|
|
Introduction
The transition from feudalism and monarchies to the bureaucratic state
and advancements in administrative science has increased governments'
vigilance, reach, and power over its citizens by creating systems
designed to locate, track, and identify individuals. A single computer
with a searchable database can now act as its own bureaucracy operated
not by people in large organizations skilled in administrative science,
but by quick algorithms created
by computer science.
The paper will explore, within the United States, methods, motives,
privacy concerns, and legal issues of the use of information collected
by non-government entities for government purposes.
Drafting ice cream
For years Farrell's Ice Cream Parlor Restaurant, a chain of ice cream
shops, gave customers free ice cream sundaes on their birthday if they
filled out a form with their birthday and other personal information.
Farrell's sold the information collected to a list broker.
Farrell's believed, as they told their customers, that the
information would be sold to "firms selling encyclopedias or
magazines oriented toward children"
(United Press International, 1984).
The list broker sold the information not
only to companies, but also sold the list of 167,000 names to the
Selective Service for $5,687.
In October of 1983, the Selective Service
"began using the list to mail 1,500 to 3,500 warning cards a month to young
men whose listed birthdays indicated they were about to turn 18"
(Burnham, 1984).
One such warning addressed to "Johnny Klomber,"
a fictional 17 year old created by Eric Hentzell, then age 10,
caused widespread publicity of the use of the birthday list by the
Selective Service when Hentzell's father received the letter and
"was disturbed that Uncle Sam could be using ice cream parlor mailing
lists to keep track of youngsters at an 'innocent age.'"
(United Press International, 1984).
When informed of the birthday
list and Selective Service connection, the executive vice president of
Farrell's expressed that he "did not feel the benefits of such Government
tracking programs were worth the sacrifices" (Burnham, 1984). A spokesman
for the Selective Service stated "[t]he use of this commercial list was
entirely appropriate and we don't have any moral qualms," but because
Farrell's arrangement with the list broken included approval of entities
to which the list would be sold and permission was not given to sell
the list to the Selective Service, the Selective Service decided to
delete and stop using the list.
The results of this case demand that the government evaluate the
ramifications of false positives both for the government and
individuals.
A company can sell the same information to advertisers
(and spammers) just as it would to the government. So
to maintain the right to be left alone, it is sometimes
necessary to submit inaccurate information to entities
that exist not to govern or protect, but to make monetary
profits.
But now it seems that entering a fake name or other false
information on some website's registration form could
earn the privacy conscious citizen an alias list or even
visit by the FBI.
Libraries
In a paper presented at the 12th conference for Computer, Freedom,
and Privacy, Carrie Gardner, Ph.D. described a blind hunt for
information by law enforcement using library records. In 1990 an
infant was abandoned in Decatur, Texas and without any leads, the
District Attorney's office delivered a subpoena to local
libraries requesting "the names, addresses, and telephone numbers of
everyone who checked out any book on childbirth during the previous nine
months." The library challenged the subpoena and a District Court
Judge ruled in their favor. The authorities had no indication that
the mother read such a book, but if "the library turned over the
circulation records, every patron who had checked out a resource
about childbirth would have been interviewed and investigated" as
a suspect in the case (Gardner, 2002).
In 1970, the U.S. Treasury Department, in search of individuals
planning bomb attacks, requested the Milwaukee Public Library and
twenty-seven libraries and branches in Atlanta to hand over
"circulation records of books and materials on explosives."
Incidents like these and others compelled the American Library
Association to issue a statement that they believe "the efforts
of the federal government to convert library circulation records
into 'suspect lists' constituted an unconscionable and
unconstitutional invasion of the right of privacy of library
patrons and, if permitted to continue, will do irreparable
damage to the educational and social value of the libraries
of this country" (Intellectual Freedom Manual, 1996, p 155).
Shortly after September 11, 2001, in Broward County of Florida,
authorities, with court orders, "collected computer information
from public libraries where someone fitting the description of
Mohamed Atta, the man emerging as a leader of the terrorist group,
was seen using computers with Internet access" (Holland, 2001).
Investigators also requested and obtained "records from two
library branches in Hollywood . . . to piece together the reading
habits and Internet activities of those suspected in" the
September 11 terrorist attacks on the United States (Holland, 2001).
Sources of information
The FBI and other agencies have collected information from an
assortment of private industries including:
- Grocery store frequent-shopper records
- Scuba diving certification records
- Store purchases, both online and offline
- Club memberships
- Utility bills
- "Easy Pass" toll records and building access cards
- Real estate and mortgage information
- Magazine subscriptions
(Center for Democracy, 2003).
Methods of recruitment
A report by the American Civil Liberties Union describes
a scheme dubbed "Operation Shamrock" started in 1945 in
which U.S. telegraph companies delivered "copies of all
messages sent to or from the United States" to the National
Security Agency (2004, p 9). The NSA recruited the companies by
appealing to the patriotism of the company presidents.
After September 11, 2001 many airlines voluntarily turnd over customer
travel records to law enforcement. The ACLU claims that "the
information was turned over not to help the government solve a
particular crime or track a particular suspect, but in order to
examine each traveler's records in the hopes of identifying
terrorists by detecting 'suspicious' patterns" (2004, p 10).
The paper also highlights a secretive program called InfraGrad
that it states is analogous to a corporate TIPS program. "The
Cleveland Plain Dealer describes it as 'a vast informal network
of powerful friends,' a 'giant group of tipsters' created
by the FBI under a 'philosophy of quietly working with corporate
America' in order to 'funnel security alerts away from the public
eye and receive tips on possible illegal activity'" (2004, p 10).
Constraints on the government
According to a report by the Center for Democracy,
"the United States has no comprehensive privacy law for commercial
data, a great deal of information is available to law
enforcement and intelligence agencies for purchase from data
aggregators" (2003). The Privacy Act of 1974 forbids law enforcement
from collecting and maintaining information about people who are not
suspected in a crime. However, "government is increasing
circumventing those restrictions simply by turning to private companies,
which are not subject to the law, and buying or compelling the transfer
of private data that it could not collect itself" (American Civil
Liberties Union, 2004, p 8).
"The government has argued that it should have the same access to
consumer data that the private sector has" but access is not the
only argument necessary justifying obtaining sensitive information
(American Civil Liberties Union, 2004, p 8). Need to know and
reasons for use differ between the holders of customer data in
the private sector and the government seeking that data.
According to the Center for Democracy, "under existing law the
government can ask for, purchase or demand access to most
private sector data. Constraints on how the government can use
the data once accessed are uncertain." (2003).
Problems with information providers
Companies such as ChoicePoint that aggregate and then "sell info
to the government agencies aren't liable for its accuracy, nor
are guidelines in place about how it's used" (Black, 2002).
ChoicePoint is an information broker that uses publicly
available information to provide businesses and government
investigating a person a compiled list describing a
person's credit, criminal and job history, associations, and
other information. The US government uses ChoicePoint as a way
of outsourcing information compilation tasks. ChoicePoint
"sells personal information to federal law-enforcement agencies,
including the FBI, the Drug Enforcement Agency (DEA), the U.S.
Marshals Service, and 7,500 local police departments across the country"
(Black, 2002).
Regulations of information held by private companies do not require
that the company provide people with the ability to correct information
about themselves that is erroneous. When Richard Smith, chief technology
officer of the Privacy Foundation, purchased records from ChoicePoint
on his family, he received a sixty page report that stated many
erroneous facts including that he was possibly "a company officer
for more than 30 small businesses around the country," that his wife
had had a son unknown to him named Kyle, his daughter was actually his
neighbor, he had previously married a woman named Mary, and that he died
in 1976. (Black, 2002).
In 1998, a "woman was fired from a technical job after ChoicePoint
told her employer that she was a shoplifter and convicted drug dealer,"
but the woman had no criminal record (Smith 2001).
"In the last presidential election . . . thousands of African Americans
were misidentified as felons and denied the right to vote" (Smith 2001).
ChoicePoint argues that the services they provide help make "for a
safer society." (Smith 2001).
Representative Adam Putnam, Chair of the House Government Reform
Subcommittee on Technology, Information Policy, and the Census believes:
- Congress should begin oversight hearings on the information
brokers' practices.
- Agencies should be asked to routinely report on the private-sector
databases that they have purchased, including the number of records
obtained, and the specific characteristics of the data.
- Congress should determine whether Privacy Act obligations should
be applied to the entire information broker industry, as these businesses
are now engaged in the practice of building government profiles of
individuals that would be regulated under the Privacy Act.
(2003).
Effect on companies
Companies that maintain large amounts of personally identifiable
customer data may be hurt financially by government requests.
"Last year, BellSouth received more than 32,000 subpoenas for
customer information, about half of those from law enforcement. In
addition, the telecommunications giant received 636 court orders,
mostly from the government, including requests for wiretaps"
(Moscoco, 2003). For each request, employees must spend time to
find, process, and deliver the requested information.
When the FBI asked several scuba shops for customer information
just before Memorial Day weekend, the "Professional
Association of Diving Instructors decided to voluntarily hand
the information to the FBI rather than burden their members before
a peak weekend." "The group sent the FBI a ZIP drive with the
names, addresses and other personal information of about 2 million
people -- nearly every U.S. citizen who had learned to dive in the
previous three years" (Moscoco, 2003).
More than 50 different companies are now selling information systems
to help companies become "Patriot-compliant." Tools that
"filter every record and transaction by a customer into one place,
making it easier to find patterns and answer any subpoenas about
that person" now have a demand as holders of private data must
respond to increasing government requests for information on their
customers.
In December 2002, when Western Union did not report several
suspicious transactions, they were fined $8 million (Moscoco, 2003).
Bibliography and further readings
Copyright 1984 The New York Times Company
The New York Times
August 4, 1984, Saturday, Late City Final Edition
SECTION: Section 1; Page 5, Column 1; National Desk
LENGTH: 436 words
HEADLINE: SELECTIVE SERVICE TO STOP USE OF BIRTHDAY LIST
BYLINE: By DAVID BURNHAM
DATELINE: WASHINGTON, Aug. 3
Copyright 1984 U.P.I.
United Press International
August 3, 1984, Friday, AM cycle
SECTION: Domestic News
LENGTH: 300 words
HEADLINE: Draft board gives up mailing list
DATELINE: SAN FRANCISCO
Fact or Fiction: Privacy in American Libraries,
presented at CFP 2002, the 12th Conference on Computers Freedom & Privacy by Carrie Gardner, Ph.D.
Carrie Gardner Ph.D.
Coordinator, Library Media Services, Milton Hershey School
Past Chair, American Library Association Intellectual Freedom Committee, Privacy Sub-Committee
http://www.cfp2002.org/proceedings/proceedings/gardner.pdf
Title: Intellectual freedom manual [electronic resource] / compiled by the Office for Intellectual Freedom of the American Library Association.
Edition: 5th ed.
Publisher: Chicago : American Library Association, 1996.
Description: xlvii, 393 p. : ill. ; 23 cm.
Subject(s): Libraries Censorship United States Handbooks, manuals, etc.
Freedom of information United States Handbooks, manuals, etc.
Electronic books.
Notes: Includes bibliographical references (p. 369-370) and index.
Electronic reproduction. Boulder, Colo. : NetLibrary, 2001. Available via World Wide Web. Access may be limited to NetLibrary affiliated libraries.
Other Contributors: NetLibrary, Inc.
American Library Association. Office for Intellectual Freedom.
URL: http://www.cc.gatech.edu/~volstok/docs/thread.shtml
Author: Jason Hurley
Date of access: 01/09/2005
Center for Democracy & Technology
Privacy’s Gap: The Largely Non-Existent Legal Framework for Government Mining of Commercial Data
May 28, 2003
www.cdt.org/security/usapatriot/030528cdt.pdf
BusinessWeek online
January 24, 2002
Privacy Matters
By Jane Black
Headline: Data Collectors Need Surveillance, Too
http://www.businessweek.com/bwdaily/dnflash/jan2002/nf20020124_0582.htm
Wired
May 11, 2001
What They (Don’t) Know About You
http://www.wired.com/news/privacy/0,1848,43743,00.html
Federal Computer Week
The state of surveillance
William Matthews
June 18, 2001
http://www.fcw.com/fcw/articles/2001/0618/cov-main-06-18-01.asp
Robert Dreyfuss
July/August 2003 issue
MotherJones.com
Title: The Watchful & the Wary
http://www.motherjones.com/news/feature/2003/07/ma_445_01.html
Feds demanding more info about companies' customers
Firms add staff, spend more to keep up with requests
Eunice Moscoco
The Atlanta Journal-Constitution
8/17/2003
CAPPS II Fact Sheet
U. S. DEPARTMENT OF HOMELAND SECURITY
Transportation Security Administration
September 29, 2003
TSA Public Affairs: (571) 227-2829
http://www.tsa.dot.gov/public/display?theme=44&content=713
Markle Foundation
http://www.markletaskforce.org/guidelines/government_matrix.shtml
http://www.markletaskforce.org/guidelines/commercial_matrix.shtml
Database Nation
The upside of "zero privacy"
Declan McCullagh
http://reason.com/june-2004/mccullagh.pdf
June 2004
Reason
March 25, 2003
Representative Adam Putnam
Chair, House Government Reform Subcommittee
on Technology, Information Policy, Intergovernmental
Relations, and the Census
B-349-A RHOB
Washington, DC 20515
Representative William Clay
Ranking Member, House Government Reform Subcommittee
on Technology, Information Policy, Intergovernmental
Relations, and the Census
B-349-A RHOB
Washington, DC 20515
Re: Hearing on Data Mining: Current Applications and Future Possibilities
http://www.epic.org/privacy/profiling/datamining3.25.03.html
Surveillance-Industrial Complex
American Civil Liberties Union
August 2004
http://www.aclu.org/Files/getFile.cfm?id=16225
Newly found stuff
Privacy the Safeway
Arson investigators in Washington found a fire starter with a Safeway wrapper
on it at the scene of a house fire. A Washington fireman was
charged
with arson for setting the house on fire. When asked if he had purchased fire starter,
he said he made no such purchase. However, Safeway handed the purchase records
made with the firefighter's Safeway Club card which indicated that
fire starter had been purchased with his card.
In January of 2005 all charges against the firefighter
were dropped
when another person admitted to the crime.
Sources
http://heraldnet.com/stories/05/01/28/100loc_arson001.cfm
Jim Haley
Herald
Accessed: January 29, 2005
http://seattletimes.nwsource.com/html/localnews/2002055245_arson06m.html
Seattle Times
Article date: October 7, 2004
Accessed: January 29, 2005
ChoicePoint and fraud
ChoicePoint divulged
the personal records contain names, addresses, Social Security
numbers, credit reports, and other highly personal information of more than 30,000 US
citizens to fake companies.
According to ChoicePoint's website,
the company "helps reduce fraud and mitigate risk." Under their
vision statement,
ChoicePoint
"strive[s] to create a safer and more secure society through the responsible use of information."
Source:
http://www.msnbc.msn.com/id/6969799/
Notwithstanding any language to the contrary, nothing contained
herein constitutes nor is intended to constitute an offer, inducement,
promise, or contract of any kind. The data contained herein is for
informational purposes only and is not represented to be error free.
Any links to non-Georgia Tech information are provided as a courtesy.
They are not intended to nor do they constitute an endorsement by the
author.
|
|