Public Records & Open-Source Research: Find What's Actually Out There

Public Records & Open-Source Research: Find What's Actually Out There
Audio course

Public Records & Open-Source Research: Find What's Actually Out There

0:00 / 2:49:3914 chapters

A practical, no-jargon guide to locating and interpreting publicly available records — property filings, court documents, corporate registrations, FOIA requests, and digital OSINT tools. For journalists, genealogists, small business owners, and anyone who wants to verify what they're told, with no legal or technical background required.

🎧 14 chapters⏱ 2:49:39 audio 🎙 Narrated by Connor Updated
26 sources · 25 domains · 9 primary authorities AI-generated
Share:
Progress0%

Sign up free to unlock:

  • Resume-where-you-stopped listening
  • Request & vote on new courses
  • Save courses for later listening
  • Get personalized recommendations
Sign Up Free

Already have an account? Log in

Chapters

Click play to listen, or tap a chapter to read its transcript.

1Introduction

Somewhere in a county database right now, there's a lien recorded three years ago against a property about to change hands for two hundred thousand dollars. The seller didn't mention it. The listing didn't mention it. And if the buyer wires that money without knowing how to look, it will cost them — badly. That document is free to find. It's sitting in a public database, recorded by a county employee doing their job. The only thing standing between that buyer and the truth is knowing where to look.

That gap — between what governments quietly make available and what most people assume is accessible — turns out to be enormous. So here's the question this course is going to settle: what is actually out there in the public record, and how do you find it before it matters?

The answer is more than most people expect. There are moments later in this course that will reframe what you thought was hidden. There's the section on corporate records, where you'll follow a paper trail through shell company structures — Secretary of State filings, registered agent records, UCC financing statements — and see exactly where the opacity begins and what it might be hiding. There's the section on financial disclosures, where campaign contributions, federal contracts, and nonprofit tax returns turn out to be sitting in searchable, downloadable databases right now, maintained by federal agencies, waiting for anyone who knows which door leads where. And there's the walkthrough where a researcher handed the same assignment as a colleague — find out who really owns a warehouse at the edge of town — wraps it up in an afternoon, while the other researcher spends three days hitting dead ends. The difference isn't secret access. The difference is a mental model built before touching a keyboard.

That mental model is what this course builds. Property records and how to trace a title chain. Court filings and what they reveal when things go sideways — the defaults, the fraud allegations, the judgments that property records alone would never show you. FOIA requests and how to file them in a way that actually works. Social media preservation, because a video shared ten thousand times can vanish by morning. And the discipline of verification — because a single source, no matter how official it looks, is a starting point, not a conclusion.

By the time this course ends, you'll understand not just where the records live, but how they connect to each other — and how to walk someone through your trail, source by source, and show them exactly how you got there. That's the standard. This is how you meet it.

2What Public Records Are (and Why They Exist)

Imagine you are standing outside a county courthouse on a Tuesday morning. Inside that building, in filing cabinets and digital databases that anyone with a library card could access, sits a detailed record of nearly every property sale in the county for the past century, the names of every business registered in the state, and the full paper trail of thousands of civil lawsuits — including the one filed last year against that contractor you were thinking of hiring. Nobody told you any of this was there. Nobody had to. It has been public record the whole time.

That gap — between what governments quietly make available and what most people think is accessible — is one of the more remarkable features of modern democracy, and it is the reason this course exists.

The core idea runs through everything that follows: in a functioning democratic republic, the government works for the people, and the people have a right to see how that work is being done. That principle sounds obvious when you say it out loud, but it took centuries of political struggle to turn it into law, and it carries consequences most people have never fully thought through.

The philosophical roots go back at least as far as the Enlightenment, when thinkers like John Locke argued that legitimate government derives its authority from the consent of the governed. Consent without information is not really consent — it is just compliance. If citizens cannot know how public funds are spent, how contracts are awarded, how criminal cases are decided, or who actually owns the land underneath a city block, then accountability becomes impossible, and the line between government and private power starts to blur in dangerous ways. The public records tradition is the legal machinery built to hold that line.

The first modern freedom of information law, passed in Sweden in 1766, is worth sitting with for a moment. Sweden's Freedom of the Press Act — which the Swedish Parliament's historical records describe as among the oldest press freedom laws in the world — established the principle that government documents were presumptively public, meaning the default assumption was openness rather than secrecy. Officials who wanted to withhold something had to justify the withholding. That inversion — where the burden falls on the government to explain why something should be hidden, rather than on the citizen to explain why they need it — is the philosophical cornerstone every access-to-information system since has built upon.

The United States arrived at its version much later. The Freedom of Information Act, signed into law in 1966, established at the federal level what Sweden had pioneered two centuries earlier. And critically, the American system spread downward: every state eventually passed its own version, often called sunshine laws or open records acts, creating a patchwork of access rights that together cover an enormous swath of government activity. Those state laws are where most people's day-to-day research actually happens — at county courthouses, state agency portals, and local government offices. The federal FOIA gets most of the press attention, but the real volume of public records exists at the state and local level, in offices most people have never walked into.

Here's the catch that most explanations of public records gloss over: accessibility in law does not mean accessibility in practice. A record can be legally public and still require you to know the right office, the right form, the right vocabulary, and sometimes the right county to file in. The American system was not designed with a single front door. It was built agency by agency, jurisdiction by jurisdiction, over decades, in response to specific political pressures and scandals. The result is a system that rewards the persistent and knowledgeable and frustrates everyone else — which is exactly why most people have no idea how much is out there.

The spectrum of what actually sits in public records is worth sketching at a high level, because the breadth surprises almost everyone who looks at it carefully. On one end you have records that are always public by design: property deeds, court filings, corporate registrations, campaign finance reports, government contracts, nonprofit tax returns. These exist because the transactions they document involve either public funds, public land, or the exercise of legal rights that affect third parties. The whole point of recording a deed is to put the world on notice that property has changed hands. The whole point of a court filing is to create an official account of legal proceedings. Publicity is not a side effect of these systems — it is the purpose.

Further along the spectrum you find records that are public in aggregate but protected at the individual level: census data, for example, which is released in anonymized statistical form to protect the privacy of respondents, but which historically published individual-level data after a 72-year delay. The 2020 census applied new differential privacy techniques that deliberately blur individual records, a design choice that reflects exactly the tension this spectrum is always navigating — between the public's interest in knowing and the individual's interest in not being known.

At the far end sit records that are sealed or heavily protected by law: juvenile court proceedings, adoption records, certain law enforcement investigative files, medical records, and personnel files for private employees. These protections exist because the privacy interests are judged to outweigh the transparency interests — but that judgment is not fixed. Laws change, courts rule, and what was sealed in one era sometimes becomes available in another. The shape of the spectrum is not static.

Worth knowing: the line between public and protected is not always where people assume it falls. Many people are surprised to discover that a civil lawsuit they were involved in — including all the allegations, exhibits, and financial details filed by either side — is presumptively public record unless a judge explicitly seals it. A sealed case requires a specific legal order, and courts have grown more skeptical of sealing requests in recent years under pressure from press freedom advocates. Conversely, many people are surprised to discover that certain government salary databases are fully public in some states and protected as personnel records in others. The variation across jurisdictions is significant enough that a blanket assumption in either direction will lead you wrong.

The concept of beneficial ownership is one area where the transparency landscape has been changing rapidly. For most of American history, it was entirely possible to form a limited liability company — the kind of entity that might own an apartment building, a business, or a piece of land — without disclosing who actually controlled or profited from it. Registered agents, nominee owners, and layered corporate structures made genuine anonymity relatively easy to achieve. That started to shift with anti-money-laundering legislation, and accelerated with the Corporate Transparency Act, passed in 2021, which created a federal requirement for many small businesses to report their beneficial owners to the Financial Crimes Enforcement Network. Whether and how that database becomes accessible to the public — as opposed to law enforcement — remains an evolving legal and political question as of 2026.

The gap between what's technically available and what people actually find is also a product of digitization timing. Records created before the 1990s often exist only in physical form, sitting in archive rooms that require an in-person visit. Records created in the early days of digital government often exist in formats or databases that are technically accessible but practically opaque — spreadsheets without documentation, PDFs that aren't machine-readable, portals that require account creation and manual request submission. The experience of searching public records is not uniform, and the difficulty tends to scale inversely with the importance of what you're looking for: the most valuable records often have the most friction around them, whether by design or by neglect.

This brings up a point that practitioners of public records research make repeatedly: the most important skill is not knowing what databases exist, but knowing what should exist and therefore what to ask for. A trained investigative journalist doesn't just search the portals that are easy to find — they think through the bureaucratic logic of a government function and ask what paper trail that function necessarily creates. If a city awards a contract, there is a procurement record. If a business registers in a state, there is a filing. If a ship enters a port, there is a manifest. The records exist because the underlying transactions exist, and the underlying transactions exist because governments and courts and businesses operate through documented processes. Understanding that logic — the idea that government activity leaves a paper trail by design — is more valuable than any list of specific databases.

The investigative databases that get the most attention often demonstrate this principle in dramatic form. The ICIJ Offshore Leaks Database, maintained by the International Consortium of Investigative Journalists, contains information on more than 810,000 offshore entities drawn from the Pandora Papers, Paradise Papers, Panama Papers, and other major leak investigations — records covering more than 80 years and linking to people and companies in more than 200 countries. That database became possible because journalists obtained records that showed the internal structure of firms that had been deliberately designed to avoid public scrutiny. The offshore secrecy system was itself a kind of mirror image of the public records principle: structures built to defeat accountability. The leaks worked because they converted private records into something that functioned like the public documentation that should have existed.

Most public records research is considerably less dramatic than the Panama Papers. It is a property buyer checking whether a seller actually holds clear title. It is a small business owner verifying that a potential partner has not left a trail of unpaid judgments. It is a journalist confirming that the campaign contributions a politician received actually match the votes they cast on related legislation. It is a tenant discovering that their landlord has been cited for housing code violations in three other properties in the same city. These are practical, grounded uses of a system that was built specifically to make them possible.

The legal historian's view of public records is that the system is never finished — it is always a live negotiation between openness and secrecy, between governments wanting to operate without scrutiny and citizens insisting on their right to see. Every FOIA exemption written into law reflects a lobbying battle that someone won. Every seal placed on a court case reflects a judge's judgment about which interest is weightier in that moment. And every investigative database that gets built represents someone deciding that the existing public infrastructure was insufficient and doing something about it.

What all of that history adds up to is a system that is genuinely remarkable in scope and genuinely frustrating in practice — and that rewards people who take the time to understand its logic rather than just its interfaces. The records are there. The access rights exist. The question is always whether you know where to look and what to ask for.

Understanding the philosophy gets you oriented. The next step is understanding the actual landscape of record types — what exists, who holds it, and how the mental model maps onto the specific offices and agencies you'll actually need to navigate.

3The Records Landscape: A Map of What Lives Where

Picture two researchers handed the same assignment: find out who really owns a warehouse at the edge of town. The first researcher spends three days calling phone numbers that go to voicemail, hitting dead ends, and eventually gives up. The second researcher wraps it up in an afternoon. The difference isn't access to secret databases or insider sources. The difference is that the second researcher knew, before touching a keyboard, exactly which agencies hold which records — and why.

That mental model is what this section is about, and it's the thing that makes every search you do from here forward faster.

Think of public records as a filing system maintained by the government on your behalf, distributed across dozens of agencies, each responsible for a specific slice of civic life. Property transactions live in one place. Corporate registrations live in another. Court judgments somewhere else entirely. Financial disclosures in yet another cabinet. The system is not unified, it is not always user-friendly, and it was not designed with researchers in mind — but it is surprisingly comprehensive once you understand how it's organized. The mental model isn't about memorizing every database. It's about knowing the six broad categories that cover almost everything, and understanding which government function generates each one.

So: six categories, six agency families, and the logic that ties them together. The most important category comes first, because it's the one most researchers underestimate.

The first category is property records. Every time a piece of real estate changes hands, the transaction gets recorded with a government office — typically the county recorder or register of deeds, depending on the state. This isn't just a sale price scribbled in a ledger. A property record chain includes the deed itself, which names the grantor (the seller) and the grantee (the buyer), the legal description of the parcel, and the date of transfer. Alongside it sits the mortgage filing, which names the lender and the amount borrowed. Then there's the tax assessment record, maintained by the county assessor, which carries the assessor's estimate of the property's value and the current owner of record for tax purposes. Separate again are any liens — claims against the property filed by creditors, contractors, or taxing authorities — which can appear in the recorder's office or in court filings depending on the jurisdiction.

Worth knowing here: the county recorder and the county assessor are often different offices entirely, and each holds a different slice of the picture. The recorder captures transaction history. The assessor captures current ownership and value for taxation. A researcher who checks only one and not the other will miss things. In some jurisdictions, the recorder and assessor databases have been consolidated into a single online portal. In many they have not. Property records are covered in depth in the next section of this course, but the key mental model right now is simply this: every parcel of land in the United States has a unique identifier called a parcel number, and that number is the key that unlocks its entire recorded history.

The second category is court records. Courts generate records constantly — civil lawsuits, criminal charges, bankruptcy petitions, divorce filings, probate proceedings, restraining orders. Each document filed in a case becomes part of the public docket, which is the official index of that case's paperwork. The catch is that court records are distributed across a layered system of jurisdictions: federal courts, state courts, county courts, and specialty courts like bankruptcy courts and small claims courts. Federal civil and criminal cases are indexed through PACER — the Public Access to Court Electronic Records system — which charges a small per-page fee for downloads. State courts each run their own systems, ranging from sophisticated online portals to paper files you'd have to visit in person. According to PACER's official documentation, the federal system covers more than 190 courts and contains hundreds of millions of case documents. State systems vary enormously in quality and accessibility. Court records are one of the most revealing categories in the taxonomy because they contain sworn statements, financial disclosures, and evidence exhibits that appear nowhere else. The subsequent section on court records goes deeper into how to navigate PACER and state eCourt portals — for now, what matters is simply that courts are their own distinct category with their own access systems.

The third category is corporate records. When a business incorporates, it registers with the Secretary of State's office in whatever state it chooses as its legal home. That registration creates a public record called the articles of incorporation or articles of organization, which typically names the company's founders and registered agent — the person or entity designated to receive legal notices. The registered agent's name and address can be surprisingly revealing, because professional registered agent services are commonly used to add a layer of distance between the business and its actual operators. Alongside incorporation records sit a separate filing type: UCC filings, or Uniform Commercial Code filings, which are notices that a lender has a security interest in a company's assets. These are filed with the Secretary of State and are fully public. If a company has borrowed money using its equipment, inventory, or accounts receivable as collateral, there will be a UCC filing describing exactly that. OpenCorporates, which describes itself on its website as the world's largest open database of companies, aggregates corporate filings from jurisdictions around the globe — useful for international research, though the depth of data varies significantly by country. The Secretary of State portal for the state where a company is incorporated remains the authoritative domestic source.

The fourth category is vital records. Birth certificates, death certificates, marriage licenses, and divorce decrees are all vital records. They are the most restricted category in the taxonomy — most jurisdictions limit who can obtain certified copies, and the restrictions tighten around living individuals. But they matter for research because they establish identity, lineage, and legal relationships. A death certificate, for example, is often needed to trace estate records and probate proceedings, which connect to both court records and property records. Marriage and divorce records can reveal name changes, prior relationships, and community property transfers. The access rules for vital records vary sharply by state: some states make older marriage and divorce decrees fully public through court systems, while others restrict all vital records regardless of age. The key thing to carry forward in the mental model is where these records live: births and deaths with the state health department or vital records office, marriages and divorces either with the county clerk or through the court system, depending on jurisdiction.

The fifth category is financial and regulatory disclosures. This is a broad umbrella that covers several distinct subcategories, each generated by different disclosure obligations. Campaign finance records are filed with the Federal Election Commission for federal candidates and with state election agencies for state and local races — they are fully public and searchable online. Lobbying disclosures are filed with the Senate and House for federal lobbying activity, and with state agencies for state-level lobbying. Federal procurement records — contracts, grants, and subcontracts awarded with federal money — are publicly indexed on USASpending.gov. Securities filings from publicly traded companies go to the SEC and are available through the EDGAR database. And nonprofit organizations that file Form 990 with the IRS are required to make those forms public, which means their revenue, expenses, and executive compensation are visible to anyone who looks. The IRS instructions for Form 990 specify that tax-exempt organizations must make their three most recent annual returns available for public inspection. Each of these subcategories has its own section later in this course — what matters here is the mental model: financial disclosure records exist because organizations that seek public money, tax exemptions, or regulatory approval are required to show their books, at least partially.

The sixth category is regulatory and licensing records. This is the most diffuse of the six, and the one researchers most often overlook. Every business that requires a license to operate — a contractor, a real estate agent, a medical practice, a restaurant, a security firm — generates a public record when it applies for and renews that license. Those records are held by the relevant regulatory agency: state contractor licensing boards, state medical boards, state real estate commissions, local health departments, the FAA for aircraft, the FCC for broadcast licenses, and dozens more. License records matter for several reasons. They confirm that a person or business actually holds the credentials they claim. They document complaints and disciplinary actions, which often don't show up anywhere else. And they establish the address and contact information that was on record at the time of licensing, which can help locate people and businesses that have since moved.

Stay with this for one more step — because the regulatory category actually extends into several specialized subcategories that deserve their own mention. Aircraft registration is maintained by the FAA and is fully searchable, meaning the registered owner of any U.S.-registered airplane is a public record. As Bellingcat's beginner's guide to flight tracking explains, aircraft are assigned both a registration number — the aviation equivalent of a license plate — and a Manufacturer Serial Number that stays with the aircraft for its entire life regardless of ownership changes. Ship registration is maintained at the national level in most countries, and the International Maritime Organization assigns each commercial vessel a permanent IMO number. The Pulitzer Center's guide to maritime OSINT explains that vessel records include the flag state, the IMO number, the port of registry, and ownership structures that distinguish between the registered owner, the beneficial owner, and the commercial operator — distinctions that matter enormously when tracing accountability. Environmental permits, food safety inspections, occupational safety violations — these are all regulatory records held by the EPA, USDA, OSHA, and their state equivalents, and most are public.

It's worth pausing to notice how these six categories connect to each other, because that's where real research power comes from. A single individual might appear simultaneously in property records (as a property owner), corporate records (as an officer in a registered company), court records (as a defendant in a civil suit), financial disclosure records (as a donor to a federal candidate), and regulatory records (as a licensed professional). Each record type confirms and extends the others. A name that appears in only one category might be a coincidence or a common name; a name that appears consistently across four or five categories, with the same address and the same associated entities, is a confirmed identity. This is the triangulation logic that experienced investigators use — and it starts with knowing which categories exist.

There is a conceptual trap here that most new researchers fall into, and it's worth naming directly. The trap is thinking of public records as a single unified database — as if there were some master system where you type a name and everything comes back. That system does not exist. Some commercial data aggregators — people-finder services, background check companies — attempt to approximate it by pulling from multiple sources, but their coverage is uneven, their data is often stale, and their accuracy is imperfect. The taxonomy described in this section exists precisely because records are not unified: they are distributed across agencies that each have specific legal mandates to collect specific information. Understanding the taxonomy means understanding why the records are distributed the way they are, and that understanding tells you where to look for any given piece of information rather than hoping a single search surface will catch everything.

The agency logic follows the same pattern in almost every category. The government agency that regulates a transaction is also the agency that records it. Property transfers are recorded by the county recorder because counties are responsible for property taxation. Corporate registrations go to the Secretary of State because states are responsible for corporate law. Securities disclosures go to the SEC because the SEC regulates securities markets. Licensing records live with licensing boards because licensing boards are the regulatory authority. Follow the regulator, and you find the record.

One more thing worth knowing about where the taxonomy has gaps. Two categories are notably incomplete for different reasons. Vital records are restricted partly to protect living individuals' privacy — a tradeoff that the previous section of this course covers in terms of the broader legal philosophy — and partly because historical vital records were never systematically digitized in many states. Regulatory records, meanwhile, are comprehensive for formal licenses but often invisible for informal or unlicensed activity. A landscaping company operating without a license won't have a licensing record. A contractor who lost their license and kept working will only appear in the disciplinary records, not the active license database. These gaps don't undermine the taxonomy — they just mean that the absence of a record is itself information, and sometimes the most interesting information of all.

According to Nolo's guide to due diligence when buying a business, a thorough investigation draws on multiple record types simultaneously — financial records, equipment liens from public sources, and operational history — because no single document tells the whole story. That's the practitioner's version of the same principle: the taxonomy isn't just an academic framework. It's the checklist that keeps you from stopping too early.

For international research, the taxonomy still holds but the agency structure differs by country and varies widely in accessibility. The ICIJ Offshore Leaks Database, which according to the ICIJ website contains information on more than 810,000 offshore entities drawn from the Pandora Papers, Paradise Papers, and Panama Papers investigations among others, is one of the few consolidated cross-border resources — and even it covers only entities that appeared in leaked files, not the universe of offshore structures. For most international research, the equivalent of a Secretary of State search means identifying the corporate registry for the specific jurisdiction: Companies House in the United Kingdom, the ASIC in Australia, the Registre du Commerce in France. The taxonomy transfers; the specific databases change.

Here's how to carry this forward. Before starting any research task, ask yourself which of the six categories is most likely to hold the information you need, and which government function generated those records. Is the subject a property owner? Start with the county recorder and assessor. Is the subject running a company? Start with the Secretary of State. Has the subject been sued or arrested? Start with PACER for federal cases and the relevant state court portal. Is the subject a licensed professional? Find the relevant licensing board. Does the subject receive federal contracts or make federal campaign contributions? USASpending and the FEC are your first stops. This isn't a rigid flowchart — most research problems will eventually require pulling from multiple categories — but having a starting point means you don't spend your first hour wandering.

The taxonomy also tells you when you're done, or at least when you've been thorough. If you've checked the relevant categories and found nothing, you've done your job. If you've only checked one category and found what you were looking for, you might be done — or there might be contradicting information sitting in a category you haven't looked at yet. The structure gives you both a starting point and a completion criterion, which is rarer and more valuable than it sounds.

That's the map. The rest of this course is the territory — and the next section digs into property records in detail, including how to trace a title chain, spot encumbrances like liens, and follow ownership through shell company structures back to the person who actually controls the land.

4Property Records: Following the Paper Trail on Real Estate

Picture this: you're about to wire a large sum of money for a piece of real estate, and somewhere buried in a stack of documents is a lien from a contractor who was never paid, recorded three years ago and never resolved. The seller didn't mention it. The listing didn't mention it. But it's sitting right there in the public record, waiting for anyone who knows how to look.

That one detail — findable for free, in a county database, in under an hour — is the kind of thing property records exist to reveal. And most people have no idea how to find it.

This section is about becoming the person who does know how to look: how to navigate the databases, read the documents, spot the warning signs in a title history, and trace who actually owns a piece of land when the paperwork has been deliberately layered to obscure it.

Start with the mental model, because it changes everything about how the search feels. Every parcel of real property in the United States sits inside a county — or a county equivalent like a parish in Louisiana or an independent city in Virginia. That county is served by at least two distinct offices, and most researchers confuse them constantly. The first is the county recorder, sometimes called the register of deeds. This office is the custodian of documents: deeds, mortgages, liens, easements, and anything else that gets formally recorded against a piece of land. The second is the county assessor, sometimes called the county appraiser. This office is the custodian of valuation: what the property is worth for tax purposes, who the current owner is on the tax rolls, and what the annual tax bill looks like. These two offices talk to each other, but they are separate databases with separate search interfaces, and they answer different questions. The recorder tells you the history of transactions. The assessor tells you the current snapshot.

Here is the catch that trips up most first-time researchers: the assessor's database is usually the easier one to find online, and it's tempting to stop there. The assessor will show you a current owner name and an assessed value, and that feels like enough. But it isn't. The assessor's records can lag by months after a sale, they don't show you the chain of transactions, and they almost certainly won't show you the liens and encumbrances that make a title complicated. For those, you need the recorder.

Before any of that, though, there's a number worth understanding: the parcel number. Every taxable parcel of land gets assigned one — sometimes called an APN, which stands for Assessor's Parcel Number, sometimes called a PIN for Parcel Identification Number, sometimes just called a tax map number depending on the county. The format varies wildly. In Los Angeles County it might look like four digits, a dash, three digits, a dash, three more digits. In a rural Midwestern county it might look like a township-range-section code pulled straight from the original Public Land Survey System. The exact format doesn't matter as much as understanding what the number does: it is the one identifier that ties together every document in both the recorder's office and the assessor's office that relates to a specific piece of land. Once you have the parcel number, you can pivot between systems instantly. Without it, you're searching by owner name or address, which is slower and messier and far more prone to returning the wrong results.

So the first step in almost any property records search is getting the parcel number. The fastest route is usually the assessor's website. Most counties — though not all — have put their assessor data online, and nearly all of them let you search by street address to return the parcel number. From there, you can cross over to the recorder's portal and search by that number for the full transaction history.

The deed is the foundational document in that history. A deed is simply the instrument that transfers legal ownership of real property from one party to another. The grantor is the one conveying the property — the seller, in a typical sale. The grantee is the one receiving it — the buyer. When you pull up a deed in a county recorder's system, you'll see the names of both parties, a legal description of the property — which is not the street address, but rather a technical description using metes and bounds or lot-and-block notation from a recorded plat map — and the type of deed being conveyed.

That deed type matters more than most people realize. A general warranty deed is the gold standard: the grantor is warranting that they hold clean title and will defend against any claims, even ones that arose before their ownership. A special warranty deed — common in commercial transactions and estate sales — warrants only against defects that arose during the grantor's period of ownership, not before. A quitclaim deed conveys whatever interest the grantor has, with no warranties whatsoever. If you see a quitclaim deed in a title chain between parties who aren't obviously family members doing an estate transfer, that's a flag worth noting. It can mean someone was in a hurry, or wasn't confident about the quality of their title, or was conveying something other than full fee simple ownership.

Stay with this for one more step, because the legal description is where researchers often stumble. Every deed references a legal description, and that description has to match across every document in the chain. Metes and bounds descriptions — the older system used east of the original Public Land Survey — describe a parcel by starting at a fixed monument and walking the perimeter: "thence north 47 degrees east 220 feet to an iron pin." Lot and block descriptions — the system used in platted subdivisions — simply reference a recorded map: "Lot 14, Block 3, Rosewood Subdivision, as recorded in Plat Book 12, Page 47." If you encounter a deed where the legal description doesn't cleanly match the one in the previous deed, that's a discrepancy that can indicate a boundary problem, a surveying error, or occasionally something more deliberate.

The mortgage, or deed of trust depending on the state, is the other document that appears constantly in recorder records. When a buyer takes out a loan to purchase property, the lender records a mortgage or deed of trust against the parcel. This document secures the lender's interest: if the borrower defaults, the lender has the right to foreclose. A discharge of mortgage — or a deed of reconveyance in deed-of-trust states — should appear when the loan is paid off, releasing that lien. If you pull up a title chain and find a mortgage recorded twenty years ago with no corresponding discharge, that is a serious red flag. Either the loan was never paid off, or the discharge was recorded but not indexed correctly, or — in rare cases — the discharge was fraudulently recorded. Any of those possibilities deserves investigation.

That brings up the broader category of liens. A lien is any recorded claim against a property that must be satisfied before clear title can be transferred. Mortgages are one type. Mechanics' liens — filed by contractors, subcontractors, or suppliers who were never paid for work on the property — are another. Tax liens can be recorded by federal, state, or local taxing authorities when taxes go unpaid. Judgment liens arise when a creditor wins a lawsuit and records the judgment against all real property the debtor owns in that county. Homeowners' association liens can appear when assessments go unpaid. Each of these sits in the recorder's system, attached to the parcel number, visible to anyone who searches.

When you're reading a title chain — which is simply the sequential record of all documents affecting a given parcel, arranged in chronological order — you're looking for three things. First, that each transfer of ownership follows logically from the last: the person granting the property in each deed should be the same as the person who received it in the prior deed. Any gap in that chain is a cloud on title — a legal term for anything that calls the ownership into question. Second, you're looking for liens that appear without a corresponding release. A recorded lien that was never discharged is still technically encumbering the property, even if the underlying debt was paid off informally. Third, you're looking for timing anomalies — a deed recorded shortly before a tax lien, a rapid series of transfers between related entities, a transaction that happened during a period when you know from other sources that the owner was in financial distress.

The assessor's database, in parallel, gives you a different set of signals. Most county assessor portals will show you the current assessed value, which is the value the county uses to calculate property taxes. In most jurisdictions this is a fraction of market value — sometimes 50 percent, sometimes 100 percent depending on state law and how recently the property was reassessed. Worth knowing: assessed value and market value are not the same number, and conflating them is a common mistake. But the assessed value still gives you a baseline, and dramatic mismatches between assessed value and a recent sale price can indicate assessment errors, homestead or agricultural exemptions, or occasionally something worth a closer look.

The assessor's records also show you the tax payment history in many counties — whether taxes are current, delinquent, or in some kind of installment arrangement. Tax delinquency is one of the earliest public signals of financial distress on a property. If a property owner is struggling, property taxes often go unpaid before mortgages do, simply because the immediate consequence of nonpayment is less visible. Many counties publish delinquent tax lists publicly, and some make them searchable online.

Now, beneficial ownership — which is where property research connects to the larger question of who is actually in control. In a straightforward residential transaction, the grantee on the deed is the individual who bought the house, and that's the end of the story. But an increasing share of real property, particularly commercial property and investment real estate, is held not by individuals but by legal entities: limited liability companies, limited partnerships, trusts, and various combinations thereof. The entity name appears on the deed as the grantee, and finding the human beings behind it requires a different path.

The first move is to take the entity name and search it in the Secretary of State's business registry for the state where the entity was formed. That's the territory covered later in this course in the section on corporate records — but the connection to property research is worth flagging here. If a deed shows that a property was conveyed to something called "1847 Meridian Holdings LLC," the recorder's system will show you that, but it won't tell you who owns or controls that LLC. For that, you go to the Secretary of State. And if that LLC is itself owned by another entity registered in Delaware or Wyoming or a jurisdiction with minimal disclosure requirements, you may be looking at a chain that requires following through multiple layers.

One tool that has become genuinely useful for this kind of beneficial ownership tracing is the ICIJ Offshore Leaks Database, maintained by the International Consortium of Investigative Journalists. As the ICIJ Offshore Leaks Database describes, it contains information on more than 810,000 offshore entities that are part of the Pandora Papers, Paradise Papers, Bahamas Leaks, Panama Papers, and Offshore Leaks investigations — covering more than 80 years and linking to people and companies in more than 200 countries and territories. That's not directly a property records tool, but if you've traced a title chain to an LLC that resolves to an offshore entity, the ICIJ database is a logical next stop for context on the ultimate ownership structure.

Back at the county level, there's a practical limitation worth naming. The quality, completeness, and online accessibility of county recorder and assessor data varies enormously across the United States. A county like Cook County in Illinois or Los Angeles County in California has invested heavily in digitizing historical records and making them searchable online, sometimes going back more than a century. A small rural county might have digitized only the last decade or two, with older records available only on microfilm or in physical grantor-grantee index books that require a visit to the courthouse. If the property you're researching changed hands before the county started digitizing, you may need to search those paper indexes directly — and knowing how they work matters.

The traditional grantor-grantee index is organized in two parallel alphabetical ledgers. The grantor index lists, alphabetically by the name of the person conveying property, every document recorded during a given period. The grantee index lists, alphabetically by the name of the person receiving property, the same documents. To trace a title chain backward through time, you start in the grantee index: find the current owner as a grantee, note what document was recorded and when, then look up the grantor in that transaction as a grantee in the prior period. Each step takes you one transaction further back. To search forward from an older owner — to find out who they eventually sold to — you search the grantor index. It's methodical, and once you understand the logic, it's actually quite satisfying to work through. The catch is that name variations, indexing errors, and misspellings can break the chain, which is why experienced title searchers maintain a list of alternative spellings and keep notes on every document reference they encounter.

Some counties and states have created statewide portals that aggregate recorder data across multiple counties — a significant convenience when a property research project involves multiple jurisdictions. States like New York and Texas have reasonably robust statewide systems, though they still have gaps. For many other states, the search remains county by county. Third-party data aggregators — commercial services that have scraped and compiled recorder data — can fill in some of these gaps, but their coverage and accuracy varies, and they often charge subscription fees that put them out of reach for casual researchers.

There's also the question of what happens when a property goes through foreclosure, tax sale, or other distressed transfer. A foreclosure deed — variously called a sheriff's deed, a trustee's deed, or a master commissioner's deed depending on the state — will appear in the recorder's records, and it resets the title chain in a way that can either clarify or complicate the history depending on what came before. A tax deed or tax sale certificate appears when a government taxing authority has ultimately sold the property to satisfy delinquent taxes. These documents are fully public and often signal that the prior owner experienced significant financial distress, which may itself be relevant to whatever question you're researching.

One more practical point about searching by entity name versus individual name: the recorder's office indexes documents under the exact name as it appears on the filed document. If an LLC changed its name, or if a property was conveyed under a slightly different version of an individual's name, searches under the current name will miss those records. Experienced researchers always run searches under multiple name variations — maiden names, middle names, hyphenated versions, common abbreviations — and they double-check by cross-referencing the parcel number, which doesn't change even when ownership does.

Reading a full title chain, from current ownership back through ten or twenty or fifty years of transactions, sounds daunting. But in practice, most title searches for research purposes don't require going back to the original federal land patent. What you're usually looking for is the last ten to thirty years of history, which is recent enough to catch most active encumbrances and transactions that are financially or legally relevant today. Start at the current owner, pull every document recorded against the parcel number in that period, arrange them in chronological order, and read them in sequence. You'll find most of what matters.

What you're building, ultimately, is a documented picture of what has actually happened to a piece of land: who has owned it, on what terms, who has claims against it, whether those claims were resolved, and who — behind the layers of legal entities — is actually the beneficial owner today. That picture is already out there, sitting in public databases, recorded by county employees doing their jobs. The only thing standing between a careful researcher and that picture is knowing where to look and what to look for.

And once you understand the logic of property records, a parallel system opens up: court records, where the disputes that property creates — the foreclosures, the quiet title actions, the judgment liens — leave their own paper trail, layered on top of everything the recorder captured.

5Section: Court Records: Finding Civil, Criminal, and Federal Cases

There's a moment in almost every serious investigation — a real estate deal gone wrong, a business partner who seems too good to be true, a public official whose finances don't quite add up — when someone says: "Let's see if they've been sued." That instinct is right. And the paper trail that instinct leads to is one of the richest, most underused sources of public information that exists.

Court records are different from most public records in a subtle but important way. Property records and corporate filings tell you what someone owns or controls. Court records tell you what happened when things went sideways — the disputes, the defaults, the fraud allegations, the judgments. They're the documentary residue of conflict, and conflict reveals things that people would never voluntarily disclose.

The catch is navigating a system that wasn't designed with outside researchers in mind.

There are two largely separate universes of courts in the United States, and understanding which one you're in determines almost everything about where you look and what you find. The goal here is to map both universes, show you how to get inside them, and give you enough of a framework to actually understand what you're reading once you do.

Start with the split itself. Federal courts handle cases that involve federal law — bankruptcy, securities fraud, immigration, civil rights claims under federal statutes, patent disputes, and cases where parties from different states are suing each other for more than seventy-five thousand dollars. State courts handle almost everything else: contract disputes, divorce and custody, personal injury, landlord-tenant matters, criminal prosecutions under state law, probate of estates. In practice, this means that if you're researching a business dispute or a debt collection action, you're probably looking at state court. If you're researching a bankruptcy, a securities enforcement action, or a federal criminal case, you're in federal territory.

The federal court system is, in a genuinely useful way, more unified than the state system. There are ninety-four federal district courts across the country, and nearly all of their electronic filings are accessible through a single gateway. That gateway is PACER — the Public Access to Court Electronic Records system. PACER's official court guide describes it as providing access to case and docket information from federal appellate, district, and bankruptcy courts, and as of 2026 it remains the authoritative source for federal court documents. Getting access requires creating a free account, though there is a per-page fee for retrieving documents — currently eight cents per page, with a quarterly cap of thirty dollars for accounts that accrue less than that amount, meaning many researchers effectively pay nothing if their usage is light.

The thing most people don't realize about PACER is how much is there. A single federal case can generate hundreds of filings — complaints, answers, motions, exhibits, depositions, settlement agreements, court orders. A bankruptcy case can contain years of financial disclosures. A securities fraud case can contain internal company communications introduced as exhibits. The documents themselves are often far more revealing than any news story written about the case, because news coverage tends to focus on outcomes while the documents contain the texture: the specific allegations, the financial figures, the names of individuals involved at every level.

There's a practical shortcut worth knowing before you spend a dollar on PACER. The RECAP Archive — a project run by the Free Law Project — has collected millions of federal court documents that have already been downloaded from PACER by other users, and made them freely searchable. CourtListener's RECAP Archive lets you search by party name, attorney, or case number without paying anything, and if the document you need has been downloaded before, you get it free. It doesn't have everything, but for well-publicized cases it often has the key documents. RECAP is the sensible first stop before opening your PACER wallet.

Now for the more complicated universe: state courts. Every state runs its own court system, with its own terminology, its own court structure, and its own approach to electronic access. Some states — California, New York, Texas — have invested significantly in public-facing online portals. Others still require you to visit a courthouse in person, know a case number in advance, or navigate systems that feel like they were designed in 1997. The variation is genuine and significant, not something that can be papered over.

That said, a few patterns hold. Most states now have at least a case search portal that lets you look up cases by party name, even if the underlying documents aren't available online. These portals go by different names in different states — some use "eCourt," some use "eCourts," some have branded names entirely — but they tend to live on state court websites under a ".courts.state" or similar domain. Before you assume a state doesn't have online access, search directly for the state court's official website and look for a public access or case search link.

A resource that helps bridge the gap across states is the National Center for State Courts, which maintains a directory of state court websites and their electronic access capabilities. The variation is real, but it's mappable, and understanding the landscape before you start a search saves time that would otherwise be spent trying to access systems that genuinely aren't online.

One category of court records deserves its own treatment: bankruptcy filings. Bankruptcy cases are federal cases, handled in federal bankruptcy courts — there are ninety-four of them, aligned with the federal district courts — and they're accessible through PACER. But they warrant special attention because of what they contain. When someone or a company files for bankruptcy, they are required to submit detailed schedules of assets and liabilities. These schedules list bank accounts, real property, personal property, investments, and debts. They list creditors by name and amount. They list income, expenses, and recent financial transactions. For a researcher trying to understand someone's financial situation, a bankruptcy filing can be more comprehensive than any other single public document.

The main types of bankruptcy that come up in research each carry information of a different kind. Chapter 7 — liquidation bankruptcy — is filed by individuals and businesses seeking to discharge debts entirely. Chapter 11 is the reorganization bankruptcy used primarily by businesses; it tends to generate the most voluminous filings, because the debtor must propose a reorganization plan and creditors can object. Chapter 13 is an individual reorganization, typically used by people who have regular income and want to protect assets like a house while catching up on debts. In a chapter 11 case especially, the document trail can be enormous: monthly operating reports, creditor committee filings, disclosure statements, asset sale motions. Each of those documents can be a source.

Worth knowing: PACER's bankruptcy section is separate from the regular district court section, even though both use the same login. When you're searching PACER for bankruptcy cases, the search interface is slightly different. Search by the debtor's name, not by case number, unless you already have one.

Now step back to the broader skill of reading court documents, because this is where most first-time researchers hit a wall. The wall isn't complexity — it's vocabulary. Legal documents use terminology that's precise in ways that can seem impenetrable, but most of it resolves quickly once you know the basic structure.

Every civil case starts with a complaint. The complaint is filed by the plaintiff — the party bringing the lawsuit — and it lays out the factual allegations and the legal claims. Reading a complaint is usually the fastest way to understand what a case is about, because complaints are written to persuade: they tell the plaintiff's story in the most favorable terms. Worth remembering that a complaint contains allegations, not proven facts. The defendant hasn't responded yet. The plaintiff's version is the starting point, not the verdict.

After the complaint comes the answer, filed by the defendant. The answer either admits or denies each allegation in the complaint. A common pattern — one that surprises most non-lawyers — is that defendants deny nearly everything, even things that seem obviously true, as a procedural formality. Don't read blanket denials as evidence of anything; they're standard defensive posture.

The docket is the index of everything that has been filed in a case, listed in chronological order. Learning to read a docket is the core skill for navigating court records. Each entry on a docket has a date, a docket number, and a description. Some entries are routine — scheduling orders, requests for extensions. Others are significant: motions for summary judgment (which ask the court to decide the case without a trial), orders granting or denying those motions, deposition notices, exhibit lists, settlement notices. The docket tells you the shape of the case: how long it ran, how contested it was, whether it settled or went to judgment, and at what stage. A case that settled on the eve of trial after years of litigation often contains far more on the docket than its quiet resolution would suggest.

Civil versus criminal is a distinction worth understanding clearly, because the implications for research are different. A civil case is a dispute between parties — usually over money or conduct. The plaintiff sues the defendant and seeks damages or an injunction. Criminal cases are brought by the government against an individual and can result in incarceration. In criminal cases, the charging document is called an indictment (if a grand jury is involved) or an information (if the defendant waives a grand jury). Criminal cases almost always contain something valuable to a researcher: the charging document spells out specific alleged conduct in detail, often including dates, dollar amounts, and named co-conspirators. Plea agreements, when they exist, can be particularly revealing — defendants often allocute, meaning they admit specific facts on the record as part of a plea.

One practical move when reading civil documents without a law degree: look for the exhibits. Exhibits are documents attached to filings — contracts, emails, financial statements, corporate records — that the filing party is offering as evidence. They're labeled as Exhibit A, B, C, and so on, or sometimes by name. Because they're introduced as evidence, exhibits often contain the actual source documents that underlie a dispute. If someone is suing over a contract, the contract itself is usually an exhibit. If someone is alleging fraud via email, the emails are usually exhibits. The exhibits are frequently the most useful documents in a case for a researcher who wants primary source material.

A few specific things to look for when you pull a court file. First, the prayer for relief — the section at the end of the complaint where the plaintiff states what they want. Dollar amounts in the prayer for relief are often aspirational and inflated, but they signal what the dispute is really about and how seriously the plaintiff takes it. Second, any declaration filed in support of a preliminary injunction. Injunctions are emergency orders, and to get one, the moving party has to demonstrate immediate harm; declarations in support of injunctions are therefore often unusually candid and detailed about the underlying facts. Third, sanctions motions — allegations that the other side has behaved improperly during litigation. These are filed between the parties' lawyers, but they often contain specific factual accusations that don't appear anywhere else in the record.

Here's the part nobody mentions about reading court records: the gap between the allegations and the outcome matters enormously. A complaint that makes dramatic accusations is not the same thing as a judgment that finds those accusations true. A case that was dismissed — whether voluntarily by the plaintiff or by court order — tells you very little about whether the underlying allegations had merit. Responsible use of court records means distinguishing clearly between what was alleged, what was proven, and what was adjudicated.

PACER's search functionality has limitations worth knowing before you spend time on it. The national case search — which lets you search across all federal courts at once — is called PACER Case Locator. It searches by party name and returns a list of cases. But the full documents are retrieved through each court's individual system, which means clicking through to a specific court from the locator results. PACER's Case Locator documentation describes this two-step process, and understanding it in advance saves the frustration of wondering why a search returns cases but no documents.

State court searches have their own friction points. The most common: names. Court records are indexed by the name as it was entered into the system at filing, which means a search for "Robert Smith" may miss cases filed under "Bob Smith" or "R. Smith" or with a middle initial. Business names are even trickier — variations in "LLC" versus "L.L.C." versus the entity name without a suffix can cause cases to not appear in a search. The practical fix is to search multiple variations and to pay attention to what other names appear in documents you find, then search for those too.

For researchers who want to cast a wide net without paying PACER fees on exploratory searches, a few free tools are genuinely useful. CourtListener, run by the Free Law Project, indexes a large volume of federal opinions and has the RECAP Archive of filed documents. Justia offers free access to federal and state court opinions — the final rulings — though not always to the underlying case documents. Bloomberg Law and Westlaw are the professional-grade tools that lawyers use; they're expensive but comprehensive, and many public libraries and law school libraries offer access. If you're doing occasional research rather than professional investigation, the combination of CourtListener and direct PACER access for specific documents covers most needs.

One category that state court systems handle exclusively, and that often surprises researchers, is family law — divorce, custody, and guardianship proceedings. These cases are technically public record in most states, though some states seal them or restrict access. Divorce filings can contain detailed financial disclosures: lists of assets, retirement accounts, business interests, debts. For understanding someone's financial situation, a divorce filing can be as revealing as a bankruptcy, and because it's in state court rather than federal, many researchers simply don't think to look there.

So here's what you now have: a map of two court systems, a practical path into each, a vocabulary for navigating the documents, and a sense of what each document type is likely to contain. Federal cases via PACER, with the RECAP Archive as a free first stop. State cases through each state's own portal, knowing that the variation is real but navigable. Bankruptcy filings as a special category worth treating as financial disclosure. And the docket as the master index that tells the shape of any case before you spend time on individual documents.

Courts are where the official record of conflict lives. What people do when they get in trouble — financially, legally, personally — gets documented there in ways that almost nothing else can match. The next question is who controls the entities those people work through, and how to follow the paper trail when ownership is deliberately obscured — which is exactly what the next section takes on.

6How to Find Out Who Owns an LLC: Corporate Records Research

Court records give you the disputes. Property records give you the assets. But the question of who actually owns a company — who controls it, who profits from it, who's hiding behind it — that's where corporate records come in.

Most people treat business registration as background noise, the bureaucratic paperwork a company files once and forgets. The reality is richer than that. Secretary of State filings, registered agent records, UCC financing statements, and articles of incorporation form a kind of public paper trail for commercial life — and that trail, once you know how to read it, reveals ownership structures that were never meant to be invisible in the first place.

There are a few distinct tools here, and each rewards a slightly different question. So the section builds outward: starting with the basic state-level search, moving through the documents you'll find there, then into UCC filings and beneficial ownership, and finally into the methods investigators use to follow ownership chains when they deliberately snake through multiple entities.

Start with the simplest entry point: the Secretary of State database. Every U.S. state maintains a registry of businesses formed or registered to do business within its borders. These registries are almost universally searchable online, and most are free. You can search by business name, by registered agent name, or in many states by the name of an officer or director. What comes back is a snapshot of the company's official existence — its formation date, its current standing (active or dissolved), its registered address, and typically a list of the documents it has filed over its lifetime. OpenCorporates, which aggregates corporate registry data from jurisdictions worldwide, tracks more than 200 million companies across registries in dozens of countries, which gives a sense of just how much of this data exists once you know where to look.

The registered agent field is worth pausing on, because it's where most casual researchers stop paying attention — and where experienced ones start getting curious. Every business entity registered in a state is required to designate a registered agent: a person or company with a physical address in that state, authorized to receive legal documents on the business's behalf. For large corporations, that might be a major law firm or a national registered-agent service. But for smaller entities — and especially for entities being used to obscure ownership — the registered agent is often the only human name attached to the filing. If you find a dozen LLCs all sharing the same registered agent at the same address, that's a signal worth following. It doesn't mean wrongdoing, but it means the entities are almost certainly connected, even if their names don't advertise that.

The articles of incorporation — or articles of organization, for LLCs — are the founding documents filed with the state when the entity is created. These are public records in virtually every state, and they tell you several useful things. They record the entity type: corporation, limited liability company, limited partnership, and so on. They state the registered agent. They often list the initial directors or organizers, though some states allow anonymous formation with only the organizer's name. They describe the entity's stated purpose, though that language is usually boilerplate broad enough to cover almost anything. And they record the formation date, which anchors the company in time — useful when you're trying to establish who was running what, when.

Annual reports are the follow-on documents that matter just as much. Most states require active entities to file annual or biennial reports updating their officer and director information, confirming the registered address, and affirming the entity remains in good standing. These reports are also public, and they're where you'll catch changes — a new director coming on, a registered agent change, a shift in the principal address. If you're doing due diligence on a company over time, comparing annual report filings year by year is one of the most efficient ways to spot personnel and structural changes. Nolo's due diligence guide notes that a thorough investigation before buying a business includes precisely these kinds of records — because they reveal the company's structure, debts, and operating history in ways that no seller's pitch can fully conceal.

Now, the UCC filing — this is the one that most people have never heard of, and it's genuinely useful. UCC stands for the Uniform Commercial Code, a standardized set of commercial laws adopted across U.S. states. When a lender extends credit secured by business assets — equipment, inventory, accounts receivable — the lender files a UCC-1 financing statement with the state. That filing is a public notice to the world: this creditor has a security interest in these assets. You can search UCC filings by the debtor's name through most Secretary of State databases, and what you find is a map of the business's secured debt.

The practical value of a UCC search runs in two directions. If you're vetting a potential business partner or acquisition target, UCC filings show you who the company's creditors are and what assets are already pledged as collateral. A company that appears profitable on the surface might have its entire inventory, its equipment fleet, and its receivables already spoken for by a lender you didn't know existed. That's the kind of hidden claim that Nolo describes as potentially discoverable only through public sources like UCC databases — information the seller has no incentive to volunteer. The second direction is investigative: UCC filings frequently name lenders you've never heard of, which can be the first clue that a company is connected to a financial backer operating through its own obscure entity. Follow that entity, and the chain lengthens.

Bear with this for one more step, because the entity-chain problem is where corporate records research actually gets complicated. The basic Secretary of State search works well when you're looking at a single company with transparent ownership. But the practice of layering entities — creating an LLC that is owned by another LLC, which is managed by a trust, which names a registered agent with no other public profile — is common enough that the ICIJ Offshore Leaks Database documents more than 810,000 offshore entities connected across more than 200 countries and territories, many of them structured precisely to place distance between the beneficial owner and public records. Beneficial ownership — the person who ultimately controls and profits from an entity, as distinct from whoever's name appears on the filing — can be obscured across multiple jurisdictions, each with its own disclosure norms.

This is where the concept needs precise language. The registered owner of a company is whoever the state recognizes as holding the ownership interest. The beneficial owner is the human being who actually calls the shots and receives the economic benefit. In a simple small business, those are the same person. In a deliberately opaque structure, they can be separated by several layers of shell companies, nominee directors, and jurisdictional gaps. The ICIJ's Offshore Leaks investigations — including the Panama Papers, Pandora Papers, and Paradise Papers — turned on exactly this distinction: records showing registered ownership were essentially useless; what the investigations revealed was beneficial ownership that had been hidden for decades.

How do you follow an ownership chain when it spans multiple entities? The method is systematic, and it requires noting every name and address that appears in any filing, then treating each one as a new search target. Start with the company itself. Note its registered agent. Note its officers and directors. Note its address. Then run each of those names as a separate search — in the same state's Secretary of State database, and ideally in databases for other states and countries. A name that appears in one filing often appears in others. An address shared between an obscure LLC and a more prominent company is a connection worth documenting.

The registered agent is particularly valuable here, because professional registered-agent services often serve hundreds of companies — but when a private individual is listed as registered agent, that person is almost certainly connected to the beneficial owner. And if that same individual appears as registered agent for five other LLCs, you now have five more entities to pull filings for. The network expands from there.

For cross-state and international searches, OpenCorporates aggregates corporate registry data across jurisdictions and allows searches that would otherwise require visiting dozens of separate state and country databases individually. For offshore structures specifically, the ICIJ Offshore Leaks Database covers entities from major leak investigations, searchable by name, and linking to related entities, addresses, and intermediaries in a way that makes tracing multi-hop ownership structures considerably faster than it would be through state-by-state manual searches alone.

One catch worth knowing about upfront: state Secretary of State databases vary enormously in quality. Some states offer robust, real-time online search with full document images. Others have data that's months out of date, or interfaces that require you to know the exact business name before you'll get a result, or document images that are scanned from paper and not text-searchable. Delaware is famously permissive about what it requires companies to disclose publicly — it's a popular incorporation destination precisely because its filing requirements are minimal. Wyoming and Nevada have developed similar reputations. When you find a company incorporated in one of those states but apparently operating elsewhere, that mismatch is worth noting. The choice of incorporation state is itself data.

The practical sequence for a corporate records investigation runs roughly like this. Search the Secretary of State database in the state of incorporation and in any state where the company is registered to do business — those are often different. Pull the articles of incorporation, all annual reports, and any amendments. Note every name and address. Run a UCC search for the entity name and any predecessor names. Check OpenCorporates for the same entity name across other jurisdictions. If the entity turns up offshore connections, search the ICIJ database. Then iterate: every new name and address becomes a new search target, and you keep going until the network resolves into something that either makes sense or raises a specific, documented question.

The goal isn't to assume wrongdoing. Most multi-entity ownership structures exist for entirely mundane reasons — liability separation, tax efficiency, estate planning. What the corporate records trail does is make the structure legible, so that when something does look wrong, you can see exactly where the opacity begins and what it might be hiding.

That paper trail, layered with property records, court filings, and financial disclosures, forms the backbone of almost every serious due-diligence investigation. But there's a category of records that captures something different — not what a company owns or who controls it, but what governments have done with taxpayer money on its behalf, and how campaigns have used its dollars. That's the territory of financial disclosure records, covered next.

7The Corporate Veil and How to See Through It

Somewhere in a federal agency right now, a document exists that could change everything — an inspector general report, a contract amendment, an internal email about why a program got quietly defunded. That document is yours to request. The law says so. The catch is that most people have no idea how to ask for it in a way that actually works.

The Freedom of Information Act — almost always abbreviated to FOIA, pronounced "foy-uh" — is a 1966 federal law that gives any person the right to request records from federal executive branch agencies. Not just journalists. Not just lawyers. Any person. The Department of Justice's guide to FOIA makes clear that citizenship isn't even a requirement — foreign nationals can file requests too. That single fact reframes what it means to do public-records research. You are not petitioning the government for a favor. You are exercising a statutory right.

Understanding that distinction takes most of the anxiety out of the process. Here's what makes the difference between a request that gets answered and one that disappears into a backlog for three years.

Start with what FOIA actually covers, because the scope is narrower than people assume. The law applies to the executive branch — the departments, agencies, and commissions that report, ultimately, to the White House. That means the EPA, the FDA, the Department of Defense, the FBI, the SEC, the FTC, and hundreds of other bodies. What it does not cover is Congress, the federal courts, or the President's immediate staff in the White House Office. State and local governments have their own sunshine laws — and those will get their own treatment shortly. But at the federal level, if the agency has an acronym and it answers to the executive, FOIA reaches it.

There's a common misconception worth addressing here: many people assume FOIA is only useful for getting records about other people or organizations. In fact, some of the most powerful FOIA requests are for records about how agencies make decisions — internal memos, policy guidance documents, contracts, and communications that reveal not what the government did, but why. That's often the more interesting layer.

Now for the mechanics. Every covered agency is required to maintain a FOIA office, and most of them have online portals where requests can be submitted directly. The FOIA.gov portal — run by the Department of Justice — lists every federal agency's FOIA contact and links to their individual request portals. This is the right place to start. You pick the agency, you navigate to its specific portal, and you file there. Filing with the wrong agency doesn't kill your request, but it wastes weeks or months before a referral gets sorted out.

The request itself is simpler than people expect. There's no magic legal language required. A FOIA request doesn't need to cite specific statutes, use Latin phrases, or be written by an attorney. What it does need to do is describe the records you want with enough specificity that a government employee who knows the agency's filing systems could actually locate them. That last clause is the key. You're not describing what you want to learn. You're describing what records would contain the answer.

Consider the difference between these two framings. A request that says "all records related to the agency's response to the 2023 water contamination event in East Palestine, Ohio" is doing better than one that says "information about how the EPA handles environmental disasters." The first describes records. The second describes a topic. The Reporters Committee for Freedom of the Press's FOIA guide emphasizes this distinction repeatedly: agencies respond to record descriptions, not research questions. Think about what a responsive document would look like — a memo, a contract, an email chain, a spreadsheet — and describe that document rather than the underlying question you're trying to answer.

Date ranges help enormously. "All emails between the agency's regional director and the contractor from January 2022 through December 2023" is far easier to fulfill than the same request without dates. Specific offices or individuals narrow the search. File types matter too — if you want emails, say emails. If you want inspection reports, say inspection reports. The more surgical your description, the faster the response and the lower the chance an agency will claim your request is too broad or burdensome to process.

There's a fee structure to know about. FOIA requests are not always free, though in practice many are. The National Security Archive's FOIA requester guide breaks down the three fee categories: search fees, duplication fees, and review fees. Journalists and news organizations get preferred treatment — they can be charged duplication costs only, not search or review. Educational and non-commercial researchers get similar treatment. Commercial requesters pay the full freight. If you're an individual filing for personal use, you generally pay duplication fees but not search fees. And here's the thing most people don't know: you can — and should — include a fee waiver request in your initial submission. The standard is whether disclosure is "likely to contribute significantly to public understanding of the operations or activities of the government." That's a somewhat elastic standard, and agencies sometimes deny fee waivers on first pass, but asking costs nothing.

The timeline question is where things get messy. The law says agencies have twenty business days to respond. What "respond" means in practice is often just an acknowledgment that the request was received and a tracking number assigned — not the documents themselves. The FOIA Project at Syracuse University's TRAC database tracks agency response times, and as of recent years, backlogs at major agencies like the FBI and State Department run to years, not months. The FBI's backlog has at times stretched past five years for complex requests. That's not a reason not to file — it's a reason to file early, to file specifically, and to know your options when things stall.

This is where MuckRock becomes genuinely useful. MuckRock is a nonprofit platform that lets you draft, file, track, and publish FOIA requests — both federal and state — all in one place. It maintains a public database of requests and responses, which means before you file your own request, you can search whether someone else has already gotten the documents you're looking for. That search alone saves enormous time. MuckRock also generates agency-specific cover letters and handles fax submissions to agencies that still require them, which — and this is not a joke — some agencies do. The platform charges modest fees for some services, but the request database is publicly searchable for free. MuckRock's own documentation on how to use the service describes it as having processed hundreds of thousands of requests across thousands of agencies. For anyone doing regular public-records research, it's infrastructure, not a luxury.

Now for the part that frustrates everyone: exemptions. FOIA has nine statutory exemptions — nine categories of records that agencies can withhold, in whole or in part. Worth knowing all nine at a high level, because the most common ones will appear in every denial letter you ever receive.

Exemption 1 covers classified national security information. Exemption 2 covers internal personnel rules and practices. Exemption 3 catches records specifically protected by other federal statutes — and this is a broad bucket, because many statutes explicitly shield certain agency records from disclosure. Exemption 4 protects trade secrets and confidential commercial information — expect this one when requesting records related to government contractors. Exemption 5 is the one journalists and advocates fight about most: it covers "inter-agency or intra-agency memorandums or letters" that would not normally be available in civil litigation. In plain English, that's the deliberative process privilege — the government's ability to protect the internal back-and-forth of how decisions get made. Agencies invoke Exemption 5 liberally, and courts have periodically pushed back. Exemption 6 protects personal privacy in personnel and medical files. Exemptions 7 through 9 cover law enforcement records, records about financial institution oversight, and geological exploration data — those come up less often in most research contexts.

The critical point about exemptions is that they're not all-or-nothing. Agencies are required to release non-exempt portions of a document even when exempt portions exist — that's the concept of segregability. A heavily redacted document isn't a lost cause. It still shows you what categories of information existed, what offices were involved, what the date range of relevant activity was. Experienced FOIA researchers treat redacted documents as a roadmap for follow-up requests, not as a dead end.

What happens when a request is denied, partially fulfilled, or simply ignored? This is the appeal ladder, and most requesters never climb it — which is exactly why agencies can afford to be aggressive with initial denials.

The first rung is the administrative appeal. Every FOIA denial must include information about the right to appeal within the agency. You have ninety days to file. The appeal goes to a different person than the one who made the initial determination — in theory, a more senior official conducting a fresh review. The Department of Justice's FOIA appeals guidance notes that administrative appeals succeed surprisingly often. Agencies sometimes reverse initial denials at the appeal stage, particularly when the appeal letter specifically argues which exemptions were improperly invoked and cites relevant case law. You don't need to be a lawyer to do this, but you do need to be specific. Saying "I appeal this denial because you got it wrong" accomplishes less than saying "the deliberative process privilege of Exemption 5 does not apply to this record because it constitutes a final agency policy statement, not a predecisional draft, as established in Renegotiation Board v. Bannercraft."

The second rung is OGIS — the Office of Government Information Services, housed within the National Archives. OGIS serves as a mediator between requesters and agencies. It's not an enforcement body; it can't order an agency to release records. But it can facilitate dialogue when requests are stalled or when appeals have failed, and it publishes reports on agency compliance that create some reputational accountability. Filing an OGIS complaint is free and takes minutes.

The third rung is federal court. Filing a FOIA lawsuit is a real option, and it's less exotic than it sounds. Federal district courts have jurisdiction over FOIA cases, and the government pays attorney fees when requesters substantially prevail. That fee-shifting provision means FOIA litigation is economically viable for advocacy organizations and media outlets. The Knight First Amendment Institute at Columbia University has litigated landmark FOIA cases and publishes its legal filings publicly, which makes useful models for researchers interested in how FOIA arguments get constructed. For individual researchers not affiliated with an organization, litigation is a longer shot — but knowing the option exists matters, because agencies also know it exists, and sometimes an appeal letter that mentions potential litigation accelerates agency action.

State-level sunshine laws deserve equal attention, because for a huge category of research — local government, state agencies, municipal contracts, public schools, police departments — state law is the operative tool, not federal FOIA. Every state has some version of an open-records law, though the names vary. You'll hear "sunshine law," "open-records act," "right-to-know law," and "public-records law" used interchangeably.

The variation between state laws is genuinely significant. Some states are among the most open-records-friendly jurisdictions in the world. Florida's Government-in-the-Sunshine Law, codified in Chapter 119 of Florida statutes, is frequently cited as one of the broadest in the country — Florida's Office of Open Government describes it as a strong presumption of openness, with records being public unless a specific exemption applies. Texas has a similarly robust framework with short response deadlines. At the other end, states like Arkansas and Mississippi have historically had weaker enforcement mechanisms and broader exemptions.

The Reporters Committee for Freedom of the Press maintains the Open Government Guide, a state-by-state breakdown of every jurisdiction's open-records and open-meetings laws. This is the reference to bookmark. It covers the response timeframes, fee structures, available exemptions, and appeal pathways for all fifty states and the District of Columbia. Before filing a state records request, fifteen minutes with this resource will tell you what to expect.

A few patterns hold across most state laws that are worth knowing. State requests generally go directly to the record-holding agency or office — often a specific department within city hall, a county clerk, a school district's records office. Unlike the federal system, there's usually no centralized portal. Response times at the state level are often shorter than federal FOIA timelines — many states require response within five to ten business days, though "response" again may mean acknowledgment rather than production. States vary widely on whether they charge for search time, and some states require agencies to create records — not just produce existing ones — while most don't.

One genuinely underused technique at the state level: open-records requests for records that federal agencies have already shared with state counterparts, or that state agencies have generated in connection with federally funded programs. A state environmental agency that receives EPA grants, for example, likely holds records that overlap with federally filed reports — and the state version may be easier and faster to obtain than the federal one. Parallel filing at multiple levels is a legitimate strategy that experienced investigators use regularly.

Back to the practical. When a request is going to take a while — and many will — there are things to do while waiting. First, check FOIA reading rooms. Agencies are required by law to post frequently requested records online, and some agencies are better than others about maintaining these. The FBI's Vault is a famous example: it contains thousands of previously released documents, organized by subject, and searching it before filing a FOIA is just common sense. The CIA, the State Department, the Defense Department, and most major agencies have similar repositories. Second, use FOIA logs. Agencies are required to log all requests they receive, and these logs — which are themselves obtainable via FOIA — tell you what other researchers have asked for and what's been released. MuckRock has aggregated many of these logs and makes them searchable. Third, look for FOIA litigation databases. Court decisions interpreting FOIA exemptions are public record, and the Department of Justice maintains a FOIA case law database that tracks significant decisions — useful when constructing an appeal.

A note on strategy that doesn't get said enough: narrower requests get faster responses. This seems counterintuitive — you want everything, so ask for everything. But broad requests trigger broader searches, larger fee estimates, and longer review times. Experienced FOIA practitioners often file a series of targeted requests rather than one omnibus one. Start with something narrow enough to get a quick response. The documents you get back will often reveal new offices, new date ranges, new document types you didn't know existed — which then inform the next, better-targeted request. Think of the first request as a probe, not the whole mission.

The last thing worth knowing is how FOIA research compounds with the other record types covered elsewhere in this course. A federal contract obtained through USASpending.gov tells you what was paid and to whom. A FOIA request for the procurement file — the competitive bids, the evaluation memos, the technical proposals — tells you why. Property records show who owns a building that houses a federal contractor. A FOIA request for the lease file tells you what the government paid for the space and whether there were any irregularities in the award. Court records from PACER show that a company was sued by a former employee. A FOIA request to the relevant federal agency might surface a simultaneous investigation. The records don't just coexist — they cross-validate and extend each other. That compounding effect is what separates a thin background check from a real investigation.

Knowing how to file, how to appeal, and how to use tools like MuckRock and reading rooms turns the law from an abstract right into a practical one — a door that opens with the right key. The question now is what's waiting behind the financial disclosure door, where campaign contributions, lobbying records, and federal spending data live in publicly searchable databases that most researchers haven't found yet.

8Reading a Business Registration

The money trail is usually the most revealing thing about power — and most people have no idea how much of it is already on the record, available to anyone willing to click through a government database.

Campaign contributions, federal contracts, lobbying disclosures, public company filings, nonprofit tax returns — these aren't buried under FOIA requests or locked behind paywalls. They exist in searchable, downloadable form right now, maintained by federal agencies whose job is to keep them current. The challenge isn't finding the door; it's knowing which door leads where.

This section walks through five major categories of financial disclosure records: campaign finance through the Federal Election Commission, lobbying registrations and disclosures, federal spending through USASpending.gov, SEC filings for publicly traded companies, and Form 990 filings for tax-exempt nonprofits. Each one rewards even a first visit, and together they form a nearly complete picture of how money moves between institutions and the people who shape public policy.

Start with campaign finance, because nothing else puts names to numbers quite as directly. The Federal Election Commission — the FEC — maintains FEC.gov, a public database of every contribution to federal candidates, political action committees, and party committees above certain thresholds. When an individual donates more than two hundred dollars to a federal candidate in a single election cycle, that donation is disclosed: the donor's name, employer, occupation, city, and zip code appear alongside the recipient and the amount. For PACs and other committees, the filings go further — showing who gave to the PAC, and who the PAC paid, right down to individual vendors and consultants.

The practical value of this is hard to overstate. Say you're researching a company and you want to understand its political relationships. Search the company name in the FEC's contributor database and you'll see which employees gave to which candidates, how much they gave, and when. Do the same search on a candidate and you'll see their donor network — and whether that network is concentrated in a particular industry. These aren't inferences or estimates; they're the actual records the campaigns and PACs filed, under penalty of perjury.

Worth knowing: the FEC data has quirks that trip up first-time users. Individual donors can be listed under slight variations of the same name — a "William" who sometimes files as "Bill," or an occupation listed inconsistently across multiple donations. When searching for a specific person, try variations of their name and filter by employer or zip code to consolidate the picture. The FEC's own search interface at FEC.gov is functional but not elegant; for more powerful filtering and bulk downloads, the site offers structured data exports that let you pull large contributor or expenditure files into a spreadsheet.

The FEC also tracks independent expenditures — money spent by outside groups to support or oppose candidates without coordinating with campaigns. Since the Supreme Court's Citizens United decision in 2010, these "outside spending" categories have grown dramatically, and the FEC database captures them too. Super PACs, which can raise and spend unlimited funds, file regular disclosure reports showing their donors and expenditures. Looking at a super PAC's donor list often reveals the financial relationships behind political messaging that might otherwise look organic.

Now follow the money from the campaign into the building. Lobbying disclosures are where contributors' political investments get tracked into actual policy conversations. Under the Lobbying Disclosure Act, any individual or organization that meets certain thresholds for lobbying activity must register with the Senate and the House of Representatives and file disclosure reports twice a year. Those reports name the registrant, the client on whose behalf they're lobbying, the general policy areas being lobbied, the specific agencies and chambers contacted, and the total income or expenses involved.

The database for these filings lives at LDA.senate.gov, maintained by the Secretary of the Senate. It's searchable by registrant name, client name, issue code, and filing date. If you want to know which companies hired lobbyists to influence a particular piece of legislation, search by the relevant issue code — there are categories covering everything from defense to health care to financial services. If you want to know which lobbying firms a specific corporation used over a period of years, search by client name and scroll through the filings.

This is where the connection between campaign contributions and policy advocacy becomes visible. A donor who gave to the relevant committee chairs, then retained a lobbying firm to work on the legislation those chairs oversee, is following a documented path — and every step of that path is in a public filing. Connecting those dots is exactly what investigative reporters and good-government researchers do with these databases, and the raw material is available to anyone.

One catch that practitioners routinely mention: lobbying disclosures cover only formal lobbying activity as defined by the statute. If a company executive has lunch with a senator and it doesn't cross the legal threshold for "lobbying contact," it doesn't have to be disclosed. The filings capture the formal infrastructure of influence, not every conversation. That's a real limitation, but it still reveals a great deal.

Federal procurement records are the next major category, and they operate at a different scale than most people expect. USASpending.gov is the official open data source for federal contract awards, grant awards, loan guarantees, and other forms of federal financial assistance. According to USASpending.gov, the site tracks trillions of dollars in federal spending, searchable by recipient, awarding agency, place of performance, date range, and contract type.

The practical uses range widely. A researcher investigating a government contractor can pull every federal contract that company received over a period of years — the awarding agency, the contract value, the period of performance, the product or service purchased, and the NAICS code describing the work. A reporter covering a federal agency can pull all contracts that agency awarded in a fiscal year, sorted by recipient, to see which vendors dominate the relationship. A nonprofit monitoring equity in government contracting can filter by recipient demographics, which the database also tracks.

One concept worth understanding before your first USASpending search is the difference between a contract award and an obligation. When a contract is awarded, the government records an "obligation" — the anticipated cost. The actual payments ("outlays") happen over time as work is completed and invoices are paid. USASpending shows both, but they may differ significantly on any given contract, especially multi-year agreements. Knowing this prevents misreading an award as an immediate payment.

USASpending also covers federal grants, which are separate from contracts. Contracts are for services or products the government buys; grants are financial assistance provided to organizations — universities, nonprofits, state agencies — to carry out a public purpose. Both are in the database. If you're researching a university's federal research funding, or a nonprofit's government grant history, USASpending is often the fastest starting point.

The database links to contract descriptions and, in some cases, to the underlying contract documents themselves through connections with the System for Award Management — SAM.gov. Not every contract document is publicly available, but SAM.gov does publish basic registration information for every company that wants to do business with the federal government, including the company's principals, address, and NAICS codes. Cross-referencing a USASpending award with the SAM.gov registration can confirm ownership details that might be obscured through multiple layers of corporate structure.

Shift now to the financial disclosure ecosystem for public companies. The Securities and Exchange Commission — the SEC — requires publicly traded companies to file detailed disclosure documents that together paint a remarkably complete picture of the company's finances, risks, leadership, and governance. These filings are public by statute and available through the SEC's EDGAR database, which stands for Electronic Data Gathering, Analysis, and Retrieval.

The anchor filings most researchers reach for first are the annual report — the 10-K — and the quarterly report — the 10-Q. The SEC's EDGAR system makes both searchable by company name, ticker symbol, CIK number, or form type. The 10-K is the most comprehensive: it includes audited financial statements, a description of the company's business and competitive environment, material risk factors, legal proceedings, and the management discussion and analysis section where executives explain the year's results in narrative form. Reading the risk factors section alone — where companies are legally required to disclose material threats to their business — is often more candid than any press release the company has ever issued.

The 10-K also includes information about executive compensation, though the more detailed treatment appears in the proxy statement — the DEF 14A filing that companies submit before shareholder votes. The proxy discloses each named executive's total compensation package, including salary, bonus, stock grants, and other benefits. It also discloses related-party transactions: any dealings between the company and its executives, directors, or their families that might represent conflicts of interest. These disclosures are required by SEC rules and are often where the most interesting governance details live.

Beyond the standard filings, two other EDGAR form types deserve attention for research purposes. Form 4 filings track insider transactions — when an executive or director buys or sells company stock, they must file a Form 4 within two business days. Searching a company's Form 4 filings over time shows the pattern of insider trading activity, which can be informative in its own right. Form 8-K is the current report that companies file to disclose material events — a major acquisition, a CEO departure, a regulatory action, a restatement of financial results. The 8-K is often where breaking corporate news appears before the press release reaches the wires.

EDGAR's full-text search function — available at efts.sec.gov — lets you search across all filings for specific words or phrases. If you want to find every company that mentioned a particular supplier, regulatory risk, or executive by name in their filings, full-text search is the tool. It's underused but powerful, particularly for identifying whether a specific issue appears across multiple companies in an industry.

The last major category in this section is nonprofit financial disclosure through Form 990. This is where many researchers are surprised to find how much they didn't know about organizations they thought they understood.

Any organization that is exempt from federal income tax under section 501(c) of the tax code — with some exceptions for smaller organizations — must file a Form 990 annually with the IRS. That form is a public document. It discloses the organization's revenue and expenses, its program activities and stated mission, the compensation of its five highest-paid employees and its officers and directors, any grants it made to other organizations, and its governance policies. For foundations — the 990-PF variant — the disclosure is even more detailed, including every grant recipient and amount.

The canonical source for 990 data is ProPublica's Nonprofit Explorer, which aggregates IRS filings and makes them searchable by organization name, EIN (the nonprofit equivalent of a tax ID), state, and financial metrics. ProPublica's interface also extracts key figures — total revenue, total expenses, net assets, executive compensation — into a structured format, so you can compare across years without reading every page of the PDF. For bulk research, the IRS also makes 990 data available as machine-readable XML files through AWS.

What can you actually learn from a 990? Quite a lot. Compensation data reveals who an organization is actually paying and how much — important when evaluating whether a nonprofit's spending matches its stated priorities. The schedule of grants paid shows which organizations a foundation or charity is funding, which maps its network of influence. Revenue source breakdowns show whether an organization is primarily government-funded, donation-funded, or generating significant earned revenue. And the governance section reveals board composition, independence policies, and whether key decisions go through appropriate review.

One thing to watch for: the 990 reflects the fiscal year it covers, and organizations file on different schedules. A 990 available today might cover a fiscal year that ended eighteen months ago. When compensation or revenue figures seem surprising, check the year carefully — and cross-reference against the organization's own published financials when available.

These five databases — FEC, LDA Senate, USASpending, EDGAR, and ProPublica's Nonprofit Explorer — are each valuable independently. The real power emerges when you use them in combination. An individual who donates to a senator's campaign, whose company lobbies the same senator's committee, and whose company holds federal contracts awarded by agencies that committee oversees — that full picture only becomes visible when you've pulled from multiple databases and mapped the relationships across them. None of those individual filings is scandalous on its own. The pattern across all of them is a different matter entirely.

That kind of layered research — connecting financial disclosures to public records of different types to build a documented, defensible picture — is exactly what the verification and triangulation section coming up is designed to formalize into method.

9The Registered Agent Trail

There's a version of Googling that most people never discover — and the gap between that version and ordinary search is not small.

Think about the last time you typed something into a search engine and scrolled through the first page of results. You probably got a mix of news articles, Wikipedia entries, maybe a few ads, and results that were close to what you wanted but not quite it. That's fine for finding a restaurant or checking a movie time. It's nearly useless when you're trying to find out whether a company actually existed five years ago, who registered a particular website, or whether a photo was taken where someone claims it was taken.

The techniques in this section are what professional open-source investigators actually use — not because they have special access, but because they know how to ask better questions.

The goal here is to cover five distinct toolkits: advanced search operators, the Wayback Machine for archived web content, WHOIS and domain history lookups, reverse image search, and metadata extraction from files. Master all five and the research landscape looks fundamentally different.

Start with the search operators, because they're the most immediately actionable and the most systematically ignored. Google and other search engines accept a set of commands — called operators — that narrow results in ways the regular search bar doesn't. These aren't secret features; they're documented and free. They're just not in the interface, so most people never find them.

The site operator is the one that earns its keep the fastest. Typing site: followed by a domain name, then your search term, restricts results to that domain only. If you want to find every publicly indexed document from a particular government agency, or every mention of a name on a specific news outlet, the site operator does it in seconds. The colon must sit directly against the word site with no space, and the domain follows immediately — so it reads, in plain text, as: site colon, then the domain, then a space, then your search term.

Related to that is the filetype: operator, which restricts results to specific document types. Searching for filetype:pdf alongside a company name will surface annual reports, court filings, regulatory submissions, and internal documents that were publicly posted but wouldn't float to the top of a normal search. Try filetype:xls or filetype:xlsx on a government agency name and you may find spreadsheets of public data that nobody bothered to mention in the press release. This particular combination — site operator plus filetype — is one of the most productive research pairings that exists.

The intitle: operator searches only within page titles, not the full text of the page. This matters because page titles tend to reflect what the page is actually about, rather than what it mentions in passing. If you're looking for coverage of a specific event or a specific person's involvement in something, intitle: cuts the noise dramatically. The inurl: operator does the same thing for the URL itself — useful for finding specific types of pages within a site, like all the press releases on a domain, or all pages that contain the word "contract" in their address.

Two more worth knowing: the minus sign and the quotation marks. Quotation marks force exact phrase matching, which sounds obvious but makes an enormous difference when you're searching for a full name, a specific document title, or a distinctive phrase from a text you're trying to trace. The minus sign immediately before a word excludes that word from results. If you're searching for news about a person named Robert Smith and you're drowning in the musician, adding minus: the band name clears the results instantly.

Here's the part that catches even experienced researchers: operators can be stacked. A search combining site, filetype, quotation marks, and exclusions is entirely valid and extremely powerful. It's essentially a structured query aimed at a specific corner of the indexed web. Most search platforms support some version of these operators — DuckDuckGo, Bing, and others have their own syntax with overlap and differences, so it's worth checking the documentation for whichever platform you're on.

Now, everything just described applies to the live, currently-indexed web. That's a smaller slice of the information landscape than it appears. Pages get taken down, companies scrub their histories, officials delete embarrassing statements, and websites go dark. The internet has a memory, though, and its name is the Wayback Machine.

The Wayback Machine, operated by the Internet Archive and accessible at archive.org, has been crawling and saving snapshots of websites since 1996. The Internet Archive's Wayback Machine documentation describes its mission as building a permanent record of the web. As of 2026, it holds hundreds of billions of saved web pages. The practical implication is significant: a website that exists today looked different last year, and what it looked like five years ago may be the most relevant thing about it.

The interface is straightforward. Enter a URL into the Wayback Machine's search bar and you get a calendar view — years across the top, months expanding into individual days marked with dots, each dot representing a saved snapshot. Click a dot and you see the page as it appeared on that date. The resolution of the archive varies enormously by site; popular pages get crawled frequently, while obscure ones might have only a handful of snapshots across a decade.

Where this matters for research: a company's "About Us" page from three years ago may list executives who have since been quietly removed. A nonprofit's mission statement from 2019 may reveal funding priorities that contradict current public statements. A politician's campaign website from a previous election cycle may contain positions that have since been walked back. None of this is hidden in the sense of being secret — it was public when it was posted — but it requires knowing the archive exists.

There's a catch worth naming. The Wayback Machine doesn't archive everything. Pages that were explicitly blocked by the site owner using a robots.txt exclusion were not archived. Some content was archived and then removed at the request of the site owner. And the archive is imperfect — sometimes images don't load, sometimes only the HTML skeleton was saved without full styling or embedded media. What the Wayback Machine gives you is a best-effort historical record, not a complete one. For most research purposes, that's still extraordinary.

The CDX API — an application programming interface that lets you query the archive programmatically — is worth a brief mention for those comfortable with technical tools. It lets you retrieve a list of all archived URLs for a domain, across all dates, which is useful for finding pages the site doesn't link to anymore. In plain language: it's how you find what a website used to have that it's now hiding. You don't need to write code to use it; several free web tools wrap the CDX API in a simple interface.

From archived content to domain history. When a website is registered, information about the registrant — name, organization, email address, phone number, and mailing address — is technically recorded in a database maintained under the domain name system. WHOIS is the protocol for querying that database.

The phrase "technically recorded" is doing real work in that sentence, because the picture is complicated. In the early years of the commercial internet, WHOIS lookups returned rich contact information directly. That changed substantially after 2018, when the General Data Protection Regulation — GDPR, the European Union's sweeping privacy law — was interpreted to require that registrar databases redact personal information for individuals. Many registrars now show a privacy proxy or simply blank fields where the registrant's identity used to appear. ICANN, the organization that oversees domain naming, has been navigating this tension between privacy and transparency ever since.

That said, WHOIS and domain history remain valuable. Even redacted records show the registrar used, the nameservers, the registration date, the expiration date, and the last-updated timestamp. Registration dates can reveal when a domain was first set up — a company claiming to have operated since 2015 but whose domain was registered in 2023 has a problem to explain. Nameserver configurations can show hosting relationships between seemingly unrelated domains. And for non-European registrations, or older records before GDPR-era redaction kicked in, contact information is sometimes still present.

Domain history goes further than a live WHOIS lookup. Tools like DomainTools, who.is, and ViewDNS.info maintain historical WHOIS records — snapshots of registration data going back years. This is how you find that a domain currently owned by a limited liability company was once registered to a specific person's home address, or that a website currently presenting itself as a legitimate news outlet was previously hosting something else entirely. DomainTools' domain history documentation describes exactly this kind of longitudinal view of domain ownership. The historical record doesn't disappear just because the current registration is privacy-protected.

One technique that follows naturally from WHOIS: reverse IP lookup and shared hosting analysis. A given IP address can host dozens or hundreds of websites. If you have the IP address associated with a suspicious domain, querying that IP can reveal what other domains are hosted on the same server — and the company behind those other domains may have contact information that's not hidden. This can surface connections between seemingly unrelated web properties.

Stay with this for one more step, because it pays off. WHOIS data, nameserver records, and IP lookups all live in the same general ecosystem of DNS — the domain name system. Understanding that ecosystem as a connected web of records, rather than a single lookup, is what separates a one-time check from a full domain investigation. Each record type points to others.

Now shift perspective entirely — from text and metadata to images. Reverse image search is the technique of using an image itself as the search query, rather than a text description of what you're looking for. The practical applications range from verifying whether a photograph is what it claims to be, to identifying individuals, to finding the original context of an image that's been shared without attribution.

The mechanics: you provide an image file or image URL to a search engine that has indexed the web visually, and it returns pages where the same or similar image appears. Google Lens (which replaced the original Google Images reverse search function) handles this, as does TinEye, which specializes in reverse image search and maintains its own index. Yandex's image search is a third option that, according to practitioners in open-source intelligence communities, often surfaces results that the others miss — particularly for images originating in Eastern Europe or Russia. Different engines have different indexes, and running the same image through all three takes under two minutes.

Where this earns its place in serious research: a photograph claiming to show events in a specific city on a specific date may turn up on the reverse search as having been published years earlier in a completely different context. This kind of image recycling is common in misinformation. A profile photo on a social media account or a corporate website may appear on stock photo services, revealing that the "person" doesn't exist. A news story may illustrate a claim with an image that turns out to be from a different country, a different decade, or a different event entirely.

The technique has limits worth acknowledging. Reverse image search works best on photographs that have been published somewhere on the indexed web. Original images that have never been published won't return useful results. Heavy cropping, filtering, or modification of an image can defeat the matching algorithm. And some platforms don't allow image URLs to be submitted directly, requiring a downloaded copy. Despite these limitations, it's often the fastest way to answer the question "where did this image actually come from?"

Geolocation from imagery deserves a brief mention, even though it's technically a separate technique. Visual details in an image — architecture styles, road markings, vegetation, signage in partial view, the angle of shadows — can be cross-referenced against satellite imagery and street-level photography to pin down where a photo was taken. The Bellingcat collective has built a substantial body of practice around this, and Bellingcat's open-source investigation guides describe methodology for geolocation and image verification in considerable detail. It's painstaking work, but it's entirely based on open sources.

The final technique in this set is metadata extraction — and this one surprises people who haven't encountered it before. Digital files are not just their content. They carry embedded data about when they were created, what software created them, what device was used, and in the case of photographs taken on smartphones, often the precise GPS coordinates of where the photo was taken.

This embedded information is called metadata, and the standard format for it in photographs is EXIF — Exchangeable Image File Format. EXIF data can include the camera make and model, the lens used, the exposure settings, the date and time of capture (including timezone in some implementations), and in GPS-enabled devices, the latitude and longitude at the moment of capture. A photograph shared as evidence of something happening somewhere can be checked against its own embedded coordinates.

The catch — and it's an important one — is that many platforms strip EXIF data when images are uploaded or shared. Facebook, Twitter, and most major social platforms have been doing this for years, partly for privacy reasons. An image downloaded from those platforms typically won't carry the original EXIF data. But photographs shared through other channels — email attachments, direct downloads from personal websites, files from leaked document sets — may retain their metadata intact. When they do, the information can be definitive.

Tools for reading metadata are widely available. ExifTool, a free command-line program maintained by Phil Harvey, is the standard for serious work — it reads metadata from a broader range of file types than almost anything else, including documents, audio, and video in addition to images. For those who prefer browser-based tools, Jeffrey's Exif Viewer and similar sites allow drag-and-drop metadata reading without installing software. The metadata in PDF documents and Microsoft Office files is its own category, sometimes containing the author's name, the organization's internal systems information, and revision history — details that can be highly relevant in document authentication.

It's worth treating EXIF and document metadata with appropriate care in both directions. On one hand, it can be compelling evidence when present. On the other hand, metadata can be edited — it's not tamper-proof. Sophisticated actors can alter timestamps and location data. The presence of metadata that supports a claim is useful; the absence of metadata, or metadata that contradicts a claim, is more significant.

Bring these five techniques together and something becomes clear: they form a kind of layered interrogation of any subject on the web. Operators surface the indexed content. The Wayback Machine surfaces the historical content. WHOIS and domain history surface the registration and ownership layers. Reverse image search surfaces the visual provenance. Metadata extraction surfaces what the files themselves say about their origins. Each layer can confirm or contradict the others, and together they constitute a research posture that's qualitatively different from typing a name into a search bar and reading the first few results.

The gap between casual search and structured open-source research isn't about access to special databases or paid subscriptions — most of what's described here is free. The gap is about knowing that these layers exist and developing the habit of checking each one systematically... which is exactly what distinguishes a verifiable finding from a hunch.

None of this will tell you whether a source is trustworthy on its own — that requires triangulation across multiple record types, a process that belongs to the next part of this course, where the question becomes not just how to find information, but how to know when you've found enough to be confident in what it means.

10UCC Filings: The Hidden Financial Web

Social media posts have a half-life that most researchers don't fully appreciate until something disappears exactly when they need it most. A video goes viral one afternoon, gets shared ten thousand times, and by morning the account is deleted and the evidence is gone — not archived anywhere, not cached in any recoverable form, just gone. For investigators, journalists, and anyone who needs to build a factual record from what people publicly say and do online, that fragility isn't a minor inconvenience. It's the central problem the whole practice is organized around.

This section covers the investigator's toolkit for social media research: how to find public information legally and ethically, how to preserve it before it vanishes, how to verify that images and videos are what they claim to be, and how to think carefully about the line between legitimate research and something that starts to look like surveillance.

Start with the basics of what social media research actually is, because there's a common misconception worth clearing up immediately. Investigators working with social platforms are not hacking accounts, not accessing private messages, not scraping data in ways that violate platform terms of service, and not creating fake personas to gain trust. The work centers entirely on publicly visible information — posts, profile details, publicly viewable connections, location data embedded in posts or visible from context. The distinction matters legally, ethically, and practically. Legally, because accessing content people haven't made public runs into serious computer fraud territory, which is covered in a later section of this course. Ethically, because the justification for this kind of research rests almost entirely on the public nature of the material. Practically, because the most durable, court-ready, publishable evidence is material anyone could in principle have seen.

That said, "publicly visible" is a concept that repays more thought than it usually gets. Something posted to a public Twitter — now called X — account, visible to any anonymous visitor to the site, is clearly public. Something posted to a Facebook account set to "friends only" is not public, even if one of those friends shows it to a researcher. The line sits at what the platform shows to an unauthenticated visitor, or what any logged-in stranger could see. When researchers create accounts specifically to access content that would otherwise be hidden from them, they're in grayer territory. The general investigative journalism practice is to be explicit about this distinction in any published work, and to avoid techniques that require deceiving the subject about who's watching.

Now, the core workflow. It has three overlapping phases: finding, preserving, and verifying. Each has its own traps.

Finding useful information on social platforms sounds straightforward until you actually try it. Search functions on most major platforms are deliberately limited — partly for privacy reasons, partly for business reasons, partly because search is genuinely hard at the scale these platforms operate. The workarounds investigators use are worth knowing. The most durable is leveraging search engines rather than platform search: searching for a username, a real name combined with a platform name, or a specific phrase using the kinds of advanced operators covered in Section 8 of this course. Google indexes a significant portion of public social content, and it often surfaces posts that platform-native search misses entirely, especially older material. A search structured as a specific phrase plus the platform's domain name — using site-restricted search — can surface years of activity that a quick platform search wouldn't show.

Username correlation is another foundational technique. Many people use the same username across multiple platforms, or slight variations on it. Services like Bellingcat's online investigation toolkit describe this kind of cross-platform correlation as one of the baseline methods for building a fuller picture of a subject's online presence. If someone uses "hawk1972" on X, there's a reasonable chance they use the same handle — or hawk_1972 or hawkman72 — on Reddit, Instagram, LinkedIn, or any number of other platforms. Each additional platform potentially reveals different slices of the same person: professional details on LinkedIn, location context on Instagram, unguarded opinions on Reddit. None of this requires any special access; it requires patience and methodical searching.

Location data deserves its own moment of attention, because it's often invisible but revelatory. When someone posts a photo taken in a specific place, the image sometimes contains embedded GPS coordinates in its metadata — a topic that connects to the metadata extraction techniques in Section 8. Even when that embedded data isn't present or has been stripped by the platform, the image itself often contains visual clues: street signs, architecture, vegetation, distinctive landmarks, mountain profiles, shadows that indicate time of day and therefore sun direction. The practice of determining location from visual context in photos and videos is called geolocation, and it has become one of the most developed skills in the open-source investigation community. Bellingcat, the open-source investigation outlet that has documented many of these techniques across flight tracking, ship tracking, and similar disciplines, treats geolocation as a core competency — the same systematic cross-referencing approach that works for aircraft registrations works for street corners captured in a video posted to Telegram.

Now for the part that trips up most newcomers: preservation. Finding something is only half the work. The second half is making sure you actually have it when you need it.

The instinct is to take a screenshot, and screenshots are better than nothing, but they're not enough on their own. A screenshot shows what a post looked like; it doesn't necessarily prove when it was captured, and it can be disputed as doctored. Proper archiving means capturing the URL, the timestamp, the full metadata of what was visible, ideally through a tool that creates an independently verifiable record. Several approaches exist, and professional investigators typically use more than one.

The Wayback Machine at archive.org is the best-known option for capturing public web pages, including social media profiles and posts. You can submit any public URL for archiving, and the Wayback Machine stores a crawled copy with a timestamped record. The limitations are real: it doesn't archive everything, it struggles with content that requires login even for viewing, and it can be slow. But a Wayback Machine capture has an independent timestamp from a trusted third party, which gives it evidentiary weight a personal screenshot lacks. For anything that might eventually become part of a legal matter or published investigation, getting a Wayback Machine capture is close to mandatory.

Archive.today — formerly archive.is — is a faster, complementary option that many investigators prefer for social media content because it renders a full-page snapshot including dynamic content that Wayback Machine sometimes misses. Submit a URL, and within seconds you have a permanent link to a frozen copy of the page as it appeared at that moment. Unlike the Wayback Machine, archive.today is not run by a large nonprofit institution, which means its long-term reliability is less certain, but for day-to-day research capturing it's faster and more consistent with social content.

For video specifically, the workflow changes. A static page capture won't preserve an embedded video in a playable form. The standard investigative practice is to download the video itself using a tool designed for that purpose — several exist, and their availability shifts as platforms update their terms — and then store the original file with a hash. A cryptographic hash is a fixed-length fingerprint of a file: if the file changes even one bit, the hash changes. Recording the hash at the time of download creates a verifiable record that the video you're citing is exactly the video you captured, with no modification. This matters enormously if the material is ever disputed. Storing the file, the hash, the capture date, and the source URL together is the minimum documentation practice for video evidence.

The CrowdTangle question comes up in every conversation about social media research tools, so it's worth addressing directly. CrowdTangle was a Meta-owned analytics platform that gave researchers and journalists visibility into how content spread across Facebook and Instagram — which posts were going viral, in which groups, with which engagement patterns. It was genuinely useful for tracking misinformation, understanding coordinated behavior, and identifying emerging narratives. Meta shut CrowdTangle down in 2024, replacing it with the Content Library and Content Library API, tools with significantly more restricted access that require an application process and are limited to academics and researchers at approved institutions. For anyone outside that approved tier, the replacement is essentially no access at all. The practical consequence is that the kind of ecosystem-level visibility CrowdTangle provided — the ability to see how a piece of content was spreading across thousands of public groups simultaneously — is simply not available through official channels to most practitioners as of 2026.

The alternatives that practitioners have moved toward fall into a few categories. Some researchers build their own monitoring through platform APIs, where those APIs remain accessible — though Meta, Twitter, and others have tightened API access significantly over the past several years, generally making it more expensive and more restricted. Others use third-party social listening tools, which vary enormously in quality, cost, and the depth of their coverage. The Global Investigative Journalism Network and similar organizations track these changes actively, and checking current resources from those organizations is essential because the tool landscape genuinely shifts year to year in ways that can't be anticipated here.

For investigators without API access or institutional licenses, the practical toolkit often comes down to systematic manual searching, combined with the archiving tools described above and careful documentation of methodology. It's slower. It works.

Now verification — which is where the work gets genuinely hard, and genuinely important.

An image or video appearing on social media with a claim attached to it — this was taken in this place, at this time, during this event — may or may not be what it claims to be. The content might be authentic. It might be authentic but misattributed: a real image from one conflict reposted with a caption claiming it's from another. It might be digitally altered. It might be entirely fabricated using AI-generated imagery. Distinguishing among these possibilities requires a specific set of techniques, and getting it wrong has real consequences — publishing or sharing misinformation that looked credible because someone didn't do the verification work.

Reverse image search is the starting point. Taking the image and searching for it using Google Images, TinEye, or Yandex Images will surface other instances of the same image on the web, often revealing earlier appearances that contradict the claimed context. Yandex in particular has historically been strong at finding facial matches and visually similar images, and many investigators use it as a complement to Google Images rather than a replacement. If an image being claimed as from today shows up in a Getty Images archive from three years ago, that tells you something important.

The concept of chronolocation sits alongside geolocation: instead of asking where something was filmed, asking when. Shadows indicate sun position, which combined with the claimed location narrows down a date range. Seasonal vegetation, weather patterns, the visible phase of construction on a known building — all of these can constrain the time window. It's painstaking work, but for high-stakes verification it can be definitive.

Metadata in image files — the EXIF data that records camera model, settings, and sometimes GPS coordinates — is worth checking but shouldn't be over-relied on. Platforms strip EXIF data from uploaded images and videos routinely, so its absence tells you little. Its presence can be informative. And EXIF data can be spoofed by anyone with basic tools, so if it's present and looks almost too helpful, that's worth being skeptical about rather than simply accepting.

For video, additional tools and techniques come into play. Frame-by-frame analysis can surface inconsistencies. Video metadata can sometimes contain useful information. The presence of stabilization artifacts, compression patterns, or visual anomalies that suggest AI generation are things investigators learn to look for — though the field of AI-generated video detection is moving fast enough that any specific technical guidance here would be outdated within months. The general posture is: treat unusually compelling footage with more skepticism, not less, and look for corroborating evidence from independent sources.

This is also where the ethics of social media research gets most acute, so it's worth spending time here before closing.

The ethical questions in this work cluster around a few persistent tensions. First: consent. People posting publicly haven't necessarily consented to having their posts preserved indefinitely, quoted in legal filings, or published in news reports. The legal framework generally doesn't require that consent for public posts, but the ethical framework is more complex. The practice in responsible investigative journalism is to think carefully about whether the subject is a public figure or institution — where the accountability interest is high and the privacy expectation lower — versus a private individual who happened to post something publicly. Researching a politician's public statements is different from building a dossier on a private person who said something controversial in a Facebook group.

Second: targeting and harassment. The same techniques that allow a journalist to document a public figure's statements can be used by bad actors to aggregate information about private individuals in ways that facilitate harassment or stalking. The distinction isn't always in the tools or the techniques; it's in the intent and the subject. This is why responsible practitioners think carefully about what they publish and how. Publishing someone's home address pulled from public records is different from publishing their documented public statements, even if both involved the same research process.

Third: the aggregation problem. Individual pieces of public information — someone's full name, their employer, their neighborhood, their physical description, their daily commute route — are each innocuous on their own. Combined, they create a profile that can enable serious harm. The aggregation problem is why even purely public-record-based research requires ethical judgment: the question isn't just whether each piece was legitimately obtained, but what the combined picture enables.

Fourth: context collapse. Something posted in what the poster probably understood as a semipublic space — a friends-of-friends Facebook post, a local neighborhood group, a Discord server with a few hundred members — can be pulled out of that context and given global reach. The audience the poster imagined and the audience who actually sees the information are entirely different. Responsible investigators acknowledge this and think about whether the public interest justifies that context shift.

None of these considerations mean "don't do the research." They mean do the research thoughtfully, document your methodology, be clear in any published work about what sources you used and how, and ask regularly whether what you're doing serves accountability and truth or serves something else.

The researchers who do this work well — the ones whose findings hold up to scrutiny and who maintain the trust needed to keep doing it — tend to share a few habits. They document obsessively. They capture evidence with timestamps and hashes before doing anything else. They separate the search phase from the verification phase, so they're not unconsciously selecting evidence that confirms what they already think. They check their methods against current platform terms of service, because what's acceptable shifts. And they ask, periodically, the question that's easy to skip over when research is going well: who could be harmed by this, and is that harm justified by what I'm trying to find out?

The finding and the preserving and the verifying are all learnable skills. That last question is the one that requires judgment — and judgment, it turns out, is what separates research from surveillance.

The next section takes all of this — the social research toolkit, the property records, the court filings, the corporate documents, everything covered so far — and walks through how to actually combine them in specific real-world scenarios, because knowing the individual tools is one thing, and knowing which tools to reach for first when you're standing in front of an actual problem is something else entirely.

11Federal Business Sources

Somewhere in the middle of almost every investigation — professional or amateur — there's a moment where a single, clean-looking document shows up and the temptation is enormous: just use it, cite it, move on. That temptation has ended careers, damaged reputations, and spread genuine harm. The document looked authoritative. It came from what appeared to be a credible source. And it was wrong — or outdated, or manipulated, or only half the picture.

This section is about the discipline that separates real research from confident misinformation.

The key idea runs through everything that follows: a single source, no matter how official it looks, is not a conclusion. It's a starting point. What makes it reliable is what you find when you go looking for the gaps.

Start with a method called SIFT — and stay with it, because it's deceptively simple at first glance but pays off the longer you sit with it. SIFT is a four-step verification habit developed by Mike Caulfield, a digital literacy researcher whose work has been widely adopted in journalism and research training. The four moves are: Stop, Investigate the source, Find better coverage, and Trace claims to their origins. Each one addresses a different failure mode in how people naturally process information.

The first move — Stop — sounds almost too obvious to mention. But it's the one most often skipped. The moment you feel certain about something you've just read, that certainty is exactly when you're most vulnerable. A confident feeling is not evidence. Stopping means pausing before you share, act on, or build further research on what you've just found. It means asking, before anything else: do you actually know what this source is, and why it should be trusted?

The second move — Investigate the source — means going outside the source to understand it. Not reading the source more carefully. Not scrolling to the bottom to check for a citations list. Leaving the page and finding out what others say about it. This is a move many people never make because it feels like distrust, and distrust feels impolite. It isn't impolite. It's the job.

Find better coverage, the third move, is where triangulation begins in earnest. If a claim is true, it should be findable in more than one place, by more than one outlet, traceable to more than one independent source. If the only place a fact appears is the document you're currently holding — that's worth noting. It doesn't mean the fact is false. It means you haven't confirmed it yet.

The fourth move — Trace claims to their origins — is the one that most often reveals manipulation. Information moves through the internet in layers. A tweet cites a blog post that cites a news article that cites a press release that cites a study. By the time something reaches your screen, it may have shed important qualifiers, reversed its original meaning, or been stripped of context that made it mean something entirely different. Tracing back to the original source — the actual study, the actual document, the actual record — is how you find out what was actually said.

Bear with this framework for one more step before moving to the practical application, because there's a catch that trips most people up when they first encounter SIFT. It's designed for rapid evaluation — for moving quickly through claims without going deep on every one. That's valuable, but it isn't the same as doing thorough research. SIFT tells you whether to trust what you're looking at. Triangulation tells you whether what you're looking at is actually complete. They're complementary tools, not interchangeable ones.

Triangulation across record types is the discipline of checking a claim not just against multiple sources, but against sources that are structurally independent of each other. This is the heart of what distinguishes rigorous open-source research from a well-organized collection of confirming documents.

Think about what "structurally independent" actually means. Suppose you're researching a company and you find its website, a press release the company issued, and an industry profile that quotes the company's founder. Those are three sources — but they're not independent. They all trace back to information the company itself provided or approved. If the company has something to hide, all three sources will hide it consistently. Structural independence means asking: who collected this data, why did they collect it, and do they have any reason to tell the same story this company would want told?

A county property record is structurally independent of a company's website. A UCC filing at the Secretary of State's office is structurally independent of a company's press materials. A court docket — especially a civil or bankruptcy filing — is structurally independent of everything a company says about itself publicly, because the adversaries in those proceedings had every incentive to surface unflattering facts. Cross-checking what a company claims against what its property records, court history, and regulatory filings show is the basic move of due diligence. As Nolo's guide to buying a business notes, a thorough due diligence investigation checks financial records, asset documentation, and liabilities across multiple independent sources specifically because the person selling you something has an obvious interest in how you see them.

This same principle applies far beyond business transactions. It applies to anything: a nonprofit's claimed impact, a public figure's stated background, a news story's central claim, a social media post asserting that something happened somewhere.

Here's where it gets harder, and worth slowing down for: triangulation doesn't always mean finding agreement. Sometimes what makes triangulated research valuable is that the sources don't agree — and the disagreement itself is the finding. Two records showing different owners for the same property at the same time is a red flag, not a reason to throw up your hands. A court filing that contradicts what a company says in its annual report is a lead, not a contradiction to resolve by ignoring one of them. The discipline is learning to treat discrepancies as information rather than problems.

The ICIJ Offshore Leaks Database offers a useful illustration of why discrepancies deserve careful handling rather than quick resolution. The database, which the International Consortium of Investigative Journalists maintains at offshoreleaks.icij.org, contains information on more than 810,000 offshore entities across the Pandora Papers, Paradise Papers, Panama Papers, and other investigations. The records link to people and companies in more than 200 countries. But the ICIJ itself is explicit about something most users skip over: the inclusion of a person or entity in the database does not mean they engaged in illegal or improper conduct. Many people share names. Information may have changed over time. A record showing a connection between a named individual and an offshore entity is a data point — it requires verification against other records before it becomes a conclusion. Jumping from "this name appears in a leaked file" to "this person is corrupt" is not triangulation. It's exactly the single-source error dressed up in dramatic data.

The same careful handling applies to any database with time-bounded records. And this brings us to one of the most common and least glamorous failure modes in public records research: outdated information.

Records go stale. A property deed shows who owned a parcel three years ago — not necessarily today. A corporate filing shows the registered agent at the time of filing — not after a subsequent transfer. A court case that showed "pending" in a database last year may have been resolved, dismissed, or settled since then. A UCC lien that appeared active may have been terminated. As the ICIJ notes about its own database, each dataset encompasses a defined time period, and some information may have changed. That's true of virtually every public record you'll encounter.

The practical habit this creates is simple: always check the date. Not the date you accessed the record — the date the record was created or last updated. A ten-year-old business registration tells you something about the past. If you're trying to understand the present, you need something more recent, or you need to find evidence that the older record's core facts still hold.

Manipulation is a different problem from outdated information, and it's worth distinguishing carefully. Outdated information was accurate once; manipulation was designed to mislead from the start. Digital documents can be altered. Screenshots can be staged. Metadata can be stripped or forged. A document that looks official — letterhead, signatures, proper formatting — is not necessarily authentic. This is a place where most people's instincts are poorly calibrated, because visual cues like professional design have been culturally trained as signals of legitimacy, and those cues are now trivially easy to fake.

The defense against manipulated documents starts with provenance: where did this document come from, and can you trace it to the original source? A document that someone sent you, or that appeared in a news story, or that was posted to social media is not the same as a document you retrieved yourself from an official government database. The further a document gets from its original source, the more opportunities there were for alteration along the way. Whenever possible, retrieve records directly from the government agency or official repository that holds them. That's not always possible — some records require formal requests, and some originals are inaccessible. But when it is possible, the document you pull yourself from PACER, from a county recorder's portal, from EDGAR, or from a Secretary of State database is more defensible than a copy someone handed you — regardless of how trustworthy that someone appears to be.

When direct retrieval isn't possible, metadata can help. Document files carry information about when they were created, what software created them, and sometimes who created them. A document purportedly from 2015 that was created in software that didn't exist until 2020 is a strong signal of manipulation. This kind of check requires extracting the file's metadata rather than just reading its content — something covered in the section on advanced search techniques earlier in this course. The point here is that metadata checking belongs in the verification workflow whenever document authenticity is uncertain.

Now, all of this analysis is only as useful as the trail you leave behind while doing it. Building a documented evidence trail isn't bureaucratic overhead — it's what makes your research usable by anyone, including future you.

The core practice is straightforward: document your sources at the moment you access them, not after the fact. This means recording the URL, the date and time of access, and a brief note about what the record shows. Web pages change or disappear. Government databases update their records. A court docket that shows one status today may show another status next week. Screenshots are imperfect but better than nothing; archiving pages through a service like the Wayback Machine creates a more defensible record because it creates a timestamped copy that neither you nor the page's owner can alter after the fact.

The evidence trail also means documenting your reasoning — not just what you found, but what it means in the context of your other findings, and what questions remain open. Investigators and journalists who work on complex cases often keep a running research log: a chronological record of what they searched, what they found, what they couldn't find, and what discrepancies appeared. This document isn't a finished product. It's a working tool that lets you reconstruct your own logic later, hand off research to a colleague, or demonstrate that you were thorough if your conclusions are ever challenged.

That last point matters more than it might seem. The value of documentation isn't only about accuracy — it's about accountability. Research without a documented trail is just a set of claims. Research with a documented trail is something a reader, an editor, or an opposing party can examine, test, and push back on. That's what makes it trustworthy, and trustworthiness is the entire point.

One more thing worth sitting with before moving on: the instinct to want certainty is the enemy of good research. Most public records questions don't resolve into clean, definitive answers. They resolve into well-supported conclusions with documented uncertainty. "The available records indicate X, with the caveat that Y has not been independently verified" is a stronger position than "X is true" if the second statement turns out to be built on a single source you didn't check. Acknowledging what you don't know, and what you couldn't find, is part of the evidence trail — not a weakness in it.

The skills built up across every previous section — reading property records, navigating court dockets, searching Secretary of State filings, sending FOIA requests, analyzing campaign finance data, running advanced searches — are only as valuable as the verification discipline that governs how you use them. A well-retrieved record from the wrong time period, or a perfectly sourced document that was altered before it reached you, or a single finding that you treated as a conclusion before checking it against anything else — any of those can undermine everything that came before. Verification isn't the last step of research. It's threaded through every step.

The practical payoff is this: when you finish a piece of research and someone asks how you know what you know, you should be able to walk them through your trail — source by source, check by check, discrepancy by discrepancy — and show them exactly how you got there. That's the standard. Everything in this section is in service of meeting it. What remains is putting these methods into practice across real scenarios — which is exactly where this course goes next.

12FOIA and State Open Records Requests: Asking the Government Directly

Imagine you're about to wire two hundred thousand dollars to a business partner you met six months ago. Everything checks out — or so it seems. The pitch was polished, the LinkedIn profile looked solid, and the introductions came through a mutual contact. Then, three weeks after the transfer, the phone goes quiet.

That scenario plays out more often than anyone likes to admit, and almost every time, the information that would have stopped it was sitting in a public database. Free. Accessible. Just waiting for someone to look.

This section is four walkthroughs in one — vetting a business partner, investigating a property dispute, backgrounding a public figure, and fact-checking a viral social media claim — each showing exactly where to start, what to pull, and how the pieces connect.

Scenario One: Vetting a Business Partner

Start with the basics before anything else. When someone presents themselves as a legitimate business operator, the first stop is the Secretary of State's office in whatever state they claim to operate from. Corporate filings are public record in every U.S. state, and they tell you whether the business actually exists, when it was formed, and who the registered agent is. A registered agent — the person or service officially authorized to receive legal documents on the company's behalf — is a small but telling detail. If the registered agent is a generic service that appears on thousands of filings with no other connection to the business, that's worth noting. If it's a real person, that person becomes a thread worth pulling.

OpenCorporates maintains a database that aggregates company records from registries across more than 140 countries, which matters when someone claims international operations or when U.S. filings show a parent company registered in a jurisdiction with lighter disclosure requirements. A name that appears in OpenCorporates linked to three dissolved companies and two active ones, all sharing a single registered address, is a very different picture than a clean, active, single-entity profile.

After the Secretary of State check, move to UCC filings. Uniform Commercial Code filings — the public records that document when a lender has a security interest in a business's assets — are searchable through most Secretary of State offices. If equipment, inventory, or accounts receivable are already pledged as collateral to another creditor, that debt exists whether or not it came up in conversation. Nolo's overview of business due diligence is direct about this: some information about the extent of equipment liens will be available from public sources, and that information should be checked before any transaction closes.

Now pull court records. Federal court cases are searchable through PACER — Public Access to Court Electronic Records — at a nominal per-page cost. State court cases vary by jurisdiction, but most states have at least a basic online docket search. Run the individual's name, the company name, and any names of principals listed in the corporate filing. Look for civil suits, judgments, and patterns. One old dispute doesn't tell much of a story. Three suits in five years from different plaintiffs, all alleging similar conduct, tells a different one entirely. Bankruptcy filings are also part of the federal court record and show up in PACER. A prior bankruptcy isn't disqualifying on its own — businesses fail for all kinds of reasons — but the circumstances around it matter, and the filings themselves often contain detailed financial disclosures that are worth reading.

Here's where most people stop. They find nothing alarming in the state filings and the court search, they take the LinkedIn profile at face value, and they proceed. The gap between that and a real vetting is what distinguishes a casual Google search from actual open-source intelligence.

Go one layer deeper: check the ICIJ Offshore Leaks Database. According to the ICIJ Offshore Leaks Database documentation, the database contains information on more than 810,000 offshore entities drawn from the Pandora Papers, Paradise Papers, Bahamas Leaks, Panama Papers, and Offshore Leaks investigations, covering records linking to people and companies in more than 200 countries and territories. A name appearing there doesn't automatically mean wrongdoing — the ICIJ is clear that there are legitimate uses for offshore companies and trusts, and that inclusion is not intended to imply illegal conduct. But it's a data point, and a data point that warrants a follow-up question.

Run the individual's name and the company name through a web search with terms like "complaint," "scam," "lawsuit," "fraud," and "BBB." Look at the Better Business Bureau profile if one exists. Check court record aggregators. Check PACER again for their district. Then step back and look at the whole picture — not any single finding, but the pattern. One clean filing and no court history is different from clean filings, no court history, no Google footprint, and an address that resolves to a UPS Store. The absence of information can be as meaningful as its presence, particularly for someone who claims years of business activity.

The point isn't suspicion for its own sake. It's that this process takes a few hours and protects against decisions that can't easily be undone.

Scenario Two: Investigating a Property Dispute

Property disputes are where public records shine most clearly, because the entire legal framework of land ownership runs on documentation that must be filed and made available. A neighbor who claims a fence was always at a certain line, a landlord who insists there are no liens on a building, a seller who swears a title is clean — these are all claims that can be tested against the record.

The county recorder's office — sometimes called the county clerk or register of deeds — is the anchor for all of this. That office holds deeds, mortgage filings, and lien records going back decades, often centuries. The starting point is finding the parcel number, sometimes called the APN or assessor's parcel number, which is the unique identifier assigned to a piece of land by the local assessor's office. With the parcel number in hand, the chain of title becomes searchable: every recorded deed showing who sold the property to whom, going back as far as the county's digital records extend.

Read that chain slowly. A clean chain of title means each transfer connects logically to the next — person A bought from person B, sold to person C, who sold to person D. Gaps in the chain, or instruments that appear out of order, are worth examining. A quit claim deed — a document that transfers whatever interest the grantor has, without any warranty about what that interest actually is — appearing in a residential title chain often signals that something was being worked around rather than properly conveyed. It's not always a problem, but it's always worth understanding.

Liens are layered on top of the deed history. A deed of trust is the security instrument for a mortgage — essentially the lender's claim on the property until the loan is paid. Judgment liens arise when a creditor wins a court case and records that judgment against the debtor's real property. Mechanic's liens are filed by contractors or suppliers who weren't paid for work on the property. Each of these attaches to the land, not just the owner, which means a buyer inherits them unless they're cleared at closing. County recorder databases vary in how user-friendly they are, but most allow searches by grantor and grantee name or by parcel number, and the documents themselves are usually available as images.

The tax assessor's records sit alongside the recorder's records and provide a different angle. Assessor data typically shows the most recent assessed value, the owner of record as of the last tax year, and whether property taxes are current. Delinquent taxes show up here, and in many jurisdictions, tax liens have priority over other liens, meaning a property with years of unpaid taxes is a complicated purchase even if the deed chain looks clean.

For disputes about property lines, the recorded plat map is the governing document. Plat maps — the official subdivision maps filed when land is divided into parcels — show the legal boundaries as they were established at the time of subdivision. These are public record and available through the recorder's or assessor's office. If a fence doesn't match the plat, the fence is wrong, not the plat.

Stay with this for one more step, because it's where the research gets genuinely powerful. When a property is owned by an LLC rather than an individual, the recorder shows the LLC as the owner of record — but the LLC itself may tell you nothing about the actual human beings involved. That's where the Secretary of State corporate filing comes in. The LLC's articles of organization or annual reports may list managers or members. If those also point to other LLCs, each one requires its own Secretary of State lookup. Following ownership chains through nested entities is tedious, but it's the same process used by investigative journalists and financial regulators, and the records are generally accessible to anyone who's willing to work through them methodically.

Scenario Three: Backgrounding a Public Figure

The public figure scenario is different in character from the previous two. The goal isn't to make a transaction decision; it's to understand who someone is, how they've wielded power or influence, and whether the public record matches the public presentation.

Start with what the person controls or has received. For anyone involved in federal politics, FEC campaign finance filings are a direct, searchable account of who funded their campaigns and how that money was spent. Federal lobbying disclosures — filed with the Senate Office of Public Records — show who hired lobbyists to influence whom, and for what purposes. For federal contractors, USASpending.gov tracks every grant and contract awarded with federal dollars. These are not summaries or journalism; they're the actual filings, searchable by name.

For executives at publicly traded companies, SEC filings contain extraordinary detail. Form 4 filings show insider stock transactions in near real time — required to be filed within two business days of a trade. Proxy statements, filed annually, disclose executive compensation, board composition, and related-party transactions: situations where executives or directors have personal financial interests in deals the company is making. The proxy statement is one of the most underread documents in public life. It often contains disclosures about conflicts of interest that never make it into press coverage.

Nonprofits present their own window. Form 990 filings, which tax-exempt organizations must file annually with the IRS, include the organization's revenue, its highest-paid employees and contractors, grants made to other organizations, and disclosures about related-party transactions. ProPublica's Nonprofit Explorer makes these searchable online without a fee. When a public figure runs a foundation or sits on a nonprofit board, the 990 filings for that organization are a primary source.

Court records round out the picture. Someone who has been sued repeatedly, who has defaulted on judgments, or who appears as a defendant in cases involving specific patterns of conduct has a record. That record is public. The pattern of litigation around a person over time often tells a more accurate story than any biography they've authorized.

Now add the open-source layer. The Wayback Machine — the Internet Archive's snapshot service — allows searches of how a website looked at any point in its history. This matters when a public figure's organization has changed its stated mission, removed bios, or altered its description of past activities. The cached version of a page from three years ago is evidence. WHOIS records and domain history can establish when a website was created and, in cases where privacy protection wasn't used, who originally registered it. Reverse image search — running a photograph through Google Images or TinEye — can surface whether a headshot appeared under a different name elsewhere, or whether a claimed credential is attached to other public profiles.

For truly international subjects, the ICIJ Offshore Leaks Database is worth checking here as well. The same caveat applies as before — presence in the database doesn't establish wrongdoing — but the context matters, and a name connecting to entities in opaque jurisdictions during periods relevant to the subject's business activities is a data point that belongs in the file.

Scenario Four: Fact-Checking a Viral Social Media Claim

A video appears showing what looks like a protest in a specific city on a specific date. A caption attributes it to a breaking news event. Within hours it's shared tens of thousands of times. The problem is that no other coverage of this event exists — and a few details in the frame don't quite fit the claimed location.

This scenario has become routine, and the techniques for addressing it are a combination of tools covered throughout this course, assembled here into a repeatable workflow.

The first question is always: where did this actually originate? That means reverse image searching the video's thumbnail or a still frame from it. Google Images and TinEye both accept image uploads and return visually similar results. If the image appears in a news story from two years ago attributed to a different country, that's the answer. The claim is false. The search takes thirty seconds.

If the image doesn't surface through reverse search, the next step is geolocation. This is the process of verifying a specific location by matching visible details — signage, architecture, landmarks, vegetation, road markings, the angle of shadows — against satellite imagery and street-level photographs. Bellingcat's guide to flight tracking describes open-source flight tracking as an accessible tool that can add important details to stories or uncover new narratives, and the same logic applies to geolocation: the discipline is making verifiable claims about the physical world by cross-referencing observable evidence against public data. Google Street View, Bing Maps' Streetside, and Google Earth's historical imagery are the core tools. A distinct building visible in the claimed footage can often be pinpointed on satellite imagery within minutes.

The date question is separate from the location question and requires its own check. Metadata — the embedded data in a digital image file recording camera settings, GPS coordinates, and timestamp — is sometimes preserved and can be extracted with free tools. It's worth knowing that metadata is easily stripped or altered, so its presence is useful as confirming evidence but its absence doesn't mean anything by itself. The more reliable method for dating is contextual: what else is visible in the image or video? Weather conditions, vegetation state, visible clothing layers, and visible news broadcasts or signage all constrain the possible date range.

Cross-reference against news databases and social media archives. If a major event occurred in a claimed location on a claimed date, there should be corroborating coverage. Its absence doesn't prove the claim false — small events don't always generate press coverage — but for claims about large, public events, the absence of corroboration is significant. The SIFT method — Stop, Investigate the source, Find better coverage, Trace claims to their origin — provides the through-line here. Stop before sharing. Investigate where this content first appeared. Find better coverage from known outlets. Trace the specific claim back to its earliest, most primary source.

What the SIFT method is resisting is the brain's tendency to evaluate new information through the lens of what's already believed. A claim that confirms existing views gets less scrutiny. A claim that challenges existing views triggers more resistance. Neither response is useful for fact-checking; both are human. Naming that tendency is part of what makes SIFT effective — it builds in a pause before the instinctive response.

For claims involving specific statistics, official statements, or policy details, the primary source check is non-negotiable. A viral claim that a law says something specific can be verified against the text of the law. A claim that a government agency reported a specific number can be checked against the agency's actual publications. These primary sources are almost always available online, and the gap between what a primary source actually says and what a viral claim attributes to it is often enormous.

The four scenarios here aren't exhaustive — public records research surfaces in contexts ranging from genealogical investigation to environmental monitoring to anti-corruption journalism. But they represent the situations most people encounter most often, and the methods generalize. The pattern is always the same: start with the public record that directly governs the question, work outward through connected records, cross-reference across sources, and document what you find and where you found it. That last part — the documentation — is what transforms a collection of browser tabs into something you can actually use or share. Which points directly to the question this whole course has been building toward: how to do all of this responsibly, and where the line runs between legitimate research and something that crosses it.

13Financial and Regulatory Records: Lobbyists, Donations, and Contracts

There's a line in public records research that most people assume is obvious — until they cross it without realizing it. The difference between a thorough investigation and a legal or ethical disaster isn't always the information itself. It's what you did to get it, and what you do with it once you have it.

This final section is about that line — where it sits, how it moves depending on who you're researching and why, and the specific laws and principles that make the difference between responsible research and something a prosecutor could take an interest in.

The core tension here is worth naming plainly: the same tools and techniques that let a journalist expose corruption, or let a tenant verify a landlord's record, or let a hiring manager confirm a résumé, can also be used to surveil an ex-partner, harass an activist, or stalk someone across their digital footprint. The techniques don't change. The intent, the target, and the method of access do — and those distinctions carry real legal weight.

Start with the most important concept in this space: the difference between public and private information is not the same as the difference between findable and not-findable. Just because something can be found doesn't mean it's public in any meaningful ethical or legal sense. A person's home address might be on a county property record. Their daily jogging route might be inferable from public social media posts. Their employer might be listed on LinkedIn. Each of those facts is individually accessible. Combining them into a dossier and using it to track someone's movements is a different thing entirely — and courts and legislatures have increasingly recognized that aggregation of individually public facts can itself constitute a privacy violation.

This is sometimes called the aggregation problem, and it's worth sitting with for a moment. Think about what seems harmless in isolation: a name, an employer, a neighborhood, a physical description, a daily schedule. None of those alone tells you much. String them together and you have a surveillance profile. That shift from discrete facts to operational intelligence is where ethical open-source research starts to shade into something else. The strongest research ethics frameworks treat aggregation as its own category of risk — not just "is each piece public" but "what does this combination enable someone to do."

The legal framework around this has several distinct layers, and it's worth understanding each of them separately before trying to apply them together. The first layer is stalking and harassment law. Every U.S. state has some version of a stalking statute, and many have been updated in recent years to explicitly cover cyberstalking — harassment conducted through electronic means, including tracking someone's location through social media, sending repeated unwanted contact, or publishing personal information with the intent to cause fear. The federal Violence Against Women Act includes cyberstalking provisions that can apply when conduct crosses state lines. These laws don't require that you show up at someone's door. Compiling and publishing a person's home address, workplace, and daily schedule with the apparent intent to intimidate or facilitate harm to them can cross the line even if every piece of information came from a public source.

The second legal layer is the one most researchers don't think about until they've already done the thing that triggered it. The Computer Fraud and Abuse Act — often abbreviated CFAA — is a federal law originally passed in 1986 to address hacking, but it has been interpreted broadly enough to cover a range of conduct that looks nothing like what most people imagine when they hear the word "hacker." The core prohibition in the CFAA is accessing a computer "without authorization" or in excess of authorized access. That phrase has been contested in court for decades. At its most aggressive, prosecutors have argued it covers things like violating a website's terms of service — creating a fake profile to access a platform you've been banned from, for instance, or scraping data from a site that prohibits it in its terms.

The Supreme Court's 2021 decision in Van Buren v. United States narrowed the CFAA somewhat, holding that the "exceeds authorized access" language applies to accessing information a person isn't entitled to retrieve from systems they otherwise have authorization to use — not simply to violating use restrictions in terms of service. That case involved a police sergeant who used a law enforcement database to look up a license plate in exchange for money. The Court's ruling clarified that the CFAA's scope isn't unlimited, but it did not give researchers a green light to ignore terms of service or access restricted systems. The practical takeaway is this: if you need to create a fake account, bypass a login, or access a database through credentials that weren't issued to you, stop. That's the territory where CFAA exposure lives, regardless of your research purpose.

There's also a third layer that comes up specifically in journalism and investigative contexts: wiretapping and electronic surveillance laws. Recording a phone call without consent, intercepting electronic communications, or using tracking software to monitor someone's device without their knowledge can violate both federal law under the Electronic Communications Privacy Act and state equivalents. Some states require all-party consent for recordings. Using a spyware app to monitor a subject's communications — even if you believe you have a legitimate reason — is the kind of conduct that leads to criminal charges, not journalism awards.

Now, all of that might sound like a long list of things to avoid. The affirmative question is equally important: when you're researching someone, what are you actually allowed to do, and how do you stay on solid ground? The answer depends heavily on who you're researching and your purpose in doing so. Public figures — elected officials, executives of public companies, institutional leaders, candidates for office — have reduced privacy expectations with respect to their exercise of public power. A senator's voting record, a CEO's compensation disclosed in SEC filings, a police department's use-of-force statistics: these are legitimate subjects of research and publication precisely because they relate to the public role these people have chosen to occupy. Even for public figures, though, the reduction in privacy expectations applies to their public conduct, not to every corner of their lives. A politician's medical history is not public business unless it bears directly on their capacity to serve. A CEO's adult children who hold no public role are not fair game simply because their parent is.

Private individuals — people who have not sought public roles — get much stronger protection, and the research purpose matters enormously. A landlord doing a background check on a prospective tenant is operating in a context with established legal frameworks, including the Fair Credit Reporting Act, which governs what consumer reporting agencies can collect and share and requires disclosure to the subject. A journalist investigating a private individual who is the victim of a crime needs to handle that person's information with particular care, both ethically and practically. A private citizen researching a private individual out of personal curiosity sits in the most fraught territory of all — that's where the aggregation problem becomes sharpest, and where the distance between "research" and "surveillance" is shortest.

The Fair Credit Reporting Act deserves a moment here because researchers sometimes stumble into its scope without realizing it. The FCRA applies specifically to "consumer reports" compiled by consumer reporting agencies for purposes like employment, tenancy, and credit decisions. If you're using a commercial people-search database to compile information about someone for one of those purposes, you may be triggering FCRA obligations — including the requirement to give the subject notice and, in employment contexts, a chance to dispute the findings. Using those same databases for journalism or personal research sits in murkier territory. The practical advice: if you're making a decision about hiring or housing someone based on a database report, talk to a lawyer before you finalize anything.

One of the places where researchers most frequently miscalibrate is the handling of sensitive categories of information. Health records, immigration status, sexual orientation and gender identity, financial distress, mental health history, religious affiliation, and past criminal records that have been expunged — these categories carry heightened risk both legally and ethically. The legal risk varies by jurisdiction: some states have specific privacy protections for sexual orientation and gender identity, for example, and HIPAA provides strong federal protection for health information held by covered entities. The ethical risk is more consistent across contexts: publishing this kind of information about a private individual, or even a public figure in a non-public context, can cause serious harm — job loss, family rupture, physical danger — that is disproportionate to whatever public interest the research serves.

This is where the concept of responsible disclosure becomes essential. Responsible disclosure, borrowed from the cybersecurity world where it developed around vulnerability reporting, means having a process for deciding what you found, what public interest it serves, and how you communicate it before you publish or share it. In cybersecurity, it means notifying a company about a security flaw before making it public, so they have a chance to fix it. In investigative research more broadly, it means asking a set of questions before releasing findings: Is the harm this causes proportionate to the public benefit? Have affected parties had a chance to respond? Is there a less harmful way to convey the same information? Would a reasonable editor or ethics review board approve this publication?

Those questions aren't always answered the same way. Sometimes the public interest genuinely outweighs the harm — that's why investigative journalism about corruption, abuse of power, and financial fraud exists. But "I found it and I can publish it" is not itself a justification. The fact that something is true and findable doesn't automatically mean publishing it serves any purpose beyond satisfying curiosity or causing harm.

Researchers working in institutional contexts — newsrooms, academic institutions, nonprofits — often have formal ethics frameworks, IRB oversight in academic settings, or editorial processes that serve as a check on these questions. Researchers working independently have to build their own check. One practical approach: before you publish, share, or act on sensitive findings, write out a one-paragraph justification that explains what you found, why it's in the public interest, what harm it might cause, and why that harm is outweighed by the benefit. If you can't write that paragraph convincingly, that's a signal to pause.

A specific scenario that comes up often is research that uncovers information about people who are not the primary subject of the investigation. Imagine you're researching a company's executive for financial misconduct. In the course of that research, you find information about the executive's family members, or about employees who were themselves victims rather than perpetrators. Those individuals didn't choose to be part of your investigation. Their information should be handled with particular care — used only to the extent it's necessary to document the story you're actually telling, and protected from unnecessary exposure.

Minimization is the principle here: collect what you need, retain what's necessary, and don't publish or share more than serves the legitimate purpose. It's a principle borrowed from privacy law, where it applies to data collection by organizations, but it translates directly to research ethics. The researcher who keeps detailed dossiers on subjects' family members and associates, well beyond what any conceivable story requires, is creating both legal exposure and ethical problems.

There's another dimension to this that deserves honest attention: the difference between what's legal and what's right isn't always the same line. Something can be legal and still be harmful, invasive, or in bad faith. A private investigator working within the law can compile extensive profiles on private individuals. A journalist can legally print true information that destroys a private person's life for no compelling public purpose. "I didn't break any laws" is the floor of ethical conduct, not the ceiling.

The most experienced investigators and journalists tend to operate with a more demanding standard than the legal minimum. They ask not just "can I do this" but "should I," and they're willing to leave findings on the table when publishing them would cause harm that isn't justified by the public benefit. That discipline is not weakness or timidity — it's what separates credible, durable investigative work from content that gets taken down, gets journalists sued, or gets used to justify harassment in a different direction.

Before wrapping up this section, it's worth addressing a scenario that trips up researchers who are clearly operating in good faith: finding genuinely alarming information and not knowing what to do with it. Imagine you're doing due diligence research on a business partner using the publicly available tools described throughout this course, and you stumble across court records suggesting criminal conduct, or financial filings that appear to show fraud, or social media evidence of serious wrongdoing. What's the responsible path forward?

The first answer is: document everything carefully before the information disappears or changes. Screenshots with timestamps, archived URLs, and careful notes about where each piece of information came from. The second answer is: get professional advice before acting on it. An attorney can tell you whether what you found triggers any reporting obligations — some jurisdictions have mandatory reporting requirements for certain categories of information, and some situations may involve law enforcement referrals. A journalist in this situation would typically loop in editors and legal counsel. The third answer, for most people in most situations, is: don't become the enforcement mechanism yourself. Posting your findings publicly, confronting the subject directly, or sharing with parties who might act on the information in unpredictable ways can all create legal and safety risks that are hard to foresee.

The through-line across all of this is that good research requires judgment, not just technique. The skills covered across this course — reading property records, navigating court dockets, pulling SEC filings, using advanced search operators — are genuinely powerful. Power, used without judgment, causes damage. The researchers who do this work well are the ones who hold the technique and the ethics in the same hand, who ask the "should I" question as naturally as they ask the "how do I" question, and who understand that building a reputation for responsible handling of sensitive information is itself part of the work.

The public record exists because democracies decided that transparency about power is worth more than the comfort of those in power. That principle is real, it's important, and it's why this entire course exists. The best stewards of public records research are the ones who honor that principle by using it wisely — finding what's actually out there, and handling what they find with the care it deserves.

14Conclusion

Everything in this course has been organized around a single hidden assumption — that the gap between what governments make public and what most people know to look for is not a flaw in the system. It's a feature of how the system was built. Records are available. Access rights exist. What most people lack is the logic that connects them, and that logic is what these hours have been about.

Think back to the moment in the property records section when a buried contractor's lien — unmentioned by the seller, invisible to any casual search — turned out to be sitting right there in a county database, findable for free in under an hour. Or the counterintuitive claim in the corporate records section that Secretary of State filings and registered agent records weren't designed to hide ownership — they were designed to reveal it, and the opacity only begins where the paper trail stops, which is itself a signal worth reading. Then there was the FOIA section's quiet insistence that the law applies to any person — not just journalists, not just lawyers, not even just citizens — and that the distance between an abstract right and a practical one is mostly a matter of knowing how to ask.

Those aren't three separate lessons. They're the same lesson landing three different times…

The records were never hidden. The access was never restricted. What was missing was the mental model that lets you walk up to the right door and knock.

That's the thing worth carrying forward. Not a technique, not a database URL, not a search string — but the understanding that the public record is a system with a logic, and once that logic is yours, the research changes character entirely. The door was always open.

Want a course that doesn't exist yet? Request one →