Fighting terrorism on the home front has given the U.S. government a big appetite for information, with records such as credit reports, charity lists and traffic incidents being scoured for leads in the name of national security. This zeal to cross-check and profile citizens is creating a rush of companies eager to sell the fruits of private and public databases to federal agencies. But as the stakes rise in this growing industry, concerns are mounting about the quality of the data being gathered and the integrity of the information traders themselves.
“The information industry is a thug industry,” said Chris Hoofnagle, legislative counsel at the Electronic Privacy Information Center, in Washington. “These guys are opportunists. Their operating principle is that since they can collect this information, they can use it.”
Thus far, the government appears unconcerned about regulating its sources of personal data. The FBIs use of commercial databases has grown 9,600 percent over the last decade, according to EPIC. The bureau uses credit records, property records, professional licenses, drivers licenses and other data purchased from companies such as ChoicePoint Inc., of Alpharetta, Ga., and LexisNexis, of Dayton, Ohio, as well as credit reporting agencies such as Atlanta-based Equifax Inc., Experian Information Solutions Inc., of Costa Mesa, Calif., and Trans Union LLC, of Chicago. But none of these companies is held accountable for the truth or accuracy of the information it sells.
Some of the companies, such as ChoicePoint, have been operating for a long time but are ramping up homeland security divisions and buying smaller, more specialized data brokers. According to a lawsuit filed by International Biometric Group LLC, ChoicePoint is developing a biometrics tool to acquire and match biometric data for security purposes. ChoicePoint officials did not respond to requests for comment.
In addition to old-line info dealers ramping up new services for homeland security, new companies are popping up to satisfy federal data needs. Intelius Inc., of Redmond, Wash., was formed in January to respond to the call for information. Intelius sells integrated data for safety and homeland security. Most of the data is information the government already has, according to founder Naveen Jain.
Jain has done little to dispel the opportunist label placed on information merchants, however. He founded dot-com standout InfoSpace Inc. in 1997 but was ousted from the company in December. As chief executive of InfoSpace, Jain told the Puget Sound Business Journal in 1997 that his goal was “world domination just like Microsoft [Corp.],” where he worked as a marketing manager.
In May, a federal judge ruled that Jain had made illegal “short-swing” stock trades while at InfoSpace. Jain said that the transactions involved moving shares from trusts for his children into other accounts and that he did nothing wrong.
Besides proving that the background of information dealers is less important to the government than the details of the lives of Americans they are investigating, critics charge that, unlike security vendors, data merchants do not have to be certified or meet quality standards when selling to the government.
Jain claims his company has a vested interest in selling accurate data but acknowledges that commercial data will never be 100 percent accurate. He said Intelius can deduce accuracy of the information it sells through artificial intelligence and other technologies.
Accuracy aside, information brokers have historically resisted selling data to federal law enforcement agencies to avoid the privacy rules that safeguard public-sector databases. Data that the government controls is subject to the Privacy Act of 1974, which gives individuals access to most personal information maintained by federal agencies and allows them to amend inaccurate records. Most commercial databases are not subject to such legal safeguards.
Now, however, the industry is moving away from the practice that warded off regulation, EPICs Hoofnagle said. “All these companies that stood behind this false promise are now selling information to the government,” Hoofnagle said. “Theyre taking advantage of a lapse in public policy to enrich themselves to the detriment of society.”
Left in the private sector, inaccurate data poses the threat of inconvenience, embarrassment and potential personal danger. Turned over to the state, it poses a bureaucratic nightmare.
The question of how data is used by the government is at the center of privacy and database security concerns. Evolving data mining technologies create new ways to manipulate, share and apply data, enabling information gathered for one purpose to be used for another.
Databases recording fishing licenses, pet licenses, land ownership, voting registration and credit reports were built for specific purposes and cannot be aggregated with certainty, experts say. This is one reason that the majority of companies in the information profession—mostly small businesses—avoid public- records research altogether, said Mary Ellen Bates, principal of Bates Information Services Inc., in Boulder, Colo.
“The problem with most public records is that they are not designed for cross-indexing,” said Bates. “There is no common field.”
In addition, data merchants increasingly collect and aggregate disparate data regardless of original intent, experts say.
“I dont think information companies much care whether this data is public record or not,” said Robert Gellman, a privacy consultant in Washington. “The government is making greater use of records that are unregulated. These records are being used in much more serious ways.”
Gellman, who—as chief counsel to the U.S. House subcommittee on government information for 17 years—was involved in the crafting of the Privacy Act of 1974, is critical of the industry for resisting new accuracy safeguards.
“The industry has opposed giving people correction rights,” Gellman said. “Their answer [to inaccurate data] is: We dont care if its wrong.”
Apparently cognizant of the privacy pitfalls, the administration championed the appointment of a chief privacy officer at the secretive Department of Homeland Security, a major buyer of private data. But the officer, Nualla OConnor Kelly, is the only individual among the 170,000 DHS employees who works on privacy and was not available to comment, a DHS spokeswoman said.
“Its human nature that we want to know everything about everyone else, and we dont want anybody to know anything about us,” said Intelius Jain. “I was surprised to learn how much people knew about me.”