Podcast: Minnesota assassin used data brokers as a deadly weapon
I'm the host of Duke University's Debugger podcast
I've called Amy Boyer the first person killed by the Internet...with only a hint of a stretch in my assertion. She was stalked and murdered by someone who tracked her down using a data broker ...in 1999. I told her story in a documentary podcast called "No Place to Hide" published five years ago, on the 20th anniversary of her death.
The dark events that took place in Minnesota last month show we've learned just about nothing, a solid 25 years after Amy's unnecessary death.
When alleged assassin Vance Boelter left his home on June 13, he had a list of 45 state politicians in his car, and enough ammunition to kill dozens of them. He also had a notebook full of their personal information, including home addresses. That notebook also had detailed information on 11 different Internet data brokers -- how long their free trials were, how he could get home addresses. Most of them have names you've probably seen in online ads -- I've redacted them in the image above to avoid giving them any unnecessary publicity.
Belter stalked his victims digitally. He ultimately killed Rep. Melissa Hortman and her husband, and shot a second state legislator and his wife, before his rampage ended. The horrific attack could have been even worse -- and it was fueled, in part, by data brokers.
As stories of political violence mount in the U.S., a fresh spotlight is being shined on security for public officials -- politicians, judges, government bureaucrats, even corporate executives. But America has failed for decades to take even basic steps to protect our privacy, failing again and again to pass a federal privacy law, even failing to do much about the hundreds of data brokers that profit off of selling our personal information.
What was the role of data brokers in this horrific crime and what more could be done to protect elected officials -- protect all of us -- going forward? In this episode of Debugger, I talk with David Hoffman, a professor at Duke University and director of the Duke Initiative for Science and Society. Please click and listen. But if podcasts aren’t your thing, I’ve included a transcript below.
Would Boelter have found his victims without data brokers? Perhaps, perhaps not. We'll never know. But why do we seem to be making things so easy for stalkers, for murderers? Why do we pretend to be helpless bystanders when there are simple steps our society can take to make things harder for stalkers?
While we're on the topic, consider visiting Yael Grauer's Data Broker Opt-Out List
------------Partial transcript--------------
(lightly edited for clarity)
David Hoffman: We've known for quite a while that people have been actually been getting killed because of the accessibility of data from data brokers. These people search websites and people search data brokers are really the bottom feeders of the Internet economy. What we haven't seen is something of such high profile as this particular instance, and it's my hope that it's going to serve as a catalyst for us to take some of the very reasonable policy actions that we could do to address this and make sure something like this doesn't happen in the future.
Bob: It's not just elected officials or CEOs of companies that are at risk for this, right? Who else might be at risk from digital stalking and from the information that can be gleaned from a data broker?
David Hoffman: I think some of the cases that we've seen have been, for instance, victims of domestic violence and stalking. But it can be just about anyone who, for one reason or another, has someone to fear … who can find out who they are, where they live, and other personal information about them and their family.
Bob: I know Duke has done some research on data brokers and their impact on national security and other issues.What kind of research have you done and what have you found?
David Hoffman: We've actually led a program on data broker research for six years now, and what we have done is shown the value that people are providing for the data so that… it actually has economic value, people are paying for it, and that they are creating the kinds of lists and selling them that are horrific.
Let me give you an example. We have found that there are entities out there that are collecting lists for sale of personal information about veterans and members of the military. We have found that there are people out there creating lists about people who are in the early stages of Alzheimer's and dementia, and those people are selling those lists to scam artists, particularly because those people are at risk.
So we have actually done research where we've gone out and we have purchased this data from data brokers, and then we have analyzed what we have received and we see a tremendous amount of sensitive information, including information about sexual orientation of individuals and healthcare information.
Bob: Are there natural security risks as well from the sale of information at data brokers?
David Hoffman: You can imagine for the list that I described for members of the military and veterans .... not just information about them, but understanding information about their families, the issues that there could be for blackmail and for people trying to compromise people's security clearances and get access to information.
Bob: I know there's long been this perception that, you know, “You have no privacy, get over it.” There's this helpless feeling many of us have that our information is out there. It's hard for me to imagine sitting here…How could I make sure no one could find my home address, for example? Is there anything that Congress could do or policymakers could do to make this situation any better?
David Hoffman: Absolutely. I think there's a number of things that people could do. So first of all, we have to take a look at where these entities are getting a lot of this information.
You know, for decades we have had public records that actually store people's addresses, but before those records were digitized and made available on the internet, you would have to go to a clerk's office in an individual county or city have to know what you're looking for and be able to file an access request to get that information.
Now what we have done all across the United States is provide ready and open access to all of that information so that these nuts can access it en masse and be able to process it and then to further sell it. We need privacy laws that include the protection of public records because we include (personal information) when we purchase real estate or small business filings that we do, or a court case that we might be involved in. Yes, those produce public records, but we never intended those to be readily available to everyone at a moment's notice on their computer or by automated bots that will go and collect them and then be able to provide that information to anybody who wants to provide a relatively small money, amount of money, usually under $20,
Bob: And in many cases free. One of the chilling elements of the affidavit I read … in the Minnesota case ... he's got a list of…how long the free trials are, what information you can get from each site… so you often don't have to pay anything to get this kind of information, right?
David Hoffman: That's absolutely right. And this just demonstrates once again, how important it should be that we have a comprehensive privacy law in the United States like they have in almost every other developed country around the world that would provide … protection for this kind of information. This isn't something that's going to chill innovation. This is not the kind of innovation that we need…people to actually create sort of spy-on-your-neighbor websites where you can learn all of this about anyone at that point in time.
We can still have innovation. We can still drive social progress with the use of data while providing much stronger protections for it.
In my opinion, data brokerage needs to be made illegal. You may recall the live connection to GPS data through the extended counterparty/affiliate agreements that Verizon and ATT had. They had agreements for security with the data to their counterparty. The counterparty then had agreements, who had agreements. It's all a giant slush fund of data flying around for profit and technocratic control where no one actually protects any data.
Verizon sends call data to Israel for "analysis" as part of an arrangement by Fed Guv to get around domestic surveillance restrictions. When the data leaves the U.S. jurisdiction, they no longer need FISA authorization to access the data.
How about all the people that are swatted because of all the KYC crap that is mandatorily collected, but never protected?
Banks, brokerages, financial services, medical entities, credit agencies, credit card companies, etc. all mishandle data. These are the same clowns that cannot get a simple basic differentiation made. They consistently claim they require home address for KYC reasons, but then fail to respect MAILING address.
In 2025, I have encountered situations where some banks will not even print checks with your mailing address. They automatically and exclusively shove the KYC address on the checks. That certainly is not helping any level of privacy.
These challenges of the information flying around like public candy leads to a situation where the elites purchase another residential property or apartment that functions as the KYC location without ever putting their body physically there which would put it and their other assets at risk. Yet this approach is purely available to the elites that have the financial magnitude to be able to execute and maintain that approach.