Criminals posing as legitimate businesses have accessed critical personal data stored by ChoicePoint, an IT giant accused of transforming itself into a private intelligence service conducting US national security and law enforcement tasks.
ChoicePoint, which maintains databases of background information on virtually every US citizen and which also services other governments around the world, including Australia, last week notified up to 35,000 Californian consumers their personal data may have been accessed by "unauthorized third parties."
The incident involves a vast body of consumer data, including names, addresses, Social Security numbers, credit reports and other information. And the timing of the revelation couldn't be more embarrassing, coming just a week after Washington Post reporter Robert Harrow Jr, exposed ChoicePoint as a private company functioning, in effect, as a public intelligence agency.
The expose highlights the dangers for government law enforcement agencies in outsourcing their responsibilities, which can effectively allow them to evade the accountability and protections of the law regulating the intelligence community.
ChoicePoint, which admits to providing "actionable intelligence", has been aggressively buying up companies marketing sophisticated computer tools capable of analyzing and sharing the records in ChoicePoint's massive warehouses. One of those acquisitions, announced in January, was for i2, a Cambridge-based global provider of visual investigative and link analysis software for intelligence, law enforcement, military and large commercial applications. i2 solutions are used by leading intelligence and law enforcement agencies in Australia as well as throughout Europe, Asia, Africa, and all levels of government in the United States.
It has also partnered with Bridger Systems to provide clients with premier identification verification services to ensure compliance with new anti-terrorism laws. The company says access to the US Terrorist Exclusion List (TEL), the Primary Money Laundering Concern (PMLC) lists and Australia's Department of Foreign Affairs and Trade (DFAT) have all been added to the Bridger Insight product. The Terrorist Exclusion List (TEL) was created within section 411 of the USA PATRIOT Act and authorizes the Secretary of State to designate terrorist organizations for immigration purposes.
Meanwhile DFAT's Consolidated List of entries was developed in response to Australia's enactment of a post-September 11 UN Charter calling for all member states to take prescribed steps to combat international terrorism, obliging the Government to freeze assets of those terrorists listed by the UN, and to make it a criminal offense to deal with such entities. According to ChoicePoint's web site, Australia's charter includes the UN names, but also includes unique entities designated by Australia's Minister for Foreign Affairs and published in the Government Gazette. The Consolidated List of entities is maintained by DFAT, which is active in Asia-Pacific and other world-wide efforts to counter terrorism.
Last week, Choicepoint notified between 30,000 and 35,000 consumers in California that their personal data may have been accessed by "unauthorized third parties," according to ChoicePoint spokesman James Lee.
California law requires firms to disclose such incidents to the state's consumers when they are discovered. It is the only state with such a requirement but such data thefts are rarely limited to a single geographic area.
Lee said law enforcement officials have so far advised the firm that only Californians need to be notified.
ChoicePoint maintains a dossier on virtually every American consumer, according to Daniel J. Solove, George Washington University professor and author of "The Digital Person."
The Atlanta-based company says it has 10 billion records on individuals and businesses, and sells data to 40 percent of the USA's top 1000 companies. It also has contracts with 35 government agencies, including several law enforcement agencies.
In May 2003 Britain's The Guardian newspaper disclosed ChoicePoint was being paid millions of dollars by the Bush administration to collect personal information on the populations of foreign countries. The activity created controversy, with some governments alarmed that the records may have been illegally obtained.
The company reportedly received at least $11m from the US Department of Justice in 2002 to supply data, mostly on Latin Americans, which may include details such as tax records and blood groups.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.