This blog may be one of the few publications in the Western world that has never written the word “Kardashian,” but that has now changed. In the stories about the robbery in Paris of Kim Kardashian we found numerous issues that touch on the work we do.Kardashian Paris Investigation

After my recent book The Art of Fact Investigation came out in May, a number of people wrote to me and suggested another chapter in the next edition about what people could do to maintain privacy in the face some who may want to dig up facts on them.

The easy advice for Kim Kardashian-West: if you are on social media a lot with information about valuable possessions and your whereabouts, criminals will easily learn about your valuable possessions and your whereabouts. Big rings on Instagram? Not a good idea. The super-secret apartment hotel in Paris? With paparazzi following you everywhere, how secret is any place you go?

The harder advice both to accept and to act on relates to some speculation in the media that the crime was an inside job, because the thieves knew that Kardashian’s security guard was not on duty that night.

When we let others into our homes and into our lives, there is always the chance that one of those people may feed information to the outside. This is why many people like a preliminary background check of the electrician or plumber they are about to admit into their home. They like a more thorough look at someone who will watch their children. But Kardashian-West isn’t just dealing with plumbers and babysitters.

How many photographs are there of her bringing home groceries, for example? She eats therefore food is delivered by people. When she buys something large, that too is delivered. It is unlikely that she drives her car to Jiffy Lube when it’s time for an oil change. People drive for her.

We have written before about the value of talking to workers who have been in someone’s home. Movers, gardeners, handymen – all get to know the home to an extent and the people who work there. If one of them becomes estranged because they are fired or are not paid, they have every incentive to talk about the person they used to serve.

We are not saying that Kardashian-West has been betrayed by any of her staff. Only that when police found out that the bodyguard was off duty that night, they surely wanted to know: who else knew that? And they would have started the questioning close to home.

A reader of my new book, The Art of Fact Investigation, suggested that for the next edition there should be a chapter about legal ways to “hide from snoopers, private and public sector. I am probably not the only one who was thinking as I read the book on what I could do to keep my life more private in general in this day and age, other than staying off Facebook and Twitter.”

Our firm believes in showing exactly how we get the information we get (plenty of examples in the book as well as on our two blogs). Therefore, we offer here free of charge a few pointers on how databases collect information about you and what kinds of things you can do to stay off them.

  1. Buy a house through a limited liability company that is not named in connection with you or anyone in your family. Base it not at your house or office but at the office of a trusted lawyer. Deeds and mortgages in the U.S. are public, so any home bought in your name will pop up, often on the internet free of charge if you live in a county that puts all such information on line. Some counties do, some don’t.
  2. When you move into the house and you want to register for discount cards at your local drugstore or grocery store, don’t. If you don’t mind lying, give them a different name and a made-up phone number. Those stores sell the information people submit to the databases. If you put your real name and number down, you will get calls the same day asking if you need contracting or other help with your new home. As long as you have the card with you or remember the phone number you used, you will still get your discounts.
  3. If possible, put utilities in a name different from yours. Gas and electric company information gets into databases.
  4. Buy a cell phone with cash and replenish it as you go.
  5. Be very careful about who gets your cell number. As in #2 above, if you order a pizza while visiting someone else’s house and provide your cell phone number to the pizzeria, the databases may associate your number and that address.
  6. Avoid borrowing money. This is a big one, but credit reporting agencies are allowed to sell some information to databases that relates to where you live. The databases won’t disclose how much you’ve borrowed and from whom without your approval, but will make use of “header” information that can reveal home addresses, numbers and associated businesses.
  7. Try not to sue people. We had a case in which someone hiding assets and claiming to be broke sued a neighbor. We were able to trace his car that had allegedly been damaged by the neighbor, and found that the car’s owner was a relative who jumped to the top of our list of people who could have been holding our man’s money for him.

In summary, unless you use cash and live an extremely quiet life as a renter, it is difficult to hide completely from the electronic information gathering available today. On the other hand, we report to clients on a regular basis that a particular person owns a home, has never been to court and has nothing of note about him in any database or newspaper.

We then recommend interviewing former colleagues and others who would know more about him.

Once you get to this stage, our advice is: be nice to others and they will probably say nice things about you too.

The current fight between Apple and the U.S. Department of Justice, which is trying to execute a search warrant in a criminal matter, has been framed by Apple and its defenders as a battle over privacy.

Apple is not arguing that the information sought should never be seen by the government. The company handed over all the information asked for in the warrant that had already been stored on Apple’s own servers, some of which is presumably still on the phone. Where Apple wants to draw the line is the privacy of its customers who don’t back up their phones on the cloud.

It’s not enough to say you want privacy, because privacy means so many things to different people across not just national borders but even within countries.

Mortgage recording means I can figure out how much you owe your bank. Your series of LLC’s you thought would keep your beneficial ownership a secret comes unraveled when you borrow money because banks want to see who’s at the end of the chain before they lend. When they lend, the rest of us can take a peek. Yet, some countries keep mortgage information private.

Do you have the right to make private the details of your divorce? If you live in New York you do. Because those records are sealed. In other states, how much you pay your former spouse in alimony and support is wide open for everyone to see. You might as well make your tax returns public.

Speaking of tax returns, those most confidential of documents: some European countries thought to be superior guardians of privacy put everyone’s income on the internet.

Some people don’t want information on their phone made less secure because the government could get a look at health information. Health information is private, except when you have national health insurance as does most of Europe and Canada. Then, your information is between you, your doctor, and the government. Some people would still call that privacy, but it’s not as private as if it were locked on an encrypted Apple phone.

As an opinion piece in the New York Times said today, nobody appointed Apple to be the definer of privacy. That’s something governments do when they draft constitutions and statutes that their courts interpret.

We’ve written plenty before about Europe’s “Right to be Forgotten,” under which governments tell Google and other search engines to take down links to legal, public documents that are deemed embarrassing or inconvenient for the people involved. We thought four years ago that this problem wouldn’t go away, and we were rightrighttobeforgottenfrance.jpg.

We never took the Right to be Forgotten issue that seriously as to how it affected our work, because it was always possible to use google.com to perform the same search as the one the bureaucrats were restricting. If something was erased from Google’s French service (google.fr), you could still get it in the U.S. or anywhere else using google.com

Now comes word from France, as discussed in today’s Wall Street Journal in an excellent column by Gordon Crovitz, that French authorities will demand that Google abide by their privacy rulings world-wide.

That is a different matter. For one thing, as Crovitz points out, governments of all sorts could start to demand that Google tailor its findings to suit their tastes. Links to Chinese dissidents, to people unloved by Vladimir Putin, to activists out of style in Malaysia? All could end up removed from Google results everywhere.

Not that we as investigators rely that heavily on Google. As we’ve written about extensively, (see our Fact-Finding Test for Lawyers, here) the great majority of information on any person will not be accessible via Google. If Google in France or Spain removes the link to an accurate newspaper article about someone, we would probably still find that article because we use paid-for databases to search news articles that we think are relevant, not that are relevant in the commercial opinion of Google.

Still, the idea that a bureaucrat in another country gets to decide what is relevant for us to read in our own countries is a noxious notion. The Right to be Forgotten may help the bottom line for investigators, but it’s a boost for business we would happily live without.

The next time an investigator tells you he can legally “ping” someone’s cell phone to figure out where they are going, run away fast.cell phone pinging.jpg

We’ve written before about the illegality of getting a friendly phone company employee to help out with cell phone tower signal data that helps to locate people. As we wrote in Ping a Cell Phone, Cross a Line, the federal circuits have taken varying views of how much permission law enforcement needs before it can demand the data from phone companies.

What hasn’t changed in the two years since we wrote about this is that pinging by anyone who isn’t law enforcement, without a court order, is against the law. You still can’t pretext and pretend to be the cell phone’s owner to trick the phone company.

  • The Telecommunications Act of 1996 (amending the Communication Act of 1934) Section 222 imposes a duty on carriers to keep customer information confidential
  • The Telephone Records and Privacy Protection Act of 2006 specifically applies to cell phone location information

What changed this week was that another court, this time the Court of Appeals for the 11th Circuit, decided that not only does law enforcement need a warrant to ping cell phones, but as with other searches protected by the Fourth Amendment, the police need to show probable cause in order to obtain their warrant. The opinion is here.

The Supreme Court has yet to rule on pinging, but that day can’t be far off. With some one third of Americans using only a cell phone and no home telephone, this is an area of the law that will only become more closely watched and contested.

Before the Supreme Court right now is a case on whether police need a warrant to search the contents of a suspect’s cell phone. If it turns out that they do, how would the Court decide that pinging without a warrant is OK while searching the phone isn’t? Maybe by equating pinging with following someone, which is not held to be as intrusive as searching them. Then again, we’ve never had the ability to follow that many people at once, because following people is expensive and time consuming.

What is clear beyond doubt is that evidence gathered from unauthorized pinging stands to get excluded from trial, and lawyers who supervise such evidence gathering could lose their license or even be convicted of violating the statutes mentioned above.

If anyone wondered what the practical side of Europe’s new Right to be Forgotten would turn out to be, here it is: 

In less than a month since a court in the E.U. decided Google links were substantial information and could be scrubbed at the will of a judge, Google has received 40,000 requests to remove links to information that someone deems to be unpleasant, unnecessary, inconvenient, or all of the above. right to be forgotten in eu.jpg

These have come from politicians who don’t like articles about the way they misbehaved in office, an actor who wishes evidence of an affair with a teenager would just go away, and someone who would rather we are not aware that he was once convicted of possessing child pornography.

Gordon Crovitz in today’s Wall Street Journal makes the point we did last month when the court’s decision came down: scrubbing the link to an embarrassing piece on information on a Google site in Europe doesn’t mean the information is removed from the internet. You can probably still find it on Google.com, which is based in the U.S. and doesn’t adhere to European court decisions. You can also find it at the original website where it resides.

At least, for now you can. But why would a judiciary that wants to tilt the reputation/freedom balance in favor of deleting an old bit of information on a search engine not take the next step and require the website itself to push delete? If Google has no right to post links to information about an old bankruptcy, how far away is the decision to get rid of evidence of the bankruptcy itself?

As we said last month, in Big Brother Gets to Play Favorites, letting courts decide this sort of thing case by case opens up a huge opportunity for corruption and political cronyism.

What we did not say is that as opposed as we are to Europe’s approach to this issue, it should do wonders for the investigative business.

We’ve never been big fans of relying on Google as an exclusive or even major factor in an investigation, as we’ve said in Google is not a Substitute for Thinking, for instance.

Even without the E.U. decision, how likely are you to learn about that critical court decision about Mr. X from Google? The answer is almost never, because most courts do not have all of their decisions on line.  

Instead, you need two other tools to do really good due diligence or someone:

  1. The ability to search records on site wherever you need to;
  2. The ability to identify, locate and interview people who know about the person you are researching. The man you know as the Spaniard who has been in Madrid for years actually spent a decade in Edinburgh.  While there, he was charged with fraud. Without talking to people who have known him for a long time, you would never think to search in Scotland. Google would help you one time in a hundred on a matter like this. Otherwise, you need someone who can find people and then persuade them to have a talk about Mr. X with an investigator they’ve never met.

It’s not easy, but who (other than Google) ever said the world’s information was all yours at the touch of a button?

The on-line world is abuzz today with news from Europe’s highest court that Google will have to start removing links to certain information that some judge or bureaucrat decides is irrelevant. Even if it’s true and lawfully posted, the governments of Europe now get to decide what’s suitable to read, case by casegoogle EU right to be forgotten.jpg.

We’re written extensively about this issue, including here in The Right to Privacy on the Web. The issue arose in Europe after a lawyer in Spain decided that he was tired of an old newspaper report of his bankruptcy hanging around for years when people searched his name on the internet.

Where this decision will take Europe in the short term is unclear, but if E.U. governments are serious about stamping things out at Google, they will have to think about whether they want to join the free information bastions of China and Iran and start banning entire websites.

That’s because if an offensively “irrelevant” result on Google’s Spanish site, Google.es is made to disappear, anyone in Spain can search on Google.com, which is based in the U.S. The result could still appear there, and at last check the First Amendment was still in effect in this country. Google.com won’t care a bit about the E.U.’s take on press freedom, whatever Google does with Google.es.

Instead of this decision today, there is a much more sensible and fair way to regulate old information about people we don’t want hanging around on the internet: don’t make it public.

  • In the U.S., where more information is public than in any other country, millions of records are deemed to be too sensitive and are sealed. Income tax records are fully public in Norway and Sweden but are off-limits in the U.S. Family law records are sealed in many U.S. states. Do you want to see some rich guy’s separation agreement and other divorce filings? In Florida you can, in New York it’s deemed to be a violation of his privacy and they are not available to the public.
  • Mortgage records are open in the U.S., but in parts of Europe they are not. We could easily do the same: make mortgage information as protected as a credit report so that you only get to check someone’s mortgage if they give you permission during a title search or a credit application.
  • If we don’t like the fact that mug shots stay on the web even if the person wasn’t charged or was acquitted, then let’s not make mug shots public unless the person was convicted.
  • We may think that Bernard Madoff’s accomplices should have links to news reports of their convictions rubbed out after 10 years or rehabilitation in prison, or we may like the idea that they should have trouble getting hired at broker dealers when they get out of jail.

One policy isn’t inherently more reasonable than another – it’s just a matter of public preference.

But what would be truly awful would be to let judges or information commissars decide on a case-by-case basis whose mortgage information, mug shot or tax record is “relevant” and therefore public and whose should be off limits.

That’s the place Europe is now headed. The question of information availability now turns into a zoning application: decided on a case by case basis, effectively unreviewable, and open to a heap of corruption.

What can facts can investigators gather without violating a person’s privacy? The answer we like to give is: whatever the law allows us to gather, but that doesn’t fully answer the question.

For one thing, privacy means very different things to different societies.privacy.jpg

Criminal records are public records in the U.S. and Canada, for instance. But in the U.S., we are not allowed to do a criminal background check on a person applying for a job, under terms of the Fair Credit Reporting Act, until that person has consented to such a search. Even after that consent, some states such as California forbid a complete criminal check. You can go back a specified number of years, but no further.

In Canada, criminal checks are OK, but in some jurisdictions you can’t do a search by a person’s name. Instead, you need to know the case they were involved in. You can then look up the case and read all about it.

In North America and the U.K., you can find out who owns a piece of property and usually how much they paid for it and whether the place is mortgaged. Elsewhere, that kind of asset information is off-limits. In the U.S., you can’t get someone’s tax returns without their permission. In Norway, tax returns are on line for everyone to see.

Just this week, the European Union’s fact finder had to decide the meaning of a Spanish law that establishes the “Right to be Forgotten.” We wrote about this awhile back in The Right to Privacy on the Web. At issue currently is a Spanish man who doesn’t like the fact that an old legal notice that he was delinquent in paying taxes keeps showing up on Google. Did Google have the obligation under this law to remove all links to the old Barcelona newspaper notice of this delinquency?

The E.U. fact finder said no, because as the New York Times reported, “Google merely aggregated information on the Web and was not a “controller” of information, it was not the legal entity that must comply with the provision of the law in question.”

By this reasoning, if anyone else were to find this notice and report on it, presumably they would not be violating the Spanish man’s privacy, but on a theory that’s a little murky. Who is the “controller” of information that is already in the public domain? The Spanish tax authorities can’t retract a notice once issued. They can correct it and say that it was issued in error, or they can record the fact that a tax lien was satisfied, but how can you erase knowledge of the one-time existence of the lien?

More troubling was the fact finder’s assertion that the 1995 law guaranteed a right to be forgotten “only in cases where information was incomplete or inaccurate, which was not at issue in the Spanish case.”

The “inaccurate” part easy enough to understand. If the lien was issued and then retracted due to error, the idea that you would report the issuance but not the error and retraction could be seen to be damaging to a person’s reputation.

But what about the right not to have information reported unless it is “complete”?

Most people who answer a criminal or civil complaint have a story to tell. In reporting an alleged civil or criminal wrong in Europe, are we obliged by law to report a “balanced” accounting that includes both sides of the story? Who is to judge whether the reporting of the two sides of a dispute is “complete?”

Simple in concept it may be, but the “Right to be Forgotten” is a hellishly complicated thing to administer.

 

 

 

 

 

Last week, the Associated Press reported that the Department of Justice had obtained confidential phone records for more than 20 telephone lines used by the staff of the Associated Press while investigating leaks of classified information.  Only days later, news surfaced that the DOJ had also accessed the phone records and emails of James Rosen, chief Washington correspondent for Fox News, in connection with an information leak involving Jin-Woo Kim. telephone records.jpg

We have previously talked about phone records in this blog, but the topic bears revisiting in light of recent events. Phone records can be investigative gold, and our clients often ask us to get our hands on them. Our answer is nearly always an unequivocal no. Congress outlawed the unauthorized access of telephone records when it passed the Telephone Records and Privacy Protection Act of 2006

We recommend steering clear of any investigator who promises to find phone records for you.  At the very least, be wary of investigators who will not tell you exactly how they plan to obtain phone records or emails, since it could be a warning sign that they are operating in dangerous territory (pretending to be the person whose records they are requesting, for instance).  Attorneys hiring investigators should be especially careful since the attorney may ultimately bear responsibility for the investigator’s acts. 

We will only review telephone records or emails if our client has a legal right to provide them to us. For example, in a recent matrimonial case, our client gave us legally-obtained phone records for her spouse and asked us to track down any numbers she told us she did not recognize. She was looking for people who may have helped her husband secretly invest money, such as financial professionals or attorneys.  By searching databases and public records, we not only found several brokerage firms and hedge fund managers her husband had contacted, but also a handful of mistresses he had been calling.

When you see two big book reviews and an entire special section of The Wall Street Journal devoted to a topic, a curious person should ask: how does this affect me, my family, my business, the worldBig Data.jpg?

The book is Big Data: A Revolution that Will Transform How We Live, Work and Think and one its authors, Kenneth Cukier, is a former colleague of mine. The book has received excellent reviews and deserves to be read by anyone who wants to understand what’s going on in a big sector of world business.

It’s clear that Big Data – the ability today to process more information about people than ever before – has huge implications for businesses. But its effect on a good investigation? Harder to see.

Good investigators don’t care if 68 percent of people who drive Cadillacs also eat at a steak house once every seven weeks. That may be a statistic worth something to steakhouse owners looking for new customers or Cadillac dealers wondering which kind of restaurant social network to link to.

But for us? Hard to see how it will help. Investigations are done one at a time. If we need to know exactly where someone is going to go on a certain day, we need to follow him.

It’s not good enough to know that many of the people in his congregation have summer homes in a particular part of Pennsylvania: if we are doing an asset search, we need to see if HE has a home there. Then we need to be able to prove it.

That’s where big data stops and investigation takes over. Big data is about probabilities, and investigation is about evidence and proof.

Of course, courts do not reject statistical evidence all of the time. The now-famous series of Shonubi decisions in the Second Circuit are well documented here. But given the choice between a statistical probability and hard proof, why would anybody who needed help with fact finding prefer the former?