[Infowarrior] - Agencies Not Protecting Privacy Rights, GAO Says

Wed Apr 5 11:28:45 EDT 2006

Agencies Not Protecting Privacy Rights, GAO Says
http://www.washingtonpost.com/wp-dyn/content/article/2006/04/04/AR2006040401
727_pf.html

(Report at: http://www.gao.gov/docsearch/abstract.php?rptno=GAO-06-609T)

By Robert O'Harrow Jr.
Washington Post Staff Writer
Wednesday, April 5, 2006; A09

Government agencies that use private information services for law
enforcement, counterterrorism and other investigations often do not follow
federal rules to protect Americans' privacy, according to a report yesterday
by the Government Accountability Office.

The Justice Department, the Department of Homeland Security and two other
agencies examined by the GAO spent about $30 million last year on companies
that maintain billions of electronic files about adults' current and past
addresses, family members and associates, buying habits, personal finances,
listed and unlisted phone numbers, and much more.

But those agencies often do not limit the collection and use of information
about law-abiding citizens, as required by the Privacy Act of 1974 and other
laws. The agencies also don't ensure the accuracy of the information they
are buying, according to the GAO report. That's in part because of a lack of
clear guidance from the agencies and the Office of Management and Budget on
guidelines known as "fair information practices," the report said.

At the same time, the contractors are not bound by those "fair information
practices," and they often don't comply with all of them, the report said.
Companies do not notify individuals when information is collected, for
instance. They limit individuals' access to records about themselves, and
they generally do not have provisions for correcting mistakes, the report
said.

"The nature of the information reseller business is essentially at odds with
the principles," the report said. "Resellers make it their business to
collect as much personal information as possible."

The 83-page report, the subject of a congressional hearing yesterday, was
spurred in part by massive security breaches reported last year by
ChoicePoint Inc. and LexisNexis in which sensitive files involving almost
200,000 people were sold to fraud artists.

It highlights a difficult truth about the government's increasing reliance
on information services: By outsourcing the building of rich dossiers, the
government is sidestepping checks on surveillance approved in the wake of
domestic spy scandals involving the FBI, Army and other agencies in the
1960s and 1970s.

The report recommends that Congress consider requiring private information
contractors to "more fully adhere" to fair information practices.

Information services play an important but quiet role in homeland security
and criminal investigations. ChoicePoint officials last year acknowledged
that they serve in effect as a private intelligence service for the
government.

Rep. Chris Cannon (R-Utah), chairman of the House Judiciary Committee's
subcommittee on commercial and administrative law, said the hearing was held
because the ability of private information services to collect information
and the government's use of those services have grown far beyond existing
laws and oversight.

Peter Swire, a law professor at Ohio State University, said the information
industry delivers information more efficiently than ever before, helping
investigators in many ways. But he told the congressional panel that the
government needs to ensure that the information it buys is accurate while
giving people a chance to correct mistakes. "Accuracy that is good enough
for marketing is not necessarily good enough to detain a suspect," said
Swire, who served as the chief privacy counselor in the Clinton
administration White House.
© 2006 The Washington Post Company