Big Business Becoming
By Kim Zetter
The government is increasingly using corporations to do
surveillance work, allowing it to get around restrictions that protect the
privacy and civil liberties of Americans, according to a report released
Monday by the American Civil Liberties Union, an organization that
works to protect civil liberties.
Data aggregators -- companies that aggregate information
private and public databases -- and private companies that collect
information about their customers are increasingly giving or selling
data to the government to augment its surveillance capabilities and
help it track the activities of people.
Because laws that restrict government data collection
don't apply to
private industry, the government is able to bypass restrictions on
domestic surveillance. Congress needs to close such loopholes, the
ACLU said, before the exchange of information gets out of hand.
"Americans would really be shocked to discover the extent
practices that are now common in both industry and government," said
the ACLU's Jay Stanley, author of the report. "Industry and government
know that, so they have a strong incentive to not publicize a lot of what's
Last year, JetBlue Airways acknowledged that it secretly
contractor Torch Concepts 5 million passenger itineraries for a
government project on passenger profiling without the consent of the
passengers. The contractor augmented the data with passengers' Social
Security numbers, income information and other personal data to test
the feasibility of a screening system called CAPPS II. That project was
slated to launch later this year until the government scrapped it.
Other airlines also contributed data to the project.
Information about the data-sharing project came to light
accident. Critics like Stanley say there are many other government
projects like this that are proceeding in secret.
The ACLU released the Surveillance-Industrial Complex
conjunction with a new website designed to educate the public about how
information collected from them is being used.
The report listed three ways in which government agencies
from the private sector: by purchasing the data, by obtaining a court
order or simply by asking for it. Corporations freely share information
with government agencies because they don't want to appear to be
unpatriotic, they hope to obtain future lucrative Homeland Security
contracts with the government or they fear increased government
scrutiny of their business practices if they don't share.
But corporations aren't the only ones giving private data
government. In 2002, the Professional Association of Diving Instructors
voluntarily gave the FBI the names and addresses of some 2 million
people who had studied scuba diving in previous years. And a 2002
survey found that nearly 200 colleges and universities gave the FBI
information about students. Most of these institutions provided the
information voluntarily without having received a subpoena.
Collaborative surveillance between government and the
private sector is
not new. For three decades during the Cold War, for example, telegraph
companies like Western Union, RCA Global and International Telephone
and Telegraph gave the National Security Agency, or NSA, all cables that
went to or from the United States. Operation Shamrock, which ran from
1945 to 1975, helped the NSA compile 75,000 files on individuals and
organizations, many of them involved in peace movements and civil
These days, the increasing amount of electronic data that
and stored, along with developments in software technology, make it
easy for the government to sort through mounds of data quickly to profile
individuals through their connections and activities.
Although the Privacy Act of 1974 prohibits the government
dossiers on Americans unless they are the specific target of an
investigation, the government circumvents the legislation by
piggybacking on private-sector data collection.
Corporations are not subject to congressional oversight
or Freedom of
Information Act requests -- two methods for monitoring government
activities and exposing abuses. And no laws prevent companies from
voluntarily sharing most data with the government.
"The government is increasingly ... turning to private
are not subject to the law, and buying or compelling the transfer of
private data that it could not collect itself," the report states.
A government proposal for a national ID card, for example,
down by civil liberties groups and Congress for being too intrusive and
prone to abuse. And Congress voted to cancel funding for John Poindexter's
Total Information Awareness, a national database that would have
tracked citizens' private transactions such as Web surfing, bank deposits and
withdrawals, doctor visits, travel itineraries and visa and passport
But this hasn't stopped the government from achieving
the same ends by
buying similar data from private aggregators like Acxiom, ChoicePoint,
Abacus and LexisNexis. According to the ACLU, ChoicePoint's
million-dollar contracts with the Justice Department, Drug Enforcement
Administration and other federal agencies let authorities tap into its
billions of records to track the interests, lifestyles and activities
By using corporations, the report said, the government
can set up a
system of "distributed surveillance" to create a bigger picture than it
could create with its own limited resources and at the same time
"insulate surveillance and information-handling practices from privacy
laws or public scrutiny."
Most of the transactions people make are with the private
the government. So the amount of data available through the private
sector is much greater.
Every time people withdraw money from an ATM, buy books
or CDs, fill
prescriptions or rent cars, someone else, somewhere, is collecting
information about them and their transactions. On its own, each bit of
information says little about the person being tracked. But combined
with health and insurance records, bank loans, divorce records,
election contributions and political activities, corporations can create a
And studies show that Americans trust corporations more
than they trust
their government, so they're more likely to give companies their
information freely. A 2002 phone survey about a proposed national ID
plan, conducted by Gartner, found respondents preferred private
-- such as bank or credit card companies -- to administer a national ID
system rather than the government.
Stanley said most people are unaware how information about
passed on to government agencies and processed.
"People have a right to know just how information about
them is being
used and combined into a high-resolution picture of (their) life,"
Although the Privacy Act attempted to put stops on government
surveillance, Stanley said that its authors did not anticipate the
explosion in private-sector data collection.
"It didn't anticipate the growth of data aggregators and
amount of information that they're able to put together on virtually
everyone or the fact that the government could become customers of
companies," Stanley said.
Although the report focused primarily on the flow of data
corporations to the government, data flow actually goes both ways. The
government has shared its watch lists with the private sector, opening
the way for potential discrimination against customers who appear on
the lists. Under section 314 of the Patriot Act, the government can submit
a suspect list to financial institutions to see whether the institution
has conducted transactions with any individuals or organizations on the
list. But once the government shares the list, nothing prevents the
institution from discriminating against individuals or organizations on
After the terror attacks of Sept. 11, 2001, the FBI circulated
list to corporations that contained hundreds of names of people the FBI
was interested in talking to, although the people were not under
investigation or wanted by the FBI. Companies were more than happy to
check the list against the names of their customers. And if they used
the list for other purposes, it's difficult to know. The report notes
that there is no way to determine how many job applicants might have
been denied work because their names appeared on the list.
"It turns companies into sheriff's deputies, responsible
not just for
feeding information to the government, but for actually enforcing the
government's wishes, for example by effectively blacklisting anyone who
has been labeled as a suspect under the government's less-than-rigorous
procedures for identifying risks," the report states.
Last March, the Technology and Privacy Advisory Committee,
Secretary of Defense Donald Rumsfeld to examine government data mining,
issued a report (PDF) stating that "rapid action is necessary" to
establish clear guidelines for responsible government data mining.
The ACLU's Stanley said companies are in the initial stages
Homeland Security gold rush to get government contracts, and that the
public and Congress need to do something before policies and practices
of private-sector surveillance solidify.
"Government security agencies always have a hunger for
more and more
information," said Stanley. "It's only natural. It makes it easier for
law enforcement if they have access to as much info as they want. But
it's crucial that policy makers and political leaders balance the needs
of law enforcement and the value of privacy that Americans have always
expected and enjoyed."