San Diego Greg Cook, a ham radio enthusiast who runs his own computer networking business, places the police scanner on the table next to my coffee cup. "If I leave it on while we talk," he tells me, "a cop might radio in somebody's social security number." No sooner does Cook turn on the scanner than a police officer can be heard giving a man's name, address, California driver's license number, date of birth -- and social security number. Several more times during our conversation the same scenario catches our attention, sometimes with the social security number included, sometimes without it.
"Having your name, address, license number, and social security number broadcast on police radio can happen to anyone," says Cook, who twice in his life has aroused San Diego police suspicions that he was someone else. The first time occurred in the late 1980s. In that incident, according to Cook, police distinguished him from the man they were seeking after taking him downtown for questioning. Today he doesn't remember whether they asked for his social security number.
On December 6, however, the 41-year-old Cook's social security number became a bone of contention with San Diego police sergeant Chris Sarot, who detained him at 12:30 a.m. on a hilltop lookout off El Mac Place in Point Loma. For about two minutes before Sarot arrived Cook says he had been playing with his car radio at the site, which is an especially good place to pick up many frequencies, including Los Angeles stations and a local pirate FM station. The site also overlooks the Pacific Ocean and Point Loma Nazarene University. "Sometimes so many cars are up there that I leave because I can't find a place to park," Cook tells me, "but on that night I was the only car there."
Cook says he had no clue why the police wanted to approach him. "I was only sitting there, and my license tags were up to date," he says. "But I do have a very common name, and I think that's the reason police in the past have confused me with people they have warrants on."
Officer Sarot handcuffed Cook during the detention and gave him a hard time for having a flashlight and scanner in his car. The scanner was still in his backpack, says Cook. During questioning, when Sarot demanded his social security number, Cook had a request. Could the officer send the number to headquarters on the patrol car's mobile computer terminal rather than over his unsecured radio? At that point, Cook says, Sarot replied "belligerently" that he would not return to his patrol car just to avoid broadcasting the social security number.
Sarot then used the police radio to call all of Cook's personal identification information into headquarters. "He ran me for local, state, and national warrants," Cook says. "It turned out there were two Greg Cooks with outstanding warrants. One turned up in the national search, though I didn't get what state he lived in. In the end, the driver's licenses, physical descriptions, and dates of birth were different than mine." Cook was cleared.
Sergeant Sarot later tells me by phone that he first spotted Cook illegally parked. The officer says he also became concerned about how late Cook was sitting "alone on his truck's passenger side" in a residential neighborhood. Sarot defends his refusal to transmit Cook's social security number over his computer by saying that the police radio is secure enough. The technology is such, he says, that people with scanners outside the system can get only "bits and pieces" of conversation from the radio.
But Sarot is "only half right," according to Cook. The police radio is on a "trunking system," he tells me, which causes frequencies to keep changing, making it impossible for conventional scanners to stay with them. But "trunk tracker" scanners are capable of tracking one channel. That explains why on the night I met him Cook and I were able to listen to steady streams of police radio conversation.
In the days after the incident, Cook contacted the police department's division of internal affairs and was promised a meeting to air his complaints. He also called three credit bureaus to have them put an identity-theft warning in his files. Experience taught him to do so. In 1994, he says, his California driver's license number was stolen and used to commit a crime. Police originally suspected Cook but later implicated a store clerk who then was prosecuted and convicted in the case.
"Over the years, my experience with San Diego police has been positive," says Cook. But he criticizes the way they so cavalierly broadcast social security numbers and other personal information during routine detentions. "It contributes to identity theft. It's been going on at least since 1996, and the thieves know about it. Scanners are ubiquitous. Many NASCAR fans have them in connection with their sport. All anyone has to do is go on eBay and buy one for $50 to pick up police radio transmissions." Cook tells me that those transmissions are also turning up online.
It is surprising that San Diego's police are not more sensitive about exposing people's personal information. According to a February 16, 2001, story in the Union-Tribune, Cox Communications accidentally provided Pacific Bell with 11,400 unlisted numbers, including those of undercover police officers, which were published in the 2000 phone directory. In response to a class-action lawsuit, Cox offered affected customers "a range of benefits." Law enforcement officials were scheduled to receive $5000 "plus an additional $4,000 to cover moving expenses for those who felt they had to relocate for safety reasons." The story quoted San Diego Police Officers Association president Bill Farrar as saying, "The problem is you just don't know who ended up with [the mistakenly revealed] information."
Police departments will be taxed with greater burdens in the future if identity theft increases. Privacy advocates believe that law enforcement has done little so far to fight it. They say that most people learn from credit card companies that their identity has been stolen and that company procedures to protect them financially are usually the only subsequent steps taken.
Several Internet sites refer to "1 in 700" as the rate of convictions in identity-theft cases. Beth Givens, president of the Privacy Rights Clearinghouse in San Diego, believes that the figure probably cannot be documented but that the number of cases that are even prosecuted is small. She calls police radio broadcasting of social security numbers "a careless practice that needs to be abandoned. Putting those numbers on the open airwaves," says Givens, "is an invitation to identity theft."
Keith Burt is director of the San Diego district attorney's Computer and Technology Crime High Tech Response Team. When I call, he says nobody has ever alerted him to problems associated with police use of social security numbers. Nonetheless, identity theft is a major preoccupation of his unit, says Burt. He acknowledges that careless transmission of social security numbers by police could be a problem. Whether and to what extent social security numbers are used in routine detentions, he says, is determined by different police departments. But Burt defends use of the numbers in identifying people. He calls the social security number a "key to the kingdom. When we suspect somebody who is saying, 'It's not me,' the social security number is one of the few truly reliable numbers we can use to make sure."
In contrast Greg Cook argues, "Police certainly don't need social security numbers to identify someone when they are doing routine checks for warrants." He notes that the driver's license numbers, physical descriptions, and dates of birth were enough to take suspicion off him the times he was confused with men police were looking for. The use of his social security number was unnecessary.
What about identity theft? Scott Fulkerson, executive director of the Citizens' Review Board on Police Practices, tells me by phone that nobody has ever complained to his organization about local police putting personal information on unsecured airwaves. "So my board doesn't yet have a position on the issue," says Fulkerson.
Cook believes that many people never consider that dissemination of their social security numbers and other identity data will result in a problem. "A lot of people would say, 'What's the big deal? I don't have anything to hide.' Okay, I say, then turn loose your MasterCard number. People don't realize how serious identity theft is until they become its victim. It can take months and even years to undo the damage."
Three weeks ago, as though to add an exclamation point to Cook's concerns, San Diego police arrested Jacqueline Lawrence, an employee of the city's General Services Department, for stealing Water Department customers' identities to obtain credit for making online purchases. The Union-Tribune recorded on January 18 district attorney Bonnie Dumanis's boast about the arrest: "If you think you can steal someone's identity in San Diego and get away with it, you are wrong."
San Diego Greg Cook, a ham radio enthusiast who runs his own computer networking business, places the police scanner on the table next to my coffee cup. "If I leave it on while we talk," he tells me, "a cop might radio in somebody's social security number." No sooner does Cook turn on the scanner than a police officer can be heard giving a man's name, address, California driver's license number, date of birth -- and social security number. Several more times during our conversation the same scenario catches our attention, sometimes with the social security number included, sometimes without it.
"Having your name, address, license number, and social security number broadcast on police radio can happen to anyone," says Cook, who twice in his life has aroused San Diego police suspicions that he was someone else. The first time occurred in the late 1980s. In that incident, according to Cook, police distinguished him from the man they were seeking after taking him downtown for questioning. Today he doesn't remember whether they asked for his social security number.
On December 6, however, the 41-year-old Cook's social security number became a bone of contention with San Diego police sergeant Chris Sarot, who detained him at 12:30 a.m. on a hilltop lookout off El Mac Place in Point Loma. For about two minutes before Sarot arrived Cook says he had been playing with his car radio at the site, which is an especially good place to pick up many frequencies, including Los Angeles stations and a local pirate FM station. The site also overlooks the Pacific Ocean and Point Loma Nazarene University. "Sometimes so many cars are up there that I leave because I can't find a place to park," Cook tells me, "but on that night I was the only car there."
Cook says he had no clue why the police wanted to approach him. "I was only sitting there, and my license tags were up to date," he says. "But I do have a very common name, and I think that's the reason police in the past have confused me with people they have warrants on."
Officer Sarot handcuffed Cook during the detention and gave him a hard time for having a flashlight and scanner in his car. The scanner was still in his backpack, says Cook. During questioning, when Sarot demanded his social security number, Cook had a request. Could the officer send the number to headquarters on the patrol car's mobile computer terminal rather than over his unsecured radio? At that point, Cook says, Sarot replied "belligerently" that he would not return to his patrol car just to avoid broadcasting the social security number.
Sarot then used the police radio to call all of Cook's personal identification information into headquarters. "He ran me for local, state, and national warrants," Cook says. "It turned out there were two Greg Cooks with outstanding warrants. One turned up in the national search, though I didn't get what state he lived in. In the end, the driver's licenses, physical descriptions, and dates of birth were different than mine." Cook was cleared.
Sergeant Sarot later tells me by phone that he first spotted Cook illegally parked. The officer says he also became concerned about how late Cook was sitting "alone on his truck's passenger side" in a residential neighborhood. Sarot defends his refusal to transmit Cook's social security number over his computer by saying that the police radio is secure enough. The technology is such, he says, that people with scanners outside the system can get only "bits and pieces" of conversation from the radio.
But Sarot is "only half right," according to Cook. The police radio is on a "trunking system," he tells me, which causes frequencies to keep changing, making it impossible for conventional scanners to stay with them. But "trunk tracker" scanners are capable of tracking one channel. That explains why on the night I met him Cook and I were able to listen to steady streams of police radio conversation.
In the days after the incident, Cook contacted the police department's division of internal affairs and was promised a meeting to air his complaints. He also called three credit bureaus to have them put an identity-theft warning in his files. Experience taught him to do so. In 1994, he says, his California driver's license number was stolen and used to commit a crime. Police originally suspected Cook but later implicated a store clerk who then was prosecuted and convicted in the case.
"Over the years, my experience with San Diego police has been positive," says Cook. But he criticizes the way they so cavalierly broadcast social security numbers and other personal information during routine detentions. "It contributes to identity theft. It's been going on at least since 1996, and the thieves know about it. Scanners are ubiquitous. Many NASCAR fans have them in connection with their sport. All anyone has to do is go on eBay and buy one for $50 to pick up police radio transmissions." Cook tells me that those transmissions are also turning up online.
It is surprising that San Diego's police are not more sensitive about exposing people's personal information. According to a February 16, 2001, story in the Union-Tribune, Cox Communications accidentally provided Pacific Bell with 11,400 unlisted numbers, including those of undercover police officers, which were published in the 2000 phone directory. In response to a class-action lawsuit, Cox offered affected customers "a range of benefits." Law enforcement officials were scheduled to receive $5000 "plus an additional $4,000 to cover moving expenses for those who felt they had to relocate for safety reasons." The story quoted San Diego Police Officers Association president Bill Farrar as saying, "The problem is you just don't know who ended up with [the mistakenly revealed] information."
Police departments will be taxed with greater burdens in the future if identity theft increases. Privacy advocates believe that law enforcement has done little so far to fight it. They say that most people learn from credit card companies that their identity has been stolen and that company procedures to protect them financially are usually the only subsequent steps taken.
Several Internet sites refer to "1 in 700" as the rate of convictions in identity-theft cases. Beth Givens, president of the Privacy Rights Clearinghouse in San Diego, believes that the figure probably cannot be documented but that the number of cases that are even prosecuted is small. She calls police radio broadcasting of social security numbers "a careless practice that needs to be abandoned. Putting those numbers on the open airwaves," says Givens, "is an invitation to identity theft."
Keith Burt is director of the San Diego district attorney's Computer and Technology Crime High Tech Response Team. When I call, he says nobody has ever alerted him to problems associated with police use of social security numbers. Nonetheless, identity theft is a major preoccupation of his unit, says Burt. He acknowledges that careless transmission of social security numbers by police could be a problem. Whether and to what extent social security numbers are used in routine detentions, he says, is determined by different police departments. But Burt defends use of the numbers in identifying people. He calls the social security number a "key to the kingdom. When we suspect somebody who is saying, 'It's not me,' the social security number is one of the few truly reliable numbers we can use to make sure."
In contrast Greg Cook argues, "Police certainly don't need social security numbers to identify someone when they are doing routine checks for warrants." He notes that the driver's license numbers, physical descriptions, and dates of birth were enough to take suspicion off him the times he was confused with men police were looking for. The use of his social security number was unnecessary.
What about identity theft? Scott Fulkerson, executive director of the Citizens' Review Board on Police Practices, tells me by phone that nobody has ever complained to his organization about local police putting personal information on unsecured airwaves. "So my board doesn't yet have a position on the issue," says Fulkerson.
Cook believes that many people never consider that dissemination of their social security numbers and other identity data will result in a problem. "A lot of people would say, 'What's the big deal? I don't have anything to hide.' Okay, I say, then turn loose your MasterCard number. People don't realize how serious identity theft is until they become its victim. It can take months and even years to undo the damage."
Three weeks ago, as though to add an exclamation point to Cook's concerns, San Diego police arrested Jacqueline Lawrence, an employee of the city's General Services Department, for stealing Water Department customers' identities to obtain credit for making online purchases. The Union-Tribune recorded on January 18 district attorney Bonnie Dumanis's boast about the arrest: "If you think you can steal someone's identity in San Diego and get away with it, you are wrong."
Comments