Europe too? US acquires hundreds of millions of Latino citizens' data
theregister.co.uk By Andrew Orlowski in San Francisco Posted: 05/05/2003 at 08:32 GMT
The President's favorite database company, Choicepoint Inc., has acquired personal data on hundreds of millions of citizens in ten Latin American countries without their knowledge or consent. Data includes Mexico's Federal Electoral Register, details of drivers in Mexico City and Colombia.
"This is a corporation that works hand in glove with, and is politically connected to the administration, and does things that the US dare not do," Greg Palast, who uncovered Choicepoint's role in the 2000 election, told The Register last week. Choicepoint had been given a $67 million contract for data gathering on September 25, 2001. The contract lasts until 2005.
"It's doing this everywhere," said Palast, "but in Mexico it was caught out."
The scandal broke three weeks ago after an investigation by Mexican newspaper Milenio, although it received scant attention Stateside. But a report in today's Guardian should give it fresh impetus.
From the Guadalajara Times we learn that the company has been active in Brazil, Colombia, Venezuela, Costa Rica, Guatemala, Honduras, El Salvador and Nicaragua. However, the Times reports that Choicepoint has discontinued its role in Argentina, "due to lack of demand and a strict new law relating to privacy".
But ChoicePoint isn't shy about boasting of its Latino assets.
"You know the value of ChoicePoint's domestic data," begins a 2001sales brochure for its 'AutoTrack XP' product uncovered by privacy group EPIC under the Freedom of Information Act. "Now you can locate and identify business assets in foreign countries with ChoicePoint's new International searches".
"ChoicePoint gives you the most comprehensive online International data available, with individual and business information from Mexico, Colombia, Argentina [oops? - ed.] Brazil and Costa Rica."
"ChoicePoint is the only vendor capable of providing online access to the following data sets and/or functionality: a) complete listings of all Mexican, Colombian and Argentine citizens b) inclusion of unlisted numbers in telephone files in Mexico, Brazil and Argentina c) inclusion of Mexican vehicle and driver license data d) complete listing of Columbian company data e) inclusion of personal identification information for Brazilian business people f) full usability in English language
(Go here [200kb PDF] and here [292kb PDF] for the documents.)
The second document records that the US Department of Justice paid $11m for "access to ChoicePoint databases."
Now, you might ask, doesn't the US have official agencies that are supposed to undertake a much more focused version of this intelligence gathering? Indeed, it does, and being conscientious government agencies, the staff (in our experience) take information integrity pretty seriously. The value that ChoicePoint's places on data integrity is quite germane, as we shall see.
Who is Choicepoint Inc.? In a letter to SEC last year, ChoicePoint described itself as "a leading information company with a long history of developing products and services for federal and state government agencies to locate individuals, businesses, and assets and to authenticate individuals' identities."
That long history goes back less than six years to August 1997, when Choicepoint was spun off from Equifax, where it was Equifax's Insurance Services Group.
An early earning statement described how "in business and government markets" it provided services including "pre-employment and drug testing, public records information, UCC search and filing."
A more recent statement is both fuzzier and warmer:
"ChoicePoint (NYSE :CPS) is the leading provider of identification and credential verification services for making smarter decisions in today's fast-paced world, serving the information needs of business, government and individuals."
"ChoicePoint is committed to protecting personal privacy and promoting the responsible use of information to help create a safer world."
But ChoicePoint's credentials as a responsible user of information were tested in its role in Florida, in the 2000 Election - a story that's probably more familiar to readers outside the United States than in.
ChoicePoint was given a contract to maintain Florida's electoral rolls and conveniently managed to scrub as many as 91,000 voters most of whom were poor or black. A complex and determined effort to disenfranchise a small number of people.
Standards body But ChoicePoint has another role to play in a quite unexpected way. It's the guardian of our commercial data integrity. The "Providing Appropriate Tools Required to Intercept and Obstruct Terrorism" (PATRIOT) Act 2001 blessed the company as a kind of standards setter. Banks have been instructed to issue data in a format ChoicePoint likes, which will come as a surprise to the IETF, or the W3C, or OASIS, next time a web standard has to be set. But there you go. And ChoicePoint was singled out by name.
The commercial potential of this new PATRIOT-compatible standard was illustrated here by Sybase which is suddenly falling over itself to help the Homeland. Over at Choicepoint there's a handy compliance brochure you can read advising you how to comply with the PATRIOT Act. And not to complicate the picture too much, Marv Bush, one of the aforementioned Bush family, channeled money to Sybase via his job as a VC at Winston Partners. So you can see how they gamble, these Bushes.
With an essential part of US intelligence gathering now privatized, which we didn't know before - what else does this tell us? Palast reminds us that the state can now demand and control information flows without a warrant. Which is one of those nice 'Thank You's' that we expect, and would appreciate.®