Big Brother's little helper

How an Atlanta-based company won millions of federal dollars to mine information on Americans in the name of toppling terrorism

Visit and you'll see the company's motto — "Smarter Decisions, Safer World" — pasted over the faces of children running across a field, or coasting on a swing set, or cuddling a puppy. You'll find promises about how ChoicePoint Inc. upholds the PATRIOT Act, assists in criminal investigations, and serves the needs of the federal government. And you'll read upbeat descriptions of what ChoicePoint does, such as "harness the positive power of information to make smarter decisions in a world challenged by increased risks." When ChoicePoint talks about "increased risks," it means another 9-11. And when it mentions "the positive power of information," it's referring to expansive dossiers the Georgia-based company — one of the world's largest private data miners — keeps on almost every American.

Are you a little queasy about unwittingly revealing your life's most minute details to a company that sells them to big business and the government? No worries, says ChoicePoint. Privacy, as we once knew it, is a thing of the past.

"We are beginning to see a shift in the traditional privacy debate from simply focusing on an individual's right to privacy, to also including consideration of society's right to protect itself," says a letter from ChoicePoint CEO Derek Smith in the company's most recent annual report. "ChoicePoint as a company and I as an individual continue to believe, however, that in a free society — particularly in today's society — we do not always have the right to anonymity."

Smith has a point. The world we live in is not the world we inhabited before 9-11. In today's world, it's obvious how serious the consequences can be when government intelligence fails.

As a result of that failure, ChoicePoint has assumed a powerful role, doing what even the feds aren't allowed to do — and at the same time raising fears that corporations are harnessing technology to intrude on our privacy.

ChoicePoint's mission is simple. The company amasses oodles of gigabytes of little pieces of just about every American's existence. Some of the information may be public and obvious, like property records or criminal histories. But one might mistakenly consider other pieces confidential or inconsequential, such as DNA samples turned over in a criminal investigation, or responses to a magazine survey asking where you last bought toothpaste, and what brand you chose.

ChoicePoint then packages the pieces for sale — to employers, insurance companies, direct marketers, state governments and nearly 40 federal agencies. If ChoicePoint shares your records with companies with whom you're seeking insurance or a job, you must first give ChoicePoint permission.

That's not the case with the government, whose agencies commonly access ChoicePoint's records to aid in investigations.

"They are part of this new multibillion dollar industry to record as much information as they can about as many people as they can," says Jay Stanley, of the ACLU. "Most Americans . . . would be quite spooked to discover that this company has many dossiers about their private lives."

Piecing together government-sponsored dossiers, particularly on the lives of Americans who aren't suspected of any wrongdoing, is precisely the type of behavior the Privacy Act of 1974 was written to prohibit. There's just one hitch with the 29-year-old law: It merely forbids the feds themselves from building the database. Back in the '70s, Congress wasn't convinced anyone but the government would be inclined to do such a thing.

Lawmakers failed to foresee that technology would make it a cinch to build what privacy advocates have long considered their greatest fear: a grand, centralized database. The result? What ChoicePoint and other data miners do is perfectly legal.

Sitting in his second-floor office, ChoicePoint Chief Marketing Officer James Lee contends that a company like ChoicePoint does a far better job protecting privacy than the feds could. The real intent of the Privacy Act wasn't to prevent the government from accessing databases, Lee argues, but to keep the feds from carrying out fishing expeditions in their own sea.

Lee says ChoicePoint's data is set up in such a way that the government can't fish — because the company doesn't actually sell its databases, but rather provides regulated access to them. In the absence of federal laws governing the use of private databases, Lee insists ChoicePoint has taken it upon itself to keep its own actions, as well as the government's, in check.

But with so little outsider access to ChoicePoint's databases, who's to ensure ChoicePoint always stays within its self-imposed guidelines?

For a company built on the idea of collecting information about everyone else, ChoicePoint's practices are surprisingly inscrutable. Even getting a peek at the info ChoicePoint has compiled on you isn't easy. Lee says the company is devising a service to make it simpler to review your own file.

Digging up the data is a far easier task for ChoicePoint's more privileged customers, such as the Justice Department, the I.R.S and the Department of Homeland Security. Some federal agencies even have special ChoicePoint sites, where government employees can log on and plug into the company's databases. There's ChoicePoint for the D.E.A at, for example.

But the public can't access such sites, which means ChoicePoint and its government clients just might know more about you than you know about yourself.

Not being able to see a ChoicePoint dossier sold to the government means not being able to correct mistakes. Want a really scary example of what can go awry when data collectors hand out bad information? Consider what happened in Florida leading up to the 2000 presidential election. In 1998, the state hired a company called Database Technologies to scrub its voter rolls of ineligible voters. The scrub list was mandated by Florida legislators after a voting fraud investigation revealed dead people had cast ballots in the 1997 Miami mayoral election.

DBT combed through Florida's rolls and handed over the "ineligible" list to elections officials in May 2000 — within days of the company's merger with ChoicePoint.

The problem was that DBT'S list purged the voter rolls not just of felons, who are disqualified from voting in Florida, but of eligible voters whose names resembled those of the felons.

While Florida and DBT failed to check a number of criteria that could have distinguished the actual felons from the non-felons, one criterion that DBT did bother cross-referencing was race. BBC reporter Greg Palast and a handful of U.S. journalists reported that the majority of the felons on the list were black, so thousands of legitimate black voters with the same names as black felons were struck from the rolls. Because Florida blacks vote heavily Democratic, a disproportionate number of votes for Al Gore were thrown out.

According to analyses by news organizations, somewhere between 8,000 and 22,000 qualified votes went uncounted. Whatever the number, it towers over 537 — the margin by which George W. Bush won Florida, and therefore the national election.

The most jarring part, according to Palast, who broke the story, was that DBT knew the list was flawed — because a Florida official told DBT, in a 1999 e-mail, "Obviously, we want to capture more names that possibly aren't matches and let the county supervisors make a final determination." Palast says the fact that the company would even hand over known mistakes shows that it doesn't always do its best — contrary to its corporate mantra — to protect the government against itself.

No evidence has suggested that the purge of black voters was intentional, although it was a remarkably sloppy endeavor in a state long considered a key battleground in the 2000 election.

ChoicePoint denies responsibility for what happened in Florida. The scrub list was already complete when the company took over DBT, Lee notes. He also argues that ChoicePoint would never have been interested in such a project, because when it comes to anything so precious as voting rights "anything less than 100 percent accuracy is not acceptable."

On at least one other occasion when its databases became controversial, ChoicePoint again backed away from a project. Earlier this year, Latin American citizens protested ChoicePoint's sale of their personal information, including passport numbers and even blood type, to the U.S. government. "As soon as someone in Mexico said some — but not all — of this data may be — but not definitely is — confidential, we immediately segregated it and deleted it," according to Lee. "We discontinued the entire market line." He says the government contract for Latin American data expired Sept. 30.

Unfortunately, most of the work ChoicePoint does for the feds isn't open for public review, meaning that oftentimes no controversy can arise.

The casualty of business opportunities both in purging voter rolls and in Latin America won't exactly maim ChoicePoint. There remain scores of possibilities for the company to win government contracts. The company's mission is to protect us against immediate threats, perhaps at the expense of protecting age-old ones. That mission aligns nicely with the current goals of government and with the fact that protection at all costs has grown increasingly fashionable.

It's a brilliant business. Because as much as we claim to love civil liberties, the bloodshed of 9-11 is centuries fresher than blood spilled for the Constitution. A company like ChoicePoint doesn't thrive because it manipulates our wants. It thrives because it's a product of them.

If ChoicePoint were a library, it might be the largest building on Earth. Its computers will soon hold 200 terabytes of information. Compare that to the Library of Congress, whose 18-million books would constitute a mere 20 terabytes. The company began as an insurance-claims division of Equifax, the Atlanta-based credit-reporting agency. In 1997, Equifax spun ChoicePoint off with an IPO. Over the years, the new entity would gobble 42 competitors and complementary companies, all of them gatherers of different varieties of data. The acquisitions ranged from the leading provider of birth, death, marriage and divorce certificates, VitalChek, to the country's largest private DNA forensics lab, Bode Technologies.

In less than a decade, ChoicePoint, which Business 2.0 listed as one of the country's 100 fastest-growing companies, has become a startling financial success. It pulled in almost $800-million in fiscal 2002 revenue. After six years of trading, the company's share price has shot up from less than $10 in 1997 to more than $37 last month.

One key to ChoicePoint's trajectory has been the government's reaction to 9-11. ChoicePoint is among a handful of companies that have jumped at the awesome opportunity to help the feds decrease the risk of another terrorist attack.

ChoicePoint believes that businesses, armed with as much information as possible, will be better able to protect themselves against fraud. Law enforcement will have an easier time solving crimes. And government will be better equipped to fight terrorism. This is the Information Age, after all. What's the point of having so much information if you can't use it?

The company's various databases have come in handy in several high-profile tasks. After 9-11, ChoicePoint's DNA lab, Bode Technologies, received thousands of fragments of human remains — mostly bone — and matched the fragments' DNA to DNA lifted from toothbrushes and combs provided by the victims' families. ChoicePoint even claims that had the government taken advantage of its airline passenger screening capabilities prior to 9-11, the 19 hijackers might never have boarded four planes.

But ChoicePoint's work also has revealed the inherent trouble posed by collecting massive amounts of personal information. Not only can mistakes be made but basic American rights can be jeopardized — the right to vote, the right to be free from unreasonable searches, and the right not to be investigated on the government's whim.

This is the part of the story where you're supposed to be learning the details of dozens of contracts ChoicePoint has signed with the feds. Instead, we're presented with a checks-and-balances breakdown — and the irony that a company, built on the foundation that information on private citizens should be collected and disseminated at will, is shrouded from scrutiny.

Theoretically at least, the public can view the government's contracts with data-collectors under the federal Freedom of Information Act (FOIA). But in response to FOIA requests I filed with a half-dozen federal departments, the excuses for withholding information range from the somewhat understandable need to protect "trade secrets" and "national security" (and therefore keep secret a few hundred pages) to the months-long backlogs that force many agencies to put requests on indefinite hold.

I managed to get records from just two federal departments — a pittance considering ChoicePoint has claimed to hold contracts with close to 40 federal agencies.

Although the IRS withheld 179 pages of the records I requested, the 80 pages it did hand over describe a renewable, annual contract totaling $5-million and signed in August 2000. The contract grants the IRS online access to as many as 19 distinguishing data sets that ChoicePoint keeps on most Americans, including property records, incorporated businesses, bankruptcies, civil judgments and motor vehicle info.

The other contract I received, signed by the Justice Department in 2001 and totaling $67-million, describes 141 categories of personal information ChoicePoint provides federal law enforcement, such as Social Security numbers, neighbors' identities, driver's license numbers and a service called "Faces of the Nation."

Another Justice Department document, a memo titled "Guidance Regarding the Use of ChoicePoint," states that the feds are to gather intelligence using "the least intrusive means." It goes on to say that, "an individual does not have a reasonable expectation of privacy in personal information that is made publicly available by others."

Privacy advocates argue otherwise. When it comes to the definition of information "made publicly available by others," Chris Hoofnagle, an attorney for the D.C.-based Electronic Privacy Information Center (EPIC), claims public records taken out of their original context and lumped together are no longer "public" at all — especially if only select customers can pay to see them.

"What [ChoicePoint] does is go out there and collect something that is free and public for good reasons," Hoofnagle says. "And they've twisted these beneficial collections of information into private and more dangerous purposes."

In other words, an individual record on file at the county courthouse showing how much you borrowed to buy your home should be available — to the tax assessor or a nosy neighbor or whoever else feels like trudging down to the courthouse to dig it up.

But to give that record a new home, alongside the make and model of your car, every lawsuit filed by or against you, all your recent traffic tickets, the names and ages of your children, and any crime with which you've ever been charged, is to morph it from a benign court document into a crucial component of an unauthorized dossier, Hoofnagle claims.

Lee, of course, doesn't see things EPIC's way. His depiction of ChoicePoint's dossiers leans more toward the FBI's. At a House subcommittee hearing in May, Steve McCraw, assistant director of FBI intelligence, testified that what privacy enthusiasts consider troublesome, law enforcement considers helpful — when used responsibly.

"It's a nice tool. It ... saves valuable lead-time," McCraw said of the Bureau's use of ChoicePoint. "But it has to be done not on a fishing expedition. It's based upon a reason. There has to be a reason why you decided to run somebody through that database."

With only ChoicePoint and the FBI privy to who's being searched and under what circumstances, however, who's to control — or even see — what the government sees?

In August 2002, at a conference for the military's Defense Advanced Research Projects Agency in Anaheim, Calif., retired Adm. John Poindexter laid out his vision for protecting America against the threat of future terrorist acts. Despite his role in the 1980s Iran-Contra scandal, Poindexter had recently been named director of the government's new Total Information Awareness (TIA) project. "We must become much more efficient and more clever in the ways we find new sources of data, mine information from the new and old, generate information, make it available for analysis, convert it to knowledge, and create actionable options," Poindexter said.

Poindexter's ideas and the project he oversaw were among the most radical of the government's proposals in reaction to pre-9-11 intelligence failures. So it should come as no surprise that both Poindexter and TIA quickly raised some serious questions.

When new technologies develop, will politicians and the public have the gusto to ensure that the technologies' uses won't invade privacy? When emotions are cooked by an event of 9-11 magnitude, can one distinguish between the need to jack up intelligence-gathering skills and the temptation to succumb to paranoia that heralds Big Brother?

In the case of TIA, the answer was a firm yes. Congress quashed funding for TIA before it got off the ground. Even after the name was changed to Terrorism Information Awareness, the program couldn't shake the stigma of an Orwellian police state. Soon after the speech in Anaheim, Poindexter resigned as TIA director.

But not all surveillance experiments are as hyperbolically named as Total Information Awareness, nor is it the norm for a mad admiral in the bowels of the Pentagon to be running the lab. The distinction between too little privacy and too much security is seldom so obvious.

The Constitution doesn't guarantee privacy, per se, but it does guarantee the right to be protected against unreasonable searches. Over the years the Supreme Court has equated that right to a guarantee of privacy.

But the meaning of an unreasonable search is in constant flux. In the 1970s, when the Privacy Act was drafted, there could be no unreasonable search carried out with the aid of the Internet. There was no Internet.

Nor did most people consider it a threat to privacy when, in late 2001, Congress passed legislation titled Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism. In light of the recent attacks on the World Trade Center and the Pentagon, the search powers bestowed by the legislation seemed reasonable enough — unless you were inclined to hold the USA PATRIOT Act next to the Fourth Amendment, squint really hard and imagine the countless forms the act could take.

Among ChoicePoint's top officers, the PATRIOT Act is a reverent topic. "I think that the opportunities that we have, whether they're in ... the PATRIOT Act or other areas are probably clear to us now," COO Douglas Curling told investors in September 2003.

Curling went on to say that ChoicePoint had received $10-million in Homeland Security funds in 2003, on top of $20-million the year before. During a conference call two months earlier, he told financial analysts: "Our success has been, and probably will continue to be, in taking the core competencies of ChoicePoint and finding opportunities to apply those in governmental or Homeland Security initiatives."

With that, Curling may have ushered in a new sort of Total Information Awareness: a centralized government database in corporate database clothing — Poindexter's dream, privatized.

Despite ChoicePoint's assurances of self-regulation and its salutes to corporate responsibility, the fact is it's someone else's job, not ChoicePoint's, to impose restrictions on the company — and to be sure they're enforced.

Former U.S. Rep. Cynthia McKinney, the only member of Congress to question and hold hearings on the role ChoicePoint played in the Florida election, says she was trying to investigate all the government's contracts with ChoicePoint before her defeat in the August 2002 primary. "My work was cut short," she says. "But it still needs to be done."

Another of ChoicePoint's major critics is from the right. Former Rep. Bob Barr calls the government's unfettered access to private databases inexcusable.

"I think clearly the government is now turning more and more to private industry to do its dirty work," Barr says, "to gather information on people, manipulate that information on people and, in so doing, circumvent the Privacy Act."

Barr says that until recently, the quiet on Capitol Hill regarding private data collectors has been deafening. But there has been a congressional awakening, of sorts.

In July, Sen. Ron Wyden, D-Ore., introduced the Citizens' Protection in Federal Databases Act, which would require federal departments to report to Congress their use of private databases.

"Risks to personal privacy are heightened when personal information from different sources, including public records, is aggregated in a single file and made accessible to thousands of national security, law enforcement and intelligence personnel," says the bill, currently hung up in the Senate Judiciary Committee.

While conservative groups such as the Heritage Foundation have bristled at Wyden's proposed reforms, even ChoicePoint acknowledges there's a lag between the rapid pace at which data-collection technology has evolved and the slow modernization of regulations.

"We certainly agree that technology has far outstripped the legal framework," Lee says. "Let's not debate whether this is good or bad. It is what it is. We can't roll back the technology. We can't make the information go away. So let's spend our time legitimately debating what are the uses of the data."

But ChoicePoint's financial health, as the company's SEC filings attest, is highly susceptible to the success of the privacy debate. The SEC documents describe how the lobbying efforts of "consumer advocates, privacy advocates and government regulators" could have an "adverse affect on our business." Of particular concern would be "an amendment, enactment or interpretation of laws."

Any updating of the law would mean that ChoicePoint just might have to shrink from a potentially lucrative market — as it did with the voter-scrub-list business and the assimilation of data on Latin Americans.

But the company has proved itself clever enough to adapt. Judging from the bold new lines of data it's developing, it will continue to do so.

ChoicePoint's hope for the future is to take data collection off the paper trail — off the electronic paper trail, even — and into the realm of biometrics. Loosely defined, biometrics is a way of identifying individuals by their biological features, including fingerprints and DNA, as well as scans of our retinas, and even the way we walk.

Hints about ChoicePoint's biometrics experiment have surfaced in a federal lawsuit filed against the company in January. In the complaint, a New York technology consultant firm, International Biometric Group, is suing for breach of contract and violation of trade secrets.

According to court documents, ChoicePoint allegedly is $660,000 behind in payments for a "programming code for storing and transmitting biometric data ... that would result in the creation of central biometric authority." The complaint also states ChoicePoint has been providing access to technology, developed by IBG, that's "not commonly known to the public."

One privacy advocate says his reading of the lawsuit leads him to believe ChoicePoint might hold a clandestine contract with the FBI: "The FBI contract could deal with the issue of biometrics," says EPIC attorney Hoofnagle.

But according to Lee, ChoicePoint's biometrics project is not as cryptic as the complaint makes it seem. He says ChoicePoint's biometrics lab, Bode Technologies, intends to develop technology that will allow businesses to verify employees' identities using fingerprinting or some other biometric in the short term, DNA down the road.

Currently, Bode does accept DNA samples, Lee claims, but only from law enforcement agencies conducting an open investigation where DNA is an issue. Those samples arrive at the lab bearing a number rather than a name and are destroyed after ChoicePoint tags them with a 13-digit code that's handed over to investigators. "We have no knowledge whatsoever of whose DNA it is," Lee says.

As for creating government-accessible biometric databases, Lee anticipates it will be the distant future before the feds embrace such technology.

That's not quite the picture of biometrics recently offered to investors by Curling, however. "We're also pleased with the progress in our biometrics initiative," Curling said, "in integrating those into our PATRIOT Act offerings."

He did not elaborate. But Curling's words cement the notion that biometrics smacks of military and Homeland Security intrigue, and that ChoicePoint is a stranger to neither department.

There are in fact countless new methods of surveillance that technology has made — or will soon make — real. And we might know nothing about them, or the unintended tasks for which they might one day come in handy.

Already, some airports have installed face-recognition systems programmed to find fugitives. The ACLU has expressed concern about technology allowing cell phone providers to receive signals tracking their clients' every move. Stanley, at the ACLU, says he's also concerned that private companies may be poised to record and sell buying patterns, or even an individual's every credit card purchase.

"The fact that somebody has on record that you went to the Gap on Oct. 10, 2003, and bought a sweatshirt is not a big deal," Stanley says. "But that's like one pixel. When you start to put together every single purchase you've ever made and everywhere you've traveled and your educational records and your financial records ... it's like putting all those pixels together into a very high-resolution image of how you live your life."

If your exact location could be revealed by your cell phone, would you start thinking twice about where you go? Would you quit carrying the phone? If your purchases were monitored, would you reconsider what you're buying? Would you carry cash instead of plastic?

And would those seemingly small decisions mark the start of a major sacrifice: the moment when you first began forgoing the opportunity to live your life freely for the government's promise of living it securely?

Cell phones and credit cards were created for a legitimate purpose and, without restrictions, could be adapted for another, highly intrusive end. That bodes poorly for advancements in, say, harnessing the very essence of you — be it your DNA or public records bearing your name.

About his protagonist in 1984, Orwell writes: "He knew in advance what O'Brien would say. That the Party did not seek power for its own ends, but only for the good of the majority. That it sought power because men in the mass were frail cowardly creatures who could not endure liberty or face the truth, and must be ruled over and systematically deceived by others who were stronger than themselves. That the choice for mankind lay between freedom and happiness, and that, for the great bulk of mankind, happiness was better."

Contact Creative Loafing-Atlanta Staff Writer Mara Shalhoup via e-mail at [email protected].

Scroll to read more News Feature articles


Join Creative Loafing Tampa Bay Newsletters

Subscribe now to get the latest news delivered right to your inbox.