Posted on 09/03/2002 8:32:50 AM PDT by dalereed
FBI will tap into personal profiles
No legal basis for suspicion needed
By Bruce V. Bigelow
STAFF WRITER
September 3, 2002
When direct marketing consultant Mike DeCastro gets hired to plan a campaign pitching vacations in Mazatlan or cell phone service in San Diego, one of his first moves is to consult an online catalog of customer lists.
Such lists are the lubricant that keep the wheels of our consumer society spinning. If you applied for a loan or used a credit card, your name is on a list. They identify almost everyone who has attended school, subscribed to anything, or bought anything from a catalog, direct mail or online merchant.
Ultimately, such lists also provide the raw material used to build sophisticated computerized databases that have become a multibillion-dollar industry.
"Just about anything that you want to know about anybody is available in a commercial database," said DeCastro of San Francisco.
Most people don't have a clue that such databases compile information from a variety of sources, linking their names to their Social Security numbers, credit profiles, employment histories, travel records, court records, personal interests and chronic health conditions.
And now, under changes ordered by Attorney General John Ashcroft, the FBI is moving to use commercial databases in its efforts to prevent acts of terrorism in the United States.
The change was part of a broader decision, announced by the Justice Department May 30, to loosen the internal policies that guide federal terrorist investigations.
Now, even if they don't have a specific suspect or legal basis for suspicion, "FBI agents under the new guidelines are empowered to scour public sources for information on future terrorist threats," Ashcroft said.
The attorney general did not specify how the FBI would use commercial databases, and a Justice Department spokesman did not return calls seeking elaboration.
Experts say the FBI would likely use special software and advanced "data-mining" techniques that can sift through enormous fields of data to identify patterns and characteristics of potential terrorists.
Given the potential threats to American security, some say the changes were long overdue.
"The computer systems that were available to the general public were not available to agents like me," said Darwin Wisdom, a former FBI agent who runs the Baker Street Group, a San Diego investigative firm. "I was always dismayed by our inability to access information that was available on computer just about everywhere else."
'Dragnet-style'
Before Ashcroft changed the guidelines, the FBI could not even use standard Internet search engines such as Google to look for information concerning terrorist activity, said Mitch Dembin, who resigned two years ago as a federal prosecutor specializing in computer crimes. Investigators first had to have suspicion. "The guidelines cannot be so strict that they shut out from law enforcement the very tools that are available to you and me," Wisdom said. "That's preposterous."
Ashcroft's changes have stirred some opposition. The American Civil Liberties Union says the new FBI guidelines reversed many self-imposed restraints the Justice Department adopted in the 1970s after revelations of FBI illegal spying.
"For over a decade, the commercial data collectors have promised Americans they would not turn this data over to law enforcement," said Chris Hoofnagle, a lawyer with the Electronic Privacy Information Center in Washington, D.C. "This was a guarantee that has staved off legislation and allowed this data collection to continue."
The new capabilities of these technologies now allows "suspicionless, dragnet-style investigations of all Americans," Hoofnagle said.
FBI agents could use commercial databases before Ashcroft changed the guidelines, but only after indications of criminal activity were established, Hoofnagle said. A prosecutor would then obtain a warrant that allowed a search, as well as electronic eavesdropping.
"Under the old guidelines, they were not allowed to engage in prospective searches meaning they could not sit down and say all Protestant men between 20 and 24 are likely terrorists and print out a suspect list," Hoofnagle said.
By using commercial databases, DeCastro said, the FBI could generate lists of potential suspects based on a profile using such criteria as race, religion, travel, bank accounts and even grocery-store purchases.
"It's a disaster," said John Perry Barlow, a fellow at Harvard Law School's Berkman Center and a co-founder of the Electronic Frontier Foundation. "This information has been gathered with an assurance to the consumer that his privacy was being protected, except when warrants were issued for a specific release."
Said Barlow: "We have increasingly what strikes me as the foundation for a police state in the United States."
But Wisdom, who spent 27 years as an FBI agent before retiring in 1995, said it's premature to become alarmed about potential abuses.
"The key is not whether the FBI can access databases," Wisdom said. "The key is what they do with it. You have to trust your law enforcement community that even though they have access to privileged information, that they have the good judgment to use it properly."
Troubling tactics
Privacy advocates and others, like DeCastro, who are knowledgeable about the industry say they are alarmed by the consumer marketing industry's practices. Many people would be horrified if they understood the scope of personal information collected in commercial databases, said Beth Givens, director of the Privacy Rights Clearinghouse in San Diego.
Much of that personal data comes from supermarket loyalty-club programs and credit-card purchases, which can be used to build customer profiles, Givens said. Other data comes from consumer surveys offering giveaway merchandise and from product warranty cards that can mislead consumers into believing they must complete the form to activate the warranty.
Using advanced computing capabilities, many companies then "enhance" their database by combining data from public records and other sources, Givens said.
Acxiom Corp. of Little Rock, Ark., compiles information from many sources, then uses advanced data-mining techniques to produce specialized marketing lists. In this way, Acxiom can identify thousands or millions of people who fit particular profiles: for instance, 18-to 28-year-old men who purchase certain products or drive certain cars.
Such profiles can be highly specific, but Givens said they also can generate misleading and bogus information.
Larry Ponemon of Privacy Council, a Dallas consulting firm, said in an interview in June that one study reportedly done on the 19 airline hijackers involved in the Sept. 11 attacks found a pattern in their orders for pizza.
"Most college kids order pizza all the time," Ponemon said. "But most people pay cash for pizza. These guys paid with a credit card. That was an odd thing. That became one of the correlates for doing a profile."
Other major companies, such as Experian, Equifax and TransUnion, have long used data-mining techniques to assess and score consumers' credit risk, detect fraud and conduct other data-crunching services.
Off-limits data
Another goliath, ChoicePoint of Alpharetta, Ga., has emerged in recent years as the nation's biggest job-screening concern. The FBI and Immigration and Naturalization Service also have used ChoicePoint to find fugitives, illegal immigrants and other subjects of investigations. Prospective employers use ChoicePoint to compare job candidates' names against a database of 14 billion records, including arrest records and credit data.
DeCastro said such databases also can turn up information that employers are legally prohibited from asking job candidates, such as an applicant's age, marital status or HIV diagnosis.
Much of the information collected in databases also is wrong, said Givens, who notes people are not always truthful when they fill out consumer surveys and product warranty cards.
"By trolling through such a large amount of data from disparate sources, the FBI is likely to add one and one and get three," Givens said.
There also are disturbing examples of how information in databases gets misused, such as the personal example that Ponemon described in the April 2000 issue of CIO magazine.
In 1995, when Ponemon was part of PricewaterhouseCooper's compliance risk group, he provided information about his family to a Jewish organization building a database to reunite families who had moved or changed their names after the Holocaust.
While conducting an audit of a direct marketing company's database 21/2 years later, Ponemon discovered the organization to which he had given his information had sold its database to a direct marketing group to raise money. That marketing firm integrated the information with its own data, and the compiled information was bought, added to and sold at least 10 times after it left the marketer's hands.
Ultimately, the database, which by then included enhanced details about Ponemon's family, credit and occupational history and thousands of others went to a neo-Nazi group in Idaho.
DeCastro said many organizations sell their membership rosters and enrollment lists. Some even count on income from selling their lists as a regular source of revenue.
-------------------------------------------------------------------------------- Staff writer Kathryn Balint contributed to this report.
Bruce Bigelow: (619) 293-1314; bruce.bigelow@uniontrib.com
Copyright 2002 Union-Tribune Publishing Co.
Carolyn
Your analysis was real good to that sentence. The powers will never be "curtailed". The government never gives power back unless forced to. That's an absolute. And these days, the lobbyists trump the five people you might get together to protest such a thing. It's not about puppies or seal fur, afterall.
And what have you seen since then? Mere pockets of discontent. That's all. And it will continue to be so.
Not at all. I don't use SSN at all, and I have terabytes of data on 20 million americans. Actually, I don't have it, my client does, but I do much of the data mining for them. And this information is all public, if you are willing to invest the time and money to compile it.
That being said, I treat everyone like a number, for reasons related both to efficiency, and ethics. And my client goes to great pains to only market products to those who show an interest in their product, again for reasons relating to both efficiency (economic efficiency) and ethics.
But such information would be ideal for tracking criminal activity. It is already used by unethical and even criminal organizations. Ecofreaks are now putting together these types of databases, as are anti-RKBA groups. Such information could also be used by pedophiles, burglars, Scam artists, you name it.
Am I for changing the laws? I am on the fence; I don't really think it would do much good. Even if there were penalties for abuse (which there are to an extent), it would be difficult to prove, difficult to prosecute, and virtually impossible to undo. Not to mention that much of this data comes from the government itself, and still more is used by the government. And just like gun-control laws, it would be a burdon for ethical businesses and organizations, and ignored by others. Some of the telemarketing crap skirts the laws by basing operations in Canada, for instance.
OMG I paid for a pizza with a credit card about ten years ago. PISSSSSSS ! Don't let this get out. I own guns and have experience with explosives.
I don't have quite that many records at my fingertips, maybe a couple of million businesess over the course of several years, but I share your concerns about this data. When I refuse to give out personal data to retailers and they question me about my hesitation, I simply tell them that I am protecting myself from people like myself with the capability to abuse data. I don't, but I could, and I fear the feds are getting ready to start abusing public-domain data - because, after all, what says more about you than what you buy?
I think your proposal: ** Anyone keeping information traceable to a person must report to that person, at least annually, the contents of that information ** sounds like a big burden to a lot of businesses and agencies alike. Even I have information that fits that category in my work, and finding and sending that information to them every year would be a burdon.
Does this include my Outlook files of contacts I have made too? - I keep info on everyone I talk to, including names and addresses and phone numbers.
I should go read the article now, and see what it was about.... was just responding to your post.
You're right, but I doubt there's any way to stop them. Technology is like government and like fire: "a dangerous servant and a fearful master." I think George Washington said that?
Carolyn
http://www.cjmciver.org/free/privacy74.shtml
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.