September 29, 2005 By Jim McKay, Justice and Public Safety Editor
The fact is, Americans release such information daily, whether they mean to or not. Send a package via FedEx and it usually gets there on time. End of story, right? Wrong.
FedEx keeps people's personally identifying information in a database and makes it available to the FBI for homeland security purposes.
Furthermore, a growing number of data aggregators -- otherwise known as data brokers -- collect citizens' personally identifying information and sell it for profit. Among the organizations buying this information are law enforcement agencies, which increasingly turn to the private sector for help with improving intelligence and aiding criminal investigations.
Collect and Sell
The practice of aggregating and selling data gained notice recently when data broker ChoicePoint acknowledged that crooks had duped the company out of the personal data of nearly 145,000 people. ChoicePoint is not the only victim of this type of scam, and not the only company to lose private citizens' information. Those who want to see changes in the way personally identifiable information is bandied about contend it's too easy for this information to fall into the wrong hands.
"Thirty years ago, we were concerned about the big, bad federal government and what it was doing," said Lee Strickland, director of the Center for Information Policy at the University of Maryland and former Central Intelligence Agency analyst. "Now it's really the commercial entities, and not just the data aggregators, but any company."
Data aggregators such as ChoicePoint, LocatePLUS and Seisint -- which was acquired in 2004 by LexisNexis -- collect information from a multitude of public and private source, and assemble dossiers on many, if not most, Americans. Then they sell that information to government agencies, such as 50 different Massachusetts police departments and the Florida Department of Law Enforcement (FDLE), which use it for everyday law enforcement investigations.
Florida uses a software application called the Factual Analysis Criminal Threat Solution (FACTS), which is the same software system used by the defunct Multistate Anti-Terrorism Information Exchange (MATRIX) that once linked several states to data about possible terrorists. The MATRIX, which included a central database where states deposited data, was created after 9/11 to thwart potential terrorist attacks. Federal funding for the MATRIX was halted in April, mostly because of privacy concerns.
The MATRIX database is gone, but the FACTS software continues to run -- and Florida, Ohio, Pennsylvania and Connecticut take advantage of its commercial data-gathering capabilities. The system accesses multiple commercial databases when queried about specific data. Law enforcement officials say it's foolish not to take advantage of all the data available to them, whether it comes from commercial databases or not.
Mark Zadra, the FDLE agent in charge of FACTS, said the system simply provides law enforcement with information that's already available to the public, only more quickly. The exceptions are criminal history records and driver's license photos, both of which law enforcement is entitled to anyway. Law enforcement also has access to Social Security numbers through drivers' licenses.
What they don't have, according to Zadra, is credit information. Law enforcement can get "credit headers" from credit bureaus to obtain recent addresses, but that information is limited to name, address, date of birth and Social Security number. Zadra said he doesn't have access to information about what people are buying or what naughty movies they're renting.
The key advantage to using commercial databases is time. It would take days or weeks to gather data on an individual without this access, whereas law enforcement can now get data in real time.
You may use or reference this story with attribution and a link to