Cindy Chick is the Director of Library Services at the Los Angeles office of Graham & James LLP, the co-editor of LLRXchange, and has developed several software programs for law libraries under the name of CINCH Library Software
This article was originally published in Searcher Magazine, Nov./Dec. 1996 issue. For subscription information contact:
143 Old Marlton Pike
Medord, NJ 08055
"Call 800-543-6862. I suggest that we inundate these people with
requests to remove our info from the list and forward this e-mail to everyone we
Signed: Anonymous E-Mail
It was the electronic version of a chain letter and coincidentally appeared the same week that USA Today dubbed the Internet "Rumor Central." It started with an innocent, relatively accurate message posted to a newsgroup. As it made its rounds on the Internet, it evolved into an alarming warning containing a considerable amount of misinformation, while retaining enough truth to lend it an air of credibility. It moved from newsgroup to newsgroup, and wormed its way into listservs and corporate and law firm e-mail.
The resulting concern, and sometimes panic, brought national attention to the LEXIS/NEXIS product, P-Trak. In fact, the reaction became so strong that angry callers jammed the customer service lines at LEXIS/NEXIS for two days. In order to continue providing support to their clients, LEXIS/NEXIS had to open a new 800 number that subscribers could only get through their account representatives.
Just the Facts
"Your name, social security number, current address, previous addresses, mother's maiden name, birth date and other personal information are now available to anyone with a credit card through a new Lexis database called P-Trax. As I am sure you are aware, this information could be used to commit credit card fraud or otherwise allow someone else to use your identity." Same Message.
The P-Trak database re-packages information from Trans Union, one of the three major credit bureaus. It contains 330 million records, each with information on individuals including current address, previous addresses, birth date, and telephone number. A variety of online services aimed at lawyers and private investigators make the same information available and have for some time. Clients commonly use the information to locate witnesses, heirs, litigants, and shareholders.
P-Trak does not contain a person's mother's maiden name, social security numbers (now), or other "personal" information such as credit records or medical information. So, the most alarming of the e-mail accusations that this information could be used to commit fraud was definitely overstated. One would be hard-pressed to successfully apply for credit in a person's name solely with the information provided on P-Trak.
However, the statement on P-Trak's coverage, initially provided by Steve Edwards, a spokesman for LEXIS/NEXIS was also inaccurate and was later corrected. He stated that the company supplied only information publicly available from telephone listings and courthouse documents. But, while many online services, including LEXIS/NEXIS, offer people-locator information drawn from telephone directories ("white pages") and publisher's records, the information contained in P-Trak comes from credit bureaus. Generally it is more reliable, accurate, and up-to-date than similar data from other sources. In addition, because this information originates from credit bureau reports, it sometimes includes unlisted telephone numbers.
Social Security numbers did appear in P-Trak when LEXIS/NEXIS first released the file in June of 1996. This caused a flurry of outrage from privacy seekers in various forums, including Law-Lib, an Internet mailing list for law librarians. (See Law-Lib discussions on P-Trak)
The Social Security Administration and the Electronic Privacy Information Center also expressed concern about the product's availability. As a result, within two weeks of P-Trak's debut, LEXIS/NEXIS removed social security numbers from the P-Trak display, though still maintaining the ability to search by social security number. But several other, perhaps less well-known vendors such as Information America and CDB Intotek, quietly continue to provide the same information unchallenged.
No doubt the idea that anyone with a credit card could access this data on LEXIS/NEXIS fed the frenzy. However, access to P-Trak is limited to LEXIS/NEXIS subscribers, such as law firms, government entities, and corporations. According to Lesley Sprigg, LEXIS/NEXIS Public Relations Manager, each of those subscribers goes through a background check, and is subject to the terms and conditions of their LEXIS/NEXIS contract. P-Trak is not made available to students or faculty on academic accounts, and is not available via the Internet, fax, or phone.
Not only that, address information is more easily and cheaply obtainable from services such as Metromail Corporation, which offers a 900-number that supplies an individual's address, age, and spouse's name and age to anyone willing to pay $3 for the first minute, and $2 per minute thereafter. The same data from the same source in files on LEXIS/NEXIS and Information America could cost over $90.
That's not to suggest there is no reason for concern. It's debatable, however, that LEXIS/NEXIS is the appropriate focus for the attack, or at least not the only one. They simply purchase the information and re-package it for sale to their subscribers. And they are not the only database service that purchases information from Trans Union. Information America and CDB Infotek also provide people-locator databases that use credit bureau information purchased from the three major credit bureaus as primary sources. However, the other services have not fallen under the same scrutiny, perhaps because LEXIS/NEXIS is more of a household name among business and the media, and has more broadly marketed the P-Trak product. In fact, in a subscriber newsletter, LEXIS/NEXIS recommended P-Trak to the media as a method of locating sources.
While all this commotion was brewing, Information America and CDB Infotek laid low. Information America, now owned by WESTLAW, removed SSNs from their database shortly after word of the P-Trak incident hit the newspapers, though no public announcements have yet been made about that move. In contrast, CDB has given no indication of any plans to remove Social Security numbers from their database. They did add a "Notice to Subscribers" concerning their "Missing Links" product, which stated that its use:
"... is limited to CDB Infotek Subscribers in good standing requiring `Missing Links' solely for legitimate business purposes. Each use of `Missing Links' by a CDB Infotek Subscriber shall be for a legal purpose and data received from `Missing Links' shall be used in each instance only in an ethical and responsible manner that respects the legitimate privacy expectations of a search subject..".
CDB would probably not remove such information voluntarily, since public records an people-finding information is their bread and butter, not just a sideline as it is with LEXIS/NEXIS.
Interestingly enough, amongst all the press coverage on P-Trak and privacy issues, no instances were cited where P-Trak or any similar products were actually used to collect names and addresses later used to fraudulently apply for credit or assume someone's identity. Maybe someone recognized that simply sifting through trash cans may actually accomplish the same end cheaper, easier, and more effectively.
You can have your name and information removed from this list by making a telephone request. More message.
LEXIS/NEXIS quickly set-up an easy procedure for a person to ask, via e-mail, fax, or regular mail, to be removed from the P-Trak database. In order to maintain these deletions from one update to the next, they have set up a deletion file, which will run against the Trans Union data whenever it is re-loaded. But such a request submitted to LEXIS/NEXIS only removes individuals from the P-Trak database. For those who don't want their addresses generally available, this solves only a small part of the problem, since other database providers and direct mail businesses still purchase and distribute the same information. In fact, LEXIS/NEXIS still carries the People Finder "white pages" database from Metromail. It would make more sense to remove this information at the source, in this case, Trans Union. However, a call to Trans Union will trap you in the voice mail system from hell, and only offers the option to remove your name from direct marketing mailing lists. It is unclear whether the option exists to remove your name and address from the data sold to online services.
And, Trans Union will probably not stop selling this information without a fight. For the past few years they have battled the Federal Trade Commission for the right to sell marketing data derived from its consumer database, long after the other two credit bureaus, Equifax and TRW, had already succumbed to the FTC pressure.
Accuracy is always a concern with credit data. LEXIS-NEXIS stongly asserted that the P-Trak records were specifically intended to include only address and not credit information. Nevertheless, Sprigg confirmed that several P-Trak records listed bankruptcy trustees in the "previous address" field, thereby alerting people to the fact that an individual had filed for bankruptcy at some point in the recent, or even distant, past. This error was traced back to the source and has been corrected. At least it has been corrected in P-Trak on LEXIS-NEXIS.
Of course, there's another side to this issue. Could access to this credit nformation also protect privacy? Usually, the first thing someone does when being introduced to a system such as P-Trak, is search their own name. If anyone else is using your SSN, you could conceivably find this out by searching the file.
It is easy to assume that privacy is inherently a good thing. But there is also a certain public good served by making a limited amount of information available about an individual. During a discussion on the Law-lib list, James Cook, Managing Director of the Information Professionals Network, commented that,
"..litigation cannot fully evolve on a sound, factual basis without good evidence. Witnesses and persons involved in actions provide evidence only when they can be found for that purpose."
In a society where there is absolute privacy, justice could also be a hard thing to find. Cook adds that
"Many persons are subject to fraud in business or other endeavors because they lack knowledge and tools to know who they deal with and their backgrounds... The absence of public records such as real estate ownership records, mortgage records, etc. with a certain amount of identifying information is what limits society's risk of fraud when buying or lending in such cases."
In fact, such reasoning explains why many public records are just that, public.
Internet Rumor Control
"Many of you have probably received a message lately regarding a company called Lexis which is distributing names, social security numbers, etc. to people over the Internet for illegal use (i.e. to obtain credit in your name). The message advises you to call a number, give your name and social security number, and they will take you off the list. DON'T DO THIS!! The scam is to have you call and give the info to them. The social security office is advised of this and is investigating the company." Follow-up Anonymous E-Mail.
Information and misinformation can spread like wildfire on the Internet. It puts a new twist on the age-old game of "telephone," where one person whispers a message to another until it reaches the end of the line and no longer bears any resemblance to the original message. According to Lesley Sprigg at LEXIS/NEXIS, they were able to identify the original, relatively accurate, message as well as its sender. But, as the message moved from place to place, information was added until the original message was almost unrecognizable.
Before the Internet, this fast dissemination of information to large numbers of people just didn't happen out of the media spotlight. That's the power of the Internet, as well as its drawback. The Internet has no editorial control, and there simply aren't any checks on the truth of what's being passed along. The fact that this communication can also be anonymous adds another element to the mix. With a lack of accountability comes a lack of recourse for any damage done by slander or simple negligence. The possibilities for misdeeds seems almost endless. A disgruntled employee, competitor, etc. could maliciously and deliberately cause damage to a business or individual without any great effort. Or a game of "telephone" can simply get out of hand.
It's not clear how much money this incident may have cost LEXIS/NEXIS. Did customers unable to get assistance from Customer Service during the week of September 16th use a competing service instead? Or did all the publicity surrounding P-Trak generate even more revenue from subscribers previously unaware this capability existed? Is LEXIS/NEXIS now at a competitive disadvantage, since perhaps thousands of names have been removed from their database, but not from those of competitors? Who is to blame for the inconvenience experienced by a St. Louis company, whose 800 number ended up on one mutation of the e-mail message, causing their lines to clog?
And what is the long-term outlook for providing this information to subscribers now that the general public has been alerted to the practice? Many "calls to arms" appeared in the week following the debacle from such gadflies as Jamie Love of Taxpayers Assets Project. An e-mail forwarded to law-lib by Jamie Love on September 24, and originally written by Ed Mierzwinski of the U.S. Public Interest Research Group carried the headlines:
"Help Needed to Ensure Congress Fixes Nexis-Lexis Problem, Protects Privacy, Prevents Theft of Identity - Calls, Faxes Needed Today!!!!"
According to the Wall Street Journal (September 24, 1996):
"The Federal Trade Commission, reacting to public furor over a personal-information database operated by Lexis-Nexis Inc., recommended broader privacy protections for consumer data."
Fairly or not, as of this writing, LEXIS/NEXIS remains the focus of this particular privacy debate, and LEXIS/NEXIS is reacting accordingly. According to industry sources, LEXIS/NEXIS intended to release a product sometime in the Fall of 1996 that would draw data on individuals from a variety of public records databases. This report would have provided even more information than P-Trak, and would only be available to selected users. According to Lesley Sprigg, the company no longer plans to release the product as announced.
The e-mail message that caused this furor was not an accurate one. But in the long run, that may not matter. And perhaps that was the idea all along.
Of course, the assumption that authorized subscribers only use P-Trak or similar tools for appropriate business purposes is probably not 100% true. The ability to quickly find an address for almost anyone is always a fun thing for the librarian or vendor representative to demonstrate to users. After all, what could better illustrate the "information is power" credo? But as librarians at subscribing institutions, we need to be aware that this is sensitive information, and do our best to limit the use of people databases to legitimate business needs. Looking for someone's long lost Uncle George probably doesn't qualify, and let's face it, we don't really know how such information is used once it leaves our library. After all, look at all the trouble LEXIS-NEXIS got into! Unless you want to share in that trouble, caution is the watchword.
Individuals interested in having their names removed from the P-Trak file can e-mail their full name and complete address to: email@example.com
or mail this information to:
P.O. Box 933
Dayton, OH 45401
A World Wide Web-based form for deletion is available at http://www.lexis-nexis.com/lncc/p-trak/index.html.
You may also fax your request to: 1-800-470-4365.
This information will be used solely to remove names from the P-TRAK database and for no other purpose.
Additions to CONTACTS
P.O. Box 933
Dayton, OH 45401
800 470-4365 (fax)
555 West Adams Street
Chicago, IL 60661-3632
- P-TRAK (Threaded)
- P-Trak (LEXIS) and PEOPLE-SSN (WESTLAW) (Threaded)
- P-TRAK Alert (Threaded)
- P-Trak hysteria? (Threaded)
- P-Trak, Paranoia, & Practical action
Lawlibref Discussion on P-Trak
- 5 Jun 1996 12:51:51 -0500 firstname.lastname@example.org (Don MacLeod)
- 5 Jun 1996 14:38:46 -0500 "MELANIE DUNSHEE"
- 5 Jun 1996 14:52:10 -0500 Chris Anglim
- 5 Jun 1996 15:18:23 -0500 Lawstuff@aol.com
- 5 Jun 1996 15:40:47 -0500 "Elise Keller"
- 5 Jun 1996 17:32:57 -0500 Amy Comeau
- 6 Jun 1996 12:26:03 -0500 "Phyllis Kenny"
- 6 Jun 1996 12:26:45 -0500 email@example.com (Dina Dreifuerst)
- 6 Jun 1996 12:27:39 -0500 LLLEE@stmarytx.edu
- 6 Jun 1996 12:27:57 -0500 Lawstuff@aol.com
- 6 Jun 1996 21:40:58 -0500 James Cook
- 6 Jun 1996 21:56:53 -0500 firstname.lastname@example.org (Dina Dreifuerst)
- 7 Jun 1996 13:37:28 -0500 "Elise Keller"
- 12 Jun 1996 16:24:24 -0500 email@example.com (Brian L. Baker) 17 Jun 1996 11:40:56 -0500 Matthew Gilmore