This is the story of how I inadvertently became an identity thief.
Well, it wasn’t inadvertent like spilling a drink or fortuitously finding a dollar bill in a parking lot. I knew what I was doing. I just couldn’t believe how long I kept on doing it.
Let me explain.
The windows of my home office face across the street toward a fugly 1970s apartment building, and I can’t help but notice residents as they come and go – I also keep loose tabs on kids going to school, drivers who can’t parallel park, a nice guy in a motorized wheelchair who goes to the grocery most mornings, and a family of raccoons.
For days, they’re out on the sidewalk reciting their full names, phone numbers, current and previous addresses, and account numbers.
In August, two new tenants moved in across the street: We’ll call them Todd and Russell. They were different from typical renters, and not just because they wear plaid board shorts with neon green flip-flops and electric-pink plastic sunglasses. They conducted all their phone calls outside, sitting on the large rocks out front or pacing up and down the sidewalk. See, Todd and Russell had no cell service inside their ground-floor apartment, and a landline (I guess) would be too twentieth-century. So they went outside to use their phones.
And Todd and Russell were on their phones a lot. Since it was August, my windows were open and I quickly picked up on their first names and that neither owned a car because they’re figuring out rides, carpools, and bus routes. Just as I was beginning to tune out this chatter, I hear Russell: “No, no, log in to the fan page.” A long pause, a car drives past. Then, as clear as if Russell were in the room with me: “Try cosmic one three one monkey.”
What?! Did Russell just speak a password on a public sidewalk? He keeps talking, but has turned away and I can’t make anything out; by the time he’s facing my way again all I get is “OK, I’ll call later,” and he heads back inside.
I write down “Pink glasses FB fan page cosmic131monkey ?!” on the pad of paper I keep on my desk, and then I get on with my day.
But wait, there’s more!
A few days later, Todd and Russel get Internet service hooked up, and I see a new Wi-Fi access point change from something like HOME-E86B to SeattlePD – very funny, boys. Even with Wi-Fi and maybe even phone service set up, they’re still out on their phones all the time.
I’m overhearing them calling utility companies and the DMV to change their addresses, order stuff from Amazon, and shut down gas service at their old place. For days, they’re out on the sidewalk reciting their full names, phone numbers, current and previous addresses, and account numbers. Some of their friends come by and I overhear their Wi-Fi password. I confirm it by signing into the SeattlePD Wi-Fi hotspot for a minute, then pulling up The Onion. No problems. Unbelievable.
It’s all getting very Rear Window – except it’s my front window, and all this is happening on a public sidewalk maybe 50 feet from my ears. And it’s not just me; I’m sure neighbors on either side of me can hear as much as I do, and I know a number of them are home during the day. Do Todd and Russell have a reasonable expectation of privacy for conversations they’re conducting on a public street? While I wonder about it, to my horror, I continue to write it all down – my yellow notepad is accumulating numbers, names, circles, and arrows.
My yellow notepad is accumulating numbers, names, circles, and arrows.
This goes on for weeks. Sometimes days pass when I don’t add anything to my cache of overheard credentials, but I’m still picking up dribs and drabs. Then Todd marches outside literally shouting about how he’s not going to pay some sort of late fee. Standing in the rain, wearing electric blue flip flops (I have no idea what that’s about), Todd thumbs angrily at his phone then declares authoritatively “I’m calling to dispute a charge!” I’m all ears. Todd paces up and down the sidewalk, gives his address and phone number (boring, I already have those), then says “Eight seven two nine.”
Uh, was that a PIN number? I look through my notes: I know who Todd banks with, and now I know he has a credit card, and I probably have his access pin for customer support. I’m ashamed to admit this, but I think I could call Todd’s bank and cancel his accounts. Or worse.
I decide I’m done. I rip the sheets off the yellow notepad and throw them in my to-be-shredded recycling.
Luke, I am your stalker
By now it’s early October, and I’ve closed my office windows and turned on the furnace. However, thanks to a gigantic maple tree, I’m also outside in front of the house more often, dealing with leaves and keeping storm drains clear.
I’m raking the driveway when Russell steps outside with an envelope in one hand and his phone in the other. He waves politely to me with the envelope, leans up against a no-parking sign, and dials the phone. Several minutes pass and I just keep raking, but I’m no more than 20 feet away when Russell says “Yeah, hi, I’m calling about my amended tax return.” After a long pause, Russell recites his name, his address, a nine digit number, and a six-digit number.
I can’t help it. I start repeating the numbers in my head, making a sing-song out of them, working them into the rhythm of my raking.
I’m all the way at the top of the driveway when Russell turns to go inside, but I shout “Russell! Excuse me!” then start toward him. Imagine this from Russell’s point of view: That weird neighbor with the ponytail who seems to be OCD about leaves in the street just shouted your name and is half-jogging toward you carrying a rusty rake. I see the fight-or-flight response rise up in Russell’s eyes.
“Sorry, I know this is weird, but is this your social-security number?” I rattle off the nine-digit figure. Embarrassingly, it comes out like in a creepy sing-song voice.
Russell is plainly taken aback. “How did you know that?”
“You just said it when you came outside, I heard it.”
“From across the street?”
“It’s only like 20 feet.”
Russell looks. “Uh, yeah, I guess so.”
Standing there with my rake, I feel like a reject from a bizarro-world Norman Rockwell painting, but now I’m on a roll. “That’s not all.” I point to my windows. “My home office is right there. You wouldn’t believe the stuff I’ve heard you two say when you’re out here on the phone.”
Russell still has the fight-or-flight thing going on in his expression, but he stands his ground. “Like what?”
“Well, names, phone numbers, accounts numbers, Facebook passwords, I think an Amazon security question or two…”
Russell stops me. “What are you going to do with it?”
“I’d like to show it to you. And, with your permission, I’d like to write an article.”
Won’t you be my neighbor?
Todd and Russell came over yesterday evening – ironically, after we watched the police arrest someone for burglary. (Yes, it’s that kind of neighborhood.) I fished the yellow sheets out of my recycling and laid out everything out for them, from that first Facebook password (it turned out to be for a fan page for their band) all the way through that afternoon’s incident with the social security number. I had many details wrong, particularly regarding their friends and relatives, but I had captured a surprising amount of information:
- Todd and Russell’s full names (including correct spelling)
- Their employers
- Their previous addresses
- Their current water and electricity service account numbers
- Their Wi-Fi password
- Two Facebook fan page passwords
- Two of Todd’s Amazon security questions (although I wasn’t sure they were for Amazon)
- The name of Todd’s bank (I was wrong about Russell’s)
- Todd’s customer access PIN for his bank accounts
- Todd has type 1 diabetes and is keeping it secret from his employer
- Russell’s sister fled the scene of an accident in mid-September
- Russell’s social security number and IRS E-Filing PIN
“If you were out on your porch I’d have gone somewhere else, but I didn’t think I was saying anything important,” said Russell. “What are the odds someone would put this stuff together?”
I’m ashamed to admit this, but I think I could call Todd’s bank and cancel his accounts. Or worse.
“I did think about it,” said Todd. “Doing phone calls outside seemed weird, but I did the same thing at my old place and it’s not like I was sitting on the bus. Phone calls are, just, private, you know? I do almost everything on my phone.”
Despite all the complex digital security safeguards in place to protect their online information, Todd and Russell fell prey to the simplest of analog holes: someone simply overheard them. All the encryption in the world can’t save you if you’re literally broadcasting your passwords to the neighborhood.
But the situation also highlights how relying on our mobile devices can backfire. The more we rely on our smartphones and tablets to organize and manage our lives, the more we assume that we can organize and manage our lives from anywhere, whether that’s the living room couch, a coffee shop, or pacing up and down the sidewalk in front of our homes. We live in cocoons of mobile apps, messages, and online friends, pushing back the noise of the world with earbuds.
But the world is only a few feet away. And, sometimes, we’ve got its full attention.
Note: My neighbor’s names aren’t Todd and Russell, and with the exception of that first Facebook password (which they assure me was changed some time ago) all sensitive data in this story has been fictionalized. My neighbors approved use of blurred out images of my notes, and we completely changed their Wi-Fi network configuration.
Correction: A Social Security Number was originally described as having eight digits rather than nine. This has been corrected.
(Image credit: Shutterstock.com and kcsb.org)
