Orwell Award Announcement SusanOhanian.Org Home

NCLB Outrages

Computer Break-In

Ohanian Comment: This is important.

I post this news story because of where it quickly leads. A computer break-in in Georgia that affects Californians (and probably thousands of others) may seem unrelated to NCLB, but the relationship is as close as any child you care about. Don't miss the earlier story (posted below) giving a history of ChoicePoint--history with implications.

Schools are now collecting mountains of data on children. We need to ask ourselves:

  • Why is this data being collected?

  • Who wants it?

  • Why?

  • How secure is it?

  • Who has access to it?

  • The idea of a federal watchdog on school data is ludicrous. The feds are the ones requiring some 900 pieces of info. The blueprint for this action is the 226-page Student Data Handbook for Early Childhood, Elementary, and Secondary Education (NCES 94-303), published by the National Center for Education Statistics.

    Maybe there's nothing ominous about the Feds documenting how many teeth are in a student's mouth and the condition of his gums, but I'd find it more benign if the Feds had any interest in raising the minimum wage so parents could afford to provide their children with adequate diets and fix their rotten teeth.

    In the Student Data Handbook, the category Oral Health (under Health Conditions) has questions on (230) Number of Teeth, (231) Number of Permanent Teeth Lost, (232) Number of Teeth Decayed, (237) Number of Teeth Restored, and (235) Gingival (Gum) Condition.

    First the teeth, then the psyche. A subsection under Assessment Data to be collected includes
    an assessment to measure the mental and emotional set or patterns of likes and dislikes or opinions held by a student or a group of students. This is often used in relation to considerations such as controversial issues or personal adjustments.

    Subcategory (12) Personality Test is described as
    an assessment to measure a student's affective or non-intellectual aspects of behavior such as emotional adjustments, interpersonal relations, motivation, interests, and attitudes.

    For years, conservatives have been screaming about this data collection, which was instituted under Clinton and is now being escalated exponentially.

    Here's a small question: why does data collection in some states seems especially important to the Feds? Representatives from selected states were sponsored to attend the 2004 NCES Forum and Summer Data Conference in Washington, D. C.: State Forum Liaisons from California, Indiana, Maine, North Carolina, and Texas.

    Here's the keynote speech on July 28, 2004:

    "Using School Data to Improve Student Achievement Using the JFTK Model"
    Michael Hudson, President, National Center for Educational Accountability and Just for the Kids

    JFTK = Just for the Kids. And if you want to know about the corporate connections to Just for the Kids read Why Is Corporate America Bashing Our Public Schools? by Kathy Emery and Susan Ohanian.

    For starters, Just for the Kids teamed up with the Broad Foundation, Standard and Poor's, and the U. S. Department of Education to create an operation "that transforms disaggregated student achievement data into useful decision-making information."

    NCEA was created by Just for the Kids and here's what they are about:
    Priorities for NCEA include completing a new national Web site [ www.SchoolResults.org ] where all states’ achievement data are publicly accessible, expanding the NCEA Best Practice Model to 20 states and assisting state education departments in providing technical assistance to schools under the new No Child Left Behind Act.


    Meanwhile, you can access the program for the 2004 NCES Forum and Summer Data Conference at


    There, you will read such session topics as
  • Best Practices for School Improvement: Data in Action

  • Creating Visionary Data Environments by Enhancing Existing Resources: In the Spirit of Leaving No Child Behind

  • Building the Next Generation Metadata Facility

  • State Assigned Student IDs: Oh, the Places We’ll Go!

  • Data Online Means No Data Left Behind

  • WARNING: The program is 73 pages long, and you won't be able to resist following links to some of the presenters--and you'll soon find yourself in data hell. For example, there's the Education Data Exchange Network (EDEN). Cute, acronym, no?

    Hugh Walkup, Director, Strategic Accountability Service. U.S. Department of Education, explains
    that the U. S. Department of Education "will replace or reduce existing data collections when EDEN data is available."

    Remember ERIC?

    There is more, much more. I wish I had a staff. I wish someone with a staff--or a graduate student--would take an interest in all this.

    So many atrocities, so little time.

    ChoicePoint keeps 19 billion public records on U.S. citizens. Data include names, addresses, Social Security numbers and credit reports. Insurance companies, government agencies, law enforcement and other customers use the service for background checks, among other things.

    Computer break-in imperils Californians
    Thousands could become victims of identity theft

    Criminals may have stolen personal data of 35,000 Californians by infiltrating computers at ChoicePoint Inc., a company that keeps background information on virtually every U.S. citizen.

    The electronic break-in raises the risk of widespread identity theft, in which criminals drain bank accounts or run up big credit card bills under other people's names. Six cases related to the ChoicePoint case have already been reported in Los Angeles County, according to the Associated Press.

    ChoicePoint of Alpharetta, Ga., sent letters to the 35,000 potentially affected people last week, warning them that their personal data may have been illegally accessed. Only Californians are believed to have been affected, the company said.

    ChoicePoint was informed of the intrusion by law enforcement in October. It waited to tell consumers, as is required by law in California, at the request of authorities so as not to interfere with their investigation.

    On Oct. 27, California sheriff deputies arrested Olatunji Oluwatosin, 41, when the Nigerian national went to his Los Angeles office to receive a fax ostensibly from ChoicePoint, the Associated Press reported.

    He's been in jail since then and is scheduled to appear in Los Angeles County Court on Thursday.

    Robert Costa, the lieutenant in charge of Southern California's High Tech Task Force Identity Theft Detail, said agents believe several other people were involved.

    "We believe that this is probably a pretty large, sophisticated ring and unfortunately all we got was a shard of glass," Costa told the Associated Press. "It definitely could not have been limited to Southern California."

    The criminals gained access to ChoicePoint's computers by posing as legitimate businesses, using stolen identities, ChoicePoint said. In all, they created up to 50 different accounts.

    "It's the kind of thing you can only catch after the fact," said James Lee, chief marketing officer for ChoicePoint.

    ChoicePoint keeps 19 billion public records on U.S. citizens. Data include names, addresses, Social Security numbers and credit reports. Insurance companies, government agencies, law enforcement and other customers use the service for background checks, among other things.

    ChoicePoint has warned those who received letters to review their credit reports for unauthorized activity and any sign of identity theft.

    Lillie Coney, associate director for the Electronic Privacy Information Center, a privacy watchdog group, said the break-in illustrates the need for companies like ChoicePoint to be federally regulated. They are not covered now by financial privacy laws that apply to credit reporting agencies.

    "It's unfortunate that this incident happened, but it highlights the need to legislate the industry," Coney said.

    Lee, from ChoicePoint, said his company welcomes regulation and strict penalties for intentional misuse of personal data.

    E-mail Verne Kopytoff at vkopytoff@sfchronicle.com.

    Here's a backgrounder on ChoicePoint.

    Big Brother's Little Helper


    by Mara Shalhoup

    How an Atlanta-based company won millions of federal dollars to mine information on Americans in the name of toppling terrorism

    Even when he is alone he can never be sure that he is alone. Wherever he may be, asleep or awake, working or resting, in his bath or in bed, he can be inspected without warning and without knowing that he is being inspected. ... Not only any actual misdemeanor, but any eccentricity, however small, any change of habits, any nervous mannerism that could possibly be the symptom of an inner struggle, is certain to be detected. He has no freedom of choice in any direction whatever.
    -- George Orwell, 1984.
    Visit www.ChoicePoint.com and you'll see the company's motto -- "Smarter Decisions, Safer World" -- pasted over the faces of children running across a field, or coasting on a swing set, or cuddling a puppy. You'll find promises about how ChoicePoint Inc. upholds the PATRIOT Act, assists in criminal investigations, and serves the needs of the federal government. And you'll read upbeat descriptions of what ChoicePoint does, such as "harness the positive power of information to make smarter decisions in a world challenged by increased risks."

    When ChoicePoint talks about "increased risks," it means an event as horrendous as another 9-11. And when it mentions "the positive power of information," it's referring to expansive dossiers the Alpharetta-based company -- one of the world's largest private data miners -- keeps on just about every American.

    Are you a little queasy about unwittingly revealing your life's most minute details to a company that sells them to big business and the government? No worries, says ChoicePoint. Privacy, as we once knew it, is a thing of the past.

    "We are beginning to see a shift in the traditional privacy debate from simply focusing on an individual's right to privacy, to also including consideration of society's right to protect itself," says a letter from ChoicePoint CEO Derek Smith in the company's most recent annual report. "ChoicePoint as a company and I as an individual continue to believe, however, that in a free society -- particularly in today's society -- we do not always have the right to anonymity."

    Smith has a point. The world we live in is not the world we inhabited before 9-11. In today's world, it's obvious how serious the consequences can be when government intelligence fails.

    As a result of that failure, ChoicePoint has assumed a powerful role, doing what even the feds aren't allowed to do -- and at the same time raising fears that corporations are harnessing technology to intrude on our privacy.

    ChoicePoint's mission is simple. The company amasses oodles of gigabytes of little pieces of just about every American's existence. Some of the information may be public and obvious, like property records or criminal histories. But one might mistakenly consider other pieces confidential or inconsequential, such as DNA samples turned over in a criminal investigation, or responses to a magazine survey asking where you last bought toothpaste, and what brand you chose.

    ChoicePoint then packages the pieces for sale -- to employers, insurance companies, direct marketers, state governments and at least 30 federal agencies. Corporate clients buy access to records to investigate job applicants -- or, in the case of the 90 percent of American insurance carriers who do business with ChoicePoint, to determine if an individual seeking car or homeowner's coverage might be a risk. If ChoicePoint shares your records with companies with whom you're seeking insurance or a job, you must first give ChoicePoint permission.

    But that's not the case with the government, whose agencies commonly access ChoicePoint's records to aid in criminal or terrorist investigations.

    "They are part of this new multibillion dollar industry to record as much information as they can about as many people as they can," says Jay Stanley, of the ACLU's technology and liberty program. "Most Americans have no business relationship with ChoicePoint, aren't really aware that it exists. I think that they would be quite spooked to discover that this company has many dossiers about their private lives."

    Piecing together government-sponsored dossiers, particularly on the lives of Americans who aren't suspected of any wrongdoing, is precisely the type of behavior the Privacy Act of 1974 was written to prohibit. There's just one hitch with the 29-year-old law: It merely forbids the feds themselves from building the database. Back in the '70s, Congress wasn't convinced anyone but the government would be inclined to do such a thing.

    Lawmakers didn't count on the advent of the Internet, and they failed to foresee that technology would make it a cinch to build what privacy advocates have long considered their greatest fear: a grand, centralized database. The result? What ChoicePoint and other data miners do is perfectly legal.

    Sitting in his second-floor office, overlooking the company parking lot and the restricted-access data center behind it, ChoicePoint Chief Marketing Officer James Lee contends that a company like ChoicePoint does a far better job protecting privacy than the feds could. The real intent of the Privacy Act wasn't to prevent the government from accessing databases, Lee argues, but to keep the feds from carrying out fishing expeditions in their own sea.

    Lee says ChoicePoint's data is set up in such a way that the government can't fish -- because the company doesn't actually sell its databases, but rather provides regulated access to them. In the absence of federal laws governing the use of private databases, Lee insists ChoicePoint has taken it upon itself to keep its own actions, as well as the government's, in check.

    "It sounds counterintuitive, but we are far more accountable than the federal government or the state government or any other government agency," Lee claims. "We don't believe in violating anybody's privacy. We don't want any information that we shouldn't have. And what information we do have, we don't want to share it in any way it shouldn't be shared."

    But with so little outsider access to ChoicePoint's databases, who's to ensure ChoicePoint always stays within its self-imposed guidelines?

    For a company built on the idea of collecting information about everyone else, ChoicePoint's practices are surprisingly inscrutable. Even getting a peek at the info ChoicePoint has compiled on you isn't easy. Lee says the company is devising a service to make it simpler to review your own file. But as the self-check process stands, it's discouragingly complicated and mind-numbingly time-consuming for an individual to use ChoicePoint's services. (See "Adventures in Data-Mining," below.)

    Digging up the data is a far easier task for ChoicePoint's more privileged customers, such as the Justice Department, the Internal Revenue Service and the Department of Homeland Security. Some federal agencies even have special ChoicePoint sites, where government employees can log on and plug into the company's databases. There's ChoicePoint for the U.S. Drug Enforcement Agency at www.cpdea.com, for example, and ChoicePoint for the U.S. Immigration and Naturalization Service (which has since been absorbed into the Department of Homeland Security) at www.cpins.com .

    But the public can't access those sites, which means ChoicePoint and its government clients just might know more about you than you know about yourself.

    Not being able to see a ChoicePoint dossier sold to the government means not being able to correct mistakes. Want a really scary example of what can go awry when data collectors hand out bad information? Consider what happened in Florida leading up to the 2000 presidential election.

    In 1998, the state hired a company called Database Technologies to scrub its voter rolls of ineligible voters. The scrub list was mandated by Florida legislators after a voting fraud investigation revealed dead people had cast ballots in the 1997 Miami mayoral election.

    DBT combed through Florida's rolls and handed over the "ineligible" list to elections officials in May 2000 -- within days of the company's merger with ChoicePoint.

    The problem was that DBT'S list purged the voter rolls not just of convicted felons, who are disqualified from voting in Florida, but of eligible voters whose names resembled those of the felons.

    While Florida and DBT failed to check a number of criteria that could have distinguished the actual felons from the non-felons, one criterion that DBT did bother cross-referencing was race. BBC reporter Greg Palast and a handful of U.S. journalists reported that the majority of the felons on the list were black, so thousands of legitimate black voters with the same names as black felons were struck from the rolls. Because Florida blacks vote heavily Democratic, a disproportionate number of votes for Al Gore were thrown out.

    According to analyses by news organizations, somewhere between 8,000 and 22,000 qualified votes went uncounted. Whatever the number, it towers over 537 -- the margin by which George W. Bush won Florida, and therefore the national election.

    The most jarring part, according to Palast, who broke the story, was that DBT knew the list was flawed -- because a Florida official told DBT, in a 1999 e-mail, "Obviously, we want to capture more names that possibly aren't matches and let the county supervisors make a final determination." Palast claims that even though DBT alerted Florida officials to the need to check the list, the fact that the company would even hand over known mistakes shows that it doesn't always do its best -- contrary to its corporate mantra -- to protect the government against itself.

    "They warned the state repeatedly, 'We are giving you names of people who are not felons,'" Palast told CL. "And what's frightening about that is that they knew it and they kept silent. ... And until they were caught, they continued to boast, publicly, that these lists were deadly accurate."

    No evidence has suggested that the purge of black voters was intentional, although it was a remarkably sloppy endeavor in a state long considered a key battleground in the 2000 election.

    ChoicePoint denies responsibility for what happened in Florida. The scrub list was already complete when the company took over DBT, Lee notes. He also argues that ChoicePoint would never have been interested in such a project, because when it comes to anything so precious as voting rights "anything less than 100 percent accuracy is not acceptable." The DBT databases ChoicePoint absorbed will never again be used to purge voting rolls, he says.

    On at least one other occasion when its databases became controversial, ChoicePoint again backed away from a project. Earlier this year, Latin American citizens protested ChoicePoint's sale of their personal information, including passport numbers and even blood type, to the U.S. government. "As soon as someone in Mexico said some -- but not all -- of this data may be -- but not definitely is -- confidential, we immediately segregated it and deleted it," according to Lee. "We discontinued the entire market line." He says the government contract for Latin American data expired Sept. 30.

    Unfortunately, most of the work ChoicePoint does for the feds isn't open for public review, meaning that oftentimes no controversy can arise -- even if the data is flawed.

    The casualty of business opportunities both in purging voter rolls and in Latin America won't exactly maim ChoicePoint. There remain scores of possibilities for the company to wield its knowledge and win government contracts.

    Within the burgeoning post-9-11 industry of rooting out terrorists, ChoicePoint is constantly hunting new ways to develop information-gathering technologies. The company's mission is to protect us against immediate threats, perhaps at the expense of protecting age-old ones. That mission aligns nicely with the current goals of government and with the fact that protection at all costs has grown increasingly fashionable.

    ChoicePoint has only stepped into the role that the American government and many of its people have created for it. It's a brilliant business. Because as much as we claim to love civil liberties, the bloodshed of 9-11 is centuries fresher than blood spilled for the Constitution. A company like ChoicePoint doesn't thrive because it manipulates our wants. It thrives because it's a product of them.

    If ChoicePoint were a library, it might be the largest building on Earth. Its computers will soon hold 200 terabytes of information. Compare that to the Library of Congress, whose 18 million books would constitute a mere 20 terabytes. To manage the 17 billion records in its various databases, ChoicePoint employs 4,200 staffers in 70 offices in 28 states and Washington, D.C. The mountain of data that ChoicePoint amassed is headquartered inside two, 200,000-square-foot glass and brick buildings 30 miles north of Atlanta.

    The company began as an insurance-claims division of Equifax, the Atlanta-based credit-reporting agency. In 1997, Equifax spun ChoicePoint off with an initial public stock offering. Over the years, the company has attracted a board manned by some heavy, mostly GOP-leaning hitters, including astronaut Frank Borman (who's since left the board) and Home Depot co-founders Bernie Marcus and Kenneth Langone.

    The new entity would gobble 42 competitors and complementary companies, all of them gatherers of different varieties of data. The acquisitions ranged from the leading provider of birth, death, marriage and divorce certificates, VitalChek, to the country's largest private DNA forensics lab, Bode Technologies, to a criminal database more voluminous than the FBI's, the National Criminal File.

    In less than a decade, ChoicePoint has become a startling financial success. It pulled in almost $800 million in fiscal 2002 revenue. After six years of trading -- mainly in a bear market -- the company's share price has shot up from less than $10 in 1997 to more than $37 last month.

    In October, the magazine Business 2.0 listed ChoicePoint as one of the country's 100 fastest-growing companies. The Atlanta Journal-Constitution ranked it Georgia's 10th best-performing business, one slot above Coca-Cola. The newspaper also reported that ChoicePoint CEO Smith was Georgia's second-highest paid chief executive in 2002, taking home $17.4 million in salary, bonuses, stock options and other compensation. Even the chiefs of BellSouth, Coke and Delta earned less; only Home Depot's Bob Nardelli made more.

    One key to ChoicePoint's trajectory has been the government's reaction to 9-11. ChoicePoint is among a handful of companies -- including Acxiom and Seisint -- that have jumped at the awesome opportunity to help the feds decrease the risk of another terrorist attack. Indeed, while the rest of the market plummeted, ChoicePoint's stock was on the rise in the weeks after the Twin Towers fell.

    ChoicePoint believes that businesses, armed with as much information as possible, will be better able to protect themselves against fraud. Law enforcement will have an easier time solving crimes. And government will be better equipped to fight terrorism. This is the Information Age, after all. What's the point of having so much data if you can't use it?

    The company's various databases have come in handy in several high-profile tasks. After 9-11, ChoicePoint's DNA lab, Bode Technologies, received thousands of fragments of human remains -- mostly bone -- and matched the fragments' DNA to DNA lifted from toothbrushes and combs provided by the victims' families. When District of Columbia and Virginia police suspected that a sniper was operating out of a white van, ChoicePoint, using a massive registry of motor vehicle records, was able to provide a list of all white vans registered to residents in the vicinity of the shootings.

    ChoicePoint even claims that had the government taken advantage of its airline passenger screening capabilities prior to 9-11, the 19 hijackers might never have boarded four planes.

    But ChoicePoint's work also has revealed the inherent trouble posed by collecting massive amounts of personal information. Not only can mistakes be made but basic American rights can be jeopardized -- the right to vote, the right to be free from unreasonable searches, and the right not to be investigated on the government's whim.

    The search for the white van, which proved not to be the vehicle used in the sniper attacks, doubles as a good example of how uses of certain information can violate privacy.

    In September, ChoicePoint Chief Operating Officer Douglas Curling told a group of investors gathered at the company's headquarters: "We are the largest purchaser of data from the state," adding that he knows of no other company "that spends almost $500 million a year buying motor vehicle records and driver histories from the 50 states."

    Four months earlier, however, the company had been slapped with the second of two class action lawsuits alleging violations of the federal Driver's Privacy Protection Act, according to ChoicePoint's filings to the Securities and Exchange Commission. "The complaints allege that the Company has obtained, disclosed and used information obtained from the Florida Department of Highway Safety and Motor Vehicles in violation" of the law, the SEC filings state. A similar lawsuit was filed two months later, in Louisiana.

    ChoicePoint denies the allegations in all three complaints.

    But the allegations sound a lot like those recently raised in Georgia against a ChoicePoint competitor. At issue was an interstate crime-fighting database, developed by Florida-based Seisint and called, appropriately enough, MATRIX (the Multistate Anti-Terrorism Information Exchange).

    In October, Gov. Sonny Perdue and state Attorney General Thurbert Baker pulled Georgia motor vehicle records out of MATRIX. "I have held serious concerns about the privacy issues involved with this project all along," according to an Oct. 21 press release by Perdue, "and have decided it is in the best interest of the people of Georgia that our state have no further participation."

    But what about ChoicePoint? Both it and MATRIX supply motor vehicle records (among other data) to state and federal law enforcement agencies. Why haven't the governor and state attorney general addressed the possibility of privacy breaches by a data collector in their own back yard?

    There's a difference between the two companies, according to ChoicePoint's Lee, and it lies in the ways they store and release information.

    With Seisint's creation of MATRIX, he says, "there was no actual requirement to have an ongoing police investigation before you could do a query." ChoicePoint, on the other hand, requires that there be a relevant, open investigation before its databases are searched.

    And while the MATRIX database is one big pool of motor vehicle records voluntarily turned over by the states and accessible, without restriction, to each state and the feds, ChoicePoint only sells the right to search for what's needed in an investigation, and the company doesn't pool its data.

    "Regardless of the source, if [the data] comes in for a specific purpose, that is the only purpose for which it can be used," Lee promises. He says that's true of every type of record ChoicePoint amasses. "It will not be co-mingled with other data. The background check information cannot be loaded in to the law enforcement database. The law enforcement information can't be used for hiring purposes. There are Chinese firewalls between all of these products. There's not even the possibility of an inadvertent cross-sharing of information."

    Those safeguards, however, might not appease everyone. It could be that the only reason the state hasn't cracked down on ChoicePoint's use of motor vehicle records is the state doesn't know about its use of the records.

    Russ Willard, of the Georgia attorney general's office, and Susan Sports, of the state Department of Motor Vehicle Safety, were surprised to learn that ChoicePoint was selling access to drivers' records to the feds. Willard points to state law, which says businesses can access motor vehicle and drivers' records only for insurance underwriting purposes -- and that "the personal information obtained by a business ... shall not be resold or re-disclosed for any other purpose without the written consent of the individual."

    After speaking with Willard, CL contacted Lee again, to clarify ChoicePoint's purchase and uses of the records. He responded in an e-mail: "Some [records] we get directly from government agencies, but separately from our insurance record gathering, and the rest of the data is obtained from other third party providers who obtain the data from government agencies."

    Willard says the state is interested in the extent of ChoicePoint's use of motor vehicle records outside the company's insurance division.

    "ChoicePoint, as far as DMVS is aware, is an insurance-support organization, where they basically compile records for insurance companies," he says. "If you have any information that they're using information for other than those purposes, please let us know."

    This is the part of the story where you're supposed to be learning the details of dozens of contracts ChoicePoint has signed with the feds.

    Instead, we're presented with a checks- and- balances breakdown -- and the irony that a company, built on the foundation that information on private citizens should be collected and disseminated at will, is shrouded from scrutiny.

    Theoretically at least, the public can view the government's contracts with data-collectors under the federal Freedom of Information Act (FOIA). But in response to FOIA requests CL filed with a half-dozen federal departments, the excuses for withholding information range from the somewhat understandable need to protect "trade secrets" and "national security" (and therefore keep secret a few hundred pages) to the months-long backlogs that force many agencies to put requests on indefinite hold.

    After filing requests for copies of contracts with ChoicePoint, CL received the following responses:

    - From the U.S. Department of Housing and Urban Development: "Based upon our experience and current inventory, we estimate that it may take 60 days to complete processing ... your request," dated Oct. 2, 2003, 27 days after the agency received the request and a week after the 20-day deadline for answering the request, a deadline set by federal law, had passed. The letter notes the law allows for an extension if "unusual circumstances exist."

    - From the U.S. Department of Health and Human Services: "Staff reorganizations and reductions, and an increased number of FOIA requests and appeals contributed to a workload that exceeds the resources necessary to process these matters as quickly as our requesters ... would like," dated Oct. 16, 2003, 42 days after the request was filed. HHS did not cite any right to ignore the 20-day deadline, but the letter did "sincerely apologize for any inconvenience the delay in responding to your request has caused."

    - From the Transportation Security Administration (a division of the 18-month-old U.S. Department of Homeland Security): "At the present time, ... based on a preliminary review of your request and our current backlog, we do not expect to be able to respond to your request until four months from the date of this letter," dated Oct. 9, 2003, three days after TSA received CL's request. TSA later sent a letter stating that the agency didn't have the documents anyway, referring CL to the Justice Department.

    The Department of Defense did provide a list of 11 contracts between ChoicePoint and the Army. But Suzanne Council, the last in a string of Army employees handling the request, says the contracts could not be released until ChoicePoint commented on whether releasing them might cause the company harm. As of press time, CL was unable to determine whether the Army had received ChoicePoint's comments.

    CL did manage to get records from two federal departments -- a pittance considering ChoicePoint has claimed to hold contracts with close to 40 federal agencies.

    Although the Internal Revenue Service withheld 179 pages of the records requested by CL, the 80 pages it did hand over describe a renewable, annual contract totaling $5 million and signed in August 2000. The contract grants the IRS online access to as many as 19 distinguishing data sets that ChoicePoint keeps on most Americans, including property records, incorporated businesses, bankruptcies, civil judgments and motor vehicle info.

    The other contract CL received, signed by the Justice Department in 2001 and totaling $67 million, describes 141 categories of personal information ChoicePoint provides federal law enforcement, such as Social Security numbers, neighbors' identities, driver's license numbers and a service called "Faces of the Nation."

    Another Justice Department document, a memo titled "Guidance Regarding the Use of ChoicePoint" sent from the FBI's legal office to its National Security Division, states that the feds are to gather intelligence using "the least intrusive means." The memo, parts of which are heavily blacked-out in "the interest of national defense or foreign policy" states that "an individual does not have a reasonable expectation of privacy in personal information that is made publicly available by others."

    Privacy advocates argue otherwise. When it comes to the definition of information "made publicly available by others," Chris Hoofnagle, an attorney for the D.C.-based Electronic Privacy Information Center (EPIC), claims public records taken out of their original context and lumped together are no longer "public" at all -- especially if only select customers can pay to see them.

    "What [ChoicePoint] does is go out there and collect something that is free and public for good reasons," Hoofnagle says. "And they've twisted these beneficial collections of information into private and more dangerous purposes."

    In other words, an individual record on file at the county courthouse showing how much you borrowed to buy your home should be available -- to the tax assessor or a nosy neighbor or whoever else feels like trudging down to the courthouse to dig it up.

    But to give that record a new home, alongside the make and model of your car, every lawsuit filed by or against you, all your recent traffic tickets, the names and ages of your children, and any crime with which you've ever been charged, is to morph it from a benign court document into a crucial component of an unauthorized dossier, Hoofnagle claims.

    Lee, of course, doesn't see things EPIC's way. "That's their view of the world," he says. "They're certainly welcome to that."

    His depiction of ChoicePoint's dossiers leans more toward the FBI's. At a House subcommittee hearing in May, Steve McCraw, assistant director of FBI intelligence, testified that what privacy enthusiasts consider troublesome, law enforcement considers helpful -- when used responsibly.

    "It's a nice tool. It ... saves valuable lead-time," McCraw said of the Bureau's use of ChoicePoint. "But it has to be done not on a fishing expedition. It's based upon a reason. There has to be a reason why you decided to run somebody through that database."

    With only ChoicePoint and the FBI privy to who's being searched and under what circumstances, however, who's to control -- or even see -- what the government sees?

    In August 2002, at a conference for the military's Defense Advanced Research Projects Agency in Anaheim, Calif., retired Adm. John Poindexter laid out his vision for protecting America against the threat of future terrorist acts. Despite his role in the 1980s Iran-Contra scandal, Poindexter had recently been named director of the government's new Total Information Awareness project.

    "I think the solution is largely associated with information technology," Poindexter said. "We must become much more efficient and more clever in the ways we find new sources of data, mine information from the new and old, generate information, make it available for analysis, convert it to knowledge, and create actionable options."

    Poindexter's ideas and the project he oversaw were among the most radical of the government's proposals in reaction to pre-9-11 intelligence failures. So it should come as no surprise that both Poindexter and TIA quickly raised some serious questions.

    When new technologies develop, will politicians and the public have the gusto to ensure that the technologies' uses won't invade privacy? When emotions are cooked by an event of 9-11 magnitude, can one distinguish between the need to jack up intelligence-gathering skills in order to prevent another calamity, and the temptation to succumb to the kind of paranoia that heralds Big Brother?

    In the case of TIA, the answer was a firm yes. Congress quashed funding for TIA before it got off the ground. Even after the name was changed to Terrorism Information Awareness, the program couldn't shake the stigma of an Orwellian police state. Soon after the speech in Anaheim, Poindexter resigned as TIA director.

    But not all surveillance experiments are as hyperbolically named as Total Information Awareness, nor is it the norm for a mad admiral in the bowels of the Pentagon to be running the lab. The distinction between too little privacy and too much security is seldom so obvious.

    The Constitution doesn't guarantee privacy, per se, but it does guarantee the right to be protected against unreasonable searches. Over the years the Supreme Court has equated that right to a guarantee of privacy.

    But the meaning of an unreasonable search is in constant flux. In the 1970s, when the Privacy Act was drafted, there could be no unreasonable search carried out with the aid of the Internet. There was no Internet.

    Nor did most people consider it a threat to privacy when, in late 2001, Congress passed legislation titled Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism. In light of the recent attacks on the World Trade Center and the Pentagon, the search powers bestowed by the legislation seemed reasonable enough -- unless you were inclined to hold the USA PATRIOT Act next to the Fourth Amendment, squint really hard and imagine the countless forms the act could take.

    Among ChoicePoint's top officers, the PATRIOT Act is a reverent topic. The law makes it easier to deeply investigate individuals, presumably in the name of terrorism. But not only in the name of terrorism.

    "I think that the opportunities that we have, whether they're in ... the PATRIOT Act or other areas are probably clear to us now," COO Curling told investors in September 2003.

    Curling went on to say that ChoicePoint had received $10 million in Homeland Security funds in 2003, on top of $20 million the year before. During a conference call two months earlier, he told financial analysts: "Our success has been, and probably will continue to be, in taking the core competencies of ChoicePoint and finding opportunities to apply those in governmental or Homeland Security initiatives."

    With that, Curling may have ushered in a new sort of Total Information Awareness: a centralized government database in corporate database clothing -- Poindexter's dream, privatized.

    Despite ChoicePoint's assurances of self-regulation and its salutes to corporate responsibility, the fact is it's someone else's job, not ChoicePoint's, to impose restrictions on the company -- and to be sure they're enforced.

    "The question is whether [federal surveillance programs] can be sneaked in," the ACLU's Stanley says, "in the shadows, when nobody's looking."

    The list of Florida's erroneously purged voters, for example, almost dodged the light of day -- except that Palast, an American ex-pat working for the British media, broke the story.

    Palast says he suspects that what almost went unnoticed in Florida does go unnoticed elsewhere, especially when it involves the federal government. Of course, he has no way of knowing for sure. "Ultimately, I was able to crack the system in Florida and get at the records," Palast says. "I can't with national security."

    With Florida, however, Palast did attract the interest of someone who could tap into national security -- albeit shallowly and for a short while.

    Former U.S. Rep. Cynthia McKinney, D-Lithonia, the only member of Congress to question and hold hearings on the role ChoicePoint played in the Florida election, first learned about the company after reading Palast's stories.

    "Given the history of Republican dirty tricks and Democratic indifference about true minority voting rights and minority representation, I'm not surprised at anything that happens," McKinney told CL in an e-mail response to questions. "I am, however, disappointed that, to my knowledge, the culprits haven't been legally pursued to the fullest extent of the law. Instead, ChoicePoint continues to get government contracts."

    McKinney says that before her defeat in the August 2002 primary, she was trying to investigate all the government's contracts with ChoicePoint.

    "My work was cut short," she says. "But it still needs to be done."

    Another of ChoicePoint's major critics also happens to be a defeated U.S. House member from Georgia -- one who rests at opposite end of the political spectrum.

    Former Rep. Bob Barr, R-Smyrna, a former federal prosecutor and a civil liberties champion (as well as a CL columnist), calls the government's unfettered access to private databases inexcusable.

    "I think clearly the government is now turning more and more to private industry to do its dirty work," Barr says, "to gather information on people, manipulate that information on people and, in so doing, circumvent the Privacy Act."

    Barr says that up until recently, the quiet on Capitol Hill regarding private data collectors has been deafening.

    "There is some growing recognition on the part of some members of Congress but not nearly enough," he says. "We're not nearly at the point yet where one could be optimistic about the success of any fundamental reform effort."

    But there has been a congressional awakening, of sorts.

    In July, Sen. Ron Wyden, D-Ore., introduced the Citizens' Protection in Federal Databases Act, which would require federal departments to report to Congress their use of private databases.

    "Risks to personal privacy are heightened when personal information from different sources, including public records, is aggregated in a single file and made accessible to thousands of national security, law enforcement and intelligence personnel," says the bill, currently hung up in the Senate Judiciary Committee. "The Federal Government should be required to adhere to clear civil liberties and privacy standards when accessing personal information."

    EPIC and the ACLU are backing the legislation, and EPIC's Hoofnagle calls it "one of the better bills out there."

    "Sen. Wyden has had a lot of success in moving this type of legislation," Hoofnagle points out, "despite the fact that he's a Democrat in a Republican administration."

    While conservative groups such as the Heritage Foundation have bristled at Wyden's proposed reforms, even ChoicePoint acknowledges there's a lag between the rapid pace at which data-collection technology has evolved and the slow modernization of laws and regulations. "We certainly agree that technology has far outstripped the legal framework," Lee says. "Our view of that would be, let's not debate whether this is good or bad. It is what it is. We can't roll back the technology. We can't make the information go away. So let's spend our time legitimately debating what are the uses of the data."

    He says ChoicePoint welcomes the debate. But ChoicePoint's financial health, as the company's Securities and Exchange Commission filings attest, is highly susceptible to the success of the privacy debate and any ensuing legislative change.

    The SEC documents describe how the lobbying efforts of "consumer advocates, privacy advocates and government regulators" could have an "adverse affect on our business." Of particular concern would be "an amendment, enactment or interpretation of laws," as well as "changes in cultural and consumer attitudes to favor further restrictions on information collection and sharing."

    Any updating of the law would mean that ChoicePoint just might have to shrink from a potentially lucrative market -- as it did with the voter-scrub-list business and the assimilation of data on Latin Americans.

    But the company has proved itself clever enough to adapt. Judging from the bold new lines of data it's developing, it will continue to do so.

    ChoicePoint's hope for the future is to take data collection off the paper trail -- off the electronic paper trail, even -- and into the realm of biometrics.

    Loosely defined, biometrics is a way of identifying individuals by their biological features, including fingerprints and DNA, as well as scans of our retinas, our facial bone structure and even the way we walk.

    Hints about ChoicePoint's current biometrics experiment have surfaced in a federal lawsuit filed against the company in January. In the complaint, a New York technology consultant firm, International Biometric Group, is suing for breach of contract and violation of trade secrets.

    According to court documents filed in U.S. District Court in Atlanta, ChoicePoint allegedly is $660,000 behind in payments for a "programming code for storing and transmitting biometric data ... that would result in the creation of central biometric authority." The complaint also states ChoicePoint has been providing access to technology, developed by IBG, that's "not commonly known to the public."

    One privacy advocate says his reading of the lawsuit leads him to believe ChoicePoint might hold a clandestine contract with the FBI.

    "It appears as though ChoicePoint has a contract with the criminal investigative division of the FBI that is so secret that they won't even tell us the contract number," says EPIC attorney Hoofnagle. "The FBI contract could deal with the issue of biometrics."

    But according to Lee, ChoicePoint's biometrics project is not as cryptic as the complaint makes it seem. He says ChoicePoint's biometrics lab, Bode Technologies, intends to develop technology that will allow businesses to verify employees' identities using fingerprinting or some other biometric in the short term, DNA down the road. It will be a long while before DNA biometrics gets off the ground. "The usage of DNA and the acceptance of DNA," he says, "is one of those far-into-the-future applications."

    Currently, Bode does accept DNA samples, Lee claims, but only from law enforcement agencies conducting an open investigation where DNA is an issue. Those samples arrive at the lab bearing a number rather than a name and are destroyed after ChoicePoint tags them with a 13-digit code that's handed over to investigators. "We have no knowledge whatsoever of whose DNA it is," Lee says.

    As for creating government-accessible biometric databases, Lee anticipates it will be the distant future before government embraces such technology.

    That's not quite the picture of biometrics recently offered to investors by Curling, however. "We're also pleased with the progress in our biometrics initiative," Curling said, "in integrating those into our PATRIOT Act offerings."

    He did not elaborate. But Curling's words cement the notion that biometrics smacks of military and Homeland Security intrigue, and that ChoicePoint is a stranger to neither department.

    There are in fact countless new methods of surveillance that technology has made -- or will soon make -- real. And we might know nothing about them, or the unintended tasks for which they might one day come in handy.

    Already, some U.S. airports have installed face-recognition systems programmed to find fugitives. The ACLU has expressed concern about technology allowing cell phone providers to receive signals tracking their clients' every move. Stanley, at the ACLU, says he's also concerned that private companies may be poised to record and sell buying patterns, or even an individual's every credit and debit card purchase.

    "The fact that somebody has on record that you went to the Gap on Oct. 10, 2003, and bought a sweatshirt is not a big deal," Stanley says. "But that's like one pixel. When you start to put together every single purchase you've ever made and everywhere you've traveled and your educational records and your financial records ... it's like putting all those pixels together into a very high-resolution image of how you live your life." If your exact location could be revealed by your cell phone, would you start thinking twice about where you go? Would you quit carrying the phone? If your purchases were monitored, would you reconsider what you're buying? Would you carry cash instead of plastic? And would those seemingly small decisions mark the start of a major sacrifice: the moment when you first began forgoing the opportunity to live your life freely for the government's promise of living it securely? Cell phones and credit cards were created for a legitimate purpose and, without restrictions, could be adapted for another, highly intrusive end. That bodes poorly for advancements in, say, harnessing the very essence of you -- be it your DNA or public records bearing your name. About his protagonist in 1984, Orwell writes: "He knew in advance what O'Brien would say. That the Party did not seek power for its own ends, but only for the good of the majority. That it sought power because men in the mass were frail cowardly creatures who could not endure liberty or face the truth, and must be ruled over and systematically deceived by others who were stronger than themselves. That the choice for mankind lay between freedom and happiness, and that, for the great bulk of mankind, happiness was better."


    — Verne Kopytoff and Mara Shalhoup
    San Francisco Chronicle & creativeloafing.com


    This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of education issues vital to a democracy. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. For more information click here. If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner.