Privacy SOS

Police and federal agents increasingly have access to huge quantities of commercial, banking and other private data on citizens not suspected of having committed any crimes. Examples of police abuse of data systems are plentiful and growing. For the purpose of simplicity, we can break down the different kinds of databases into two main categories: government and commercial. As you'll see, there are many ways in which government and commercial databases bleed into one another, most notably, that government agencies routinely buy access to commercial databases like Choicepoint and BlueKai. In some cases, the line between government and commercial data brokers completely evaporates, as is the case for In-Q-Tel, a branch of the CIA that invests heavily in data mining and data broker corporations.

First, let's take a look at some of the government databases. There are many different kinds of government databases, including criminal databases and non-criminal databases.

One example of a non-criminal government database in Washington state contains the license plate numbers and locations of cars picked up by the state police's “Automated License Plate Recognition” (ALPR) system. The ACLU of Washington has investigated how these systems are being used. What they have found is profoundly disturbing, and highlights what is at the heart of the problem with unchecked data gathering. ACLU of Washington's Brian Alseth estimates that police in that state are collecting location information on millions of license plates per year. He writes:

ALPRs raise serious concerns to your privacy because of the system's ability to monitor and track the movements of ALL vehicles, including those registered to people who are not suspected of any crime. Without restrictions, law enforcement agencies can and do store the data gathered by the license plate readers forever, allowing them to monitor where you have traveled and when you traveled there over an extended period of time. In fact, a key selling point for ALPR vendors is the system’s ability to track drivers. As explained by the Los Angeles Police Department Chief of Detectives, the “real value” of the ALPR “comes from the long-term investigative uses of being able to track vehicles—where they’ve been and what they’ve been doing.”  In other words, the cops want to data mine your driving habits.

The ALPR databases are simply one example of government agencies collecting information about innocent people.

But even when the government collects information for criminal databases, innocent people can get caught up in the mix. The largest criminal database in the country is maintained by the FBI. The National Crime Information Center (NCIC) database contains supposedly criminal information submitted by federal, state, local and foreign law enforcement agencies and authorized courts.

Security expert Bruce Schneier in 2003 described the database as:

contain[ing] over 39 million criminal records and information on wanted persons, missing persons, and gang members, as well as information about stolen cars and boats. More than 80,000 law enforcement agencies have access to this database. On average, the database processes 2.8 million transactions each day.

In a disasterous move, the US Department of Justice in April 2003 let the FBI off the hook on maintaining any semblance of accuracy in their NCIC data. Whereas before the Department of Justice decision, the FBI was responsible for ensuring the accuracy of the millions of records they hold and distribute to law enforcement nationwide, the FBI is now free from any such responsibility.

The result was predictable enough: the integrity of the database has been compromised because it is so riddled with errors. The problem is so bad that Roy Weise, senior adviser to the FBI's Criminal Justice Information Services Division, was reported as saying that “about half of the arrest records in the system have not been updated to reflect convictions, dismissals or acquittals.”

The most important take-away from this fact is that, because government and commercial databases feed into one another in something of a repetetive loop or closed cycle, any tainted information in one part of the system (the NCIC, for example) translates into the entire system being tainted. So as a result of the increasingly interconnected nature of these databases, junk information in one spreads like a virus through the rest of them, becoming impossible to contain or amend.

In other words, junk into the system results in junking the system. Plenty of Americans have born the brunt of this data-system-gone-wild. But it isn't just inaccurate information that puts us at risk; the very existence of these data bases containing nearly complete dossiers on most Americans endangers us. Identity thieves and other criminals regularly steal personally identifiable and credit related information from massive corporate data brokers, putting millions of people at risk every year. There's even an entire website dedicated to monitoring these security data breaches. 

Part of the problem is that the corporate data behemoths are allowed to operate with hardly any regulatory oversight from the government. That has allowed for a system in which companies like Acxiom are allowed to buy and sell unbelievably detailed information about everyone, with hardly any restrictions. Robert O'Harrow Jr., writing for The Washington Post in 1998, described the kind of information these companies buy and sell about you:

Twenty-four hours a day, Acxiom electronically gathers and sorts information about 196 million Americans. Credit card transactions and magazine subscriptions. Telephone numbers and real estate records. Car registrations and fishing licenses. Consumer surveys and demographic details.

Over ten years later, that number is much higher. Acxiom boasts on its website of maintaining files on 300 million Americans, just about all the adults:

Acxiom’s identification platform utilizes demographic and geographic data in challenge questions with nearly 900 data elements for more than 300 million individuals. Acxiom Identity Authentication data comes from public, publicly available and non-public proprietary databases. Acxiom Identity Authentication data is current and regularly updated daily, weekly and monthly, depending upon the data source.

In his book No Place to Hide, O'Harrow Jr. points out that these companies found an ally in government in the post-9/11 era: they had loads of information on basically every American adult, and the government wanted access to it. Now that they are partners, it is unlikely that the government will act to regulate the data warehousing industry unless consumers mobilize a very large campaign to fight back. 

There is no way to protect yourself from identity theft or government overreach except to force the government to regulate itself and the private databrokers it buys your information from. To get involved to protect your private data here in Massachusetts, visit our Get Involved page.

It's important to tell real life stories so that people come to a better understanding of how this kind of data system gone wild can negatively impact our lives. Has false information in government or commercial databases negatively affected your life? Let us know!

© 2023 ACLU of Massachusetts.