By Elinor Mills, CNET News.com
NEW YORK -- For private investigator Steven Rambam, the Internet is his most valuable tool in helping to find missing persons, cheating husbands, and your competitor's dirty secrets.
But while the intelligence business is booming, individuals are losing the battle to protect their privacy with every blog post, Google Web search, and online photo, Rambam, director of the Pallorium investigative agency, said in a keynote session at the Last HOPE (Hackers on Planet Earth) conference.
"Anything you put on the Internet will be grabbed, indexed, cataloged, and out of your control before you know it," he told CNET News after the July 19 session. "The genie is out of the bottle. Data doesn't stay in one location. It migrates to hundreds of places."
Information that he used to have to search for or dig up in faraway places is now available at his fingertips. All types of information is being digitized, older stuff is being scanned and put online, and it's all being aggregated into uber-databases that are being sold to marketers, government agencies, and anyone else who can pay, he said.
Rambam says he searches on social networks to find photos of people he is researching, the first step in any investigation. He gets a lot of other vital data from those sites, like hometown, age, relationship status, school and work history, hobbies, and friends and acquaintances to interview. With Twitter, he can often see where they are right now, or at least in the recent archived past.
"I used to pay the police $500 for a driver's license photo. Now I just have to go to MySpace," he said. "I can find your location without leaving my desk."
He uses job sites to see someone's résumé, date of birth, address, and work history, to find former employees of companies he is researching and to see what job openings they have and compare salary levels. And then there are sites like Don'tDateHimGirl.com and Who'sARat.com where you can find what a person's enemies have to say.
Rambam also gets information from marketing databases that gather information on people's buying habits and preferences from frequent-customer cards, surveys, product registrations, actual transactions, and other activities.
Marketing databases with vast amounts of personal records are being purchased by the government, he said. At the same time, individuals have less power to learn what information is being gathered on them and how it is being used, because private entities are exempt from the Freedom of Information Act, he added.
"Domino's has built the biggest consumer database in America," and the U.S. Marshals Service, the New York Police Department and collection agencies are using it to track people down, Rambam said.
There also are vast stores of data based on people's Web and computer activities being amassed by technology companies that can be easily used to connect a specific individual to specific activities and information. For example, end user license agreements allow for location data to be sent back to the manufacturer every time a customer logs in, and photos and burned CDs and DVDs have unique serial numbers for tracking, he said.
Then there is the "snitch" in everyone's pocket -- the cell phone. Unlike your activity on a computer, "a cell phone can be immediately traced to you and you have it with you 24/7," Rambam said.
"Cell phones change everything," because of their location-based technology, he said. "I'm able to know who you talked to, where you are, what you do, and what you like just from cross-referencing cell phone (data)."
Finally, cameras and video cameras have helped revolutionize the snooping industry. Smart cameras with facial and activity recognition analytic capabilities are popping up everywhere, while the FBI and others are testing systems that will recognize the walking gait of individuals, Rambam said.
There are police helicopters in New York that can see what a car passenger is reading. New York is partnering with businesses and landlords to install 3,000 cameras in lower Manhattan and has spent $450 million to install 3,000 cameras in the subway, he said.
In a test of his skills, Rambam tracked down someone who had agreed to go into hiding for one year. He was able to locate the person nine times, using methods including social engineering and a dummy e-mail account, tracking the IP address of an Internet cafe computer, cell phone triangulation, a credit card trace on an airline ticket using a frequent flier number, a fake Match.com ad, and an online "wanted" poster.
Rambam, who details the experiment in a book titled Stealing Your Own Identity, also was able to track his subject through his pharmacy and doctor.
And in an ingenious move, he noticed that there were blocks of photos with consecutive unique IDs on the subject's Web site that were missing. So he searched for photos with ID numbers that would fit in that sequence on Flickr and found shots that gave away his target's whereabouts.
Although he works closely with law enforcement agencies, Rambam has had a legal run-in of his own, just like some of the hackers in the audience. He had been scheduled to speak at the previous HOPE in 2006, but was arrested right before he was to give his talk and spent two days in jail on charges of impersonating an FBI agent and tampering with a government witness. The charges were dropped, he said.