Murder at dawn: How data can track killers (and other criminals), and the government proposals to prevent that use

    A recent tragedy on the streets of midtown Manhattan highlighted the dangers people face from acts of violence and the power of data to help locate and prevent crime.

    Files and folders network

    To catch a killer: Hard and soft resources

    On December 4, 2024, Brian Thompson, chief executive of UnitedHealthcare, the largest U.S. health insurer, was brazenly gunned down outside his New York hotel in a planned attack.[1] Following the cold murder on the chilly morning, the NYPD and the FBI swung into full motion. The search “included police drones, helicopters and dogs.”[2] All these resources will be a big help in finding the killer, as they are in solving many violent crimes. But data also helps locate perpetrators of all types of crimes and locate victims, including missing and exploited children. Sadly, government proposals pending in Washington and beyond could limit the digital trails needed for law enforcement purposes.

    The suspect in Thompson’s murder escaped the pre-dawn scene on an electric Citi Bike. Using these bikes crates “’digital exhaust,” streams of data that can be used to track the rider, said David Shmoys, a computer scientist at Cornell University who helped design the system.”[3] Creating a Citi Bike account requires a credit card, a key access point for law enforcement. So does the undocking of the bike, riding it around the city, and docking at a new location. All these acts create “streams of digital breadcrumbs” that can help Lyft, the company that operates Citi Bike, track the user’s location, and possibly their identity,’ Mr. Shmoys said. Combined with the user’s phone data and location shared with cell towers, ‘It is amazing how much information is conveyed,’ Mr. Shmoys said.”[4]

    Data done right

    I often speak of data done right or data for good. Whatever you call it, data can be powerful tools to prevent fraud against government agencies (ultimately fraud against the public), businesses, and nonprofits. Data used by businesses helps identify and authenticate consumers to complete transactions, locate victims, witnesses, and fugitives, reunite lost assets with beneficiaries, and more.  This data is necessary for financial services fraud detection and prevention, anti-money laundering services, retail fraud detection and prevention, and law enforcement support, thereby advancing public safety and national security and enabling the swift and equitable provision of government benefits to those in need as determined by government agencies. Companies, often regulated by the Federal Fair Credit Reporting Act (FCRA), provide services to major federal law enforcement agencies, including the FBI, Secret Service, U.S. Marshals, the DEA, and the NYPD.

    Proposed regulations would limit critical data sharing

    In 2023, the Consumer Financial Protection Bureau (CFPB) issued a staggering proposal that would essentially shut down access to identifying information and other related data critical to socially beneficial uses, like law enforcement. In December 2024, the Bureau doubled down on this idea when it issued a notice of proposed rulemaking, a further step in the process to limit access to these critical data flows.

    Law enforcement needs for data

     If the CFPB proposal goes through, consumers will suffer, as will the government agencies, businesses, and nonprofits that work to service them. Law enforcement will suffer. That means police and other investigative agencies will have a harder time locating victims, witnesses, fugitives, and suspects. When time is of the essence, data is a key enforcement asset.

    No one knows how important the combined use of data and speed are better than Alicia “Kozak” Kozakiewicz. In 2001, at the age of 13, Kozakiewicz “became the first widely known victim of internet grooming and abduction.”[5] Her “rescue came in the eleventh hour, mere moments before [she] may have been killed. [She] was saved, not by chance, but by law enforcement using critical investigative tools,” like those that the CFPB wants to take away. LexisNexis® Risk Solutions (LNRS) is one example of a company using data for good with its partnership with the Center for Missing and Exploited Children.[6]

    Businesses that the CFPB calls “data brokers” use data and advanced analytics to help law enforcement solve crimes. They also facilitate cross-jurisdictional collaboration with powerful information-sharing and data fusion tools in support of specific law enforcement missions. These businesses are able to use their tools to quickly identify people and their addresses, relatives and business associates; Search a comprehensive database to uncover non-obvious people connections; Process thousands of records at a time to locate suspects, witnesses and fugitives for criminal investigations; Derive investigative intelligence from crime mapping and analysis; Share critical case information with colleagues and investigators; and Quickly correlate critical investigative data using data-enhanced call detail record analysis.

    Law enforcement critical of CFPB proposals

    The law enforcement need for data that would be prevented from being used led to an urgent meeting in October 2024 between the CFPB Director, Rohit Chopra, and the National Association of Police Organizations (NAPO), one of the largest law enforcement organizations in the U.S.[7] Founded in 1978, NAPO represents more than 1,000 police units and associations and more than 241,000 sworn law enforcement officers, according to its website. Overall, law enforcement has been critical of CFPB proposals. For example, in 2015, Stewart Whitson led an FBI investigation that caught an ISIS terrorist plotting an attack on U.S. soil. In that case

    In May 2015, a police officer killed two ISIS terrorists before they could carry out an attack in Garland, Texas. The FBI identified a third member of their group, Abdul Malik Abdul Kareem, who was plotting an attack in Arizona. While surveilling him, we saw him driving toward a house. Using credit-header data, we found the name and cellphone number of the man living in the house. A few hours after the suspect left the house, my partner and I called the occupant and arranged a meeting at a safe location. The man told us Mr. Kareem had tried to intimidate him. Earlier, the same man had unknowingly helped the terrorists find a location to train for the Garland attack. He became a key witness in our investigation.

    Without the credit-header data, we might not have been able to contact the occupant for a while, giving Mr. Kareem more time to carry out his attack. Instead, we arrested Mr. Kareem in June 2015. He was sentenced in 2017 to 30 years in prison.[8]

    If the CFPB banned access to “credit header” data as it proposed, “[t]errorists stand to gain the most from this cumbersome process.”[9]

    While NAPO attempted to move the Bureau off its proposals in its October 2024 meeting, it did not.

    Now what?

    Brian Thompson was not the only person to be shot and killed in the U.S. this week. Crime is a constant in American life, whether it’s financial fraud, cold-blooded murder, or child abduction. We need all the tools necessary to limit fraud and smooth consumer transactions. The data provided by data brokers, so-called “credit header” data, is mission critical for daily commercial life. I hope the new administration works to prevent the Bureau’s ill-advised proposal from harming commerce and limiting law enforcement tools.

    Eric J. Ellman's avatar

    Eric J. Ellman

    [1]

    Joshua Chaffin and Anna Wilde Mathews, Murder at Dawn: A Top Executive’s Final Moments in Manhattan, Wall St. J., Dec. 5, 2024, https://www.wsj.com/us-news/united-healthcare-ceo-killed-what-happened-33cf8452.

    [2] Jake Offenhartz, Karen Matthews, and Michael R. Sisak, Police hunt for UnitedHealthcare CEO’s masked killer after ‘brazen, targeted’ attack on NYC street, AP, Dec. 4, 2024, https://apnews.com/article/manhattan-shooting-death-daa1e8c8c05606197a5bd2e0242f1683.

    [3] Christopher Magg, Citi Bikes Leave ‘Digital Exhaust’ That Could Help Track a Killer, N.Y. Times, Dec. 4, 2024, https://www.nytimes.com/2024/12/04/nyregion/citi-bike-records-uhc-shooting.html

    [4] Id.

    [5] Alicia “Kozak” Kozakiewicz, Opinion: Proposed changes to financial reporting could endanger human trafficking victims, The Daily Indy, Nov. 14, 2024, https://thenevadaindependent.com/article/opinion-proposed-changes-to-financial-reporting-could-endanger-human-trafficking-victims.

    [6] https://www.prnewswire.com/news-releases/onsolve-expands-partnership-with-the-national-center-for-missing–exploited-children-and-lexisnexis-risk-solutions-302052793.html.

    [7] Suzanne Smalley, Police seek compromise with CFPB as regulator mulls reining in investigator access to sensitive data, The Record, Nov. 1, 2024, https://therecord.media/police-lobbying-cfpb-data-broker.

    [8] Stewart Whitson, Commentary: The CFPB Targets an Antiterror Tool, WSJ, Nov. 28, 2023, https://www.wsj.com/articles/the-cfpb-targets-an-antiterror-tool-consumer-financial-protection-bureau-credit-header-data-80a038d4.

    [9] Id.

    Eric J. Ellman