FBI; General
Services Administration; Immigration and Naturalization Service;
Metropolitan Washington Airports Authority; Postal Inspection Service;
Secret Service; and SSA.; Number of agencies or entities: 13.
Task force participants: State and local law enforcement agencies:
Bladensburg Police Department, Hyattsville Police Department, Fairfax
County Police Department, Maryland State Police, Metropolitan Police
Department, Montgomery County Police Department, Mount Rainier Police
Department, Prince George‘s County Police Department, and Vienna Police
Department.; Number of agencies or entities: 9.
Task force participants: Private sector entities: Allfirst Bank, Bank
of America, Bell Atlantic, Cellular One, Chevy Chase Bank, Citibank,
First Union Bank, MBNA, Target Department Stores, and Wachovia Bank.;
Number of agencies or entities: 10.
Task force participants: Total number of law enforcement agencies and
private sector entities; Number of agencies or entities: 32.
Source: Secret Service.
[End of table]
Secret Service officials said that the agency‘s task forces generate
cases that result in prosecutions in state and local courts as well as
in federal courts. The officials estimated, for instance, that the
majority (about 60 percent) of the Washington Field Office Task Force‘s
cases had been prosecuted in state courts. Further, regarding the
operations of Secret Service task forces in general, the officials
noted that, while the Secret Service may have overall administrative
responsibility, the role of ’quarterback“ regarding the investigative
agenda often is a shared role. In explanation, the officials said that
the task forces do get involved in cases important to the needs of
local communities.
California: High-Technology Task Forces Address Identity Theft:
In the mid-1990s, the California Attorney General‘s Office established
five regional task forces in the state to facilitate multi-
jurisdictional investigations and prosecutions of high-technology
crimes, such as the theft of chips and other computer components. The
five high-technology task forces also are to address identity theft/
fraud and its related crimes. One of the five is the Sacramento Valley
High-Technology Crime Task Force, which was reorganized in October 1999
as a separate division within the Sacramento County Sheriff‘s
Department. The task force includes participants from local, state, and
federal agencies in the 34 counties of the eastern judicial district of
the state of California. As of calendar year 2001, a total of 32
agencies or entities were represented, as table 4 shows.
Table 4: Participants in the Sacramento Valley High-Technology Crimes
Task Force:
Task force participants: Police departments: Davis, Folsom, Modesto,
Isleton, Roseville, Sacramento, Turlock, West Sacramento, and Yuba.;
Number of agencies or entities: 9.
Task force participants: Sheriff‘s departments: El Dorado, Merced,
Placer, Sacramento, San Joaquin, Stanislaus, Sutter, and Tuolumne.;
Number of agencies or entities: 8.
Task force participants: District attorney offices: Placer, Sacramento,
and Yolo.; Number of agencies or entities: 3.
Task force participants: State agencies: Controller‘s Office,
Department of Corrections, Department of Justice, Department of Motor
Vehicles, Highway Patrol, Probation (Sacramento), and University of
California (Davis).; Number of agencies or entities: 7.
Task force participants: Federal agencies: FBI, Forest Service, Postal
Inspection Service, Secret Service, and U.S. Attorney‘s Office.; Number
of agencies or entities: 5.
Task force participants: Total number of agencies and entities; Number
of agencies or entities: 32.
Source: Sacramento Valley High-Technology Crimes Task Force.
[End of table]
According to its annual report for calendar year 2001, the Sacramento
Valley High-Technology Crimes Task Force investigated 153 cases
involving identity theft. Examples of these cases included the
following:
* Detectives were called to the Sacramento International Airport to
investigate a suspect who used stolen credit card information to
purchase tickets for two other suspects. The investigation revealed 24
other victims whose credit cards had been stolen by one of the suspects
from his place of employment.
* A suspect attempted to purchase items at a store using a manufactured
fraudulent check. After being arrested, the suspect identified herself
using another person‘s identity and was booked into jail using that
name. However, an investigation determined the suspect‘s true identity
and that she had written at least seven other fraudulent checks in the
Sacramento area.
* A suspect used a victim‘s identity to open an account at a jewelry
store and charge several items. Also, the suspect opened several other
accounts in the victim‘s name and made purchases (some over the
Internet) using these accounts. Further, the investigation found
numerous names, credit information, SSNs, and driver‘s licenses--and
documents with Internet Web sites, passwords, and personal
identification numbers--indicating that the suspect had opened accounts
using the personal information of the victims.
Florida: Statewide Initiative to Investigate and Prosecute Identity
Theft Cases:
Identity theft-related enforcement efforts in Florida are being led by
the Florida Attorney General‘s Office of Statewide Prosecution and the
Florida Department of Law Enforcement. In 2001, these agencies
partnered to create a statewide task force initiative to target
perpetrators of identity fraud. The initiative--called Operation LEGIT
(law enforcement getting identity thieves)--has special agents and
other personnel assigned from various regional offices of the Florida
Department of Law Enforcement. Other task force participants can
include local and federal law enforcement agencies, as indicated in the
following examples of cases:[Footnote 16]
* For more than 12 years, a Florida suspect assumed and lived under the
identity of a California victim, who had lost his wallet (with his
driver‘s license and other personal identification information) while
vacationing in Daytona Beach in 1987. Since that time, the suspect had
purchased and sold homes, opened bank accounts, obtained credit,
established utility and phone service, and been arrested on at least
three separate occasions. Based on a Florida warrant, the victim was
wrongly arrested in California and held in jail for more than a week.
Also, the victim has had civil judgments levied against him. The
investigation that led to the suspect‘s arrest was initiated in May
2001 and was conducted by the Hernando County (Florida) Sheriff‘s
Office, the Florida Department of Law Enforcement, the Office of
Statewide Prosecution, and SSA/OIG.
* In July 2001, six suspects were charged with racketeering and
multiple counts of identity theft that affected victims throughout
Florida. The ringleader orchestrated the scheme from a Florida prison
(Gulf County Correctional Facility), where he was serving a 9-year
sentence for his involvement in a similar investigation that concluded
in 1998, with victims throughout Florida and Georgia. Using the inmate
telephone system and the U.S. mail service, the ringleader obtained
account and identity information of unsuspecting consumers. Accomplices
used the compromised identities to commit credit card fraud, purchase
vehicles, open fraudulent checking accounts, and apply for instant
loans at furniture stores and other businesses across Florida. The
organized scheme netted the ring more than $200,000 in stolen property.
This case was investigated by the Florida Department of Law
Enforcement, the Office of Statewide Prosecution, and SSA/OIG.
* In October 2001, six suspects were arrested for fraudulently
obtaining nearly $300,000 in merchandise, after assuming the identities
of 18 individuals from around the country. An employee of a children‘s
clinic in Orlando obtained the SSNs and other identifying information
of the 18 individuals, who had participated in a medical study
concerning cystic fibrosis and whose children suffer from the disease.
The employee passed the information to another person, who created
false birth certificates and other documents that were used to obtain
identity cards in the names of the victims through offices of the
Florida Department of Motor Vehicles. The suspects used the false
identities to obtain instant credit at electronic and furniture stores
in Orange and Seminole Counties in Florida. The suspects purchased big-
screen televisions, computers, and other high-cost items until the
victims‘ credit lines were exhausted. The purchased items were later
sold on the streets of Orlando (Florida) and Chicago (Illinois) for
half their retail value, with the proceeds divided by the suspects. The
investigation was conducted by the Orlando Police Department, the
Florida Department of Law Enforcement, and the Office of Statewide
Prosecution.
* In February 2002, a former resident of Daytona Beach was charged with
obtaining personal identifying information (names, addresses, and SSNs)
on various individuals and using the information to fraudulently
purchase more than $35,000 worth of merchandise throughout east-central
Florida. The suspect obtained the information from a Web site used
legitimately by a variety of businesses and individuals for the purpose
of finding and tracking others. As of February 2002, the then-ongoing
investigation by the Florida Department of Law Enforcement revealed
that the suspect had compromised the identities of victims in 12
states.
Identity Theft Subcommittee Formed to Have Coordination and Education
Role:
In early 1999, following passage of the federal Identity Theft Act in
1998, the U.S. Attorney General‘s Council on White Collar Crime
established the Subcommittee on Identity Theft to foster coordination
of investigative and prosecutorial strategies and promote consumer
education programs. Subcommittee leadership is vested in the Fraud
Section of the Department of Justice‘s Criminal Division, and
membership includes various federal law enforcement and regulatory
agencies, as well as state and local representation through the
International Association of Chiefs of Police, the National Association
of Attorneys General, and the National District Attorneys Association.
Appendix III lists the membership of the subcommittee.
In response to our inquiries, the Chairman of the subcommittee said
that, although there is no written charter or mission statement, the
role and activities of the subcommittee are substantially as follows:
* Initially, to promote awareness and use of the federal Identity Theft
Act, the subcommittee prepared guidance memorandums for field
distribution to law enforcement and regulatory agencies. Also, the
subcommittee helped to plan or support various identity theft-related
educational presentations and workshops, with participants from the
public and private sectors.:
* Because so much of identity theft is a local matter, it was
imperative that the subcommittee‘s membership include state and local
representatives. Participation by the International Association of
Chiefs of Police gives the subcommittee a channel to thousands of local
law enforcement entities. A continuing priority of the subcommittee is
to help educate local police departments about the critical first step
of taking reports from victims of identity theft crime.:
* Furthermore, the subcommittee continually promotes the availability
of FTC‘s Consumer Sentinel Network as a tool for federal, state, and
local law enforcement agencies to use.:
The subcommittee Chairman also noted that, since the terrorist
incidents of September 11, 2001, there has been more of a focus on
prevention. For example, the American Association of Motor Vehicle
Administrators attended a recent subcommittee meeting to discuss ways
to protect against counterfeit or fake driver‘s licenses.
To obtain a broader understanding of the subcommittee‘s role, as well
as ways to potentially enhance that role, we contacted the designated
individuals who, respectively, represented six member organizations--
FBI, National District Attorneys Association, Postal Inspection
Service, Secret Service, Sentencing Commission, and SSA/OIG. Generally,
the representatives commented that the subcommittee has been helpful in
combating identity theft and has been functioning well, particularly
considering the fact that membership is a collateral duty for each
representative. One member--representing the National District
Attorneys Association--suggested that the subcommittee‘s role could be
enhanced by having a formal charter or mission statement detailing each
participant‘s role. However, the FBI and Secret Service representatives
said that the informality of the subcommittee promotes member
participation and also commented that additional directives could be
counterproductive.
Opportunities for Law Enforcement to Use FTC Data to Aid in
Investigations of Identity Theft:
Since its establishment in 1999, FTC‘s Identity Theft Data
Clearinghouse has been used for reporting statistical and demographic
information about victims and perpetrators. While not immediate, the
value of the Clearinghouse database as a law enforcement tool has been
growing but has not reached its full potential. In conducting
investigations, for example, relatively few law enforcement agencies
have used FTC‘s Consumer Sentinel Network, which provides computer
access to the Clearinghouse database. Further, centralized analysis of
database information to generate investigative leads and referrals has
been limited. Law enforcement‘s limited use of the Consumer Sentinel
Network and the Clearinghouse database may be due to various reasons,
including the relatively short operating history of the database. To
promote greater awareness and use of the Network and the Clearinghouse
database, FTC and Secret Service outreach efforts include conducting
regional law enforcement training seminars and developing a training
video for distribution to local law enforcement agencies across the
nation.
FTC Established the Identity Theft Data Clearinghouse in 1999:
The federal Identity Theft Act of 1998 required FTC to ’log and
acknowledge the receipt of complaints by individuals who certify that
they have a reasonable belief“ that one or more of their means of
identification have been assumed, stolen, or otherwise unlawfully
acquired. In response to this requirement, in November 1999, FTC
established the Identity Theft Data Clearinghouse to gather information
from any consumer who wishes to file a complaint or pose an inquiry
concerning identity theft. Consumers can call a toll-free telephone
number (1-877-ID-THEFT) to report identity theft. Information from
complainants is accumulated in a central database (the Identity Theft
Data Clearinghouse) for use as an aid in law enforcement and prevention
of identity theft. From its establishment in November 1999 through
September 2001, the Clearinghouse received a total of 94,100 complaints
from identity theft victims. This total includes 16,784 complaints
transferred to the FTC from the SSA/OIG. In the first month of
operation, the Clearinghouse answered an average of 445 calls per week.
By March 2001, the average number of calls had increased to over 2,000
per week. In December 2001, the weekly average was about 3,000 answered
calls.
From its inception, the Clearinghouse database has been used to report
statistical and demographic information about victims and perpetrators.
For example, regarding identity theft complaints received in calendar
year 2001, an FTC official testifying at a March 2002 congressional
hearing summarized database information partly as follows:[Footnote 17]
’The Clearinghouse database has been in operation for more than two
years. — While not comprehensive, information from the database can
reveal information about the nature of identity theft activity. For
example, the data show that California has the greatest overall number
of victims in the FTC‘s database, followed by New York, Texas, Florida,
and Illinois. On a per capita basis, per 100,000 citizens, the District
of Columbia ranks first, followed by California, Nevada, Maryland and
New York. The cities with the highest numbers of victims reporting to
the database are New York, Chicago, Los Angeles, Houston, and Miami.
’Eighty-eight percent of victims reporting to the FTC provide their
age. The largest number of these victims (28%) were in their thirties.
The next largest group includes consumers from age eighteen to twenty-
nine (26%), followed by consumers in their forties (22%). Consumers in
their fifties comprised 13%, and those age 60 and over comprised 9%.
Minors under 18 years of age comprised 2% of victims. —:
’Thirty-five percent of the victims had not yet notified any credit
bureau at the time they contacted the FTC; 46% had not yet notified any
of the financial institutions involved. Fifty-four percent of the
victims had not yet notified their local police department of the
identity theft. By advising the callers to take these critical steps,
we enable many victims to get through the recovery process more
efficiently and effectively.“
Centralized Analysis of Clearinghouse Data to Generate Investigative
Leads and Referrals is Increasing:
In addition to providing a basis for reporting statistical and
demographic information about identity theft victims and perpetrators,
another primary purpose of the Clearinghouse database is to support law
enforcement. Since May 2001, one Secret Service special agent, working
with an FTC attorney, an investigator, and a paralegal, has been
involved in centrally analyzing Clearinghouse data to generate
investigative leads and referrals. Specifically, according to FTC
staff:
* The team uses intelligence software to analyze Clearinghouse data to
generate investigative leads.:
* These leads are then further developed using criminal investigative
resources provided by the Secret Service and research and analytical
tools provided by the FTC.
* When the case leads have been comprehensively developed, they are
referred to federal, state, or local law enforcement officers in the
field. These officers participate in financial, high-tech, or economic
crimes task forces and are well equipped to handle the cases.
The pace of developing and sending out investigative leads has picked
up since FTC and the Secret Service jointly initiated their efforts in
May 2001. For instance, 10 investigative referrals were made to
regional law enforcement during the last 6 months of calendar year
2001, whereas 19 referrals were made in the first 5 months of 2002. One
of the 29 referrals involved 10 individuals with the same address. In
response to our inquiries in May 2002, Secret Service officials said
that the 29 referrals were still being worked and, thus, the results or
outcomes were yet to be determined.
Relatively Few Law Enforcement Agencies Use the Consumer Sentinel
Network to Access FTC‘s Identity Theft Data Clearinghouse:
In addition to receiving referrals based on centralized analysis of
Clearinghouse data, federal, state, and local law enforcement agencies
nationwide can use desktop computers to access Clearinghouse data to
further support ongoing cases or develop new leads. Specifically,
through FTC‘s Consumer Sentinel Network--which is a secure, encrypted
Web site--law enforcement agencies can access Clearinghouse data and
use search tools tailored for identity theft investigations. For
instance, an investigator may scan consumer complaints matching certain
criteria to determine if there is a larger pattern of criminal
activity. FTC does not charge a fee for use of the Consumer Sentinel
Network. However, each law enforcement agency must enter into a
confidentiality agreement (pledging to abide by applicable
confidentiality rules) with FTC.
As of May 24, 2002, a total of 46 federal agencies had signed user
agreements with FTC, facilitating access to Identity Theft Data
Clearinghouse information via the Consumer Sentinel Network. These
agencies include the FBI, Secret Service, Postal Inspection Service,
SSA/OIG, and some U. S. Attorney Offices. Further, relatively few of
the nation‘s over 18,000 state and local law enforcement agencies have
signed agreements with FTC to use the Consumer Sentinel Network to
access the Identity Theft Data Clearinghouse. Specifically, as of May
24, 2002, a total of 306 state and local law enforcement agencies had
entered into such agreements. Of this total, the number of users varied
from 1 law enforcement agency in each of 5 states (Delaware, Hawaii,
Idaho, New Hampshire, and New Mexico) and 2 agencies in each of 8 other
states (Arizona, Arkansas, Kansas, Massachusetts, Nebraska, Oregon,
South Dakota, and Wyoming) to 17 agencies in Texas and 45 agencies in
California. Even at the high end of this range, the extent of access is
not comprehensive. For example:
* In Texas, the Houston Police Department and the Harris County
Sheriff‘s Office--jurisdictions that encompass about 22 percent of the
state‘s population--are not users of the Consumer Sentinel Network. As
stated previously, in reference to number of identity theft victims,
Houston is among the top five cities nationally. Overall, less than 1
percent of the state‘s law enforcement agencies have entered into
confidentiality agreements with FTC.
* Although California has the largest number of users (45 agencies),
the list of subscribers does not include the city police departments in
Los Angeles, Sacramento, or San Jose. As mentioned previously, over
8,000 cases of identity theft were reported to the Los Angeles Police
Department in calendar year 2001.
:
According to FTC staff, the number of Consumer Sentinel member agencies
continually increases, particularly in response to outreach activities
such as regional law enforcement training. Appendix IV gives a full
listing of the 352 agencies that had entered into user agreements with
FTC, as of May 24, 2002.
FTC staff provided us query statistics showing external law enforcement
usage of the Consumer Sentinel Network and the Identity Theft Data
Clearinghouse for January 2001 through March 2002. During this 15-month
period, the number of external law enforcement queries about identity
theft complaints totaled 7,946--an average of about 530 per month--and
ranged from 378 in December 2001 to 783 in January 2002. FTC staff
noted that these usage statistics do not reflect centralized analysis
of identity theft complaint data, conducted jointly by the Secret
Service and FTC.
Reasons for Limited Law Enforcement Use of Consumer Sentinel Network
and Clearinghouse Database:
Various reasons may explain law enforcement‘s relatively limited use of
the Consumer Sentinel Network and the Identity Theft Data Clearinghouse
database. Department of Justice officials said, for instance, that many
state and local agencies may have an insufficient number of computers
and support personnel, in addition to being challenged by competing
priorities. Also, FTC staff and Secret Service officials noted that the
availability of the Clearinghouse database as an aid for law
enforcement agencies is still relatively new. As such, some potential
users are unaware of this investigative resource, despite ongoing
outreach efforts.
Further, regarding usefulness of database information for law
enforcement purposes, we asked whether any examples of federal, state,
or local success stories had been presented or discussed at any of the
monthly meetings of the Attorney General‘s Identity Theft Subcommittee.
In response, the head of the subcommittee told us that none of the
meetings had included such examples--neither examples involving field
agencies that used the Consumer Sentinel Network to develop cases nor
examples involving the results of investigative leads or referrals that
were based on centralized analysis of Clearinghouse data.
One state‘s deputy attorney general, in replying to our inquiry about
the usefulness of the Consumer Sentinel Network and the Clearinghouse
database, said that, as a practical matter, a local investigator with
numerous outstanding cases on his or her desk will not be using the FTC
system to obtain more cases. Rather, this state official suggested, for
example, that FTC could use the system to generate periodic reports to
alert law enforcement of specific problems within their respective
jurisdictions and facilitate the coordination of investigative
resources for the maximum benefit.
FTC staff acknowledged that Sentinel members appear to use the
Clearinghouse database to bolster the cases they have under
investigation more often than to initiate new cases. However, the FTC
staff told us that they are continuously looking for ways to make the
Clearinghouse database more efficient and user friendly. The staff
noted, for example, that FTC has established an e-mail address to take
requests for specific searches from Sentinel members and, thereby, FTC
can use its internal search tools to query the Clearinghouse database
and provide more comprehensive results to requesters. Also, the staff
noted that FTC expects to implement an ’alert“ function before the end
of fiscal year 2002. According to the staff:
* The alert function will enable a Clearinghouse user (e.g., police
officer) to flag or annotate one or more particular complaints relating
to an investigation that the user is conducting. If and when another
user executes a query that retrieves one of the flagged complaints,
this second user will get a pop-up message box asking him or her to
contact the first user before proceeding.:
* Thus, two police officers, who likely are from different
jurisdictions but are looking at the same complaint records, can avoid
duplicating investigatory efforts or inadvertently impeding each
other‘s investigations.
Also, the staff noted that FTC has plans to implement (by the end of
fiscal year 2002) a report listing the suspect locations most
frequently reported in the database.[Footnote 18] Further, in response
to requests from Sentinel members, the FTC will soon begin testing a
program to provide Sentinel members access to electronic batches of
Clearinghouse data--for example, all complaint information reported by
victims in a given city during a specified period of time. According to
FTC staff, Sentinel members will be able to run the batched data
through their own intelligence or link analysis software and also
combine the data with their own investigative information for more
impact.
Moreover, FTC staff said that additional steps are being taken to
increase law enforcement agencies‘ awareness and use of the Consumer
Sentinel Network and the Clearinghouse database. The staff noted, for
example, that training sessions for law enforcement agencies were
conducted in Washington, D.C., in March 2002, in Des Moines, Iowa, and
Chicago, Illinois, in May 2002, and that additional sessions are
planned for San Francisco, California, in June 2002, and for Dallas,
Texas, in August 2002. Also, as mentioned previously, the Secret
Service is developing a police training video with the cooperation of
the FTC, Department of Justice, and the International Association of
Chiefs of Police, which is anticipated to be completed by September 30,
2002. According to FTC staff and Secret Service officials, the training
video will briefly discuss the availability of the Consumer Sentinel
Network and the Identity Theft Data Clearinghouse, in addition to
emphasizing the importance of police reports in identity theft cases.
These planned initiatives appear to be steps in the right direction. If
implemented effectively, the initiatives should help to ensure that
more law enforcement agencies are aware of existing data that can be
used to combat identity theft. Nonetheless, concerted and continued
outreach efforts will be needed to promote broad awareness and use of
the Consumer Sentinel Network and the Clearinghouse database by all
levels of law enforcement.
SSA/OIG Actions to Resolve SSN Misuse and Other Identity Theft-Related
Allegations:
As mentioned previously, SSA/OIG‘s fraud hotline annually receives tens
of thousands of allegations, most of which involve either (1) SSN
misuse or (2) program fraud with SSN misuse potential. In these 2
categories, SSA/OIG received approximately 62,000 allegations in fiscal
year 1999, and the agency opened investigative cases on 4,636 (about 7
percent) of these allegations. About three in four of the investigative
cases involved program fraud-related allegations. Generally, SSA/OIG
concentrates its investigative resources on this category of
allegations because the protection of Social Security trust funds is a
priority. SSA/OIG statistics for investigative cases opened in fiscal
year 1999 indicate that a total of 1,347 cases had resulted in criminal
convictions or other judicial actions, as of April 30, 2002. During our
review, the SSA Inspector General told us that his office does not have
enough investigators to address all of the SSN misuse allegations
received on the agency‘s fraud hotline. However, FTC staff noted that,
starting in February 2001, FTC began to routinely upload information
from SSA/OIG‘s fraud hotline about these allegations into FTC‘s
Identity Theft Data Clearinghouse, thereby making the information
available to law enforcement agencies via the Consumer Sentinel
Network.
SSA/OIG Concentrates Its Investigative Resources on Allegations of
Program Fraud with SSN Misuse Potential:
Within the categories of SSN misuse and program fraud with SSN misuse
potential, SSA/OIG received a total of 62,376 allegations in fiscal
year 1999, a greater number (83,721) in fiscal year 2000, and an even
higher number (104,103) in fiscal year 2001. According to SSA/OIG
officials, allegations are reviewed by supervisory personnel to
determine which should be further pursued. The review criteria, among
others, include considerations of the credibility of the alleged
information, the actual or potential dollar-loss amounts involved, the
severity of other effects on SSA programs, and the prosecutive merits
of the allegation, as well as considerations of current workloads and
the availability of investigative resources.
Most allegations of identity theft made to SSA/OIG do not result in
criminal investigations being opened. Of the two categories of
allegations, however, SSA/OIG generally concentrates its investigative
resources on allegations of program fraud with SSN misuse potential
because the protection of Social Security trust funds is a priority. In
fiscal year 1999, for example, SSA/OIG opened investigative cases on 12
percent of the allegations categorized as program fraud with SSN misuse
potential and 3 percent of the allegations categorized as SSN misuse
(see table 5). In other words, although the total numbers of
allegations received in each category were similar, program fraud-
related allegations were about four times more likely to result in
investigative cases being opened.
Table 5: Allegations Received by SSA/OIG and Investigative Cases
Opened, Fiscal Year 1999:
Allegation type: SSN misuse; Number of
allegations received: 30,116; Number of investigative
cases opened: 868; Percentage of: 3.
Allegation type: Program fraud with SSN misuse potential; Number of
allegations received: 32,260; Number of investigative
cases opened: 3,768; Percentage of: 12.
Allegation type: Total; Number of
allegations received: 62,376; Number of investigative
cases opened: 4,636; Percentage of: 7.
Source: SSA/OIG data.
[End of table]
Investigations of Allegations Have Produced Convictions and Other
Judicial Actions:
In response to our inquiry regarding the results of SSA/OIG criminal
investigations, the agency provided us statistics for applicable cases
opened in fiscal year 1999 that resulted in criminal or other judicial
actions. As table 6 shows, as of April 30, 2002, SSN misuse cases (768)
accounted for 57 percent of the 1,347 investigations involving SSN
misuse or program fraud with SSN misuse potential that were opened in
fiscal year 1999 and resulted in criminal or other judicial actions.:
Table 6: Results, as of April 30, 2002, of SSA/OIG Investigations
Opened in Fiscal Year 1999:
Results category: Individual convicted and sentenced; Description of
category: These cases involved accused individuals who were tried,
found guilty, and sentenced.; [Empty]; Number of investigations
resulting in criminal or other judicial actions: SSN misuse: 338;
Number of investigations resulting in criminal or other judicial
actions: Program fraud with SSN misuse
potential: 339; Number of investigations resulting in criminal or other
judicial actions: Total: 677; [Empty]; Percentage of total number: 50.
Results category: Alien apprehended and deported; Description of
category: These cases involved the taking into custody of an illegal
alien or undocumented immigrant, who used the SSN of another person.;
[Empty]; Number of investigations resulting in criminal or other
judicial actions: SSN misuse: 423; Number of investigations resulting
in criminal or other judicial actions: Program fraud
with SSN misuse potential: 31; Number of investigations resulting in
criminal or
other judicial actions: Total: 454; [Empty]; Percentage of total
number: 34.
Results category: Fugitive felon apprehended; Description of category:
These cases involved individuals who were receiving Social Security
benefits and who were also the subjects of outstanding warrants. SSA/
OIG coordinated with the U.S. Marshals Service or state or local law
enforcement to apprehend the fugitive.; [Empty]; Number of
investigations resulting in criminal or other judicial actions: SSN
misuse: 0; Number of investigations resulting in criminal or other
judicial actions: Program fraud with SSN misuse
potential: 137; Number of investigations resulting in criminal or other
judicial actions: Total: 137; [Empty]; Percentage of total number: 10.
Results category: First-time offender handled by pretrial diversion
program; Description of category: These cases involved first-time
offenders who were placed on probation for 12 to 18 months.; [Empty];
Number of investigations resulting in criminal or other judicial
actions: SSN misuse: 7; Number of investigations resulting in criminal
or other judicial actions: Program fraud
with SSN misuse potential: 72; Number of investigations resulting in
criminal
or other judicial actions: Total: 79; [Empty]; Percentage of total
number: 6.
Results category: Total; Description of category: [Empty]; [Empty];
Number of investigations resulting in criminal or other judicial
actions: SSN misuse: 768; Number of investigations resulting in
criminal or other judicial actions: Program fraud
with SSN misuse potential: 579; Number of investigations resulting in
criminal
or other judicial actions: Total: 1,347; [Empty]; Percentage of total
number:
100.
Results category: Percentage of total; Description of category:
[Empty]; [Empty]; Number of investigations resulting in criminal or
other judicial actions: SSN misuse: 57; Number of investigations
resulting in criminal or other judicial actions: Program fraud
with SSN misuse
potential: 43; Number of investigations resulting in criminal or other
judicial actions: Total: 100; [Empty]; Percentage of total number:
[Empty].
Note: Data represent criminal investigations that were opened in fiscal
year 1999 by SSA/OIG and that were closed with a criminal or other
judicial actions as of April 30, 2002. Other criminal investigations
may have resulted in civil monetary penalties or administrative action
or may have been closed with no action.
Source: SSA/OIG data.
[End of table]
SSA/OIG officials said that investigations of SSN misuse allegations
produce convictions or other criminal results because SSN misuse
generally is tied to other white-collar or financial crimes that can
have identity theft-related elements. On the other hand, the officials
said that many investigations of program fraud cases may be closed with
administrative actions, which can include suspension of benefit
payments.
SSA/OIG Allegation Information Is Now Being Added to FTC‘s Database:
In recent years, the number of SSN misuse allegations received by the
SSA/OIG has grown faster than the number of program fraud-related
allegations. That is, SSN misuse allegations constitute a growing
proportion of these two categories of allegations, increasing from 48
percent in fiscal year 1999, to 56 percent in fiscal year 2000, and to
63 percent in fiscal year 2001. During our review, the SSA Inspector
General told us that, given limited resources and competing priorities,
his office investigates relatively few allegations of SSN misuse.
Consequently, the Inspector General said that many credible allegations
of identity theft that have the potential to produce criminal
convictions or other judicial actions are not addressed.
Starting in February 2001, FTC began routinely uploading SSA/OIG
information about SSN misuse allegations into FTC‘s Identity Theft Data
Clearinghouse. This enhancement of the Clearinghouse database makes the
SSA/OIG allegation information available to law enforcement agencies
via the Consumer Sentinel Network. However, as discussed previously,
relatively few law enforcement agencies use the Network, and
centralized analysis of Clearinghouse data to generate investigative
leads and referrals has been limited.
Conclusions:
Comprehensive results--such as number of prosecutions and convictions-
-under the federal Identity Theft Act and relevant state statutes are
not available. However, examples of actual cases illustrate that
identity theft often is a component of other white-collar or financial
crimes, and these cases often have fact-pattern elements involving more
than one jurisdiction. Moreover, the prevalence of identity theft and
the frequently multi-or cross-jurisdictional nature of such crimes
underscore the importance of leveraging available resources and
promoting cooperation or coordination among all levels of law
enforcement.
Our review indicates that there are opportunities for law enforcement
to make greater use of existing data to combat identity theft. In
particular, the Consumer Sentinel Network potentially can provide all
law enforcement agencies across the nation with access to FTC‘s
Identity Theft Data Clearinghouse database to support ongoing
investigations. In addition to complaint information reported by
identity theft victims directly to FTC, the Clearinghouse database now
routinely incorporates identity theft-related information received by
SSA/OIG. However, despite outreach efforts to date, relatively few
state and local law enforcement agencies have signed Consumer Sentinel
confidentiality agreements with FTC. Also, although the number is
increasing, few investigative leads and referrals have been generated
by centralized analysis of database information. Given the growing
prevalence of identity theft, continued and concerted emphasis is
warranted regarding the availability and use of the Consumer Sentinel
Network and the Clearinghouse database as law enforcement tools.
Recommendation for Executive Action:
We recommend that the Attorney General have the Identity Theft
Subcommittee promote greater awareness and use of the Consumer Sentinel
Network and the Identity Theft Data Clearinghouse by all levels of law
enforcement--federal, state, and local.
Agency Comments:
On June 5, 2002, we provided a draft of this report for comment to the
Departments of Justice and the Treasury, FTC, and SSA. The Department
of Justice generally agreed with the substance of the report and
recommendation that the Identity Theft Subcommittee promote greater
awareness and use of the Consumer Sentinel Network and the Identity
Theft Data Clearinghouse by all levels of law enforcement. Further,
Justice noted several actions that it has taken or will take to
directly address the recommendation. These actions include, for
example, regional training seminars cosponsored by Justice, FTC, and
the Secret Service that have specific components about the Consumer
Sentinel and the identity theft database. Justice noted that five
training seminars have been or are planned for this fiscal year and
that additional seminars are being considered for fiscal year 2003.
Also, Justice said that the state and local law enforcement
representatives on the Identity Theft Subcommittee will be consulted
regarding additional mechanisms for informing police departments and
sheriffs‘ offices about the Consumer Sentinel. Further, Justice cited
its efforts to inform the public about identity theft and ensure that
courts are meting out appropriate criminal sanctions. The full text of
Justice‘s comments is reprinted in appendix VI.
The Secret Service, a component agency of the Department of the
Treasury, said that the draft report accurately presented the agency‘s
positions. Also, the Secret Service commented that the agency‘s liaison
to the FTC attended 33 speaking engagements from May 2001 to May 2002
to promote the Identity Theft Data Clearinghouse and that a similar
schedule is anticipated for the next 12 months. Furthermore, the Secret
Service noted that the FTC--in conjunction with the Secret Service
liaison, Justice, and the International Association of Chiefs of
Police--plans to sponsor at least six training seminars in fiscal year
2003.
Justice and the Secret Service also provided various technical comments
and clarifications, which have been incorporated in this report where
appropriate. Similarly, the FTC and SSA provided technical comments and
clarifications, which have been incorporated where appropriate.
In sum, we believe that the ongoing and planned efforts cited by the
Department of Justice and the Secret Service are responsive to the
recommendation that we make in this report.
As arranged with your office, unless you publicly announce its contents
earlier, we plan no further distribution of this report until 30 days
after its issue date. At that time, we will send copies to interested
congressional committees and subcommittees; the Attorney General; the
Secretary of the Treasury; the Chief Postal Inspector, U.S. Postal
Inspection Service; the Commissioner, SSA; and the Chairman, FTC. We
will also make copies available to others on request.
If you or your staff have any questions about this report, please
contact me at (202) 512-8777 or Danny R. Burton at (214) 777-5600.
Other key contributors are acknowledged in appendix VII.
Sincerely yours,
Richard M. Stana:
Director, Justice Issues:
Signed by Richard M. Stana:
[End of section]
Appendix I: Objectives, Scope, and Methodology:
Objectives:
In response to a request from Representative Sam Johnson, we developed
information on the following topics:
* Law enforcement results (such as examples of prosecutions and
convictions) under the federal Identity Theft and Assumption Deterrence
Act of 1998 (the ’Identity Theft Act“).
* Law enforcement results under state statutes that, similar to the
federal act, provide state and local law enforcement officials with the
tools to prosecute and convict identity theft criminals.
* The means used to promote cooperation or coordination among federal,
state, and local law enforcement agencies in addressing identity theft
crimes that span multiple jurisdictions.
* Actions taken by the Social Security Administration‘s Office of the
Inspector General (SSA/OIG) to resolve Social Security number (SSN)
misuse and other identity theft-related allegations received during
fiscal year 1999.
Scope and Methodology:
The following sections discuss the scope and methodology of our work in
addressing the respective topics.
Law Enforcement Results under the Federal Statute:
To determine what have been the law enforcement results under the
federal Identity Theft Act,[Footnote 19] we contacted various federal
agencies responsible for investigating and prosecuting this type of
crime. Specifically, we interviewed responsible officials and reviewed
documentation obtained from the Department of Justice‘s Criminal
Division, the Executive Office for United States Attorneys (EOUSA), the
Federal Bureau of Investigation (FBI), the Postal Inspection Service,
the Secret Service, and SSA/OIG. We reviewed available statistics on
number of investigations and prosecutions and obtained examples of
actual investigations and prosecutions under the federal statute.
Also, we conducted a literature search to identify studies, reports, or
other products--including congressional testimony statements--giving
examples of cases or other results under the federal Identity Theft
Act. In February 2002, we conducted a search of the LexisNexis
database.[Footnote 20] Our search was designed to retrieve only those
identity theft cases that specifically mentioned the federal statute--
that is, cases that cited 18 U.S.C. § 1028(a)(7). We summarized the
results of selected cases prosecuted under this statute. Our summary
(see app. II) is not intended to be a comprehensive listing of all
federal prosecutions under the 1998 federal statute.
Law Enforcement Results under State Statutes:
We contacted the Federal Trade Commission (FTC) to determine which
states had enacted specific laws related to identity theft. To
determine the availability of any national overview information
regarding law enforcement results under the states‘ identity theft
laws, we reviewed the offense categories included in the FBI‘s Uniform
Crime Reporting (UCR) Program,[Footnote 21] and we contacted the
National Association of Attorneys General, the National District
Attorneys Association, and the International Association of Chiefs of
Police.
For more detailed inquiries, we selected 10 states--Arizona,
California, Florida, Georgia, Illinois, Michigan, New Jersey,
Pennsylvania, Texas, and Wisconsin. We judgmentally selected these
states on the basis of having the highest incidences of reported
identity theft or the longest-standing applicable statutes.
Specifically, with one exception (New York), we selected each state
that had more than 2,500 complaints reported to FTC during November
1999 through September 2001 (see table 8). Also, some of the first
states to enact identity theft laws were Arizona (1996), California
(1997), and Wisconsin (1997). As indicated in table 7, the 10 states we
selected represent about 51 percent of the total number of complaints
received by the FTC during November 1999 through September 2001.
Table 7: Number of Identity Theft Complaints Received by FTC (Nov. 1999
through Sept. 2001) for Selected States:
States with more than 2,500 complaints[A]:
State: California; Number
ofcomplaints: 16,147;
Percentage: 17.2.
State: Texas; Number of
complaints: 6,775;
Percentage: 7.2.
State: Florida; Number of
complaints: 6,309;
Percentage: 6.7.
State: Illinois; Number of
complaints: 4,145;
Percentage: 4.4.
State: Michigan; Number of
complaints: 3,038;
Percentage: 3.2.
State: Pennsylvania;
Number of
complaints: 2,979;
Percentage: 3.2.
State: New Jersey; Number
of
complaints: 2,827;
Percentage: 3.0.
State: Georgia; Number of
complaints: 2,770;
Percentage: 2.9.
States with longest-standing statutes [B]:
State: Arizona; Number of
complaints: 2,049; Percentage: 2.2.
State: California
(included above); Number of
complaints: [Empty]; Percentage: [Empty].
State: Wisconsin; Number
of complaints: 1,016; Percentage: 1.1.
State: Subtotal; Number of
complaints: 48,055; Percentage: 51.1.
State: Other states and
the District of Columbia; Number of
complaints: 38,715; Percentage: 41.1.
State: Other locations or
not reported[C]; Number of
complaints: 7,330; Percentage: 7.8.
State: Total; Number of
complaints: 94,100; Percentage: 100.0.
[A] The only other state with more than 2,500 complaints was New York,
which accounted for 8,219 complaints during November 1999 through
September 2001. However, given the terrorist events of September 11,
2001, and the ongoing recovery efforts, we did not include New York in
our case study of selected states. In addition, at the time we
initiated our review, New York did not have a specific statute making
identity theft a crime.
[B] Mississippi possibly enacted the nation‘s first identity theft
statute (Miss. Code Ann. § 97-19-85), even though it was titled as a
’false pretenses“ statute rather than specifically labeled as an
’identity theft“ statute. Originally enacted in 1993, the statute was
amended in 1998 to include additional identifiers and increase
punishment from a misdemeanor to a felony.
[C] This category includes complaints from (1) victims who did not
report their location and (2) victims who reported from other
locations, such as Guam, Puerto Rico, the U.S. Virgin Islands, and
Canada.
Source: FTC Identity Theft Data Clearinghouse. Also, note ’b“ is based
on our analysis of the Mississippi statute and a follow-up discussion
with an official in the Mississippi Attorney General‘s Office.
[End of table]
In each of the 10 selected states, we attempted to contact officials in
the state‘s attorney general‘s office and in at least one local
jurisdiction (e.g, a county district attorney‘s office). We developed a
structured data collection instrument and distributed it to each of
these officials. The instrument was used to obtain information about
the respective state‘s specific identity theft statute, implementation
activities, relevant investigative and prosecutorial units, reports or
records of statistical results, examples of actual cases, and
observations on the usefulness or effectiveness of the statute. With
the exception of Arizona, the attorney general‘s office in each of the
10 selected states responded to our inquiries. Also, at least one local
official in each of the 10 states except Georgia responded to our
inquiries. Given the limited distribution of our data collection
instrument, the observations of the respondents cannot be viewed as
being representative of the entire law enforcement community in the
respective state. Table 8 lists the agencies we contacted in each of
the 10 selected states.
Table 8: State and Local Agencies Contacted in 10 States:
State: Arizona; State agency: Assistant Attorney General, Attorney
General‘s Office[A]; Local agency: Special Assistant Law Enforcement
Liaison, Maricopa County Attorney‘s Office; Sergeant, Document Crimes
Detail, Phoenix Police Department.
State: California; State agency: Deputy Attorneys General (2), Special
Crimes Unit, Attorney General‘s Office; Local agency: Deputy District
Attorney, High Technology Crimes Unit,; Los Angeles County District
Attorney‘s Office; Detective Supervisor, Identity Theft & Credit Card
Squad, Los Angeles Police Department,; Principal Criminal Attorney,
Sacramento County District Attorney‘s Office.
State: Florida; State agency: Special Counsel, Office of Statewide
Prosecution, Florida Department of Legal Affairs; Local agency:
Attorney, Dade County State Prosecutor‘s Office.
State: Georgia; State agency: Assistant Attorney General, Attorney
General‘s Office; Local agency: Deputy District Attorney, Fulton County
District Attorney‘s Office[A].
State: Illinois; State agency: Supervisor, Attorney General - Cook
County State‘s Attorney‘s Office[B]; Local agency: [Empty].
State: Michigan; State agency: Assistant Attorney General, Chief of
High Tech Crime Unit, Attorney General‘s Office; Local agency: Deputy
Prosecutor, Warrants & Investigations Unit, Oakland County Office of
the Prosecuting Attorney.
State: New Jersey; State agency: Deputy Attorney General, Attorney
General‘s Office; Local agency: Sergeant, Atlantic County Prosecutor‘s
Office.
State: Pennsylvania; State agency: Chief Deputy Attorney General,
Attorney General‘s Office; Local agency: Chief Deputy Attorney,
Economic & Cyber Crime Unit, Philadelphia District Attorney‘s Office.
State: Texas; State agency: Assistant Attorney General, Internet
Bureau, Attorney General‘s Office; Local agency: Assistant District
Attorney, Dallas County District Attorney‘s Office.
State: Wisconsin; State agency: Special Agent, Wisconsin Department of
Justice; Local agency: Deputy District Attorney, Dane County District
Attorney‘s Office.
[A] Did not respond to our inquiries.
[B] The Cook County State‘s Attorney‘s Office of the Illinois Attorney
General‘s Office was able to provide both a state and local perspective
on identity theft enforcement efforts.
Source: GAO summary.
[End of table]
Means Used to Promote Cooperation or Coordination among Federal, State,
and Local Law Enforcement Agencies in Addressing Identity Theft:
Our literature search and discussions with federal and state law
enforcement officials indicated that three principal means are used to
promote cooperation or coordination among all levels of law enforcement
in addressing identity theft crimes--law enforcement task forces with
multi-agency participation, the Attorney General‘s Identity Theft
Subcommittee, and FTC‘s Consumer Sentinel Network and Identity Theft
Data Clearinghouse database. We obtained examples of task forces
established by federal (Secret Service) and state (California and
Florida) leadership, respectively. The scope of our work did not
include assessing the effectiveness of these task forces.
Regarding the Identity Theft Subcommittee, we interviewed the Chairman-
-a leadership role vested in the Fraud Section of the Department of
Justice‘s Criminal Division--to obtain an overview of the
subcommittee‘s role, membership, activities, and accomplishments. For
the most part, in studying the subcommittee‘s role, we relied on
testimonial rather than documentary evidence. According to the
Chairman, there are no minutes of the subcommittee‘s monthly meetings
because the subcommittee is not an ’advisory“ entity as defined in
applicable sunshine laws. Also, the Chairman said that the subcommittee
has not produced any annual reports of its activities.
To obtain a broader understanding of the subcommittee‘s role, as well
as ways to potentially enhance that role, we contacted the designated
individuals who, respectively, represented six member organizations--
FBI, National District Attorneys Association, Postal Inspection
Service, Secret Service, Sentencing Commission, and SSA/OIG. Various
representatives offered suggestions for ways to potentially enhance the
subcommittee‘s role. These suggestions do not necessarily reflect the
consensus views of either the full subcommittee or the seven
representatives we contacted.
Also, the structured data collection instrument that we distributed to
law enforcement officials in the 10 selected states included a question
about the role, usefulness, and effectiveness of the Identity Theft
Subcommittee. As previously mentioned, given the limited distribution
of the data collection instrument, the observations of the respondents
cannot be viewed as being representative of the entire law enforcement
community in the respective state.
Regarding the Consumer Sentinel Network and the Identity Theft Data
Clearinghouse database, we interviewed responsible FTC staff and
reviewed available documentation, including law enforcement usage
statistics for January 2001 through March 2002. We reviewed the list of
federal, state, and local law enforcement agencies that, as of May 24,
2002, had entered into user agreements with FTC, pledging to abide by
applicable confidentiality rules when using the Consumer Sentinel
Network to access the Clearinghouse database.
Regarding usefulness of database information for law enforcement
purposes, we asked the Identity Theft Subcommittee Chairman for
examples (if any) of federal, state, or local success stories that had
been presented or discussed at the subcommittee‘s monthly meetings. We
discussed with FTC staff the extent to which Clearinghouse data have
been centrally analyzed to generate investigative leads and referrals.
Further, we inquired about FTC‘s plans for making the Clearinghouse
database more useful for law enforcement purposes.
Also, the structured data collection instrument that we distributed to
law enforcement officials in the 10 selected states included a question
about the usefulness of the Consumer Sentinel Network and the
Clearinghouse database. To reiterate, given the limited distribution of
the data collection instrument, the observations of the respondents
cannot be viewed as being representative of the entire law enforcement
community in the respective state.
SSA/OIG Actions to Resolve SSN Misuse and Other Identity Theft-Related
Allegations:
To obtain information about actions taken to resolve SSN misuse and
other identity theft-related allegations, we contacted officials from
the various components of SSA/OIG, including officials from the Office
of Investigations, the Office of Executive Operations, as well as the
Counsel to the Inspector General. We focused primarily on allegations
received during fiscal year 1999. However, to provide a trend
perspective and more currency, an official from the SSA/OIG‘s Office of
Executive Operations provided us annual allegation data for fiscal
years 1998 through 2001.
To determine the criteria used to establish which allegations are
selected for criminal investigation, we spoke with staff from the
Office of Investigation‘s Allegation Management Division, which
operates SSA/OIG‘s fraud hotline. Also, officials from SSA‘s Office of
Executive Operations provided us statistical information detailing the
number of criminal investigations that resulted from program fraud-
related allegations and the number that resulted from SSN misuse
allegations that did not involve SSA programs. Information was also
provided on how many of these criminal investigations produced a
criminal result, such as a fugitive felon being apprehended or an
individual being convicted and sentenced.
[End of section]
Appendix II: Examples of Cases Prosecuted under the Federal Identity
Theft Act:
This appendix summarizes selected federal cases prosecuted under the
Identity Theft and Assumption Deterrence Act of 1998. The relevant
section of this legislation is codified at 18 U.S.C. §
1028(a)(7)(’fraud and related activity in connection with
identification documents and information“). The cases summarized in
this appendix are not intended to be a comprehensive listing of all
federal prosecutions under the 1998 federal statute. As mentioned in
appendix I, we identified these cases by conducting a search of the
LexisNexis database in February 2002. Our search was designed to
retrieve only those identity theft cases that specifically mentioned
the federal statute--that is, cases that cited 18 U.S.C. § 1028(a)(7).
The following summaries of five cases prosecuted in U.S. district
courts illustrate that identity theft generally is not a stand-alone
crime. Rather, identity theft typically is a component of one or more
other white-collar or financial crimes, such as bank fraud, credit card
or access device fraud, or mail fraud.
Illinois, Northern District, Eastern Division:
In early 2001, a defendant was charged in a six-count indictment with
bank fraud (counts 1, 2, and 3), possession of a counterfeit check
(count 4), interstate transportation of a counterfeit check (count 5),
and use of another person‘s SSN with intent to commit a state felony
(count 6). In May 2001, the defendant pleaded guilty to counts 1 and 6
pursuant to a written plea agreement, and the remaining counts were
dismissed. The district court sentenced the defendant to concurrent 46-
month prison terms for offense conduct under the Identity Theft Act, 18
U.S.C. § 1028(a)(7)--using another person‘s SSN with intent to commit a
crime--and under 18 U.S.C. § 1344 (bank fraud). U.S. v. Burks, No. 01-
3313, 2002 U.S. App. Lexis 2387 (7th Cir. Feb. 11, 2002).
Michigan, Western District, Southern Division:
This was a consolidated case involving three separate actions, in which
three plaintiffs each alleged liability against the defendant car
dealership, whose salesman/employee committed criminal acts.
Specifically, the salesman/employee wrongly obtained credit reports for
the plaintiffs, without their consent, and then used the reports to
secure financing for car sales or leases for applicants with bad credit
histories. The salesman/employee was convicted on a federal fraud
criminal charge under 18 U.S.C. § 1028(a)(7). Also, the plaintiffs
established liability against the dealership for intentional violation
of the Fair Credit Reporting Act. Benjamin Adams v. Berger Chevrolet,
Inc., No. 1:00-CV-225, 1:00-CV-226, and 1:00-CV-228, 2001 Dist. Lexis
6174 (W.D. Mich. May 7, 2001).
North Carolina, Eastern District:
A defendant was charged with stealing mail from residential mailboxes,
using information from personal checks to create counterfeit checks and
fraudulent driver‘s licenses, and negotiating the counterfeit checks at
numerous banks in North Carolina using the fraudulent licenses as
identification. The defendant pled guilty to:
* one count of using false identification documents, 18 U.S.C. §
1028(a)(7);:
* five counts of producing false identification documents, 18 U.S.C. §
1028(a)(1); and:
* three counts of possession of stolen mail, 18 U.S.C. § 1708.
The defendant was sentenced to a term of 63 months of imprisonment.
U.S. v. Hooks, No. 99-4754, 2000 U.S. App. Lexis 2388 (4th Cir. Sept.
14, 2000).
Ohio, Southern District:
In May 2000, following a bench trial, the district court found a
defendant guilty of the following violations:
* using the identification of another with intent to commit unlawful
activity, 18 U.S.C. § 1028(a)(7);:
* possessing false identification with intent to defraud the United
States, 18 U.S.C. § 1028(a)(4);
* furnishing false information to the Commissioner of Social Security,
42 U.S.C. § 408(a)(6);
* fraud and misuse of an entry document, 18 U.S.C. § 1546, and;
* making a false statement to an agency of the United States, 18 U.S.C.
§ 1001.:
The court sentenced the defendant to 6 months of imprisonment, plus 3
years of supervised release. U.S. v. Balde, No. 00-4070, 2001 U.S. App.
Lexis 23741 (6th Cir. Oct. 26, 2001).
Wisconsin, Eastern District:
* A defendant pleaded guilty to using another person‘s SSN to commit
fraud, 18 U.S.C. § 1028(a)(7); using unauthorized credit cards, 18
U.S.C. § 1029(a)(2); and issuing a false SSN, 42 U.S.C. § 408(a)(7)(B).
* The defendant was sentenced to 36 months of imprisonment. U.S. v.
Lippold, No. 00-2868, 2001 U.S. App. Lexis 15126 (7th Cir. July 2,
2001).
[End of section]
Appendix III: Identity Theft Subcommittee Membership:
This appendix presents a membership overview (see table 9) of the
Identity Theft Subcommittee, which was established by the U.S. Attorney
General‘s White Collar Crime Council in 1999, following passage of the
Identity Theft and Assumption Deterrence Act of 1998.
Table 9: List of Federal Agencies and National Organizations
Represented on the Identity Theft Subcommittee:
Participating agencies and organizations: Federal agencies; Department
of Justice:; Executive Office for United States Attorneys; Federal
Bureau of Investigation; Fraud Section Criminal Division[A];
Immigration and Naturalization Service; Office of Consumer Litigation;
Office of Policy and Legislation, Criminal Division; Tax Division; U.S.
Trustees Program; ; Department of State:; Bureau of Diplomatic
Security; ; Department of the Treasury:; Internal Revenue Service;
Office of Enforcement; Treasury Inspector General for Tax
Administration; Secret Service; ; Federal Trade Commission; ; Postal
Inspection Service; ; Sentencing Commission; ; Social Security
Administration, Office of the Inspector General; ; Regulatory
agencies:; Federal Deposit Insurance Corporation; Office of the
Comptroller of the Currency.
Participating agencies and organizations: National organizations:;
International Association of Chiefs of Police; National Association of
Attorneys General; National District Attorneys Association.
[A] A Deputy Chief of the Fraud Section serves as chair of the
subcommittee.
Source: U.S. Department of Justice, Criminal Division.
[End of table]
As table 9 indicates, in addition to federal law enforcement and
regulatory agencies, subcommittee membership has state and local
representation through three national organizations:
* International Association of Chiefs of Police. The association‘s
goals, among others, are to advance the science and art of police
services; develop and disseminate improved administrative, technical,
and operational practices and promote their use in police work; and
foster cooperation and exchange of information and experience among
police administrators.
* National Association of Attorneys General. A goal of the association-
-whose membership includes the attorneys general and chief legal
officers of the 50 states, the District of Columbia, the Commonwealth
of Puerto Rico, and associated territories--is to promote cooperation
and coordination on interstate legal matters in order to foster a
responsive and efficient legal system for state citizens.
* National District Attorneys Association. A purpose of the association
is to promote the continuing education of prosecuting attorneys by
various means, such as arranging seminars and fostering periodic
conventions or meetings for the discussion and solution of legal
problems affecting the public interest in the administration of
justice. Among other sources, training is offered at the National
Advocacy Center--located on the campus of the University of South
Carolina in Columbia--which is a joint venture of the association and
the U.S. Department of Justice.
[End of section]
Appendix IV: Law Enforcement Agencies with Access to Identity Theft
Data
Clearinghouse Via Consumer Sentinel:
In response to a provision in the Identity Theft and Assumption
Deterrence Act of 1998, FTC established the Identity Theft Data
Clearinghouse in November 1999 to gather information from any consumer
who wishes to file a complaint or pose an inquiry concerning identity
theft. Federal, state, and local law enforcement agencies may access
the Clearinghouse database via a secure link in FTC‘s Consumer Sentinel
Network.
The Consumer Sentinel Web site was initially established in 1997 to
track telemarketing or mass-market fraud complaints received by FTC.
With the passage of the Identity Theft Act, FTC added a link in the
Consumer Sentinel to allow law enforcement agencies access to the
Identity Theft Data Clearinghouse database. In order to gain access to
the secure Web site, agencies must sign a confidentiality agreement.
Only domestic law enforcement agencies are permitted to have access to
the detailed information in the Clearinghouse database. Other domestic
government agencies, consumer reporting agencies, and private entities
are permitted limited access to overall or aggregate information. Also,
at www.consumer.gov/sentinel, the general public can view macro-level
information (e.g., overall statistics by states or cities) that FTC
maintains on general fraud and identity theft matters.
As of May 24, 2002, a total of 352 law enforcement agencies (46 federal
and 306 state and local) had entered into agreements with FTC to have
access to the Identity Theft Data Clearinghouse via the secure link in
the Consumer Sentinel. The following is a list of the 352 agencies.
Federal Agencies: 46:
Air Force Judge Advocate General
Army Legal Assistance
Army Judge Advocate General
Coast Guard
Commodity Futures Trading Commission
Consumer Product Safety Commission
Customs Service
Department of Defense Criminal Investigative Service
Department of Justice, Consumer Litigation, Civil Division
Department of Justice, Fraud Section, Criminal Division
Federal Bureau of Investigation
Federal Deposit Insurance Corporation, Inspector General
Federal Trade Commission
Food and Drug Administration
General Services Administration, Inspector General
Internal Revenue Service, Criminal Investigations
Marine Corps, Office of Legal Assistance
Navy Judge Advocate General
Nuclear Regulatory Commission, Inspector General
Postal Inspection Service
Probation Office, District of Massachusetts
Secret Service
Small Business Administration, Inspector General
Social Security Administration Inspector General
State Department, Bureau of Diplomatic Security,
Criminal Investigations Division
Treasury IG for Tax Administration
U.S. Attorney Offices
California, Eastern District
California, Southern District
Colorado
Florida, Northern District
Iowa, Southern District
Louisiana, Middle District
Minnesota
Missouri, Western District
New Hampshire
New York, Eastern District
New York, Southern District
New York, Western District
North Carolina, Eastern District
Oregon
Pennsylvania, Eastern District
Pennsylvania, Western District
Washington D.C.
Washington, Eastern District
West Virginia, Southern District
U.S. Trustees, Executive Office:
State and Local Agencies: 306:
Alabama: 3
Attorney General
Homewood Police Department
Mountain Brook Police Department:
Alaska: 3:
Division of Banking, Securities, and Corporations
State Troopers
Division of Insurance:
Arizona: 2:
Attorney General
Corporation Commission:
Arkansas: 2:
Conway Arkansas Police Department
Insurance Fraud Investigation Division:
California: 45:
Attorney General
Arcadia Police Department
Anaheim Police Department
Bakersfield Police Department
Beverly Hills Police Department
Chino Police Department
Claremont Police Department
Clayton Police Department
Coronado Police Department
Davis Police Department
Department of Corporations
Fresno Police Department
Glendora Police Department
Huntington Beach Police Department
La Mesa Police Department
Los Angeles City Attorney
Los Angeles County District Attorney
Los Angeles County Sheriff
Marin County District Attorney, Consumer Protection Unit
Merced County District Attorney‘s Office
Monterey County District Attorney
Morro Bay Police Department
Napa County District Attorney
Napa Sheriff‘s Office
Novato Police Department
Orange County District Attorney
Orange County Sheriff
Palo Alto Police Department
Placer County Sheriff‘s Department
Pomona Police Department
Riverside County District Attorney
Roseville Police Department
Sacramento County District Attorney‘s Office
Sacramento County Sheriff
San Bernardino County District Attorney
San Carlos Police Department
Santa Cruz Sheriff Office
San Diego District Attorney
San Diego Police Department
San Francisco Police Department
San Luis Obispo County District Attorney
Santa Barbara County District Attorney
Signal Hill Police Department
Solano County District Attorney
Ventura County District Attorney:
Colorado: 7:
Attorney General
Bureau of Investigation
District Attorney 4th Judicial District
District Attorney 8th Judicial District
Douglas County Sheriff
Jefferson County Sheriff
Pueblo County District Attorney:
Connecticut: 5:
Attorney General
Department of Banking
Department of Consumer Protection
Naugatuck Police Department
New Britain Police Department:
Delaware: 1:
New Castle Police Department:
District of Columbia: 2:
Corporation Counsel
Department of Insurance and Securities:
Florida: 17:
Attorney General
Altamonte Springs Police Department
City of Panokee Police Department
Comptroller Department of Banking and Finance
Coral Gables Police Department
Davie Police Department
Daytona Beach Police Department
Department of Law Enforcement
Fort Lauderdale Police Department
Miami-Dade Police Department, High-Tech Crime Squad
Office of Statewide Prosecution
Office of the State Attorney, 10th Judicial Circuit
Office of the State Attorney, 13th Judicial Circuit
Orange County Consumer Fraud Unit
Palm Beach County Sheriff
Panama City Police Department
Stuart Police Department:
Georgia: 5:
Attorney General
Bureau of Investigation
College Park Police Department:
DeKalb County Solicitor General
Governor‘s Office of Consumer Affairs:
Hawaii: 1:
Office of Consumer Protection:
Idaho: 1:
Attorney General:
Illinois: 10:
Attorney General
Bloomington Police Department
Cook County State‘s Attorney‘s Office
Flossmoor Police Department
Minier Police Department
Ogle County State‘s Attorney‘s Office
Orlando Park Police Department
Schaumburg Police Department
Securities Department
Will County State‘s Attorney:
Indiana: 8:
Attorney General
Bartholomew County Sheriff
Brown County Sheriff
Fishers Police Department
Fountain City Prosecuting Attorney
Indianapolis Police Department
Martin County Sheriff
Tipton Police Department:
Iowa: 5:
Le Mars Police Department
Manson Police Department
Marshalltown Police Department
Newton Police Department
Polk County Attorney‘s Office:
Kansas: 2:
Johnson County District Attorney
Securities Commissioner:
Kentucky: 4:
Attorney General
Berea Police Department
Bowling Green Police Department
Public Service Commission:
Louisiana: 4:
Department of Justice
State Police
Lafayette Parish Sheriff‘s Office
Union Parish Sheriff:
Maryland: 9:
Attorney General
Baltimore City Police Department
Baltimore County Police Department
Hartford County State‘s Attorney‘s Office
Howard County Consumer Affairs
Hyattsville Police Department
Montgomery County Consumer Affairs
Montgomery County States Attorney
Talbot County Sheriff:
Massachusetts: 2:
Attorney General
Boston Police Department Intelligence Unit:
Michigan: 9:
Attorney General
Burton Police Department
Genesee County Sheriffs Department
Houghton City Police Department
Houghton County Sheriff
Lansing Police Department
Livingston County Sheriff‘s Office
Meridan Township Police Department
South Lyon Police Department:
Minnesota: 8:
Attorney General
Department of Commerce
State Patrol
Brooklyn Center Police Department
Edina Police Department
Maplewood Police Department
Oak Park Heights Police Department
Ramesy County Attorney‘s Office:
Missouri: 7:
Attorney General
Manchester Police Department
Secretary of State, Securities Division
St. Charles Police Department
St. Francois County Sheriff
St. Peters Police Department
Taney County Sheriff:
Montana: 3:
Attorney General
State Auditor
Department of Administration, Office of Consumer Protection:
Nebraska: 2:
Attorney General
Department of Banking and Finance:
Nevada: 3:
Attorney General
Elko Police Department
Secretary of State:
New Hampshire: 1:
Attorney General:
New Jersey: 12:
Attorney General
Cape May County Prosecutor
Clifton Township Police Department
Dover Turnpike Police Department
Jefferson Township Police
Marlboro Township Police Department
Maywood Police Department
Middlesex County Prosecutor
Moorestown Township Police Department
Piscataway Township Police Department
Somerset County Department of Consumer Affairs
Union County Prosecutor:
New Mexico: 1:
Securities Division:
New York: 8:
Attorney General
Cheektowaga Police Department
Clinton County District Attorney
Lancaster Village Police Department
Nassau County District Attorney
Rockland County Sheriff
Rouses Point Police Department
State Police:
North Carolina: 11:
Chowan County Sheriff‘s Office
Department of Justice
Gaston County Police Department
Hickory Police Department
Nash County Sheriff Office
Mooresville Police Department
Mt. Gilead Police Department
Raleigh Police Department
Pinehurst Police Department
Union County Sheriff‘s Office
Winston-Salem Police Department:
Ohio: 10:
Attorney General
Beachwood Police Department
Brunswick Police Department
Cheviot Police Department
Clayton Police Department
Division of Securities
Findlay Police Department
Mentor-on-the-Lake Police Department
Wickliffe Police Department
Willoughby Police Department:
Oklahoma: 3:
Attorney General
Purcell Police Department
Portland Police Bureau:
Oregon: 2:
Douglas County Sheriff Office
Medford Police Department:
Pennsylvania: 10:
Attorney General
Allegheny County Police Department
Duryea Police Department
Easttown Township Police Department
Lower Allen Township Police Department
Lower Makefield Township Police Department
Philadelphia Police Department
West Whiteland Township Police Department
Wyomissing Police Department
York Police Department:
Rhode Island: 3:
Attorney General
Securities Division
State Police:
South Carolina: 5:
Charleston Police Department
City of North Charleston Police Department
Myrtle Beach Police Department
Real Estate Commission
Secretary of State:
South Dakota: 2:
Attorney General
South Dakota Securities Commission:
Tennessee: 11:
Bartlett Police Department
Bristol Police Department
Franklin Police Department
La Vergne Police Department
Marshall County Sheriff‘s Office
Millington Police Department
Munford Police Department:
Regulatory Authority
Rutherford County Sheriff‘s Office
Smyrna Police Department
Tipton County Sheriff‘s Office:
Texas: 17:
Attorney General
Allen Police Department
Coppell Police Department
Copperas Cove Police Department
Dallas County District Attorney‘s Office
Dallas Police Department
Department of Public Safety
Department of Insurance
Fort Bend County Sheriff Office
Garland Police Department
Grapevine Police Department
Missouri City Police Department
North Richland Hills Police Department
Richardson Police Department
San Antonio Police Department
Travis County District Attorney
Wichita Falls Police Department:
Utah: 5:
Attorney General
Cedar City Police Department
Department of Commerce, Consumer Protection Division
Midvale City Police Department
Utah County Attorney‘s Office:
Vermont: 4:
Attorney General
Caledonia County Sheriff‘s Department
Essex Police Department
Rutland County Sheriff:
Virginia: 10:
Attorney General
Alexandria Police Department
Arlington County Police Department
Fairfax City Dept. of Telecom and Consumer Services
Fredricksburg Police Department
Lynchburg Police Department
State Police
Virginia Beach Commonwealth Attorney
Virginia Beach Police Department
William and Mary Police Department:
Washington: 7:
Attorney General
Grays Harbor County Sheriff
Lynnwood Police Department
Mount Vernon Police Department
Poulsbo Police Department
Securities Division
Tumwater Police Department:
Wisconsin: 10:
Attorney General, Department of Justice
Department of Financial Institutions
Department of Agriculture, Trade, and Consumer Protection
Greenfield Police Department
Monona Police Department
Monroe Police Department
New Berlin Police Department
River Falls Police Department
University of Wisconsin-Madison Police Department
Waukesha County Sheriff:
Wyoming: 2:
Attorney General
District Attorney 1st District:
[End of section]
Appendix V: Military-Related Identity Theft Cases and Plans for Soldier
Sentinel System:
This appendix (1) gives examples of identity theft cases that have a
military connection, for example, cases that affect uniformed personnel
and (2) discusses plans for establishing Soldier Sentinel, an online
system designed specifically to collect consumer and identity theft
complaint information from members of the armed forces and their
families.
Examples of Military-Related Identity Theft Cases:
Due to various factors, members of the armed services may be more
susceptible than the general public to identity theft. For instance,
given their mobility, service members may have bank, credit, and other
accounts in more than one state and even overseas. At times, service
members may be deployed to locations far away from family members,
which can increase dependence on credit cards, automatic teller
machines, and other remote-access financial services. For these same
reasons, while any victim of identity theft can face considerable
problems, the rigors of military life can compound problems encountered
by uniformed personnel and family members who are victimized.
We found no comprehensive or centralized data on the number of
military-related identity theft cases. For instance, in response to our
inquiry, an official with the Defense Criminal Investigative
Service[Footnote 22] told us the agency‘s case information system
cannot specifically isolate and quantify the number of identity theft
cases. However, in conducting a literature search, we found various
examples of military-related identity theft cases, including the
following:
* One case involved over 100 victims, each a high-ranking military
official. In this case, according to multi-agency task force results
reported by the Social Security Administration‘s Office of the
Inspector General (SSA/OIG) for fiscal year 2000, two perpetrators used
the Internet to obtain the names and SSNs of the military officials.
Then, the perpetrators used the personal information to fraudulently
obtain credit cards. According to the SSA/OIG, the case culminated with
the perpetrators being incarcerated and ordered to pay restitution of
over $287,000 to the companies that were victimized by the scheme.:
* Another case, reported in January 2002 by the Army News Service,
involved a perpetrator who was caught trying to cash a $9,000 check
drawn on the bank account of a Navy retiree. During the subsequent
investigation, the perpetrator‘s laptop computer was found to contain
several thousand military names, SSNs, and other information. The
common link among the military veterans on the list was that, in
accordance with a once-common practice, they all had filed their
military discharge form (Department of Defense Form 214) with their
local county courthouse in order to ensure always being able to have a
certified copy available to receive Veterans Administration benefits.
The Form 214 contains an individual‘s SSN and birth date, and the
document becomes a public record after being filed; some courthouses
have even put this information online. Now, according to the news
story, the military‘s transition counselors are advising soldiers to
not file discharge forms with county courthouses but rather to
safeguard any documents that have personal identification information.
* In a recent (April 17, 2002), press release, the Defense Criminal
Investigative Service announced the arrest of a suspect for alleged
violations involving one count of identity theft and one count of using
a false SSN. Between November 1999 and October 2001, the suspect
allegedly assumed the SSN of four different persons. The suspect
represented himself as a major with the U.S. Army and conducted
fraudulent schemes to obtain a 2001 Nissan truck, a 2002 Mercedes Benz,
and a 2002 Jaguar. In addition to the Defense Criminal Investigative
Service, two other federal law enforcement agencies (the FBI and the
SSA/OIG) and one local agency (St. Tammany Parish Sheriff‘s Office,
Louisiana) participated in the investigation. Prosecution of the case
is to be handled by the U.S. Attorney‘s Office, Eastern District of
Louisiana.
Plans to Establish the Soldier Sentinel System:
In January 2001, FTC and the Department of Defense announced the
signing of a memorandum of understanding to create an online system
(Soldier Sentinel) designed specifically to collect consumer and
identity theft complaints from the members of the armed forces and
their families. Among other purposes, the system is to provide the
military community a convenient way to file complaints directly with
law enforcement officials. Also, the Department of Defense and its
component services are to use the data collected to shape consumer
education and protection policies at all levels within the military.
Plans call for Soldier Sentinel to mirror the FTC‘s Consumer Sentinel
system, which provides secure, password-protected access to a consumer
complaint database and other tools designed to allow law enforcement to
share data about fraud. Also, the Soldier Sentinel agreement allows the
Department of Defense and the component services to collect, share, and
analyze specific service-related information.
In April 2002, FTC staff told us that the Soldier Sentinel was not yet
operational but was anticipated to be online during the summer of 2002.
[End of section]
Appendix VI: Comments from the Department of Justice:
U.S. Department of Justice:
JUN 19 2002:
Washington D.C. 20530:
Mr. Richard M. Stana Director, Justice Issues U.S. General Accounting
Office 441 G Street, NW Washington, DC 20548:
Dear Mr. Stana:
On June 5, 2002, the General Accounting Office (GAO) provided the
Department of Justice copies of its draft report entitled ’IDENTITY
THEFT: Greater Awareness and Use of Existing Data Are Needed“ and
requested its comments on the substance of the report. The Department
generally agrees with the substance of the GAO draft report and its
recommendation to promote greater use of available information sources
to combat identity theft. We are providing additional information
concerning our efforts to address this issue.
In its draft report, the GAO recommends ’that the Attorney General have
the Identity Theft Subcommittee promote greater awareness and use of
the Consumer Sentinel Network and the Clearinghouse database by all
levels of law enforcement - federal, state and local.“ The Department
agrees that the Subcommittee should continue its efforts to facilitate
the dissemination of information about Consumer Sentinel and the
database to all levels of law enforcement. On an ongoing basis, the
Subcommittee is continuing to do so through training programs for
federal prosecutors at the National Advocacy Center, information
bulletins on the Department of Justice‘s intranet, and regular meetings
of other interagency working groups that the Department chairs. The
Subcommittee also will consult with state and local law enforcement
representatives on the Subcommittee to identify additional mechanisms
for informing police departments and sheriffs‘ offices about Consumer
Sentinel. In addition, the Federal Trade Commission (FTC), the U.S.
Secret Service, and the Department have already been conducting a
series of regional training conferences on identity theft this year in
five locations around the country, and are exploring the idea of
conducting an expanded series of regional training seminars on identity
theft in calendar year 2003.
In this regard, the Department also notes that in the regional training
seminars cosponsored with the FTC and the Secret Service, it has
included specific training about Consumer Sentinel and the identity
theft database and has advocated that law enforcement agencies make
full use of existing multiagency task forces that address identity
theft. While many smaller police departments and sheriff‘s offices may
not have their own computers to maintain Internet access to Consumer
Sentinel, their participation in these multiagency task forces can
enable them to make use of Consumer Sentinel and the identity theft
database in identity theft investigations.
Further, as part of its efforts to inform the public about identity
theft and ensure that courts are meting out appropriate criminal
sanctions for offenses involving identity theft, the Department
recently has taken two significant steps. First, on May 2, 2002,
Attorney General Ashcroft announced a nationwide ’sweep“ of federal
identity theft prosecutions. In that sweep, 73 criminal prosecutions
were brought against 135 individuals in 24 districts, including 25 new
prosecutions in the 24 hours preceding the announcement. Further
details are set forth in the prepared remarks of the Attorney General
at http://www.usdoj.gov/ag/speeches/2002/
050202agidtheftranscript.httn. Second, also on May 2, 2002, the
Attorney General announced that the Department would seek legislation
to increase criminal sentences in identity theft-related federal cases,
including a new provision for aggravated identity theft and expansion
of the existing provisions of 18 U.S.C. § 1028(a)(7). On May 22, 2002,
Senator Feinstein introduced this proposal as S. 2541.
We believe that these efforts will address the GAO recommendation. If
you should have any questions concerning the Department‘s comments you
may contact Vickie L. Sloan, Director, Audit Liaison Office, Justice
Management Division on 202-514-0469.
Sincerely,
Robert F. Diegelman:
Acting Assistant Attorney General for Administration:
Signed by Robert F. Diegelman:
[End of section]
Appendix VII: GAO Contacts and Staff Acknowledgments:
GAO Contacts:
Richard M. Stana, (202) 512-8777
Danny R. Burton (214) 777-5600:
Staff Acknowledgments:
In addition to the above, David P. Alexander, Shirley A. Jones, Jan B.
Montgomery, Tim Outlaw, Robert J. Rivas, and Richard M. Swayze made key
contributions to this report.
[End of section]
FOOTNOTES:
[1] U.S. General Accounting Office, Identity Fraud: Information on
Prevalence, Cost, and Internet Impact is Limited, GAO/GGD-98-100BR
(Washington, D.C.: May 1, 1998) and Identity Fraud: Prevalence and Cost
Appear to be Growing, GAO-02-363 (Washington, D.C.: Mar. 1, 2002).
[2] Public Law 105-318 (1998).
[3] United States Sentencing Commission, Economic Crimes Policy Team,
Identity Theft Final Report (Washington, D.C.: Dec. 15, 1999).
[4] Many state statutes provide that identity theft of credit, money,
goods, services, or other property over certain amounts is a felony.
Under the specified amounts, the offense would be a criminal
misdemeanor.
[5] SSA/OIG, Management Advisory Report - Analysis of Social Security
Number Misuse Allegations Made to the Social Security Administration‘s
Fraud Hotline (A-15-99-92019, Aug. 1999).
[6] GAO-02-36 3.
[7] Prepared statement of Mr. Bruce Swartz, Deputy Assistant Attorney
General, Criminal Division, U.S. Department of Justice, for a hearing
(’On-line Fraud and Crime: Are Consumers Safe?“) before the
Subcommittee on Commerce, Trade, and Consumer Protection, House
Committee on Energy and Commerce (May 23, 2001).
[8] The UCR Program is a nationwide, cooperative statistical effort of
nearly 17,000 city, county, and state law enforcement agencies
voluntarily reporting data on crimes brought to their attention.
According to the FBI, during 2000, law enforcement agencies active in
the UCR Program represented nearly 254 million U.S. inhabitants, or 94
percent of the total population as established by the Bureau of the
Census.
[9] We judgmentally selected these states on the basis of their having
either the highest incidences of reported identity theft or the
longest-standing applicable statutes (see app. I).
[10] According to a California deputy attorney general, the state‘s
identity theft statute was amended in 2000 to remove certain language
(i.e., ’without the authorization“) in order to cover cases where
victims give information willingly (e.g., to car rental companies), but
the information is later used for unlawful purposes.
[11] The Oakland County Prosecuting Attorney‘s Office is located in
Pontiac, Michigan. According to a deputy prosecutor, investigations of
crimes are handled by each of the 42 local police departments in the
county.
[12] First interim report of the Sixteenth Statewide Grand Jury,
Statewide Grand Jury Report - Identity Theft in Florida, in the Supreme
Court of the State of Florida (Case No. SC 01-1095, Jan. 10, 2002).
Members of the Sixteenth Statewide Grand Jury were empaneled by the
Florida Supreme Court at the request of the state‘s governor to
investigate and address identity theft-related issues as they occur in
Florida.
[13] As discussed in more detail later in this report, the subcommittee
was established in 1999 to foster coordination of investigative and
prosecutorial strategies and promote consumer education programs.
[14] Of the 38 task forces, the Secret Service categorized 24 as being
financial crimes task forces, 4 as West African organized crime task
forces, 9 as electronic crimes task forces, and 1 as a violent crimes
task force. According to Secret Service officials, investigations
conducted by each the 38 task forces can include identity theft-related
cases, although none of the 38 focuses solely or exclusively on such
cases.
[15] Prepared statement of Mr. Bruce Townsend, Special Agent in Charge,
Financial Crimes Division, U.S. Secret Service, for a hearing (’On-line
Fraud and Crime: Are Consumers Safe?“) before the Subcommittee on
Commerce, Trade, and Consumer Protection; House Committee on Energy and
Commerce (May 23, 2001).
[16] The examples are excerpts from news releases made by Florida‘s
Office of Statewide Prosecution. Generally, the news releases noted
that charges are merely accusations and arrested defendants are
presumed innocent until and unless the charges are proven beyond a
reasonable doubt.
[17] Prepared statement of the FTC, Identity Theft: the FTC‘s Response,
before the Subcommittee on Technology, Terrorism and Government
Information, Senate Judiciary Committee (Mar. 20, 2002).
[18] Further, as discussed in appendix V, FTC and the Department of
Defense have agreed to establish Soldier Sentinel, an online system
designed specifically to collect consumer and identity theft complaint
information from members of the armed forces and their families.
[19] The relevant section of this legislation is codified at 18 U.S.C.
§ 1028(a)(7) (’fraud and related activity in connection with
identification documents and information“).
[20] LexisNexis provides a researchable database service, which
includes legal documents (federal and state laws, regulatory
information, and court decisions), news, public records, and business
information via on-line, hardcopy print, and CD-ROM formats.
[21] The UCR Program is a nationwide, cooperative statistical effort of
nearly 17,000 city, county, and state law enforcement agencies
voluntarily reporting data on crimes brought to their attention.
According to the FBI, during 2000, law enforcement agencies active in
the UCR Program represented nearly 254 million U.S. inhabitants, or 94
percent of the total population as established by the Bureau of the
Census.
[22] The Defense Criminal Investigative Service is the investigative
arm of the Department of Defense‘s Office of the Inspector General.
GAO‘s Mission:
The General Accounting Office, the investigative arm of Congress,
exists to support Congress in meeting its constitutional
responsibilities and to help improve the performance and accountability
of the federal government for the American people. GAO examines the use
of public funds; evaluates federal programs and policies; and provides
analyses, recommendations, and other assistance to help Congress make
informed oversight, policy, and funding decisions. GAO‘s commitment to
good government is reflected in its core values of accountability,
integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through the Internet. GAO‘s Web site ( www.gao.gov ) contains
abstracts and full-text files of current reports and testimony and an
expanding archive of older products. The Web site features a search
engine to help you locate documents using key words and phrases. You
can print these documents in their entirety, including charts and other
graphics.
Each day, GAO issues a list of newly released reports, testimony, and
correspondence. GAO posts this list, known as ’Today‘s Reports,“ on its
Web site daily. The list contains links to the full-text document
files. To have GAO e-mail this list to you every afternoon, go to
www.gao.gov and select ’Subscribe to daily E-mail alert for newly
released products“ under the GAO Reports heading.
Order by Mail or Phone:
The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or
more copies mailed to a single address are discounted 25 percent.
Orders should be sent to:
U.S. General Accounting Office
441 G Street NW,
Room LM Washington,
D.C. 20548:
To order by Phone:
Voice: (202) 512-6000:
TDD: (202) 512-2537:
Fax: (202) 512-6061:
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov
Automated answering system: (800) 424-5454 or (202) 512-7470:
Public Affairs:
Jeff Nelligan, managing director, NelliganJ@gao.gov (202) 512-4800 U.S.
General Accounting Office, 441 G Street NW, Room 7149 Washington, D.C.
20548: