The Murder of Amy Boyer
April 13, 2005
Far too often as we grapple with the issue of balancing the privacy of
Americans with the necessary and legitimate uses of Americans’ personal
information the debate centers on discussions of “data”, but not the lives
behind the “data”.
In order to illustrate what I’ve learned over the course of more than
twenty years using and investigating the good and harm of database
information, I’d like to begin by focusing on one life behind one set of
The untimely and violent end to that life encapsulates all the issues
securing personal information while balancing privacy with
legitimate uses of information. Further, investigating this one act of
violence led me to a more complete understanding of how personal information
is being used and abused in the United States today. This case also
demonstrates that the problem is much larger than the recent ChoicePoint
breach and other instances that have recently been in the headlines. The
problems of securing personal information and balancing privacy with
legitimate use are intertwined and impact every business and government
On a quiet fall afternoon in October of 1999 Amy Boyer, a young Nashua, New
Hampshire woman, was leaving work with two co-workers. The small group was
discussing plans for that weekend as they walked to their cars parked on a
side street less than a block from the office.
As Amy said good-bye and
closed her door, a car driven by Liam Youens sped up the street and stopped
driver’s door to driver’s door with Amy’s car. Youens yelled out Amy’s name
as he fired 11 bullets into the head and upper body of his unsuspecting 20
year-old victim. Youens then fired one last shot into his head, instantly
killing himself as Amy lay just feet away mortally wounded.
Liam Youens was a demented young man. He glorified the Columbine killers
and toyed with the idea of doing the same at Nashua High School. He openly
planned Amy’s murder and the intended murder of others for more than a year.
The reason we know so much about Youens is that he documented his plans to
murder Amy on a web site he created to publish his sick desires.
But that web site contained far more than just the perversity of Liam
Youens. It contained the starting point for a trail of evidence that proves
how personal information of all Americans stored with good intent in myriad
databases across this country can be easily obtained and used for
incalculable harm. The trail that began on a quiet Nashua street led to the
shadowy world where a small but persistent number of illegitimate
information brokers and private investigators, in addition to a growing
number of identity thieves and other criminals, access databases holding our
most important personal information and use that data for criminal purposes.
In Amy’s murder the evidence showed that Youens decided to ambush Amy as she
left work. But Youens had a problem. He didn’t know where Amy worked. So he
started using information brokers and private investigators that run
Internet based operations that specialize in obtaining and selling personal
information on Americans. In separate Internet transactions Youens purchased
Amy’s date of birth, social security number, home address, and finally her
place of employment.
Youens himself was struck by how easily he was able to purchase Amy’s
personal information while concealing his evil intent. Here is a small
sampling of Youens own words from his web site where he was documenting his
step-by-step activities to locate and kill Amy:
|From Youen's Web site
When I finished finding [street
name redacted] residents in the phone book I thought my best bet
was apt. number 7 so I entered the information. It wasn't 7, but who
cares I got a HIT! I fell to the floor and let the endorphines fly.
Her address was [residential address redacted] she didn't move from
home yet, no other information was provided in the Instant Background Check.
I found an internet site to do that, and to my surprize everything
else under the Sun. Most importantly: her current employment. It's
accually obsene what you can find out about a person on the internet.
I'm waiting for the results.
[typos from original --redaction and emphasis added
by R. Douglas]
The Internet site Youens found to get Amy’s “current employment” and
“everything else under the Sun” was
Docusearch.com. To obtain Amy’s “current
employment” Docusearch provided Amy’s social security number, date of birth,
and home address to Michele Gambino, another private
investigator/information broker operating as Gambino Information Services
out of New York City. Gambino has at times described her specialty as
“proper pretext”, “subterfuge phone calls”, or “informative telephone
conversations”. Those are nice titles for deceit, fraud, and lying. In
short, Gambino uses lies to deceive people out of personal information.
At the time of Amy’s murder, Gambino and others who worked as subcontractors
for Docusearch specialized in defeating the information security systems of
financial institutions (including many of the nation’s largest banks and
brokerage houses), telecommunications companies (obtaining non-published
phone numbers and records of phone numbers dialed from any phone in the
country), utility companies (power/cable/gas/water/satellite firms all
maintain databases of personal information), and unsuspecting private
citizens with information about loved ones.
In this case, Gambino conducted a “pretext” to obtain Amy’s work address by
impersonating an insurance company representative and falsely stating that
she had a refund for Amy. By having Amy’s social security number, date of
birth, and home address, Gambino was able to sound authoritative as most
Americans wrongly believe that only someone with legitimate access and
authority would have their social security number and other personal
information. Gambino was able to deceive Amy and/or Amy’s mother out of
Amy’s work address on the pretext that the work address was needed to
process the insurance refund.
The reality is, as far as Docusearch and Gambino were concerned, obtaining
Amy’s work address by fraud was just another transaction to put money in
their pockets. And a lucrative business it is. With just two employees and a
handful of independent contractors like Gambino, Docusearch was grossed over
$1 Million per year selling and re-selling Americans’ personal information.
Outrageously, while Docusearch was in the business of accessing and stealing
Americans’ personal information and continues to this day to brag about how
they can find anything about anybody, neither Gambino nor Docusearch took
any constructive steps to determine who Youens was, much less why he needed
the employment address of Amy. Had Docusearch or Gambino simply typed Amy’s
name into any free search engine they would have found Youens’ web site
documenting his intent to kill Amy.
Docusearch was on notice that their Internet site was being used by
potential stalkers with intent to do harm. Just days before Gambino used a
“pretext” to obtain Amy’s work address, Docusearch learned that another
“client” was attempting to obtain an address on a young woman in Texas for
potential harm. In the Texas case, Docusearch was once again using a pretext
to learn the address of the young woman from the woman’s mother.
Fortunately, the mother was savvy enough to realize they were trying to
deceive her out of her daughter’s address and told the Docusearch
“investigator” that her daughter had a restraining order against
While Docusearch, Gambino, and others in the information brokerage and
investigative fields often argue that they shouldn’t be held responsible for
the unforeseen consequences of selling “data”, those defenses ring hollow.
Not only is there ample evidence in the files of Docusearch and Gambino of
potential harm caused by the personal information they are selling on
demand, the information brokerage/private investigative industries have been
aware since at least the early 1980s of criminals using their services to
carry out violent and non-violent crimes.
This article was condensed from the Testimony of Robert
CEO, PrivacyToday.com United State Senate Committee on the Judiciary Hearing
on Securing Electronic Personal Data: Striking a Balance Between Privacy
and Commercial and Governmental Use