Data Brokers Know a Lot About You, But What Do You Know About Them?
Commercial data brokers are collecting detailed, sometimes inaccurate, information about Americans and selling it to law-enforcement agencies with almost no oversight or regulation. The system needs to be reformed.
What was your phone number in 1992? Where was your Social Security Number issued? What was your college mailbox number? You may not know the answers to these questions, but a commercial data broker does. And these companies are quietly providing your information to law-enforcement agencies with little regulation or oversight for as little as 35 cents a pop.
Commercial data brokers collect and aggregate individuals’ information from public records and then resell it. And they seemingly know everything. In addition to addresses and phone numbers, their databases hold everything from employment history to consumer data to vehicle sightings. One company claims to have information on 98 percent of Americans. Their reach is even international. A federal immigration agency once contracted with ChoicePoint to obtain voter registry and vehicle information from five South American countries. Age isn’t a barrier either. Thomson-Reuters’ CLEAR uses social media platforms such as Facebook and Instagram as a ‘tool for investigating an under-18 population without a credit history.’
Data brokers rarely solicit information directly, so most people are unaware they exist. But I was curious to see what they might know about me. I’ve largely lived abroad; I have a unique name, no driver’s license, and no criminal record. Naturally, I didn’t expect to have a large footprint.
Wrong. After an exhaustive search, I ultimately received records from Thomson-Reuters and LexisNexis’s Accurint- two of the industry’s largest players. The reports listed every phone number and address I had ever been associated with, from my college mailbox to the relative’s home where I’d forwarded mail while abroad. Accurint listed the apartment I rented while interning in DC, along with the names and phone numbers of its current occupants. It even provided the sale price and mortgage on each home I’d lived in.
Surprisingly, much of the information was also inaccurate. Though none of my roommates own cars, Thomson-Reuters inexplicably showed eight vehicles registered to our address (including a Harley-Davidson motorcycle). Accurint listed someone named Florinda as “Associated with Subject’s SSN” though it assured me this “doesn’t usually indicate fraud.”
Obtaining my data from just two brokers was difficult. Amending incorrect information was impossible. Unlike Canada or the UK where data brokers must allow individuals to access and amend their data, American law lacks such requirements. Accurint’s report stated it “may not contain all personally identifiable information in our databases” and they “do not verify data, nor is it possible to change incorrect data.” This is particularly galling considering the scale on which this data is being collected and shared — and with whom.
In recent years, law enforcement agencies are increasingly using brokers to fill gaps in their information gathering. The FBI holds at least 175 million entries derived from multiple brokers, while Accurint counts 4,000 law-enforcement agencies as clients. And nobody is watching. As private entities, data brokers are not subject to the Privacy Act, which restricts the government’s collection of personal information to specific purposes, and provides individuals access and the chance to correct false information in their files. Because data brokers are not subject to these regulations, their activities are vulnerable to abuse. There have been multiple cases of police mismanaging database access in order to spy on ex-girlfriends, among other intrusions. Data brokers essentially allow law enforcement to circumvent warrant requirements and access anyone’s personal information whether they’re involved in wrong-doing or not.
Police sometimes rely on inaccurate data to supplement investigations. Take, for example, the case of Renata and Chris Simmons whose dog was shot by the police when they misidentified their home as the residence a man with a similar last name (Bradly Simpson) when serving a warrant. Or take Denise Green, a 47 year-old black woman, who was held at gun point by police who pulled her over due to a license plate reader error. These mistakes are made when police rely on faulty information in databases.
The system needs to be reformed. Policymakers have long viewed commercial data collectors more benignly than government collectors, but the unregulated sharing between brokers and police requires a re-evaluation of this distinction.
The government is taking note, however. In a recent report, the Federal Trade Commission surveyed the practices of nine data brokers and called for increased transparency and disclosure. Some industries — such as credit reporting agencies and medical providers — are already subject to similar transparency and disclosure requirements. Considering data brokers pose similar risks to Americans, they should at least be held to similar standards.
More importantly, we should reconsider the volume of information available in the public records data brokers can access. A 2004 Electronic Privacy Information Center report points out that our current system of public records was built for an era where hard-to-find paper records were commonplace. With today’s technology, our records can be accumulated and analyzed instantly.
Public records are meant to check the government’s authority by increasing access to government-held information. Private companies that exploit this data for commercial gain damage, not strengthen the liberties public records are meant to safeguard.
Data brokers already know too much about us. It’s time we learned more about them.