Big Business Becoming
Big Brother
By Kim Zetter
Wired News
8-9-4
The government is increasingly using corporations to do
its
surveillance work, allowing it to get around restrictions
that protect the
privacy and civil liberties of Americans, according to
a report released
Monday by the American Civil Liberties Union, an organization
that
works to protect civil liberties.
Data aggregators -- companies that aggregate information
from numerous
private and public databases -- and private companies
that collect
information about their customers are increasingly giving
or selling
data to the government to augment its surveillance capabilities
and
help it track the activities of people.
Because laws that restrict government data collection
don't apply to
private industry, the government is able to bypass restrictions
on
domestic surveillance. Congress needs to close such loopholes,
the
ACLU said, before the exchange of information gets out
of hand.
"Americans would really be shocked to discover the extent
of the
practices that are now common in both industry and government,"
said
the ACLU's Jay Stanley, author of the report. "Industry
and government
know that, so they have a strong incentive to not publicize
a lot of what's
going on."
Last year, JetBlue Airways acknowledged that it secretly
gave defense
contractor Torch Concepts 5 million passenger itineraries
for a
government project on passenger profiling without the
consent of the
passengers. The contractor augmented the data with passengers'
Social
Security numbers, income information and other personal
data to test
the feasibility of a screening system called CAPPS II.
That project was
slated to launch later this year until the government
scrapped it.
Other airlines also contributed data to the project.
Information about the data-sharing project came to light
only by
accident. Critics like Stanley say there are many other
government
projects like this that are proceeding in secret.
The ACLU released the Surveillance-Industrial Complex
report in
conjunction with a new website designed to educate the
public about how
information collected from them is being used.
The report listed three ways in which government agencies
obtain data
from the private sector: by purchasing the data, by obtaining
a court
order or simply by asking for it. Corporations freely
share information
with government agencies because they don't want to appear
to be
unpatriotic, they hope to obtain future lucrative Homeland
Security
contracts with the government or they fear increased
government
scrutiny of their business practices if they don't share.
But corporations aren't the only ones giving private data
to the
government. In 2002, the Professional Association of
Diving Instructors
voluntarily gave the FBI the names and addresses of some
2 million
people who had studied scuba diving in previous years.
And a 2002
survey found that nearly 200 colleges and universities
gave the FBI
information about students. Most of these institutions
provided the
information voluntarily without having received a subpoena.
Collaborative surveillance between government and the
private sector is
not new. For three decades during the Cold War, for example,
telegraph
companies like Western Union, RCA Global and International
Telephone
and Telegraph gave the National Security Agency, or NSA,
all cables that
went to or from the United States. Operation Shamrock,
which ran from
1945 to 1975, helped the NSA compile 75,000 files on
individuals and
organizations, many of them involved in peace movements
and civil
disobedience.
These days, the increasing amount of electronic data that
is collected
and stored, along with developments in software technology,
make it
easy for the government to sort through mounds of data
quickly to profile
individuals through their connections and activities.
Although the Privacy Act of 1974 prohibits the government
from keeping
dossiers on Americans unless they are the specific target
of an
investigation, the government circumvents the legislation
by
piggybacking on private-sector data collection.
Corporations are not subject to congressional oversight
or Freedom of
Information Act requests -- two methods for monitoring
government
activities and exposing abuses. And no laws prevent companies
from
voluntarily sharing most data with the government.
"The government is increasingly ... turning to private
companies, which
are not subject to the law, and buying or compelling
the transfer of
private data that it could not collect itself," the report
states.
A government proposal for a national ID card, for example,
was shot
down by civil liberties groups and Congress for being
too intrusive and
prone to abuse. And Congress voted to cancel funding
for John Poindexter's
Total Information Awareness, a national database that
would have
tracked citizens' private transactions such as Web surfing,
bank deposits and
withdrawals, doctor visits, travel itineraries and visa
and passport
applications.
But this hasn't stopped the government from achieving
the same ends by
buying similar data from private aggregators like Acxiom,
ChoicePoint,
Abacus and LexisNexis. According to the ACLU, ChoicePoint's
million-dollar contracts with the Justice Department,
Drug Enforcement
Administration and other federal agencies let authorities
tap into its
billions of records to track the interests, lifestyles
and activities
of Americans.
By using corporations, the report said, the government
can set up a
system of "distributed surveillance" to create a bigger
picture than it
could create with its own limited resources and at the
same time
"insulate surveillance and information-handling practices
from privacy
laws or public scrutiny."
Most of the transactions people make are with the private
sector, not
the government. So the amount of data available through
the private
sector is much greater.
Every time people withdraw money from an ATM, buy books
or CDs, fill
prescriptions or rent cars, someone else, somewhere,
is collecting
information about them and their transactions. On its
own, each bit of
information says little about the person being tracked.
But combined
with health and insurance records, bank loans, divorce
records,
election contributions and political activities, corporations
can create a
detailed dossier.
And studies show that Americans trust corporations more
than they trust
their government, so they're more likely to give companies
their
information freely. A 2002 phone survey about a proposed
national ID
plan, conducted by Gartner, found respondents preferred
private
industry
-- such as bank or credit card companies -- to administer
a national ID
system rather than the government.
Stanley said most people are unaware how information about
them is
passed on to government agencies and processed.
"People have a right to know just how information about
them is being
used and combined into a high-resolution picture of (their)
life,"
Stanley said.
Although the Privacy Act attempted to put stops on government
surveillance, Stanley said that its authors did not anticipate
the
explosion in private-sector data collection.
"It didn't anticipate the growth of data aggregators and
the tremendous
amount of information that they're able to put together
on virtually
everyone or the fact that the government could become
customers of
these
companies," Stanley said.
Although the report focused primarily on the flow of data
from
corporations to the government, data flow actually goes
both ways. The
government has shared its watch lists with the private
sector, opening
the way for potential discrimination against customers
who appear on
the lists. Under section 314 of the Patriot Act, the
government can submit
a suspect list to financial institutions to see whether
the institution
has conducted transactions with any individuals or
organizations on the
list. But once the government shares the list, nothing
prevents the
institution from discriminating against individuals
or organizations on
the list.
After the terror attacks of Sept. 11, 2001, the FBI circulated
a watch
list to corporations that contained hundreds of names
of people the FBI
was interested in talking to, although the people were
not under
investigation or wanted by the FBI. Companies were more
than happy to
check the list against the names of their customers.
And if they used
the list for other purposes, it's difficult to know.
The
report notes
that there is no way to determine how many job applicants
might have
been denied work because their names appeared on the
list.
"It turns companies into sheriff's deputies, responsible
not just for
feeding information to the government, but for actually
enforcing the
government's wishes, for example by effectively blacklisting
anyone who
has been labeled as a suspect under the government's
less-than-rigorous
procedures for identifying risks," the report states.
Last March, the Technology and Privacy Advisory Committee,
created by
Secretary of Defense Donald Rumsfeld to examine government
data mining,
issued a report (PDF) stating that "rapid action is necessary"
to
establish clear guidelines for responsible government
data mining.
The ACLU's Stanley said companies are in the initial stages
of the
Homeland Security gold rush to get government contracts,
and that the
public and Congress need to do something before policies
and practices
of private-sector surveillance solidify.
"Government security agencies always have a hunger for
more and more
information," said Stanley. "It's only natural. It makes
it easier for
law enforcement if they have access to as much info as
they want. But
it's crucial that policy makers and political leaders
balance the needs
of law enforcement and the value of privacy that Americans
have always
expected and enjoyed."
http://wired.com/news/conflict/0,2100,64492,00.html?tw=wn_tophead_1