News21 A Journalism Initiative of the Carnegie and Knight Foundations

Project Banner

Medill Privacy in an Age of Security

Northwestern University's News21 fellows look at America's new system of surveillance, developed by the government with the help of private data mining firms after 9/11. One story reports on how the Social Security Administration's massive databases are being used in homeland security investigations; another uncovers new details about a secretive program in which the Department of Education shared personal information on hundreds of student loan applicants with the FBI. Two immersive interactive presentations explore the digital trails we leave behind in our daily lives and government data-mining initiatives that might incorporate information about you.

Commercial Data Use by Law Enforcement Raises Questions about Accuracy, Oversight

By Nicole Duarte, August 16, 2006

Data collection firms have become an increasingly important law enforcement resource in the scramble to identify potential terrorists. The government’s push for greater and more detailed information about private citizens has helped spawn a $1 billion industry.

But many of America’s most important privacy protections do not apply to commercial data brokers, allowing law enforcement to buy access to intricate dossiers on American citizens it couldn’t otherwise collect.

The Privacy Act of 1974 forbids the federal government from collecting personal information for one purpose and using it for another without publishing explicit notice to the individuals who will be affected. The federal government also is forbidden from creating extensive records about citizens unless the information is intended for a specific law enforcement investigation. Using data from private companies allows law enforcement to skirt both those restrictions.

And the data business is booming. In 1996, the federal law enforcement community spent $1.7 million on contracts with two commercial information resellers, according to federal contracting data. By 2005, the same 22 agencies spent $40.5 million on contracts with four data brokers and three credit bureaus.

In 2005, ChoicePoint Inc, currently a leading federal contractor, reported its government services group earned 14 percent of its annual revenue, or $148 million, up from $69 million, or 9 percent, of total revenue in 2002. The company separated government services into its own segment in 2002.

Law enforcement officials at all level of government have lauded the convenience of having ready access to the billions of records from data aggregators. ChoicePoint’s data stores provide its more than 2,000 law enforcement clients access to information derived from publicly available information like bankruptcy filings, liens and arrest records; professional credentials like pilots and drivers licenses; records of U.S. military personnel; and corporate information. The databases can identify a subject’s neighbors, relatives and business associates. ChoicePoint and other companies also have invested in technology to discern geographic or pathological patterns in criminal behavior. Last year, ChoicePoint won $39 million in federal contracts.

Grace Mastalli, principle deputy director for the information sharing and collaboration program at the Department of Homeland Security, told a public DHS workshop last year that “we have sometimes used commercial data, not just to support identity authentication, but to assure the integrity of government data, and the accuracy of government data.”

However, not all broker-held data is accurate.

Robert O’Harrow, a Washington journalist who has covered privacy and technology wrote in his book on the subject, “By outsourcing the collection of records, the government doesn’t have to ensure the data is accurate, or have any provisions to correct it in the same way it would under the Privacy Act. There are no limits on how the information can be interpreted.”

Furthermore, Paul Schwartz, a privacy law expert at the University of California said, “If some information about you is incorrect, there is no legal remedy to make a data broker fix it.”

Accuracy is not guaranteed even if the brokered data is comprised of official records. A 2004 study of commercial data brokers found that 79 percent of the nearly 200 credit reports studied contained errors of some kind, according to the U.S. Public Interest Research Group.

The nonprofit consumer advocacy group’s study covered the nation’s three largest credit bureaus, Experian, TransUnion LLC and Equifax, Inc., which was the parent company for ChoicePoint until 1997. In 2004, the federal law enforcement community spent $114,000 on contracts with the three firms, contract data showed.

Fifty-four percent of the credit reports contained mistaken consumer personal information; 25 percent contained serious errors “that could result in the denial of credit, such as false delinquencies or accounts that did not belong to the consumer.”

In the course of investigating information reseller use by federal agencies earlier this year, the Government Accountability Office, which is Congress’ investigative arm, criticized some commercial data brokers for failing to ensure that information given to government clients for law enforcement purposes was sufficiently accurate.

“The information resellers didn’t take action specifically to ensure the accuracy of information for the specific purpose that that information was going to be used for,” said Linda Koontz, chief of the GAO’s information technology division.

ChoicePoint insists its products are as accurate as legally possible. Of the 9 million background checks done through ChoicePoint each year, one out of every 1,000 has its accuracy challenged, said company spokesman Mark Furman. Of the records challenged, one in 1,000 resulted in a change to the record.

However, the onus is on consumers to detect errors in their records. Said Berkeley’s Schwartz, “First, you have to convince the issuing agency that there is an error in the record, then you have to convince all the data brokers that might hold that record that it is wrong and request they stop distributing it.”

Police say many data quality problems that plague databases of both private aggregators and law enforcement are human in origin.

“You could have a mental health code attached to your name for no criteria other than the officer you met thought you were nuts,” said a New England state police officer who asked not to be identified for fear of repercussions from his superiors.

Tondalaya Williams of Davenport, Iowa, has struggled since 1995 to erase a felony conviction made by another woman using her identity. The erroneous information has continued to show up in commercial databases affecting background checks for jobs, insurance and her mortgage despite presenting documents to correct her record to police and the Scott County Clerk on numerous occasions.

“It’s been 10 years. I mean, what else can I do to fix this?” she said.

Blog Reactions

See all results ...