As a privacy advocate I have always been very conscious of the ways pieces of information tie together. For example, if you have someone’s phone number, it’s very easy to find out their address from it and vice versa. Throughout my life, I have employed various strategies to separate my public identity (i.e. name, dob, ssn, phone number, etc.) from my true fixed residential address. However, we all make mistakes and we also can’t control how the other loved ones in our lives handle their personal information. As a result my family has been the victim of “swatting” threats in the past and while my family is a “victim” of this heinous crime, it was in a way a blessing as it has qualified me as a victim of stalking to participate in State funded “Address Confidentiality Programs” or ACPs — Sometimes called “Safe At Home.”
So what exactly is an ACP? It varies from State to State, but it’s basically a State run program that allows victims of certain crimes (usually Domestic Violence, Sexual Assault, Stalking and Human Trafficking) to receive mail at a mailing location the State provides where they forward the mail to your own mailing address free of charge. This mailing address is often referred to in the statutes and by the ACP programs as a “substitute address.”
Additionally in most States every local and State government agency in the State is required to accept the “substitute address” whenever and wherever a residential address is required, with very few exceptions. Some allow you to use the substitute address or another fictitious address as the true residential address on your ID or Driver License and vehicle registrations, others may require the real address but suppress it after the fact. Many allow you to register as a confidential voter so that your address is not publicly available even on voter rolls to the political parties. Some have special protections for real estate transactions and some have privacy protections that allow you to demand your information be deleted if posted on the internet or in other public spaces.
I’ve had the unique ability to observe how many of these States run their programs as I have personally participated in California, Colorado, Pennsylvania, and Texas’ ACP programs. I also know others who were victims of swatting who have enrolled in Arizona, Massachusetts, and Minnesota’s programs. I’m going to detail some notes on each of these State’s programs and compare them against each other, the way these programs are ran by each State is wildly different and so if you’re a victim and thinking about moving out of state to one of these States perhaps this guide will help you in your consideration as I wish someone had prepared such a guide for myself.
ACP substitute addresses
The first thing you may want to consider is what type of mailing address the ACP provides their participants to use. If you’re familiar with the difference between PO boxes and PMBs, you likely want a PMB style mailing address. Colorado and Arizona offer these type of physical addresses for use as a substitute for your true residential address. In my opinion these 2 states offer the best ACPs in the nation and should be a uniform model for the other ACPs, Minnesota would probably edge out as the best program IF they used a physical address instead of a P.O. Box. Most States, unfortunately, only provide a PO BOX substitute address. This includes California, Massachusetts, Minnesota, Pennsylvania, and Texas.
This will vary greatly from State to State, most States include victims of domestic violence, sexual assault, and stalking or harassment. However some States only include domestic violence victims as their legislation was patterned over California’s oldest law which didn’t initially include other victims. Some states require some form of evidence to support your claim (such as a protective order, police report, etc.) while other States only require a statement — Minnesota is the easiest state to qualify for as they allow any “person [who] fears for the person’s safety” [See 5B.02(e)] to apply regardless of if they’re an otherwise qualified victim or not. Some — most — States require you to meet in person to complete an application, while States like Pennsylvania and New York allow you to apply directly electronically. Most States require you to be a resident, Pennsylvania is an outlier that allows you to apply regardless of if you’re a resident or not per 37 pa code 802.3(d) which states, “ Commonwealth residency is not a requirement for ACP participation. ACP applicants who do not provide a Commonwealth residential address will be enrolled as a ‘‘Non-PA Resident.’’ This designation will appear on the ACP participant’s ACP authorization card.”
Driver License, Identification Cards and Vehicle Registration
The next thing you likely wish to consider is how are driver license or ID cards and vehicle registrations handled? Colorado and Arizona again win on this, you just use your physical substitute mailing address and no proof of residency is required when presenting the ACP card which serves as your proof of residency. You do have to provide a physical address in Colorado for vehicle registrations for taxation purposes, however they simply look up the tax rate first and then save that to your vehicle registration profile, the true address itself does NOT get saved as any part of the vehicle registration record.
Massachusetts has a similar procedure, though because they use a PO BOX, the RMV has agreed to allow these participants to use the RMV’s main Boston branch address as the physical address on the license, while it gets mailed to the ACP PO box. The individual I spoke to who is familiar with this process was unpleased with this since obviously they can’t get mail at that address and many entities want your driver license address to match your residential address for verification purposes.
He found that using the post office’s physical address he could receive mail to the PO BOX using USPS street addressing for PO boxes service (despite the fact that the USPS insists you sign a form to use street addressing, they usually deliver mail anyways as they have no way of keeping track of this when delivering actual po box mail.)
So he attempted to use the Massachusetts’ ACP’s post office physical address to get his driver license, and he was successful, but then the RMV revictimized him and accused him of lying about his residence address, a crime of ‘false application’ for a driver license and he had to have an RMV hearing to keep his driver license from being suspended. In the end since the Massachusetts ACP and RMV only allow using an RMV branch address that you can’t receive mail at, which for a host of reasons is very wrong (i.e. if you get in an accident and exchange information, if you’re suspected of some sort of driving violation and the police send mail to that address, etc.) I have to give the MA ACP a fail on this one.
Most other States simply let you use a PO BOX on the driver license, this includes California, Minnesota, Pennsylvania, and Texas. As far as I know from participants I’ve spoke to no proof of residency is required. I’m not 100% sure on how Texas is supposed to work in person as the program was new at the time and I changed mine online in Texas when I was there by using the ACP victim ID number as the first part of the PO BOX address which bypassed their PO BOX checking, but I’m told you should just have to show your card to the TXDMV clerk now. Vehicle registrations in Texas also only require the PO BOX, and when I was a participant back in 2009 they were trying to require your “vehicle location address” but I was able to get their registration manual updated to provide “Any transaction involving an ACP participant may use this post office box number instead of any physical address the department may otherwise require.”
California unfortunately is a bit of a mixed bag when it comes to protections. You have to provide your true residence address to their DMV, as well as proof of it. This is especially challenging if you have (as you should) employed measures to ensure there is no proof your identity resides at your true residential address. You can use the PO BOX address they provide you as mailing when you get your driver license and registration, but your true residential address will be in their database and accessible to anyone who has a permissible purpose, such as law enforcement, vehicle insurance providers, toll road authorities, etc.
Furthermore California is an automatic voter registration State so you need to affirmatively OPT OUT of voter registration, California’s Safe At Home ACP program does NOT inform new participants of this and undoubtably some participants will end up in the public voter registration unbeknownst to them.
After your driver license and vehicle registrations are issued you can request suppression through the DMV’s confidential records unit (CRU). This suppression actually ‘seals’ your driver license and vehicle registration in a manner where nobody can access it without calling the Confidential Records Unit, and unless it is law enforcement they will call you to ask if they may release your records (i.e. if you’re getting vehicle insurance), the form also says to notify the CRU if you have concerns about law enforcement accessing your records (i.e. if you’re a domestic abuse victim with an ex husband that’s a cop, you may want to know when LEOs request.)
So in some respects this is stronger than protection offered in other States, but in many respects it’s a failure, especially if you have just moved to California from out of State — if you already have a CA license or ID and registration you can just mail the form to get the suppression added without going into the DMV to tell them your new address — but if this is an original application you have to go through the normal DMV processes first which may expose your residential address for a short period of time, and in my opinion this Catch-22 is a fail on California’s Safe At Home ACP program as the program has been around since 1999 and they have not yet addressed this issue that other States handle seemingly without issue without even requiring the true address in most cases. Even after you suppress your records, whenever you get a new vehicle and have to register it you would be exposing yourself again before you can suppress the new vehicle registration.
Most States offer a confidential voter registration for their ACP participants. I don’t want to get political here, it’s great that States offer this confidential procedure, but as the late Justice Scalia once was quoted as saying, “Some things in life are more important than votes.”
I would caution participants who wish to register to vote. You definitely will need to provide your physical address as voter registration requires this to determine what voting precinct you belong to as well as which local city and county elections you’re eligible to vote in.
In Colorado each county is responsible for handling ACP voter registration, and often times the clerks would not perform this correctly. The voter registration NAMES were masked with an ACP participant ID number, but this number is technically not confidential and can be reversed to the participant through an open records request and in any case even if it were confidential information, the counties were previously leaking information about your location, while the address of record was your ACP mailing address, this address itself has an apartment number unique to you and the registration itself would reveal your precinct information and in some cases your personal phone number. They finally stopped making these records publicly accessible a few years ago, but the experience left a sour taste in my mouth, and the fact that voter registration is just another electronic database, I don’t trust that a data breach wouldn’t reveal someone’s confidential voter registration.
I have not researched other States much further in this regard as I just don’t have any intentions on ever registering after my previous experiences, they do all have similar but different processes though. For example California requires you send the confidential registration application directly to the Secretary of State instead of going through the county, however they end up remailing this directly to your county clerk who may not be aware of the Safe At Home program and one misstep could accidentally not mark your voter record confidential correctly.
Minnesota however probably has the strongest protection, their process involves the Secretary of State who runs the Safe At Home program working as an intermediary, the county voter registrar only receives certification that you are eligible in that county without the actual address and conversely when a ballot is sent it is also returned to Sec. of State who verifies the signature and then sends the ballot back to the county certifying the ballot is valid and legitimate.
This is the one where I think Colorado really wins out. They have agreements with Comcast, CenturyLink, Xcel and Colorado Springs Utilities(CSU) to allow participants to sign up in alias names with no credit checks, this will highly depend on where in Colorado you plan to move to as certain electricity providers are not covered (at least they weren’t when I lived there, but Colorado’s program is constantly changing to meet challenges.) I would highly suggest Xcel or CSU serviced areas as these utilities never leaked my true information. Comcast unfortunately leaked my true address once from IP and my alias name and phone numbers on the account did show up on whitepages.com along side the service address on the accounts, but that said Comcast cable modems work anywhere in the State of Colorado regardless of the service address on the account, so if you’re creative enough you won’t need to sign up with your true address to begin with, however the allowed use of alias name without credit check is beneficial. No other ACP has similar utility protections that I am aware of.
Almost all ACPs offer the ability to suppress your property record(s) in one way or another. In Colorado I was able to get the county to even change the grantor/grantee names to SEALED, however when I sold my house the county said that was no longer the correct practice, the names are now searchable, which really is a shame since if you know the date of the sale and the grantor’s name you can then search the grantor’s name in the same county to easily find the property that was sold, but I digress. The property tax record itself however won’t be available online and this goes the same for Arizona, so these 2 States offer strong protection, I would just offer guidance that names (even if not associated with property address) should not be searchable on the county clerk & recorder’s website (ie in a grantor/grantee index) or it’s a useless protection otherwise as if a stalker knows who sold you the house they can get the previous deed information when it was granted to the seller to reveal the true property address.
California offers the ability to replace the property address with the PO BOX, but I’m unsure how well that will work out in practice if the APN/PIN and legal description is still available and suffers the same problem of names being searchable — Counties I’ve spoken with have no procedure on how to handle this, quite the opposite some will sell your deed information within a month of it being recorded directly to data-brokers along with all the other deeds for that month. California does have a law however that a participant can demand that a person not disclose his or her home address on the internet, and it’s use of term-defined words “publicly post or publicly display” seems to imply that would mean the ability to obtain the home address without the address itself necessarily being posted.
Cal. Government Code § 6208.1 provides:
(b) (1) No person, business, association, or other entity shall knowingly and intentionally publicly post or publicly display on the internet or other public space the home address or home telephone number of a participant if that individual has made a written demand of that person, business, or association to not disclose their home address or home telephone number. A demand made under this paragraph shall include a sworn statement declaring that the person is subject to the protection of this section and describing a reasonable fear for the safety of that individual or of any person residing at the individual’s home address, based on a violation of subdivision (a). A written demand made under this paragraph shall be effective for four years, regardless of whether or not the individual’s program participation has expired before the end of the four-year period.. (Emphasis added)
Subsection (f) further provides the following definition for “publicly post or publicly display”:
(3) “Publicly post” or “publicly display” means to communicate or otherwise make available to the general public. (Emphasis added).
Per Cal Gov Code 6209.5 participants can protect their address by placing it in a trust, however your mileage may very in attempting to enforce this (and the other Cal Gov Codes), even if you close in a trust the county may still list your name as trustee in the grantor/grantee index. I would strongly recommend considering other options such as an anonymous trust with a trusted third party such as an attorney as trustee of the trust.
Notwithstanding these issues, Minnesota does offer what is likely the greatest protection in this area as their law also requires all 3rd parties involved in the purchase of the house (seller, bank/mortgage, title plant companies, etc.) to not disclose your property address to any third party and to use their PO BOX as the only address of record, they also have a clear cut process on how the counties are to deal with this situation.
Names and alias usage
Some States, like California, allow you to petition the court for a confidential name change. California’s is particularly interesting as the name change order only shows the new name and not your previous name. The US State Department has a whole section about this for Passport issuance. However I don’t recommend name changes unless you have a clear cut path, they will almost always tie back to the original name via your credit report when you update accounts, etc. This option should only be exercised if you’re creating a brand new identity, including getting a new SSN and ensuring the new SSN is issued in the new name only.
Most States unfortunately will require one ‘legal name’ — even though there is no such thing as a legal name in most States and federally. In Pennsylvania it took a month’s long battle with the program consulting with their legal department in order to accept my multiple names that I use legally at common law. California’s program insists on using ONLY one name and will return any mail not addressed in the ‘correct’ name, this is my experience in other States as well. I think this is honestly a horrible policy, victims need resources and the use of alias names to escape abusers is common. If you get married or divorced or otherwise change names it also becomes another hassle for victims because if you don’t update every institution (an almost impossible task) with your new name mail intended for the victim gets returned with no notification to the victim.
Colorado let me use more than one “legal” name, but would not allow mail for a business name— which may be important to you if you’re a sole proprietor or work from home and own a business. Ironically, Colorado will let you use an alias name on your utilities and forward mail from utilities addressed in an alias name while simultaneously not letting you use other names on other mail. Many of these States explicitly state in their statutes that the substitute address may be used in place of the participant’s true residential, school or work address yet won’t allow mail addressed to your work. Inquire with your ACP if this is a concern to you.
There’s no federal law that requires banks to accept an ACP address, however FinCen guidance has been issued on the matter. This is again where States like Arizona and Colorado win out, because they provide a physical address, which is also on your ID, you may never have to ever interact with bank employees to explain your situation.
In States that use a PO BOX it gets complicated because the guidance states, “ Therefore, a [financial institution] should collect the street address of the ACP sponsoring agency for purposes of meeting its CIP address requirement.” — This requirement is immediately met in States like Colorado where your ACP mailing address IS the street address of the ACP sponsoring agency, while California on the other hand has offered a convoluted process that relies on the bank knowing to contact Safe At Home who will give some “secret” address to the bank instead of just trusting their participants to use this address as residential address only and the PO Box for mailing without having to contact Safe At Home. It’s in my opinion a stupid policy where the program distrusts their participants to not accidentally use it for mailing, but in reality the participant could obtain this address from their online bank account which will show the address after the bank collects it, so why not just give your participants the address and explain they must ensure mail isn’t sent there? Or better yet why do these programs not convert their PO Boxes to Street addresses using the Street Addressing for PO BOX service that USPS offers? I digress.
From personal experience, I just had to have my privacy.com account reinstated, in spite of the fact that privacy.com does not have telephone representatives, California insisted that a phone call must happen with the financial institution and refuses to change their silly policy. I was able to enroll in Pennsylvania’s program and receive a letter from them and provide that to privacy.com to reactivate my account in lieu of California’s procedure over a weekend, so I am enrolled in 2 programs just because Pennsylvania literally runs their program better than my home State, one of many reasons I’m moving.
That said, I’m told Wells Fargo honors address confidentiality programs and collects only the PO BOX information(if your ACP uses a PO Box) when a card is presented. I have yet to test this out but plan to soon.
Almost all of these programs have a process for enrolling your children in school, Colorado’s was great, they facilitated transfer of records from old school to new and never revealed the true address to school officials only a letter declaring that they have determined you are eligible to enroll locally. I can’t speak for other ACP’s processes as I have no other experience with this.
Some States, like Colorado, have their mail screened the same way other mail sent to State employees is screened, through an x-ray machine, metal detector and other methods to ensure there are no harmful substances or other items. With the rise of Apple Airtags, this may be a concern to you, especially if you do not have your own PO BOX or other maildrop to receive mail at and your ACP forwards directly to your residence. (By the way if you DO have your own mail drop I strongly recommend opening ALL MAIL upon pick up BEFORE leaving the post office to screen for this type of stuff as standard OPSEC.) I brought up the airtag concern with Colorado while I was there and this is how their mail screening employees responded to ACP staff:
Yes, someone could send one of these in the mail, along with similar app-based tracking devices. Such is one of the reasons why we refuse anything bigger than the standard envelope or pouch for ACP participants. Our metal detector will indicate anything that is organic, metallic, or ceramic; so, it should show up on a regular scan. These also have batteries in them, so it would be visible to the detection unit (we can see something as small as a tack or paperclip). I will copy all of my staff on this to remind them to remain vigilant on their screening procedures.
Colorado however is unique in that ACP mail goes to the State’s mail processing center where ALL State mail is screened. Many ACPs using a PO Box at the Post Office likely do not do this additional screening and if this is a concern for you, you may wish to consider moving to a State like Colorado.
ACP software and Data Breaches
Like everything else, it should be noted that State governments are no stranger to data breaches, and unfortunately at least one State has suffered from a data breach that exposed ACP participant information. Upon information and belief, that particular State was using software advertised in NACAP(National Association of Confidential Address Programs)’s newsletter. Ironically, this particular State cautioned participants to not use email to modify their applications (i.e. when moving to a new address, adding a new participant, etc.) and to use USPS mail to mail back their applications because email was “not secure.” This same State then proceeded to scan and save these applications in a digital format on computers connected to the internet! Their agency then suffered a ransomware attack and several ACP participants docs were exposed including fully scanned applications, scans of their driver licenses, scans of the evidence to support their eligibility. It may be prudent to ask your particular ACP agency how they handle and store application data since you will have to provide your true address and other information to enroll.