he doorbell rang and Thom ushered in a man in his early thirties, disheveled brown hair, jeans, a Weird Al Yankovic T-shirt under a shabby brown sports coat.

You couldn’t be in the forensics game nowadays without being computer literate but both Rhyme and Cooper recognized their limitations. When it was clear that there were digital implications of the 522 case, Sellitto had requested some help from the NYPD Computer Crimes Unit, an elite group of thirty-two detectives and support staff.

Rodney Szarnek strode into the room, glanced at the nearest monitor and said, “Hey,” as if he were speaking to the hardware. Similarly when he glanced toward Rhyme he expressed no interest in his physical condition whatsoever, only in the wireless environmental control unit attached to the armrest. He seemed impressed.

“Your day off?” Sellitto asked, glancing at the slim young man’s outfit, his voice making it clear he didn’t approve. Rhyme knew the detective was old school; police officers should dress appropriately.

“Day off?” Szarnek replied, missing the dig. “No. Why would I have a day off?”

“Just wondering.”

“Heh. So, now, what’s the story?”

“We need a trap.”

Lincoln Rhyme’s theory about strolling into SSD and just plain asking about a killer wasn’t as naive as it seemed. When he’d seen on the company Web site that SSD’s PublicSure division supported police departments, his hunch was that NYPD was a customer. If that was the case, then the killer might have access to the department files. A fast call revealed that, yes, the department was a client. PublicSure software and SSD consultants provided data management services for the city, including consolidation of case information, reports and records. If a patrolman on the street needed a warrant check, or a detective new to a homicide needed the case’s history, PublicSure helped get the information to his desk or squad-car computer or even his PDA or cell phone, in minutes.

By sending Sachs and Pulaski to the company and asking who might have accessed the data files about the victims and fall guys, 522 could learn they were on to him and try to get into the NYPD system through PublicSure to look at the reports. If he did, they might be able to trace who had accessed the files.

Rhyme explained the situation to Szarnek, who nodded knowingly—as if he set up traps like this every day. He was taken aback, though, when he learned what company the killer might have a connection to. “SSD? The biggest data miner in the world. They got the scoop on all of God’s children.”

“Is that a problem?”

His carefree geek image faltered and he answered softly, “I hope not.”

And he set to work with their trap, explaining what he was doing. He stripped from the files any details about the case they didn’t want 522 to know and manually transferred those sensitive files to a computer that had no Internet access. He then put an alarmed visual traceroute program in front of the “Myra Weinburg Sexual Assault/Homicide” file on the NYPD server. And added subfiles to tempt the killer, like “Suspects’ whereabouts,” “Forensic analysis” and “Witnesses,” all of which contained only general notes about crime-scene procedures. If anyone accessed it, either hacking in or through authorized channels, a notice of the person’s ISP and physical location would be instantly sent to Szarnek. They could tell immediately if the one checking out the file was a cop with a legitimate inquiry or was somebody on the outside. If so, Szarnek would notify Rhyme or Sellitto, who’d have the ESU team head to the location immediately. Szarnek also included a large amount of material and background, such as public information on SSD, all of it encrypted, to make sure that the killer spent plenty of time in the system deciphering the data and giving them a better chance to find him.

“How long will it take?”

“Fifteen, twenty minutes.”

“Good. And when you’ve got that finished, I also want to see if somebody could have hacked in from the outside.”

“Cracked SSD?”

“Uh-huh.”

“Heh. They’ll have firewalls on their firewalls on their firewalls.”

“Still, we need to know.”

“But if one of their people is the killer, I assume you don’t want me to call the company up and coordinate with them?”

“Right.”

Szarnek’s face clouded. “I’ll just try to break in, I guess.”

“You can do that legally?”

“Yes and no. I’ll only test the ’walls. It’s not a crime if I don’t actually get into their system and bring it crashing down in a really embarrassing media event that lands us all in jail.” He added ominously, “Or worse.”

“Okay, but I want the trap first. ASAP.” Rhyme glanced at the clock. Sachs and Pulaski were already spreading the word about the case down at the Gray Rock.

Szarnek pulled a heavy portable computer out of his satchel and set it on a table nearby. “Any chance I could get a… Oh, thanks.”

Thom was bringing around a coffeepot and cups.

“Just what I was going to ask for. Extra sugar, no milk. You can’t take the geek out of the geek, even when he’s a cop. Never got in the habit of this thing called sleep.” He dumped in sugar, swirled it and drank half while Thom stood there. The aide refilled the cup. “Thanks. Now, what’ve we got here?” He was looking over the workstation where Cooper was perched. “Ouch.”

“Ouch?”

“You’re running on a cable modem with one point five MBPs? You know they make computer screens in color now, and there’s this thing called the Internet.”

“Funny,” Rhyme muttered.

“Talk to me when the case is over. We’ll do some rewiring and LAN readjustment. Set you up with FE.”!!!Weird Al, FE, LAN…

Szarnek pulled on tinted glasses, plugged his computer into ports on Rhyme’s computer and began pounding on the keys. Rhyme noticed certain letters were worn off and the touchpad was seriously sweat-stained. The keyboard seemed to be dusted with crumbs.

The look Sellitto shot Rhyme said, It takes all kinds.

The first of the two men who joined them in Andrew Sterling’s office was slender, middle-aged, with an unrevealing face. He resembled a retired cop. The other, younger and cautious, was pure corporate junior exec. He looked like the blond brother on that sitcom, Frazier.

Regarding the first, Sachs was near the mark; he hadn’t been blue but was a former FBI agent and was now head of SSD’s security, Tom O’Day. The other was Mark Whitcomb, the assistant head of the company’s Compliance Department.

Sterling explained, “Tom and his security boys make sure people on the outside don’t do anything bad to us. Mark’s department makes sure we don’t do anything bad to the general public. We navigate a minefield. I’m sure that the research you did on SSD showed you we’re subject to hundreds of state and federal laws on privacy—the Graham-Leach-Bliley Act about misuse of personal information and pretexting, the Fair Credit Reporting Act, the Health Insurance Portability and Accountability Act, the Drivers Privacy Protection Act. A lot of state laws too. The Compliance Department makes sure we know what the rules are and stay within the lines.”

Good, she thought. These two would be perfect to spread the word about the 522 investigation and encourage the killer to sniff out the trap on the NYPD server.

Doodling on a yellow pad, Mark Whitcomb said, “We want to make sure that when Michael Moore makes a movie about data purveyors we’re not center stage.”

“Don’t even joke,” Sterling said, laughing, though with genuine concern evident in his face. Then he asked Sachs, “Can I share with them what you told me?”

“Sure, please.”

Sterling gave a succinct and clear account. He’d retained everything she’d told him, even down to the specific brands of the clues.

Whitcomb frowned as he listened. O’Day took it all in, unsmiling and silent. Sachs was convinced that FBI reserve was not learned behavior but originated in the womb.

Sterling said firmly, “So. That’s the problem we’re facing. If there is any way SSD is involved I want to know about it, and I want solutions. We’ve identified four possible sources of the risk. Hackers, intruders, employees and clients. Your thoughts?”

O’Day, the former agent, said to Sachs, “Well, let’s deal with hackers first. We have the best firewalls in the business. Better than Microsoft and Sun. We use ICS out of Boston for Internet security. I can tell you we’re a duck in an arcade game—every hacker in the world would like to crack us. And nobody’s been able to do it since we moved to New York five years ago. We’ve had a few people get into our administrative servers for ten, fifteen minutes. But not a single breach of innerCircle, and that’s what your UNSUB would have to get into to find the information he needed for these crimes. And he couldn’t get in through a single breach; he’d have to hit at least three or four separate servers.”

Sterling added, “As for an outside intruder, that’d be impossible too. We have the same physical perimeter protections used by the National Security Agency. We have fifteen full-time security guards and twenty part-time. Besides, no visitor could get near the innerCircle servers. We log everybody and don’t let anyone roam freely, even customers.”

Sachs and Pulaski had been escorted to the sky lobby by one of those guards—a humorless young man whose vigilance wasn’t diminished one bit by the fact they were police.

O’Day added, “We had one incident about three years ago. But nothing since.” He glanced at Sterling. “The reporter.”

The CEO nodded. “Some hotshot journalist from one of the metro papers. He was doing an article on identity theft and decided we were the devil incarnate. Axciom and Choicepoint had the good sense not to let him into their headquarters. I believe in free press, so I talked to him… He went to the restroom and claimed he got lost. He came back here, cheerful as could be. But something didn’t seem right. Our security people went through his briefcase and found a camera. On it were pictures of trade-secret-protected business plans and even pass codes.”

O’Day said, “The reporter not only lost his job but was prosecuted under criminal trespass statutes. He served six months in state prison. And, as far as I know, he hasn’t had a steady job as a journalist since.”

Sterling lowered his head slightly and said to Sachs, “We take security very, very seriously.”

A young man appeared in the doorway. At first she thought it was Martin, the assistant, but she realized that was only because of the similarity in build and the black suit. “Andrew, I’m sorry to interrupt.”

“Ah, Jeremy.”

So this was the second assistant. He looked at Pulaski’s uniform, then at Sachs. Then, as with Martin, when he realized he wasn’t being introduced he ignored everyone in the room except his boss.

“Carpenter,” Sterling said. “I need to see him today.”

“Yes, Andrew.”

After he was gone, Sachs asked, “Employees? Is there anyone you’ve had disciplinary problems with?”

Sterling said, “We run extensive background checks on our people. I won’t allow hiring anybody who’s had any convictions other than traffic violations. And background checks are one of our specialties. But even if an employee wanted to get into innerCircle it would be impossible for him to steal any data. Mark, tell her about the pens.”

“Sure, Andrew.” To Sachs he said, “We have concrete firewalls.”

“I’m not a technical person,” Sachs said.

Whitcomb laughed. “No, no, it’s very low-tech. Literally concrete. As in walls and floors. We divide up the data when we receive them and store them in physically separate places. You’ll understand better if I tell you how SSD operates. We start with the premise that data is our main asset. If somebody was to duplicate innerCircle we’d be out of business in a week. So number one—‘protect our asset,’ as we say here. Now, where does all this data come from? From thousands of sources: credit card companies, banks, government-records offices, retail stores, online operations, court clerks, DMV departments, hospitals, insurance companies. We consider each event that creates data a quote transaction, which could be a call to an eight hundred number, registering a car, a health insurance claim, filing a lawsuit, a birth, wedding, purchase, merchandise return, a complaint… In your business, a transaction could be a rape, a burglary, a murder—any crime. Also, the opening of a case file, selecting a juror, a trial, a conviction.”

Whitcomb continued, “Any time data about a transaction comes to SSD it goes first to the Intake Center, where it’s evaluated. For security we have a data masking policy—separating the person’s name and replacing it with a code.”

“Social Security number?”

A flicker of emotion crossed Sterling’s face. “Ah, no. Those were created solely for government retirement accounts. Ages ago. It was a fluke that they became identification. Inaccurate, easy to steal or buy. Dangerous—like keeping a loaded gun unlocked around the house. Our code is a sixteen-digit number. Ninety-eight percent of adult Americans have SSD codes. Now, every child whose birth is registered—anywhere in North America—automatically gets a code.”

“Why sixteen digits?” Pulaski asked.

“Gives us room for expansion,” Sterling said. “We never have to worry about running out of numbers. We can assign nearly one quintillion codes. The earth will run out of living space before SSD runs out of numbers. The codes make our system much more secure and it’s far faster to process data than using a name or Social. Also, using a code neutralizes the human element and takes the prejudice out of the equation. Psychologically we have opinions about Adolf or Britney or Shaquilla or Diego before we even meet them, simply because of their name. A number eliminates that bias. And improves efficiency. Please, go on, Mark.”

“Sure, Andrew. Once the name is swapped for the code, the Intake Center evaluates the transaction, decides where it belongs and sends it to one or more of three separate areas—our data pens. Pen A is where we store personal lifestyle data. Pen B is financial. That includes salary history, banking, credit reports, insurance. Pen C is public and government filings and records.”

“Then the data’s cleansed.” Sterling took over once again. “The impurities are weeded out and it’s made uniform. For instance, on some forms your sex is given as ‘F.’ In others, it’s ‘Female.’ Sometimes it’s a one or a zero. You have to be consistent.

“We also remove the noise—that’s impure data. It could be erroneous, could have too many details, could have too few details. Noise is contamination, and contamination has to be eliminated.” He said this firmly—another dash of emotion. “Then the cleansed data sits in one of our pens until a client needs a fortune-teller.”

“How do you mean?” asked Pulaski.

Sterling explained, “In the nineteen seventies, computer database software gave companies an analysis of past performance. In the nineties the data showed how they were doing at any given moment. More helpful. Now we can predict what consumers are going to do and guide our clients to take advantage of that.”

Sachs said, “Then you’re not just predicting the future. You’re trying to change it.”

“Exactly. But what other reason is there to go to a fortune-teller?”

His eyes were calm, almost amused. Yet Sachs felt uneasy, thinking back to the run-in with the federal agent yesterday in Brooklyn. It was as if 522 had done just what he was describing: predicted a shootout between them.

Sterling gestured to Whitcomb, who continued, “Okay, so data, which contain no names but only numbers, go into these three separate pens on different floors in different security zones. An employee in the public records pen can’t access the data in the lifestyle pen or the financial pen. And nobody in any of the data pens can access the information in the Intake Center, and link the name and address to the sixteen-digit code.”

Sterling said, “That’s what Tom meant when he said that a hacker would have to breach all of the data pens independently.”

O’Day added, “And we monitor twenty-four/seven. We’d know instantly if someone unauthorized tried to physically enter a pen. They’d be fired on the spot and probably arrested. Besides, you can’t download anything from the computers in the pens—there are no ports—and even if you managed to break into a server and hardwire a device, you couldn’t get it out. Everybody’s searched—every employee, senior executive, security guard, fire warden, janitor. Even Andrew. We have metal and dense-material detectors at every entrance and exit to the data pens and Intake—even the fire doors.”

Whitcomb took up the narrative. “And a magnetic field generator that you have to walk through. It erases all digital data on any medium you’re carrying—iPod, phone or hard drive. No, nobody gets out of those rooms with a kilobyte of information on them.”

Sachs said, “So stealing the data from these pens—either by hackers outside or intruders or employees inside—would be almost impossible.”

Sterling was nodding. “Data are our only asset. We guard them religiously.”

“What about the other scenario—somebody who works for a client?”

“Like Tom was saying, the way this man operates he’d have to have access to the innerCircle dossiers of each of the victims and the men arrested for the crimes.”

“Right.”

Sterling lifted his hands, like a professor. “But customers don’t have access to dossiers. They wouldn’t want them anyway. innerCircle contains raw data and wouldn’t do them any good. What they want is our analysis of the data. Customers log on to Watchtower—that’s our proprietary database management system—and other programs like Xpectation or FORT. The programs themselves search through innerCircle, find the relevant data and put them into usable form. If you want to think of the mining analogy, Watchtower sifts through tons of dirt and rock and finds gold nuggets.”

She said in response, “But if a client bought a number of mailing lists, say, they could come up with enough data about one of our victims to commit the crimes, couldn’t they?” She nodded at the evidence list she’d shown Sterling earlier. “For instance, our perp could get lists of everyone who bought that kind of shave cream and condoms and duct tape and running shoes and so on.”

Sterling lifted an eyebrow. “Hm. It would be a huge amount of work but it’s theoretically possible… All right. I’ll get a list of all our customers who’ve bought any data that included your victims’ names—in the past, say, three months? No, maybe six.”

“That should do it.” She dug through her briefcase—considerably less organized than Sterling’s desktop—and handed him a list of the victims and fall guys.

“Our client agreement gives us the right to share information about them. There won’t be a problem legally but it will take a few hours to put together.”

“Thanks. Now, one final question about employees… Even if they’re not allowed in the pens, could they download a dossier in their office?”

He was nodding, impressed by her question, it seemed, even though it suggested an SSD worker might be the killer. “Most employees can’t—again, we have to protect our data. But a few of us have what’s called ‘all-access permission.’”

Whitcomb gave a smile. “Well, but look who that is, Andrew.”

“If there’s a problem here, we need to explore all possible solutions.”

Whitcomb said to Sachs and Pulaski, “The thing is, the all-access employees are senior people here. They’ve been with the company for years. We’re like a family. We have parties together, we have our inspirational retreats—”

Sterling held up a hand, cutting him off, and said, “We have to follow up on it, Mark. I want this rooted out, whatever it takes. I want answers.”

“Who has all-access rights?” Sachs asked.

Sterling shrugged. “I’m authorized. Our head of Sales, the head of Technical Operations. Our Human Resources director could put together a dossier, I suppose, though I’m sure he never has. And Mark’s boss, our Compliance Department director.” He gave her the names.

Sachs glanced at Whitcomb, who shook his head. “I don’t have access.”

O’Day didn’t either.

“Your assistants?” Sachs asked Sterling, referring to Jeremy and Martin.

“No… Now, as for the repair folks—the techies—the line people couldn’t assemble a dossier but we have two service managers who could. One on the day shift, one at night.” He gave her their names too.

Sachs looked over the list. “There’s one easy way to tell whether or not they’re innocent.”

“How?”

“We know where the killer was on Sunday afternoon. If they have alibis, they’ll be off the hook. Let me interview them. Right now, if we can.”

“Good,” Sterling said and gave an approving look at her suggestion: a simple “solution” to one of his “problems.” Then she realized something: Every time he’d looked at her this morning his gaze had met her eyes. Unlike many, if not most, men Sachs met, Sterling hadn’t once glanced over her body, hadn’t offered a bit of flirt. She wondered what the bedroom story was. She asked, “Could I see the security in the data pens for myself?”

“Sure. Just leave your pager, phone and PDA outside. And any thumb-drives. If you don’t, all the data will be erased. And you’ll be searched when you leave.”

“Okay.”

Sterling nodded to O’Day, who stepped into the hall and returned with the stern security guard who’d walked Sachs and Pulaski here from the massive lobby downstairs.

Sterling printed out a pass for her, signed it and handed it to the guard, who led her out into the halls.

Sachs was pleased that Sterling hadn’t resisted her request. She had an ulterior motive for seeing the pens for herself. Not only could she make yet more people aware of the investigation—in the hope they’d go for the bait—but she could question the guard about the security measures, to verify what O’Day, Sterling and Whitcomb had told her.

But the man remained virtually silent, like a child told by his parents not to speak to strangers.

Through doorways, up corridors, down a staircase, up another one. She was soon completely disoriented. Her muscles shivered. The spaces were increasingly confined, narrow and dim. Her claustrophobia began to kick in; while the windows were small throughout the Gray Rock, here—approaching the data pens—they were nonexistent. She took a deep breath. It didn’t help.

She glanced at his name badge. “Say, John?”

“Yes, ma’am?”

“What’s the story with the windows? They’re either small—or there aren’t any.”

“Andrew’s concerned that people might try to photograph information from outside, like passcodes. Or business plans.”

“Really? Could somebody do that?”

“I don’t know. We’re told to check sometimes—scan nearby observation decks, windows of buildings facing the company. Nobody’s ever seen something suspicious. But Andrew wants us to keep doing it.”

The data pens were eerie places, all color-coded. Personal lifestyle was blue, financial red, governmental green. They were huge spaces but that did nothing to allay her claustrophobia. The ceilings were very low, the rooms dim and aisles narrow between the rows of computers. A constant churning filled the air, a low tone like a growl. The air-conditioning was working like mad, given the number of computers and the electricity they’d require, but the atmosphere was close and stifling.

As for the computers, she’d never seen so many in her life. They were massive white boxes and were identified, curiously, not by numbers or letters but by decals depicting cartoon characters like Spider-Man, Batman, Barney, the Road Runner and Mickey Mouse.

“SpongeBob?” she asked, nodding at one.

John offered his first smile. “It’s another layer of security Andrew thought of. We have people looking online for anybody talking about SSD and innerCircle. If there’s a reference to the company and a cartoon name, like Wile E. Coyote or Superman, it might mean somebody’s a little too interested in the computers themselves. The names jump out more than if we just numbered the computers.”

“Smart,” she said, reflecting on the irony that Sterling preferred people to be numbered and his computers named.

They entered the Intake Center, painted a grim gray. It was smaller than the data pens and boosted her claustrophobia even further. As in the pens, the only decorations here were the logo of the watchtower and illuminated window, and a large picture of Andrew Sterling, a posed smile on his face. Below it was the caption “You’re Number One!”

Maybe it referred to market share or to an award the company had won. Or maybe it was a slogan about the importance of employees. Still, to Sachs it seemed ominous, as if you were at the top of a list you didn’t want to be on.

Her breathing was coming quickly as the sense of confinement grew.

“Gets to you, doesn’t it?” the guard asked.

She gave a smile. “A little.”

“We make our rounds but nobody spends more time in the pens than we have to.”

Now that she’d broken the ice and gotten John to answer in more than monosyllables, she asked him about the security, to verify if Sterling and the others were being straight.

They were, it seemed. John reiterated what the CEO had said: None of the computers or workstations in the rooms had a slot or port to download data, merely keyboards and monitors. And the rooms were shielded, the guard said; no wireless signals could get out. And he explained too what Sterling and Whitcomb had told her earlier about data from each pen being useless without the data from the others and from Intake. There wasn’t much security on the computer monitors but to get into the pens you needed your ID card, a passcode and a biometric scan—or, apparently, a big security guard watching your every move (which was just what John had been doing, and not so subtly).

The security outside the pens was tight too, as the executives had told her. Both she and the guard were searched carefully when they left each one and had to walk through both a metal detector and a thick frame called a Data-Clear unit. The machine warned,!!! “Passing through this system permanently erases all digital data on computers, drives, cell phones and other devices.”

As they returned to Sterling’s office John told her that to his knowledge nobody had ever broken into SSD. Still, O’Day regularly had them run drills to prevent security intrusions. Like most of the guards, John didn’t carry a gun but Sterling had a policy that at least two armed guards be present twenty-four hours a day.

Back in the CEO’s office, she found Pulaski sitting on a huge leather sofa near Martin’s desk. Though not a small man, he seemed dwarfed, a student who’d been sent to the principal’s office. In her absence, the young officer had taken the initiative to check on the Compliance Department head, Samuel Brockton—Whitcomb’s boss, who had all-access rights. He was staying in Washington, D.C.; hotel records showed he’d been at brunch in the dining room at the time of the killing yesterday. She noted this, then glanced over the all-access permission list.!!!Andrew Sterling, President, Chief Executive Officer

Sean Cassel, Director of Sales and Marketing

Wayne Gillespie, Director of Technical Operations

Samuel Brockton, Director, Compliance Department

Alibi—hotel records confirm presence in Washington

Peter Arlonzo-Kemper, Director of Human Resources

Steven Shraeder, Technical Service and Support Manager, day shift

Faruk Mameda, Technical Service and Support Manager, night shift

She said to Sterling, “I’d like to interview them as soon as possible.”

The CEO called his assistant and learned that, other than Brockton, everyone was in town, though Shraeder was handling a hardware crisis in the Intake Center and Mameda would not be coming in until three that afternoon. He instructed Martin to have them come upstairs for interviews. He’d find a vacant conference room.

Sterling told the intercom to disconnect and said, “All right, Detective. It’s up to you now. Go clear our name… or find your killer.”