-Caveat Lector- http://www.signonsandiego.com/news/uniontrib/tue/news/news_1n3fbidata.html
FBI will tap into personal profiles No legal basis for suspicion needed By Bruce V. Bigelow STAFF WRITER September 3, 2002 When direct marketing consultant Mike DeCastro gets hired to plan a campaign pitching vacations in Mazatlan or cell phone service in San Diego, one of his first moves is to consult an online catalog of customer lists. Such lists are the lubricant that keep the wheels of our consumer society spinning. If you applied for a loan or used a credit card, your name is on a list. They identify almost everyone who has attended school, subscribed to anything, or bought anything from a catalog, direct mail or online merchant. Ultimately, such lists also provide the raw material used to build sophisticated computerized databases that have become a multibillion- dollar industry. "Just about anything that you want to know about anybody is available in a commercial database," said DeCastro of San Francisco. Most people don't have a clue that such databases compile information from a variety of sources, linking their names to their Social Security numbers, credit profiles, employment histories, travel records, court records, personal interests and chronic health conditions. And now, under changes ordered by Attorney General John Ashcroft, the FBI is moving to use commercial databases in its efforts to prevent acts of terrorism in the United States. The change was part of a broader decision, announced by the Justice Department May 30, to loosen the internal policies that guide federal terrorist investigations. Now, even if they don't have a specific suspect or legal basis for suspicion, "FBI agents under the new guidelines are empowered to scour public sources for information on future terrorist threats," Ashcroft said. The attorney general did not specify how the FBI would use commercial databases, and a Justice Department spokesman did not return calls seeking elaboration. Experts say the FBI would likely use special software and advanced "data-mining" techniques that can sift through enormous fields of data to identify patterns and characteristics of potential terrorists. Given the potential threats to American security, some say the changes were long overdue. "The computer systems that were available to the general public were not available to agents like me," said Darwin Wisdom, a former FBI agent who runs the Baker Street Group, a San Diego investigative firm. "I was always dismayed by our inability to access information that was available on computer just about everywhere else." 'Dragnet-style' Before Ashcroft changed the guidelines, the FBI could not even use standard Internet search engines such as Google to look for information concerning terrorist activity, said Mitch Dembin, who resigned two years ago as a federal prosecutor specializing in computer crimes. Investigators first had to have suspicion. "The guidelines cannot be so strict that they shut out from law enforcement the very tools that are available to you and me," Wisdom said. "That's preposterous." Ashcroft's changes have stirred some opposition. The American Civil Liberties Union says the new FBI guidelines reversed many self- imposed restraints the Justice Department adopted in the 1970s after revelations of FBI illegal spying. "For over a decade, the commercial data collectors have promised Americans they would not turn this data over to law enforcement," said Chris Hoofnagle, a lawyer with the Electronic Privacy Information Center in Washington, D.C. "This was a guarantee that has staved off legislation and allowed this data collection to continue." The new capabilities of these technologies now allows "suspicionless, dragnet-style investigations of all Americans," Hoofnagle said. FBI agents could use commercial databases before Ashcroft changed the guidelines, but only after indications of criminal activity were established, Hoofnagle said. A prosecutor would then obtain a warrant that allowed a search, as well as electronic eavesdropping. "Under the old guidelines, they were not allowed to engage in prospective searches – meaning they could not sit down and say all Protestant men between 20 and 24 are likely terrorists and print out a suspect list," Hoofnagle said. By using commercial databases, DeCastro said, the FBI could generate lists of potential suspects based on a profile using such criteria as race, religion, travel, bank accounts and even grocery-store purchases. "It's a disaster," said John Perry Barlow, a fellow at Harvard Law School's Berkman Center and a co-founder of the Electronic Frontier Foundation. "This information has been gathered with an assurance to the consumer that his privacy was being protected, except when warrants were issued for a specific release." Said Barlow: "We have increasingly what strikes me as the foundation for a police state in the United States." But Wisdom, who spent 27 years as an FBI agent before retiring in 1995, said it's premature to become alarmed about potential abuses. "The key is not whether the FBI can access databases," Wisdom said. "The key is what they do with it. You have to trust your law enforcement community that even though they have access to privileged information, that they have the good judgment to use it properly." Troubling tactics Privacy advocates and others, like DeCastro, who are knowledgeable about the industry say they are alarmed by the consumer marketing industry's practices. Many people would be horrified if they understood the scope of personal information collected in commercial databases, said Beth Givens, director of the Privacy Rights Clearinghouse in San Diego. Much of that personal data comes from supermarket loyalty-club programs and credit-card purchases, which can be used to build customer profiles, Givens said. Other data comes from consumer surveys offering giveaway merchandise and from product warranty cards that can mislead consumers into believing they must complete the form to activate the warranty. Using advanced computing capabilities, many companies then "enhance" their database by combining data from public records and other sources, Givens said. Acxiom Corp. of Little Rock, Ark., compiles information from many sources, then uses advanced data-mining techniques to produce specialized marketing lists. In this way, Acxiom can identify thousands or millions of people who fit particular profiles: for instance, 18-to 28-year-old men who purchase certain products or drive certain cars. Such profiles can be highly specific, but Givens said they also can generate misleading and bogus information. Larry Ponemon of Privacy Council, a Dallas consulting firm, said in an interview in June that one study reportedly done on the 19 airline hijackers involved in the Sept. 11 attacks found a pattern in their orders for pizza. "Most college kids order pizza all the time," Ponemon said. "But most people pay cash for pizza. These guys paid with a credit card. That was an odd thing. That became one of the correlates for doing a profile." Other major companies, such as Experian, Equifax and TransUnion, have long used data-mining techniques to assess and score consumers' credit risk, detect fraud and conduct other data-crunching services. Off-limits data Another goliath, ChoicePoint of Alpharetta, Ga., has emerged in recent years as the nation's biggest job-screening concern. The FBI and Immigration and Naturalization Service also have used ChoicePoint to find fugitives, illegal immigrants and other subjects of investigations. Prospective employers use ChoicePoint to compare job candidates' names against a database of 14 billion records, including arrest records and credit data. DeCastro said such databases also can turn up information that employers are legally prohibited from asking job candidates, such as an applicant's age, marital status or HIV diagnosis. Much of the information collected in databases also is wrong, said Givens, who notes people are not always truthful when they fill out consumer surveys and product warranty cards. "By trolling through such a large amount of data from disparate sources, the FBI is likely to add one and one and get three," Givens said. There also are disturbing examples of how information in databases gets misused, such as the personal example that Ponemon described in the April 2000 issue of CIO magazine. In 1995, when Ponemon was part of PricewaterhouseCooper's compliance risk group, he provided information about his family to a Jewish organization building a database to reunite families who had moved or changed their names after the Holocaust. While conducting an audit of a direct marketing company's database 21/2 years later, Ponemon discovered the organization to which he had given his information had sold its database to a direct marketing group to raise money. That marketing firm integrated the information with its own data, and the compiled information was bought, added to and sold at least 10 times after it left the marketer's hands. Ultimately, the database, which by then included enhanced details about Ponemon's family, credit and occupational history – and thousands of others – went to a neo-Nazi group in Idaho. DeCastro said many organizations sell their membership rosters and enrollment lists. Some even count on income from selling their lists as a regular source of revenue. ---------------------------------------------------------------------- Staff writer Kathryn Balint contributed to this report. Bruce Bigelow: (619) 293-1314; [EMAIL PROTECTED] Copyright 2002 Union-Tribune Publishing Co. <A HREF="http://www.ctrl.org/";>www.ctrl.org</A> DECLARATION & DISCLAIMER ========== CTRL is a discussion & informational exchange list. Proselytizing propagandic screeds are unwelcomed. Substance—not soap-boxing—please! These are sordid matters and 'conspiracy theory'—with its many half-truths, mis- directions and outright frauds—is used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRLgives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. ======================================================================== Archives Available at: http://peach.ease.lsoft.com/archives/ctrl.html <A HREF="http://peach.ease.lsoft.com/archives/ctrl.html";>Archives of [EMAIL PROTECTED]</A> http:[EMAIL PROTECTED]/ <A HREF="http:[EMAIL PROTECTED]/";>ctrl</A> ======================================================================== To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED] To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED] Om
