Years before its now-infamous security breach and the loss of thousands of consumer records, ChoicePoint was a major government contractor. In fact, it is by most measure the federal government's primary source of information on individual Americans.
The federal government has turned to commercial databases for information because it is not allowed to collect such data. In 1974, Congress passed the Privacy Act, which made it illegal for the government to operate its own "Big Brother" database. But Congress did not restrict private companies from conducting surveillance and gathering data on individual Americans. Nor did it prohibit the government from buying that information.
Since at least April of 2001, the Alpharetta, Georgia-based data broker has been providing multiple government agencies with thousands of data records on individuals. According to the Electronic Privacy Information Center (EPIC)'s investigation, ChoicePoint owns dozens of information brokering or collecting services, trafficking in everything from medical records, to drug test results, to arrest and criminal records.
One of their key acquisitions was the Bridger Insight software verification system, designed to provide "enhanced due diligence research to quickly uncover otherwise unknown customer information." The Bridger Insight system allows for a full-scale electronic identity verification, including helpful "risk assessment" scores as to whether or not the individual's identity data constitutes a concern, and full-page "verification reports" with "Pass" or "Fail" marks depending on the results.
If this sounds like the work of a consumer reporting agency or credit bureau, ChoicePoint's pedigree as a spin-off of credit reporting giant Equifax bears that out. However, unlike Equifax, ChoicePoint is not officially classified as a consumer reporting agency, and thus not subject to the terms of the Fair Credit Reporting Act (FCRA).
EPIC filed suit against ChoicePoint in 2004 for what it calls "subverting the policy goals of federal information privacy law." Also very much like a credit reporting agency, ChoicePoint was taken to task for providing inaccurate, outdated, and mixed-up consumer data records -- with a "90% error rate", according to Pam Dixon of the World Privacy Forum. Couple this with the sale of 145,000 data records to an admitted criminal enterprise, and ChoicePoint was the lucky recipient of Privacy International's 2005 "Lifetime Menace" award for being "an abuser and broker of personal information for many years now, collecting information on Americans and foreigners without having to adhere to strict privacy laws."
Nevertheless, ChoicePoint's Bridger Insight system is one of the cornerstones of the PATRIOT Act's identity verification solutions, "help[ing] more than 4,000 clients simplify the process of achieving compliance and conducting due diligence."
As detailed in ConsumerAffairs.Com's special report on ChexSystems, the Bridger Insight software system was partnered with eFunds' ChexSystems database in 2002 to "help streamline Section 326 compliance efforts of financial institutions," according to eFunds' senior vice-president Mark Spilsbury.
The Scottsdale, Arizona-based "information solutions" company has positioned itself as a prime mover in the identity verification field. One of their major subsidiaries, Penley Inc., provides a host of ID verification products, including BackgroundWatch, which researches customer data and returns a three-tiered search result. The "Basic Search" returns general data, such as name, address, SSN, and the like. The "Extended Search" offers more in-depth information, including lists of property records and "possible friends and relatives" (emphasis added).
The "Complete Search" contains all of this data, plus records of any sort of license, weapon registration, and voter registration. All of this information is integrated with the ChexSystems suite to track banking records and evidence of suspicious activity. The end result is a frighteningly complete portrait of an individual's personal records, containing all of their essential data and information.
Furthermore, the "risk assessment" components allow participating financial institutions to not only study a customer's past banking history, but in the case of the QualiFile system, to actually make judgments on their future history based on "[a bank's] pre-determined risk strategy and a risk assessment score that scientifically predicts the likelihood that you will have to force-close this account."
Penley has been a strong advocate of moving to a Web-based solution for its data warehousing for some time. Their cleverly named "ID Verification" system advocates a centralized, one-stop "turnkey" process, with (in their words) "simple 'pass' or 'fail' answers which require little interpretation by the frontline employees."
The system apparently requires nothing more than an Internet connection and a Web browser to use -- no software or hardware required. Given that eFunds proudly proclaims its ownership of one of the largest debit databases in the world , and its ability to outsource its customers' operations to offshore call centers, the potential for identity theft and data mismanagement is tremendous.
Apparently, the notion that a purely Web-based information database might find itself prey to hackers and data thieves is apparently not as high a priority as ensuring that the data is collected and sold to whomever wants ithttp://www.consumeraffairs.com/news04/2005/patriot01.html