Tuesday, February 22, 2005

ChoicePoint: Choose to Lose Your Identity

Last week, news broke that ChoicePoint had been conned into giving up thousands of California citizens' personal financial records including their Social Security numbers along with detailed Credit Reports and other information to ID theft artists in a hugely elaborate scheme defrauding a very large number of people. However, it looks like this outbreak was not solely contained to California. In fact, several thousand residents around D.C. and many more across the nation have been affected.

Identity theft is a horrible, horrible thing to happen to someone. Of course, it can happen to varying degrees with varying levels of cost from mere annoyance to all out financial disaster, but it unfortunately remains extremely profitable for the thieves. It's a lot more prevalent than it really should be, and apparently there's only about a 5% arrest rate-- no wonder it happens so often if the people doing it don't get caught.

The ChoicePoint case illustrates very clearly the problems that can occur when personal information is misued because this information has a direct ability to encroach on people's individual liberties by destroying their financial lives. However, other leaks of information can cause harm in more indirect ways. Social Security numbers are used so widely because they are unique identifiers, which is an extremely useful thing to have when maintaining a database with thousands of John Smiths.

Since ChoicePoint contracted with many Federal agencies (including the FBI), under those contracts they were legally required to protect the privacy of the records they were maintaining, but few actionable laws exist in our country to safegaurd our personal data. Citizens in fact have very little control over the information collected by them that will in turn be used against them. Kevin Drum makes a very good argument that Credit Reports should be just as much the property of consumers as they are of the Credit Reporting agencies.

ChoicePoint is actually a former branch of EquiFax, one of the three major credit-reporting agencies. It collected a multitude of information from a variety of sources about individuals, but EquiFax ultimately decided it wasn't profitable. A couple of months ago, the WaPO did some very good in-depth reporting on ChoicePoint before this scandal broke(Warning: Archive link. Fellow University students: plug the title into an EBSCO or Lexis search to get the full text). Dan Rather also devoted an hour long ABC news special to the company and it's horrifyingly Orwellian practices. I'm not sure how many people truly cared about these reports before this scandal, but I was already horrified that this company was operating with no oversight whatsoever.

Perhaps there is a silver lining to this story: more people might become concerned about the massive amount of data collection and mining that goes on for just about everything that they do once they realize the true potential damage that can occur. ChoicePoint's ENTIRE business revolves around collecting and selling personal information about individuals, but other companies and institutions routinely do so on a much smaller scale as a tangential part of their larger objectives. If ChoicePoint can't handle records properly, how is a smaller company or even a University supposed to be expected to properly safeguard information to make sure it doesn't fall into the wrong hands? (As I have been sitting here writing this, my dorm phone has rung on two seperate occasions because of calls made by an automated dialing machine. Curious considering I don't give this number out to anyone. Of course this is a mere annoyance but illustrative of the problem I'm speaking of)

This is a theme that I may try to write more about here as time goes on because I took an amazing honors seminar here at the University of Maryland devoted to the issue of privacy. In fact, I have made reference to an article I've been working on recently about privacy problems particular to the University of Maryland. Unfortunately, the student paper here is not being entirely cooperative (they are *very* interested in the story but aren't really interested in letting a non-staff writer have it). I may be forced to use this blog as an independent publishing medium for that, but I'm still holding out hope that I can get it published in our paper. If that happens, I will be sure to link to the article here.

2 Comments:

At 8:27 PM, Blogger Nick said...

This certainly seems like a serious problem, but what sort of regulatory options does the government have open to it? Not trying to poke fingers in anyone's eye here, I just don't know very much about this subject and am curious.

 
At 2:15 AM, Blogger Chris said...

That's a *very* good question. It's a problematic situation for a variety of reasons. Firstly, this is a relatively new paradigm that we are living in where we have the processing power, cheap storage space, and bandwidth necessary for massive information data warehousing and mining. It's a brand new industry essentially without precedent. Furthermore, a lot of privacy advocates tend towards more traditionally conservative views towards government involvement, and thus regulatory measures taken by the legislature might not go over well even with privacy advocates.

One viable option that we might have for protecting basic privacy information rights is in the arena of tort law. No, this is seperate from all of the talk of "tort reform" you've heard about lately. Essentially, one of the newest fields in tort law is privacy, and legal scholars are actively trying to figure out the answers to very similar questions.

From a practical standpoint, I'm not sure if there is a good legislative fix for this: after all, the EU passed a very flawed Privacy directive that many argue has simply explicitly empowered industry and government to take control of information in some ways while prohibiting a few others.

I linked to Kevin Drum's argument because I think it has the potential not only to work but also to resonate with a lot of people. It makes intellectual sense that information about you can be your property, and more legal theory work on just exactly how citizens should be given control of this "property" needs to be done.

 

Post a Comment

<< Home