GPSolo Magazine - December 2005
Hiding Out on the Internet
You can run, but you can’t hide. Try as you may, hiding your personal information from the billions of sites on the Internet is almost impossible. There may be small bits and bytes of information about you on dozens, or even hundreds, of sites scattered across cyberspace. We are not talking about hackers who illegally break into your computer or into a third-party website database that contains some of your personal information. We’re also not talking about someone who installs spyware on your computer to log your every keystroke. No, we’re simply talking about the person who has learned how to dig up your personal information legally, for free (or at little cost), from public websites. This person knows how to locate bits of your personal information and combine them into a dossier to create a detailed (though not always accurate) profile of you. This person is a cybersleuth.
The tools of the cybersleuth are simple: a computer and an Internet connection, combined with some knowledge of a few good search engines (such as Google or Yahoo) and website directories linking to free online public records (such as Searchsystems.net or Pretrieve.com). Many magazine articles and books are loaded with listings of websites and cybersleuth search tips; with these, the ordinary surfer can soon be on her way to becoming not just a cybersleuth, but a super-cybersleuth. (For full disclosure, the authors of this article have written a book on this topic; see author bio.)
One of the cybersleuth’s first stops should be the Google search engine. With its powerful investigative capabilities, Google was the first search engine to have its name turned into a verb: To “google” means to find online information about individuals by entering their names into the search engine. The expression “ego-surfing” has become the term for those who google their own names.
On Google’s website, you will find this statement: “Due to the vast amount of data that we aggregate . . . many individuals become aware for the first time that their personal information is publicly available via a Google search. We recognize that this phenomenon occurs. . . .” Ironically, one of the last individuals to recognize that this phenomenon occurs was the search engine’s own CEO, Eric Schmidt.
On July 14, 2005, Elinor Mills, a staff writer at CNET News.com, wrote an article about personal information available on Google. For her example, she used Eric Schmidt. Here is some of what she learned in her 30-minute search.
- He is 50 years old.
- He is worth an estimated $1.5 billion (as of 2004).
- He made about $90 million from Google stock sales.
- His wife’s name is Wendy.
- They reside in Atherton, California.
- He attended a $10,000-a-plate political fundraiser.
- He attended a Burning Man art festival, during which he roamed the desert.
Neither Schmidt nor Google was amused. The last fact about Burning Man came from someone’s blog. Blogs have become yet another valuable source for ferreting personal information about almost anyone, because they are basically just discussions entered in online diaries.
Ego-Surf for Protection
The first step in protecting yourself is to find out whether your name appears in search engine results, so start ego-surfing. Doing this every now and then is just plain smart, to keep track of what is being said about or attributed to you in the online world.
To do this, simply enter your name, in quotation marks, in the Google main page. The results of the search will tell you how public you—or your name or image—have become. For many people, the most disturbing violation of personal data involves something identity thieves thrive on: Social Security Numbers (SSNs). Keep in mind that this type of “restricted” data may show up on documents or displays that you, yourself, did not create. For example, one of this article’s authors found her SSN displayed on a PowerPoint slide from a seminar she’d given. Another panelist had posted the entire presentation on his website (without informing anyone, or requesting permission, which is a violation of copyright law); he removed it promptly when we pointed out the problem.
Google Groups is another site on the web teeming with personal information. It evolved from an archive of millions of messages posted to Deja.com Usenet discussion groups. This archive was sold to Google, which subsequently created a searchable index of postings that includes more than 1 billion messages posted to public Usenet discussion groups and dates back to May 1981.
The flaw with Google Groups is that it’s sometimes impossible to connect the personal information to a specific individual; many posters use screen names instead of their actual names and substitute easily available throwaway e-mail addresses for their personal ones. The site is searchable by keywords and phrases and, even better, by authors of a message containing another person’s name or e-mail address. To access this feature, click on the “Advanced Groups Search” link.
For example, when the authors entered one of our now-defunct e-mail addresses into the “Return only messages where the author is” search box, we found a posting for one of us that listed name, employer’s name, work address, and a work phone and fax number. Working backward, we were able to figure out that she had posted an e-mail message with her signature block intact. (Search tip: Ask specific questions at deposition to discover all e-mail addresses—both current and defunct—during the investigation phase. When conducting electronic discovery, you might also find traces of an e-mail account even if no messages are stored on the subject’s hard drive.)
We often use Google Groups to find postings to gather background information on people, companies, or products. Had the parents of the “American Taliban” John Phillip Walker Lindh entered his e-mail address here, they might have surmised that he was planning a big change in his life and tried to prevent it. In one e-mail he attempted to unload his entire hip-hop and rap music record collection (a definite red flag for a parent of any teenager). Google does carry a link that will let you delete postings about yourself but cannot remove posts someone else made about you.
We suggest being proactive and searching your clients’ names, e-mail addresses, company names, and product or service names through Google and Google Groups. For existing clients, this can be a useful source to gauge the public’s perspective of your client or its products—customers could be singing the praises of a new product or complaining that it malfunctions and has caused injury. For prospective clients, conducting such a search can give you a better idea of what might lie ahead.
Phone (Your) Home
To learn whether your phone number is in the Google PhoneBook, enter your name and city into the search box (e.g., john smith beverly hills). If the first result shows a phone icon with your phone number listed to its right, congratulations—you’re public.
Don’t stop just with these segregated PhoneBook results, however. Phone numbers can also be included in the “regular” list of search results. If you find your phone number in other Google search results, it probably came from a listing on a third-party site. When looking for other people’s phone numbers, you’d be surprised how many people unwittingly list their unpublished phone or cellular numbers on their own websites.
Erasing the Past
Google will remove information pertaining to you only from data sources it controls, such as the PhoneBook. Its Help link processes all requests within 48 hours. Users who find personal information on a third-party website (and most of the information in Google’s database comes from third-party websites) must contact those sites directly for help with removing offensive information. Yahoo, similarly, cannot remove information from third-party sites, but its Help link provides for several options for its own posted information.
As any savvy googler knows, even if information is removed from current displays, a copy of the information could remain on the site’s own servers—its cache—for an indeterminate time (the company doesn’t reveal how long it retains cached copies). Google may offer to remove the cached copy on a rush basis if you contact them at www.google.com/support/bin/request.py, but only if you first have worked with any third-party sites to have them remove their references to you.
What else can a cybersleuth find out about you? Anything that’s in a public record database and freely accessible on the Internet (or in nonpublic records such as professional directories). We have found the following types of records online, available at no charge: real property records; criminal records; booking logs; deadbeat parents; sex offenders; wills; conservatorships; marriages; divorces; births; dates of birth; death records; owners of airplanes (and horses); discipline records of medical professionals; home and business addresses; your neighbors’ names and addresses; and campaign contributions listing the amounts and the donor’s employer name, spouse’s name and employer, and more.
Types of public records and the amount of information contained in them vary widely depending upon jurisdiction. Tennessee, for example, permits searches of state records for all of its 95 county websites, at no cost, by owner’s name—all you need to create a real-property dossier for an individual. California rules, however, do not allow similar access—at least not for free. Instead, online investigators must search county by county and are usually limited to an address-only search. After this point, the identity of owners is still shielded in some counties (e.g., Los Angeles) but displayed in others (e.g., San Francisco). In many jurisdictions, if you want to prevent everyone from knowing the number of bathrooms in your house, not to mention its assessed value, you probably have little recourse unless you are a public official.
The following sites may help with searches of public records:
• Searchsystems.net: a directory and a keyword database of more than 33,000 federal, state, county, and city public (and nonpublic) records
• Pretrieve.com: a meta-search site specifically engineered to find public records; it simultaneously searches numerous free public records databases to locate information about a business, address, phone number, or person.
Social Security Numbers
The good news: It’s unlikely that a cybersleuth would be able to find this information for free while an individual is still living. A deceased person’s SSN is retrievable for free at Rootsweb.com, which has a searchable version of the Social Security Death Index and features records on more than 75 million individuals whose deaths have been reported to the Social Security Administration since 1962.
The not-so-good news: SSNs may pop up in a variety of public records contexts, from bankruptcy filings to Uniform Commercial Code liens. Although they are supposed to be redacted from bankruptcy filings, the onus is on the filer (the attorney) to redact. Courts for the most part will not redact SSNs or other personal information from older filings appearing on their sites.
However, court officials in Manatee County, Florida, recently announced a plan to comb through millions of electronic records to remove SSNs and other personal information. (Even though the Manatee County court terminated Internet access to records in March 2004, after the Florida Supreme Court issued a moratorium so a committee could draft a statewide policy, the county court decided to buy software for this to prepare for the time when records do go back up.)
Although most for-fee public record databases are now truncating SSNs to protect against breaches (recently at Accurint and ChoicePoint, among others), it is still possible to piece together a person’s full SSN using a variety of pay sources. When we tried this, for example, we began the search at PACER (for eight cents per page), and found the last four digits of our target’s SSN displayed in his recent bankruptcy filing. Splurging on an Accurint search (25 cents), we found the first five digits of his SSN. It doesn’t take a rocket scientist to put those two fragments together to come up with a complete SSN.
Finally, even if you have no life, or you do but think you have somehow managed to keep your personal information off the Internet, don’t forget about your cousin in Iowa who really has no life—you know, the one who spends his time posting your family history on the Internet. Your mother’s maiden name, family pictures—you might find just about anything readily available.
Ancestry.com’s family tree website ( http://ancestry.com/trees) might reveal whether other readers have a cousin like that. The site also posts lists of names with just enough teaser information that you’ll likely find yourself clicking on one of them and forking over the requested $19.95 (quarterly) to view your family’s history—or anyone else’s, for that matter. Remember this the next time someone at the bank asks for your mother’s maiden name.
With that said, isn’t it time to go google yourself?
Carole Levitt and Mark Rosch are trainers at their company, Net for Lawyers, in Culver City, California. They are also co-authors of The Lawyer’s Guide to Fact Finding on the Internet , available at www.ababooks.org, and How to Use the Internet for Legal and Investigative Research . They can be reached at firstname.lastname@example.org.