Skip to comments.FBI will tap into personal profiles
Posted on 09/03/2002 8:32:50 AM PDT by dalereed
FBI will tap into personal profiles
No legal basis for suspicion needed
By Bruce V. Bigelow
September 3, 2002
When direct marketing consultant Mike DeCastro gets hired to plan a campaign pitching vacations in Mazatlan or cell phone service in San Diego, one of his first moves is to consult an online catalog of customer lists.
Such lists are the lubricant that keep the wheels of our consumer society spinning. If you applied for a loan or used a credit card, your name is on a list. They identify almost everyone who has attended school, subscribed to anything, or bought anything from a catalog, direct mail or online merchant.
Ultimately, such lists also provide the raw material used to build sophisticated computerized databases that have become a multibillion-dollar industry.
"Just about anything that you want to know about anybody is available in a commercial database," said DeCastro of San Francisco.
Most people don't have a clue that such databases compile information from a variety of sources, linking their names to their Social Security numbers, credit profiles, employment histories, travel records, court records, personal interests and chronic health conditions.
And now, under changes ordered by Attorney General John Ashcroft, the FBI is moving to use commercial databases in its efforts to prevent acts of terrorism in the United States.
The change was part of a broader decision, announced by the Justice Department May 30, to loosen the internal policies that guide federal terrorist investigations.
Now, even if they don't have a specific suspect or legal basis for suspicion, "FBI agents under the new guidelines are empowered to scour public sources for information on future terrorist threats," Ashcroft said.
The attorney general did not specify how the FBI would use commercial databases, and a Justice Department spokesman did not return calls seeking elaboration.
Experts say the FBI would likely use special software and advanced "data-mining" techniques that can sift through enormous fields of data to identify patterns and characteristics of potential terrorists.
Given the potential threats to American security, some say the changes were long overdue.
"The computer systems that were available to the general public were not available to agents like me," said Darwin Wisdom, a former FBI agent who runs the Baker Street Group, a San Diego investigative firm. "I was always dismayed by our inability to access information that was available on computer just about everywhere else."
Before Ashcroft changed the guidelines, the FBI could not even use standard Internet search engines such as Google to look for information concerning terrorist activity, said Mitch Dembin, who resigned two years ago as a federal prosecutor specializing in computer crimes. Investigators first had to have suspicion. "The guidelines cannot be so strict that they shut out from law enforcement the very tools that are available to you and me," Wisdom said. "That's preposterous."
Ashcroft's changes have stirred some opposition. The American Civil Liberties Union says the new FBI guidelines reversed many self-imposed restraints the Justice Department adopted in the 1970s after revelations of FBI illegal spying.
"For over a decade, the commercial data collectors have promised Americans they would not turn this data over to law enforcement," said Chris Hoofnagle, a lawyer with the Electronic Privacy Information Center in Washington, D.C. "This was a guarantee that has staved off legislation and allowed this data collection to continue."
The new capabilities of these technologies now allows "suspicionless, dragnet-style investigations of all Americans," Hoofnagle said.
FBI agents could use commercial databases before Ashcroft changed the guidelines, but only after indications of criminal activity were established, Hoofnagle said. A prosecutor would then obtain a warrant that allowed a search, as well as electronic eavesdropping.
"Under the old guidelines, they were not allowed to engage in prospective searches meaning they could not sit down and say all Protestant men between 20 and 24 are likely terrorists and print out a suspect list," Hoofnagle said.
By using commercial databases, DeCastro said, the FBI could generate lists of potential suspects based on a profile using such criteria as race, religion, travel, bank accounts and even grocery-store purchases.
"It's a disaster," said John Perry Barlow, a fellow at Harvard Law School's Berkman Center and a co-founder of the Electronic Frontier Foundation. "This information has been gathered with an assurance to the consumer that his privacy was being protected, except when warrants were issued for a specific release."
Said Barlow: "We have increasingly what strikes me as the foundation for a police state in the United States."
But Wisdom, who spent 27 years as an FBI agent before retiring in 1995, said it's premature to become alarmed about potential abuses.
"The key is not whether the FBI can access databases," Wisdom said. "The key is what they do with it. You have to trust your law enforcement community that even though they have access to privileged information, that they have the good judgment to use it properly."
Privacy advocates and others, like DeCastro, who are knowledgeable about the industry say they are alarmed by the consumer marketing industry's practices. Many people would be horrified if they understood the scope of personal information collected in commercial databases, said Beth Givens, director of the Privacy Rights Clearinghouse in San Diego.
Much of that personal data comes from supermarket loyalty-club programs and credit-card purchases, which can be used to build customer profiles, Givens said. Other data comes from consumer surveys offering giveaway merchandise and from product warranty cards that can mislead consumers into believing they must complete the form to activate the warranty.
Using advanced computing capabilities, many companies then "enhance" their database by combining data from public records and other sources, Givens said.
Acxiom Corp. of Little Rock, Ark., compiles information from many sources, then uses advanced data-mining techniques to produce specialized marketing lists. In this way, Acxiom can identify thousands or millions of people who fit particular profiles: for instance, 18-to 28-year-old men who purchase certain products or drive certain cars.
Such profiles can be highly specific, but Givens said they also can generate misleading and bogus information.
Larry Ponemon of Privacy Council, a Dallas consulting firm, said in an interview in June that one study reportedly done on the 19 airline hijackers involved in the Sept. 11 attacks found a pattern in their orders for pizza.
"Most college kids order pizza all the time," Ponemon said. "But most people pay cash for pizza. These guys paid with a credit card. That was an odd thing. That became one of the correlates for doing a profile."
Other major companies, such as Experian, Equifax and TransUnion, have long used data-mining techniques to assess and score consumers' credit risk, detect fraud and conduct other data-crunching services.
Another goliath, ChoicePoint of Alpharetta, Ga., has emerged in recent years as the nation's biggest job-screening concern. The FBI and Immigration and Naturalization Service also have used ChoicePoint to find fugitives, illegal immigrants and other subjects of investigations. Prospective employers use ChoicePoint to compare job candidates' names against a database of 14 billion records, including arrest records and credit data.
DeCastro said such databases also can turn up information that employers are legally prohibited from asking job candidates, such as an applicant's age, marital status or HIV diagnosis.
Much of the information collected in databases also is wrong, said Givens, who notes people are not always truthful when they fill out consumer surveys and product warranty cards.
"By trolling through such a large amount of data from disparate sources, the FBI is likely to add one and one and get three," Givens said.
There also are disturbing examples of how information in databases gets misused, such as the personal example that Ponemon described in the April 2000 issue of CIO magazine.
In 1995, when Ponemon was part of PricewaterhouseCooper's compliance risk group, he provided information about his family to a Jewish organization building a database to reunite families who had moved or changed their names after the Holocaust.
While conducting an audit of a direct marketing company's database 21/2 years later, Ponemon discovered the organization to which he had given his information had sold its database to a direct marketing group to raise money. That marketing firm integrated the information with its own data, and the compiled information was bought, added to and sold at least 10 times after it left the marketer's hands.
Ultimately, the database, which by then included enhanced details about Ponemon's family, credit and occupational history and thousands of others went to a neo-Nazi group in Idaho.
DeCastro said many organizations sell their membership rosters and enrollment lists. Some even count on income from selling their lists as a regular source of revenue.
-------------------------------------------------------------------------------- Staff writer Kathryn Balint contributed to this report.
Bruce Bigelow: (619) 293-1314; email@example.com
Copyright 2002 Union-Tribune Publishing Co.
Prior to Clinton, I would have gone along with this agent's sentiment.
Who of us doesn't want to support our government agents, to stand with them in proud patriotic unity?
But those same agents are capable of being manipulated by a vindictive group with a political agenda. And this is precisely why the ideas for the United States of America were framed as they were, to impede these developments.
The time for civil disobedience has arrived. Other than for the purpose of employment, the SSN should be denied to all that request it. This includes medical insurance plans, credit bureaus, supermarket chains, driver licensing bureaus, passport agencies, court dockets, banks and brokerages.
Our governments can proceed to track non-citizens with this scheme, but American citizens enjoy the rights given them by God unless they submit to those that view such rights as granted by government.
It's as if Vance Packard's 1965 book, "The Naked Society," had never existed. None of this is new.
My hubby and I have always refused to give our social security numbers out to those who have no right to ask us for this information. We carry a copy of the law with us at all times, which specifies who may legally ask us for this info and more importantly states the severity of the penalties for those insisting on this info when they have no legal right to it. It works like a charm. (Although, I must admit our main concern had always been identity theft rather than the government's ability to track us.)
I'm getting very tired of the government expanding its snooping powers over anyone and everyone, when we all know who poses the real threat. If FBI agents hadn't been so busy chasing every American with a gun & a copy of the US Constitution, they might have been more aware of what Mr. Atta and his pals were up to. This wide spectrum snooping is just more of the same unfocused BS that got us 9-11.
Instead of setting up an elaborate system of database profiling, they need to drop the PC nonsense and do the kind of profiling that will get them real results. Otherwise they're just wasting their time, manpower, and money. (What the government does best, eh?)
I really don't want the government tracking my purchases. My book buying habits alone could give them the wrong idea, since I tend to read up on a wide range of topics from varying viewpoints, sometimes agreeing with the authors, sometimes wanting to throttle them.
Tracking me would be quite an undertaking though, requiring more than one agent for sure, because no matter how hard I try, I can't seem to get anyone to spell my last name right. It drives me batty sometimes. And, the spelling boondoggles keep getting worse as the number of "English as a 2nd language" speakers increases. (sigh)
"Frequently Asked Questions on SSNs and Privacy"
Isn't that special?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.