The Murder of Amy Boyer by Robert Douglas Senate Hearings April 13, 2005

Far too often as we grapple with the issue of balancing the privacy of Americans with the necessary and legitimate uses of Americans’ personal information the debate centers on discussions of “data”, but not the lives behind the “data”. Amy Boyer In order to illustrate what I’ve learned over the course of more than twenty years using and investigating the good and harm of database information, I’d like to begin by focusing on one life behind one set of data. The untimely and violent end to that life encapsulates all the issues that surround securing personal information while balancing privacy with legitimate uses of information. Further, investigating this one act of violence led me to a more complete understanding of how personal information is being used and abused in the United States today. This case also demonstrates that the problem is much larger than the recent ChoicePoint breach and other instances that have recently been in the headlines. The problems of securing personal information and balancing privacy with legitimate use are intertwined and impact every business and government sector. On a quiet fall afternoon in October of 1999 Amy Boyer, a young Nashua, New Hampshire woman, was leaving work with two co-workers. The small group was discussing plans for that weekend as they walked to their cars parked on a side street less than a block from the office. Liam Youens As Amy said good-bye and closed her door, a car driven by Liam Youens sped up the street and stopped driver’s door to driver’s door with Amy’s car. Youens yelled out Amy’s name as he fired 11 bullets into the head and upper body of his unsuspecting 20 year-old victim. Youens then fired one last shot into his head, instantly killing himself as Amy lay just feet away mortally wounded. Liam Youens was a demented young man. He glorified the Columbine killers and toyed with the idea of doing the same at Nashua High School. He openly planned Amy’s murder and the intended murder of others for more than a year. The reason we know so much about Youens is that he documented his plans to murder Amy on a web site he created to publish his sick desires.



But that web site contained far more than just the perversity of Liam Youens. It contained the starting point for a trail of evidence that proves how personal information of all Americans stored with good intent in myriad databases across this country can be easily obtained and used for incalculable harm. The trail that began on a quiet Nashua street led to the shadowy world where a small but persistent number of illegitimate information brokers and private investigators, in addition to a growing number of identity thieves and other criminals, access databases holding our most important personal information and use that data for criminal purposes.



In Amy’s murder the evidence showed that Youens decided to ambush Amy as she left work. But Youens had a problem. He didn’t know where Amy worked. So he started using information brokers and private investigators that run Internet based operations that specialize in obtaining and selling personal information on Americans. In separate Internet transactions Youens purchased Amy’s date of birth, social security number, home address, and finally her place of employment.



Youens himself was struck by how easily he was able to purchase Amy’s personal information while concealing his evil intent. Here is a small sampling of Youens own words from his web site where he was documenting his step-by-step activities to locate and kill Amy:

From Youen's Web site When I finished finding [street name redacted] residents in the phone book I thought my best bet was apt. number 7 so I entered the information. It wasn't 7, but who cares I got a HIT! I fell to the floor and let the endorphines fly. Her address was [residential address redacted] she didn't move from home yet, no other information was provided in the Instant Background Check.



I found an internet site to do that, and to my surprize everything else under the Sun. Most importantly: her current employment. It's accually obsene what you can find out about a person on the internet. I'm waiting for the results. [typos from original --redaction and emphasis added by R. Douglas] The Internet site Youens found to get Amy’s “current employment” and “everything else under the Sun” was Docusearch.com. To obtain Amy’s “current employment” Docusearch provided Amy’s social security number, date of birth, and home address to Michele Gambino, another private investigator/information broker operating as Gambino Information Services out of New York City. Gambino has at times described her specialty as “proper pretext”, “subterfuge phone calls”, or “informative telephone conversations”. Those are nice titles for deceit, fraud, and lying. In short, Gambino uses lies to deceive people out of personal information.



At the time of Amy’s murder, Gambino and others who worked as subcontractors for Docusearch specialized in defeating the information security systems of financial institutions (including many of the nation’s largest banks and brokerage houses), telecommunications companies (obtaining non-published phone numbers and records of phone numbers dialed from any phone in the country), utility companies (power/cable/gas/water/satellite firms all maintain databases of personal information), and unsuspecting private citizens with information about loved ones.



In this case, Gambino conducted a “pretext” to obtain Amy’s work address by impersonating an insurance company representative and falsely stating that she had a refund for Amy. By having Amy’s social security number, date of birth, and home address, Gambino was able to sound authoritative as most Americans wrongly believe that only someone with legitimate access and authority would have their social security number and other personal information. Gambino was able to deceive Amy and/or Amy’s mother out of Amy’s work address on the pretext that the work address was needed to process the insurance refund. The reality is, as far as Docusearch and Gambino were concerned, obtaining Amy’s work address by fraud was just another transaction to put money in their pockets. And a lucrative business it is. With just two employees and a handful of independent contractors like Gambino, Docusearch was grossed over $1 Million per year selling and re-selling Americans’ personal information. Outrageously, while Docusearch was in the business of accessing and stealing Americans’ personal information and continues to this day to brag about how they can find anything about anybody, neither Gambino nor Docusearch took any constructive steps to determine who Youens was, much less why he needed the employment address of Amy. Had Docusearch or Gambino simply typed Amy’s name into any free search engine they would have found Youens’ web site documenting his intent to kill Amy.



Docusearch was on notice that their Internet site was being used by potential stalkers with intent to do harm. Just days before Gambino used a “pretext” to obtain Amy’s work address, Docusearch learned that another “client” was attempting to obtain an address on a young woman in Texas for potential harm. In the Texas case, Docusearch was once again using a pretext to learn the address of the young woman from the woman’s mother. Fortunately, the mother was savvy enough to realize they were trying to deceive her out of her daughter’s address and told the Docusearch “investigator” that her daughter had a restraining order against Docusearch’s client.



While Docusearch, Gambino, and others in the information brokerage and investigative fields often argue that they shouldn’t be held responsible for the unforeseen consequences of selling “data”, those defenses ring hollow. Not only is there ample evidence in the files of Docusearch and Gambino of potential harm caused by the personal information they are selling on demand, the information brokerage/private investigative industries have been aware since at least the early 1980s of criminals using their services to carry out violent and non-violent crimes. This article was condensed from the Testimony of Robert Douglas

CEO, PrivacyToday.com United State Senate Committee on the Judiciary Hearing on Securing Electronic Personal Data: Striking a Balance Between Privacy and Commercial and Governmental Use April 13, 2005