Commonwealth v. Source One Associates, Inc.

Cowin, J.

After a jury-waived trial, a judge in the Superior Court found that the defendants, Source One Associates, Inc., add Peter Easton, since at least 1994 and through 1997,2 had committed knowing and wilful violations of G. L. c. 93A, by acting unfairly and deceptively in regularly selling personal confidential financial information that they obtained through surreptitious techniques. The trial judge further found that the defendants’ conduct had violated G. L. c. 93A at least 1,000 separate times, and imposed a civil penalty of $500,000, in addition to entering a permanent injunction enjoining the defendants from seeking from, or disclosing to, any person or entity in Massachusetts financial information3 without the written consent of the owner or holder of such information, and from making false representations or using any ruse or trick to obtain the information. The Commonwealth was awarded attorney’s fees ($109,537.50) and costs ($2,859.08). The defendants appealed and we transferred the appeal to this court on our own motion. We reject the defendants’ claims and conclude that (1) the evidence was legally sufficient to prove that the defendants committed unfair, deceptive, or otherwise illegal acts; and (2) the judge did not err in admitting evidence of extrajurisdictional bad acts that occurred subsequent to those alleged in the complaint. We therefore affirm the judgment.

1. Background. The judge’s memorandum of decision *120provides the following background. Source One is a New York corporation based in Poughquag, New York. Easton is Source One’s president, responsible for its daily operations. In broad outline, the defendants’ general operations were as follows. Source One received customer requests from persons in Massachusetts seeking bank account and other financial information about named individuals and businesses (search targets). Easton would, through information acquired from credit reports, identify banks and financial institutions where the search targets held accounts and then telephone those banks and institutions to determine the balances in the search targets’ accounts. To obtain such account information, Easton would impersonate either the security officers of such financial institutions or the target account holders. The information received would then be provided to Source One’s customers for a fee. The judge found that the defendants conducted “at least 1,000” separate sales of improperly obtained financial information during the period 1995 through September, 1997. Direct evidence of these transactions was supplied by the testimony and voluminous records of two persons who obtained such information from the defendants.

Edward L. Amaral, Jr., a Massachusetts attorney who operates a business called “Asset Searches Plus,” was one of the defendants’ customers from 1995 through 1997. Amaral sold asset information to attorneys, investigators, and others who hired him to perform asset research. He hired and paid Source One to obtain financial information from third parties, providing Source One a facsimile document containing only the search target’s name, last known address, and Social Security number (if known). The financial information sought was provided by Source One generally on the same facsimile sheet used by Ama-ral, and often on the same day as the request. Amaral did not inform the search targets of the search or obtain their consent and did not know how Source One obtained their bank account and other financial information. When asked, Easton told Ama-ral that he did not obtain credit reports of search targets and did not engage in other deceptive practices to obtain the information.

Source One was Amaral’s sole source of financial information from 1995 through 1997. Amaral’s records for the time *121period December, 1993, through November 5, 1997, disclose that the defendants performed 1,028 bank searches or searches for stocks, bonds, or mutual funds.4 The defendants charged Amaral $100 for each State bank search, and approximately $50 more for an additional multistate search.

The transactions between Amaral and the defendants were similar to those involving another Massachusetts asset search firm, Bearak Reports, Inc. During 1995, Irene Davis, a consultant with Bearak Reports, made over 500 requests to the defendants for financial information, and the defendants provided Davis with the financial information sought approximately 400 times. The defendants charged at least $100 for each of these searches.

The records of Amaral and Davis revealed the names of hundreds of individuals whose private financial information was sold by the defendants to Amaral or Davis. Three of those persons, Edward Cohen, Peter Dwyer, and Bruce Rogal, testified at trial. Cohen, Dwyer, and Rogal testified that they did not authorize the defendants or anyone else to obtain their bank account information or credit reports.

The testimony of two witnesses, the director of corporate assets recovery for BankBoston (an expert in financial privacy policies and security of financial institutions) and a Framingham Cooperative Bank security officer responsible for information security, described in detail the policies of their respective institutions to secure confidentiality of account information and prevent those who were not customers from obtaining this information.

Usually, Easton’s first step in acquiring financial information was to obtain the targets’ credit reports. To do so, the defendants used their privileges as customers of a credit reporting agency, Equifax Consumer Information Services (Equifax).' The *122defendants’ use of consumer reports to obtain confidential information and provide it to third parties violated the permissible purposes for which the defendants certified to Equifax they would use the information Equifax provided.5 Equifax terminated the defendants’ account on September 2, 1996, after receiving and investigating a consumer complaint, and concluding that the defendants were using credit reports for questionable purposes.

Over the defendants’ objection, the judge permitted testimony on subsequent similar conduct by the defendants in other jurisdictions. John McCloskey, a security officer with Fidelity Security Services, Inc., a subsidiary company of FMR (Fidelity), testified that Easton made several telephone calls from Source One in New York to a toll-free number of Fidelity, and used fictitious names and titles to obtain private information on accounts of Fidelity customers.6 McCloskey was informed in April, 1998, that suspicious telephone inquiries had been received at a Kentucky call center from a person claiming to be named “Gary Sullivan,” a Fidelity compliance officer. Mc-Closkey determined that Source One’s telephone number was one of the possible originating numbers of the suspicious telephone calls. McCloskey called Source One’s telephone number, reached Source One’s answering machine, and determined from the message that Easton’s voice was the same as “Gary Sullivan’s.” McCloskey left a message and received a return telephone call from a person who identified himself as Peter Easton at Source One. McCloskey recognized this voice as that of “Gary Sullivan.” When McCloskey reviewed a sample of five to six additional tapes of calls made from the same *123telephone number, he recognized the voice as Easton’s.7 Mc-Closkey determined that neither Source One nor Easton had accounts at Fidelity, that Source One was calling Fidelity for improper purposes, and that Easton was impersonating Fidelity employees and account holders. McCloskey also determined that in 1998, Fidelity received over one hundred telephone calls originating from Source One, and in 1997, at least thirty such calls.

After weighing the evidence, the judge found that the only way the defendants could have obtained such a volume of private financial information from banks and other financial institutions was through the use of deception and trickery, including impersonation of account holders. He then concluded that obtaining private financial information by pretext (pretext calling)8 for the resale to others in the circumstances found here constituted unfair and deceptive acts in trade or commerce, as defined in G. L. c. 93A, § 2 (a). The judge noted that c. 93A does not define what acts constitute unfair acts or practices. Rather, the statute permits courts to interpret these terms in light of the Federal Trade Commission (FTC) statutes and regulations. Accordingly, he stated that unfair and deceptive acts have come to embrace conduct that “fails to comply with existing statutes, rules, regulations or laws, meant for the protection of the public’s health, safety or welfare promulgated by the Commonwealth or any political subdivision thereof.” 940 Code Mass. Regs. § 3.16(3)-(4) (1993). See PMP Assocs., Inc. v. Globe Newspaper Co., 366 Mass. 593, 596-597 (1975) (approving and applying other, less specific factors that FTC also uses to discern unfairness). The judge concluded that the defendants’ conduct met this standard, as it clashed with the norms established by the FTC; the Fair Credit Reporting Act, 15 U.S.C. §§ 1681 et seq. (Act); and our State counterpart, G. L. c. 93, *124§§ 50 et seq.;9 and other State law. In addition, the judge determined that the defendants knew or should have known that their conduct violated G. L. c. 93A, and therefore held the defendants hable for civil penalties, plus payment to the Commonwealth of its costs of investigation, including attorney’s fees, pursuant to G. L. c. 93A, § 4.

2. General Laws c. 93A claim. The defendants claim that the Commonwealth failed to show a violation of the Federal statutes or any unfair or deceptive conduct within the meaning of G. L. c. 93A.10 Specifically, the defendants contest the following findings made by the judge: (1) the defendants violated the Act; (2) the defendants used unlawful techniques to get private financial information from banks; and (3) the defendants were aware that their conduct violated the law. We address each argument in turn.

a. Standard of review. The judge’s findings will not be set aside “unless clearly erroneous, and due regard shall be given to the opportunity of the trial court to judge of the credibility of the witnesses.” Mass. R. Civ. P. 52 (a), as amended, 423 Mass. 1402 (1996). We apply this standard to findings of subsidiary facts and to ultimate findings. Starr v. Fordham, 420 Mass. 178, 182 (1995). The inquiry is not whether we would have reached the same result as the judge but rather whether, on the entire evidence, we are “left with the definite and firm conviction that a mistake has been committed.” Id. at 186, quoting First Pa. Mtge. Trust v. Dorchester Sav. Bank, 395 Mass. 614, 621 (1985). The burden rests on the appellant to show such an error. First Pa. Mtge. Trust v. Dorchester Sav. Bank, supra at 622.

b. Fair Credit Reporting Act. The defendants argue that the Commonwealth failed to show that their conduct violated the Act, because the Commonwealth did not sustain its burden of eliminating each possible legitimate reason the defendants may have had for obtaining the credit reports of the three individuals *125who testified at trial (Cohen, Dwyer, and Rogal), and other non-testifying search targets whose credit reports were obtained by the defendants. We disagree.

Pursuant to the Act, a consumer reporting agency may only furnish a consumer report under limited circumstances, such as in response to a court order or a request of the consumer, or in certain situations related to a credit transaction involving the consumer, employment purposés, the underwriting of insurance involving the consumer, the eligibility of the consumer for certain licenses, or certain other “legitimate business need[s].” 15 U.S.C. § 1681b. A person may neither knowingly and wil-fully obtain a consumer report under false pretenses, 15 U.S.C. § 1681q, nor obtain a credit report for an impermissible purpose, 15 U.S.C. § 1681b. “Obtaining a consumer report for an impermissible purpose under the FCRA, without disclosing that impermissible purpose, constitutes obtaining the report under false pretenses.” Ali v. Vikar Mgt. Ltd., 994 F. Supp. 492, 498 (S.D.N.Y. 1998).

The judge found that in the defendants’ bank searches, “the defendants repeatedly used credit reports for the purpose of developing additional private financial information about [search targets], where the defendants had no knowledge of the reason for or the purpose of the search.” The judge ruled that this was not a permissible purpose under the Act. 15 U.S.C. § 1681b. The judge also found that the defendants falsely represented to Equifax that credit reports would be used only in connection with credit transactions involving the consumer. The judge concluded that this conduct violated 15 U.S.C. §§ 1681b and 1681q. The judge’s findings are warranted and there is no error in his rulings.

The judge properly rejected the defendants’ contention that the three individuals who testified (Cohen, Dwyer, and Rogal) may have had their credit reports obtained for a permissible purpose, and that, therefore, the defendants themselves appropriately obtained the credit reports. The defendants argue that, where Cohen and Dwyer had mortgage disputes and Rogal had an employment contract with his former employer, their expectation of privacy in their credit reports diminished, as these are permissible purposes for obtaining reports under the *126FCRA. See 15 U.S.C. § 1681b. Even if someone other than the defendants could have legally obtained the credit reports of Cohen, Dwyer, Rogal, or the other search targets, the record is devoid of any showing that the defendants had valid reason to obtain their credit reports. See Korotki v. Attorney Servs. Corp., 931 F. Supp. 1269 (D. Md. 1996), aff’d sub nom. Korotki v. Thomas, Ronald & Cooper, P.A., 131 F.3d 135 (4th Cir. 1997), cert. denied, 523 U.S. 1118 (1998) (user of credit report must have reason to believe that information provided will be used for one of the permissible purposes enumerated under § 1681b). Rather, the evidence supports the conclusion that the defendants had no information concerning the reasons Amaral or Davis wanted financial information regarding the search targets. The defendants were only forwarded the name, address, and (usually) Social Security number of a search target. Accordingly, the judge was warranted in concluding that the defendants obtained the documented credit reports using false pretenses for impermissible purposes in violation of the FCRA.

c. Unlawful techniques used to obtain private financial information from banks. The defendants challenge the judge’s finding that “it [was] more likely than not” that the defendants obtained their search targets’ private financial bank information through deceit or trickery. The defendants argue that other legitimate means for obtaining this information were suggested by the evidence: (1) the possibility of “dumpster divers” obtaining private bank account information from discarded automatic teller machines (ATM) receipts and the like; (2) the possibility of banks selling certain information to marketers; and (3) “some other source,” because one of the Commonwealth’s witnesses, a bank employee, testified that no one from his bank would have given bank account information to one who was not an account holder. The judge considered and rejected these alternative means as being sporadic, disorganized, and unavailable as a regular source of information. The judge concluded that the defendants would not be able to supply personal financial information on demand to its customers by relying on such sources. There was no error.

The defendants concede here that the judge did not err in rejecting the “dumpster diver” defense. The defendants agree *127that they could not have obtained bank account information on more than 1,000 source targets using discarded ATM receipts and the like. The defendants offered no evidence that they acquired private financial information from banks through marketing agreements. The defendants merely rest on their cross-examination of a senior security official at BankBoston, who stated that he was not familiar with cases brought against banks for selling customer information to marketers. Further, the defendants’ contention that the information could have come from “some other source” hinges on the defendants’ assertion that a bank security officer for Framingham Cooperative Bank testified that no one from his bank gave out the bank information contained in the defendants’ reports, and therefore the information had to come from some other source. The defendants make this assertion without citation to the record, which on review does not support their interpretation of the security officer’s testimony.11

The defendants argue more generally that the Commonwealth has failed to prove illegality with regard to the victims whose records appear in the Amaral or Davis files. Despite the defendants’ arguments to the contrary, the judge found that the information in those files was properly authenticated. The judge accepted the records not as evidence of the accuracy or truth of particular amounts contained in accounts, but rather to show that the defendants were seeking, obtaining, and transmitting personal financial bank information. The defense had ample op*128portunity to cross-examine the witnesses and to challenge any document admitted in evidence. The judge found that the records, which were created in a similar fashion, were representative of a typical transaction with the defendants that the judge found to be in violation of G. L. c. 93A.

In sum, the evidence warranted the judge’s finding that the defendants obtained private bank information of their search targets through the use of deception or trickery.12 The judge based his finding in large part on the credible testimony of senior security bank officials who testified to the security policies of their banks, which are consistent with those of the banking industry. The evidence established that bank policy prohibits the release of customer information, including private financial information, to a third party who is not a customer unless the bank is required to do so by subpoena or the bank has the written consent of the account holder. Neither scenario existed here. Moreover, as discussed below, there was evidence of the defendants’ use of deceptive ruses to obtain private financial information from Fidelity. The judge concluded, therefore, that the only likely way that the defendants could have obtained their search targets’ private financial bank information was through the use of deceit or trickery, consistent with the deceptive techniques they used to obtain such information from Fidelity.

3. Subsequent bad acts. The defendants contend that the judge’s admission of the subsequent similar pretext calls to Fidelity was erroneous because these calls were made after the period of time at issue, and that, because these calls were made to and from locations outside of Massachusetts, they had no bearing on Massachusetts search subjects and were introduced only as evidence of subsequent bad acts to prove Easton’s bad character. As such, the defendants claim this evidence was irrelevant and prejudicial.

Although this is a case of civil enforcement, analogous law *129in the criminal context is relevant, where, if anything, the Commonwealth is more constrained in the evidence it may introduce. Evidence of prior or subsequent13 bad acts generally cannot be admitted to prove bad character or propensity to commit the crime charged. Commonwealth v. Kater, 432 Mass. 404, 414 (2000), quoting Commonwealth v. Jackson, 417 Mass. 830, 835-836 (1994), and cases cited. Such evidence, however, may be admissible if relevant to show a common scheme or course of conduct, a pattern of operation, intent, motive, identity, or some other relevant issue at trial. Commonwealth v. Leonard, 428 Mass. 782, 786 (1999), citing Commonwealth v. Helfant, 398 Mass. 214, 224 (1986). To be probative, the evidence must be similar enough in nature and close enough in time to the matter in issue. Commonwealth v. Kater, supra at 415, and cases cited. These determinations are left to the sound discretion of the judge, who must also decide whether the probative value of the evidence is outweighed by its prejudicial effect. Commonwealth v. Leonard, supra, citing Commonwealth v. Marrero, 427 Mass. 65, 67-68 (1998). The judge’s decision to admit such evidence will be upheld absent palpable error. See Commonwealth v. Kater, supra at 415, and cases cited.

We cannot conclude that the judge erred in admitting this evidence. The judge carefully kept the trial focused on the specific claims alleged. See Commonwealth v. Helfant, supra at 226 (instruction that evidence could only be considered for limited purpose of whether it tends to prove existence of plan, scheme, or state of mind of defendant). He ruled that the evidence was received for the limited purpose of tending to show that the defendants were familiar with the technique of using ruses and false pretenses in order to obtain personal financial information.

Regardless of where the prohibited conduct occurred, it was admissible to show the defendants’ modus operandi, i.e., their means of obtaining personal financial information by using *130ruses and false pretenses. We have held admissible evidence of prior or subsequent bad acts for the purpose of showing a common scheme or course of conduct in numerous other cases. See Commonwealth v. King, 387 Mass. 464, 471 (1982), citing Commonwealth v. Shoening, 379 Mass. 234, 242 (1979) (conspiracy to bribe and to steal); Commonwealth v. Imbruglia, 377 Mass. 682, 695 (1979) (receiving stolen securities and possession of counterfeit currency); Commonwealth v. Baldassini, 357 Mass. 670, 678 (1979) (gambling); Commonwealth v. Bu-tynski, 339 Mass. 151, 152 (1959) (lottery). The details of the Fidelity calls are strikingly similar to the deceptive acts alleged here. The similarities are so strong and the modus operand! so distinctive as to make the evidence highly probative. The fact that the telephone calls occurred outside of Massachusetts does not affect their probative value.

Although the Fidelity telephone calls occurred subsequent to the period in question, the length of time between the two is not so temporally remote as to preclude admission of the subsequent acts. See Commonwealth v. Kater, supra at 416, citing Commonwealth v. Helfant, supra at 228 n.13 (no bright-line test for determining remoteness of evidence of prior misconduct). In fact, the judge found a continuing course of conduct between the alleged claims and the subsequent acts. We, therefore, reject the defendants’ argument on remoteness of time.

4. Knowing violation of G. L. c. 93A, § 2 (a). We turn to the defendants’ alternative argument concerning the imposition of civil penalties. The defendants maintain that the Commonwealth failed to show that they knowingly violated G. L. c. 93A, § 2 (a), and therefore that they should not have been found liable for civil penalties under G. L. c. 93A, § 4. We disagree.

The penalty provision of G. L. c. 93A, § 4, provides in part: “If the court finds that a person has employed any method, act or practice which he knew or should have known to be in violation of said section two, the court may require such person to pay to the commonwealth a civil penalty.” Thus, it is necessary to establish that the defendants intended to commit the acts and knew that such acts were deceptive. The judge found that Eas-ton knew while he was dealing with Amaral and Davis “that his actions were unlawful and unfair and deceptive acts or *131practices.” Sufficient evidence in the record supports the judge’s findings.

While the defendants were providing Amaral and Davis with search target information, Amaral alerted the defendants to the Commonwealth’s lawsuit against Bearak Reports, Inc. Amaral sent the Bearak pleadings to Source One in 1997 and explained that he had been obtaining financial information through Source One and was concerned about the legality of obtaining such information. Easton falsely assured Amaral that, unlike Bearak Reports, Inc., Source One acquired search target information in accordance with State and Federal law. Easton denied use of the precise methods that the Commonwealth has proved Source One used to obtain such information.14 The judge could conclude that these false assurances indicate that the defendants were aware of the illegal nature of their activities.

Further, the defendants falsely represented to Equifax their reason for obtaining credit reports. The defendants asserted in their application for membership with Equifax that “[cjredit reports will be used for collection purposes only. This firm will use the reports for locating judgment [debtors] and their assets for collection of judgments.” The evidence regarding Easton’s pretext calls to Fidelity also tended to show the defendants’ familiarity with the use of ruses for obtaining personal financial information. Accordingly, the judge was warranted in attributing knowledge to the defendants from the evidence presented.

Judgment affirmed.

The complaint alleged that the defendants engaged in such conduct during said time period. The judge’s findings refer to various dates within this time. For purposes of this appeal, any minor discrepancy in dates is irrelevant.

The judge defined “financial information” for purposes of the injunction as “any information regarding the type, balance, identity of transactions in, or other information regarding any checking account, savings account, certificate of deposit, money market account, brokerage account, securities portfolio, retirement account, safety deposit box, or other financial account, or information about a person’s insurance policies.”

After becoming aware of a lawsuit brought against Bearak Reports, Inc., another asset search firm, for conduct similar to that of the defendants here, Amaral became concerned about the legality of Source One’s operations. Amaral approached the Attorney General’s office, explained that he had been obtaining financial information through the defendants, and cooperated with the Attorney General’s office, including providing all his records from December, 1993, through November 5, 1997. Amaral entered into a settlement with the Commonwealth.

To prevent undue risk of private credit report misuse, Equifax has a policy not to serve private investigators and firms that resell its credit information.

Fidelity is an investment management company. Its policies prohibit the release of any account or other information, including an account number, account balances, or the existence of any Fidelity accounts to anyone who is not a customer unless Fidelity is required to do so by subpoena or Fidelity has written consent of the account holder to release the information to a designated individual. Employees are informed of these policies and trained to implement them.

At trial, Amaral identified the voice on the tapes as that of Easton, the man he had dealt with at Source One on the telephone.

“Pretext phone calling” has been described as the use of deception and trickery to obtain an individual’s private financial information from banks and other financial institutions for resale to others. See Seltzer, The New Threats to Financial Privacy: Is There Liability for Financial Institutions and Their New Antagonists, the Information Brokers, 43 B.B.J. 8 (1999).

Although the judge found that the defendants’ conduct violated both the Federal Fair Credit Reporting Act (Act) and our State counterpart, G. L. c. 93, §§ 50 et seq., in the remainder of the opinion we discuss the Act, as the Federal statute is the focus of the defendants’ argument on appeal.

The Financial Modernization Act of 1999, which criminalizes “pretext calling,” was adopted after the trial was completed in this case. See 15 U.S.C. §§ 6821(a), 6823(a) (2000).

The defendants argue in a cursory manner that the judge erred in his “wholesale prohibition of the sale of [the search targets’ private financial] information.” The defendants contend that the sale of such information is not unlawful. The precedent offered to support this assertion is misplaced, as the facts are distinguishable from those at bar. See Innovative Database Sys. v. Morales, 990 F.2d 217 (5th Cir. 1993) (Texas statute prohibiting sale of motor vehicle accident information obtained from public records of law enforcement agency was unconstitutional restriction of free commercial speech where statute made no distinction between information of public record and information not of public record, information lawfully obtained and information not lawfully obtained, and truthful information and untruthful information). Here, even if the sale of private financial information was protected by commercial free speech, the defendants would not be entitled to protection under the First Amendment to the United States Constitution, because they used deceptive and unlawful conduct to obtain this information. See id. at 220, quoting Zauderer v. Office of Disciplinary Counsel, 471 U.S. 626, 638 (1985).

The defendants called no witnesses, and Easton claimed his right not to testify under the Fifth Amendment to the United States Constitution in response to all material questions in his deposition. The judge correctly stated that a reasonable inference adverse to the defendants may be drawn from the refusal to testify on the ground of self-incrimination. Labor Relations Comm’n v. Fall River Educators’ Ass’n, 382 Mass. 465, 471 (1981), and cases cited.

Our opinions in this context generally refer to the admissibility of evidence of “prior bad acts.” The principles are the same, however, whether the bad acts are prior or subsequent to the events involved in the case before the court. See Commonwealth v. Brusgulis, 406 Mass. 501, 502 n.1 (1990). The Fidelity acts involved in this case occurred after the events alleged in the complaint.

The defendants sent a letter to their clients to answer questions raised concerning the legality of their asset searches. The letter states, in part:

“This firm does not conduct CREDIT REPORT SEARCHES. We do not receive in any form any individual’s credit history either in written form or orally, without the individual’s written authorization. We do not take any action in violation of the Fair Credit Reporting Act or the Federal Fair Debt Collection And Practice Act or any state or federal code in gathering information.”