Privacy / Data Protection
Big Brother's Little Helpers: How Choicepoint and Other Commercial Data Brokers Collect, Process, and Package Your Data for Law Enforcement
Author(s): Chris Jay Hoofnagle
Abstract: The shift to a digital information environment has brought many changes to law enforcement access to personal data. Now, by visiting a single website, such as www.cpgov.com, law enforcement can obtain a comprehensive dossier on almost any adult. That website was custom-tailored for law enforcement by ChoicePoint, Inc., a commercial data broker (CDB).
CDBs make available a wide variety of personal information, from arrest and court records to notice that a suspect has opened a private mailbox. Access to private sector databases has significantly altered the balance of power between law enforcement and the individual. This new power has been made possible by the confluence of fast network connections; the availability of public records, both electronic and paper, that are rich with personal information; a regulatory environment that has turned a blind eye to private sector collection of personal information for marketing and other purposes; and the alacrity of companies that have become very profitable from selling personal data to the government.
This article summarizes the findings of three years of research into the relationship between CDBs and the federal government. The federal Freedom of Information Act was employed to obtain over 1,500 documents from nine federal agencies concerning ChoicePoint and other CDBs. Findings are presented from the requests, and concerns are raised regarding law enforcement access to personal information.
The documents led to six major findings. First, the documents show that law enforcement can quickly obtain a broad array of personal information about individuals. Second, although broad requests for documents were filed, there was almost no evidence of controls to prevent agency employees from misusing the databases. It appears as though auditing employee use of the databases is either impossible or simply not done. Third, the database companies are extremely solicitous to the government and actually design the databases for law enforcement use. Fourth, ChoicePoint expanded significantly in 2000 by starting to acquire and sell personal information of non-citizens. That discovery has led to strong international dissent. Fifth, many of the contracts with CDBs are sole-sourced, meaning the contracts are not open to competitive bidding. Sixth, the FBI has a secret, sole-source contract with ChoicePoint to develop an information service prototype.
Based on these documents, the author concludes that the Privacy Act should apply to CDBs. The Privacy Act of 1974 establishes a comprehensive set of Fair Information Practices for government collection of personal information, but does not substantially affect the data practices of these private companies. Because of this lack of coverage, government entities have performed an end-run around the protections of the Privacy Act by allowing the private sector to amass troves of personal information that the government would ordinarily not be allowed to collect. Essentially, commercial data brokers are big brother's little helpers - private sector companies that have escrowed personal information that is customized for law enforcement and other government agencies.
The author also concludes that public policy makers should not draw distinctions between commercial and government collection of personal information. Libertarians and conservatives have employed persuasive arguments to stave off privacy regulation that affects the commercial sector. They have argued that government collection, use, and disclosure of information presents more risk than commercial collection because the government has the power to arrest, imprison, and even to execute citizens. But this article shows that this distinction between the risks of government and commercial privacy risk is no longer tenable. Commercial actors provide personal information to the government in a number of contexts, and often with astonishing alacrity.
Finally, policymakers should revisit policies surrounding access to public records. Much of the personal information made available to law enforcement originates from public records. In a variety of contexts, the government compels individuals to reveal their personal information, and then pours it into the public record for anyone to use for any purpose. The private sector has collected the information, repackaged it, and brought it back to the government full circle. While public records are supposed to provide a window for a citizen to check abusive government activities, increasingly, they are used to leverage more control for powerful institutions against the common man.
Keywords: Privacy, freedom of information, public records, law enforcement, national securityLink: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=582302