Commercial database use flagged

Electronic Privacy Information Center

Privacy advocates have filed a lawsuit in federal court to force the Justice and Treasury departments to disclose details about buying information about individuals from commercial databases. The agencies are generally banned from amassing such information on their own.

Electronic Privacy Information Center officials said Jan. 15 that the two agencies have illegally failed to respond to Freedom of Information Act requests for details about their information purchasing practices.

Lawyers for EPIC sought the information after seeing news reports and obtaining documents that indicate at least six federal law enforcement agencies buy personal information from database companies.

The companies include ChoicePoint Inc., which gathers and sells information for purposes ranging from employment background checks to insurance fraud investigations, and Experian, which claims to have information gathered from "hundreds of public and proprietary sources" on 215 million consumers.

The Privacy Act of 1974 banned federal agencies from collecting personal information about individuals unless they are actively investigating the individual. But no such prohibitions apply to database companies.

The companies collect data from a wide range of commercial and government sources, such as credit card records, motor vehicle and property records, license records, marriage and divorce data, bankruptcy and other court databases, product warranty registrations, loan applications and other sources.

Government agencies that buy the information include the FBI, the Drug Enforcement Administration, the U.S. Marshals Service, the Internal Revenue Service, the Immigration and Naturalization Service, and the Bureau of Alcohol, Tobacco and Firearms, according to EPIC.

A key concern for privacy advocates is how accurate the data is, said Chris Hoofnagle, EPIC's legislative counsel who filed the suit. ChoicePoint, for example, provided inaccurate data to Florida election officials, who denied thousands of voters access to the polls in 2000.

Hoofnagle said EPIC obtained documents that show that information the IRS bought from ChoicePoint and Experian included "credit header data," which includes a person's name, current and prior addresses, Social Security number, date of birth, telephone number, information from property records, motor vehicle records, marriage licenses and divorce papers, and records of international asset location. IRS employees have access to this data through their desktop computers, Hoofnagle said.

It is not clear whether the agencies buying information are violating the law, "but if they are buying information without real investigations going on, then there are going to be problems," he said.

The Privacy Act was passed to stop information collection abuses that were common during the 1960s and 1970s, when the FBI and other agencies compiled detailed dossiers on Vietnam War protesters, civil rights activists, political "enemies" of the president, celebrities and others.

Hoofnagle said recent cases show that the abuse of information by government employees has not ended. Recent abuses include police employees using information to track women for dates and to rob rental cars and federal employees selling DEA data, he said.

"You don't have to have a rogue government, just a rogue civil servant," he said.

The Justice Department has 30 days to respond to the suit.