Agencies Not Protecting Privacy Rights, GAO Says
Wednesday, April 5, 2006
Government agencies that use private information services for law enforcement, counterterrorism and other investigations often do not follow federal rules to protect Americans' privacy, according to a report yesterday by the Government Accountability Office.
The Justice Department, the Department of Homeland Security and two other agencies examined by the GAO spent about $30 million last year on companies that maintain billions of electronic files about adults' current and past addresses, family members and associates, buying habits, personal finances, listed and unlisted phone numbers, and much more.
But those agencies often do not limit the collection and use of information about law-abiding citizens, as required by the Privacy Act of 1974 and other laws. The agencies also don't ensure the accuracy of the information they are buying, according to the GAO report. That's in part because of a lack of clear guidance from the agencies and the Office of Management and Budget on guidelines known as "fair information practices," the report said.
At the same time, the contractors are not bound by those "fair information practices," and they often don't comply with all of them, the report said. Companies do not notify individuals when information is collected, for instance. They limit individuals' access to records about themselves, and they generally do not have provisions for correcting mistakes, the report said.
"The nature of the information reseller business is essentially at odds with the principles," the report said. "Resellers make it their business to collect as much personal information as possible."
The 83-page report, the subject of a congressional hearing yesterday, was spurred in part by massive security breaches reported last year by ChoicePoint Inc. and LexisNexis in which sensitive files involving almost 200,000 people were sold to fraud artists.
It highlights a difficult truth about the government's increasing reliance on information services: By outsourcing the building of rich dossiers, the government is sidestepping checks on surveillance approved in the wake of domestic spy scandals involving the FBI, Army and other agencies in the 1960s and 1970s.
The report recommends that Congress consider requiring private information contractors to "more fully adhere" to fair information practices.
Information services play an important but quiet role in homeland security and criminal investigations. ChoicePoint officials last year acknowledged that they serve in effect as a private intelligence service for the government.
Rep. Chris Cannon (R-Utah), chairman of the House Judiciary Committee's subcommittee on commercial and administrative law, said the hearing was held because the ability of private information services to collect information and the government's use of those services have grown far beyond existing laws and oversight.
Peter Swire, a law professor at Ohio State University, said the information industry delivers information more efficiently than ever before, helping investigators in many ways. But he told the congressional panel that the government needs to ensure that the information it buys is accurate while giving people a chance to correct mistakes. "Accuracy that is good enough for marketing is not necessarily good enough to detain a suspect," said Swire, who served as the chief privacy counselor in the Clinton administration White House.