Commercial database use flagged

Electronic Privacy Information Center

Privacy advocates have filed a lawsuit in federal court to force the Justice and Treasury departments to disclose details about buying information about individuals from commercial databases. The agencies are generally banned from amassing such information on their own.

Electronic Privacy Information Center officials said Jan. 15 that the two agencies have illegally failed to respond to Freedom of Information Act requests for details about their information purchasing practices.

Lawyers for EPIC sought the information after seeing news reports and obtaining documents that indicate at least six federal law enforcement agencies buy personal information from database companies.

The companies include ChoicePoint Inc., which gathers and sells information for purposes ranging from employment background checks to insurance fraud investigations, and Experian, which claims to have information gathered from "hundreds of public and proprietary sources" on 215 million consumers.

The Privacy Act of 1974 banned federal agencies from collecting personal information about individuals unless they are actively investigating the individual. But no such prohibitions apply to database companies.

The companies collect data from a wide range of commercial and government sources, such as credit card records, motor vehicle and property records, license records, marriage and divorce data, bankruptcy and other court databases, product warranty registrations, loan applications and other sources.

Government agencies that buy the information include the FBI, the Drug Enforcement Administration, the U.S. Marshals Service, the Internal Revenue Service, the Immigration and Naturalization Service, and the Bureau of Alcohol, Tobacco and Firearms, according to EPIC.

A key concern for privacy advocates is how accurate the data is, said Chris Hoofnagle, EPIC's legislative counsel who filed the suit. ChoicePoint, for example, provided inaccurate data to Florida election officials, who denied thousands of voters access to the polls in 2000.

Hoofnagle said EPIC obtained documents that show that information the IRS bought from ChoicePoint and Experian included "credit header data," which includes a person's name, current and prior addresses, Social Security number, date of birth, telephone number, information from property records, motor vehicle records, marriage licenses and divorce papers, and records of international asset location. IRS employees have access to this data through their desktop computers, Hoofnagle said.

It is not clear whether the agencies buying information are violating the law, "but if they are buying information without real investigations going on, then there are going to be problems," he said.

The Privacy Act was passed to stop information collection abuses that were common during the 1960s and 1970s, when the FBI and other agencies compiled detailed dossiers on Vietnam War protesters, civil rights activists, political "enemies" of the president, celebrities and others.

Hoofnagle said recent cases show that the abuse of information by government employees has not ended. Recent abuses include police employees using information to track women for dates and to rob rental cars and federal employees selling DEA data, he said.

"You don't have to have a rogue government, just a rogue civil servant," he said.

The Justice Department has 30 days to respond to the suit.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.