[Politech] ChoicePoint, EPIC tiff continues with another letter-writing round [priv]

From: Declan McCullagh (declan@private)
Date: Tue Jan 11 2005 - 21:35:49 PST


-------- Original Message --------
Subject: Re: [Politech] ChoicePoint and EPIC in a tiff over over 
privacy, databases, and FCRA [priv]
Date: Tue, 11 Jan 2005 06:25:53 -0500
From: Marc Rotenberg <rotenberg@private>
To: Declan McCullagh <declan@private>
CC: Chris Hoofnagle <hoofnagle@private>
References: <41E363C9.2060402@private>

And this is our reply to the letter from Choicepoint CEO Curling.

Marc Rotenberg

------------------------------------------------------------------------
------

http://www.epic.org/privacy/choicepoint/reply1.5.04.html

January 5, 2005

Douglas C. Curling,
  President and COO
  Choicepoint
  1000 Alderman Dr.
  Alpharetta GA 30005

Dear Mr. Curling,

I received your letter regarding the request for investigation that the
EPIC filed with the FTC about Choicepoint's ongoing failure to comply
with the spirit of the Fair Credit Reporting Act. The complaint, which
was prepared by EPIC Associate Director Chris Hoofnagle and Professor
Daniel J. Solove describes with considerable care the significant
problem of the information broker industry, and your company in
particular, to fail to abide by privacy protections that were adopted by
the United States Congress more than thirty years ago. It reasonably
requests the Federal Trade Commission, which has jurisdiction over the
enforcement of the Fair Credit Reporting Act, to consider whether your
business practices currently violate federal law or whether it may be
necessary to amend federal law to safeguard the information about
American consumers that your company routinely sells to the government
and the private sector.

Your reply, in contrast, ignores the problems outlined in the letter,
makes baseless allegations about EPIC, and puts forward the absurd
proposition that we should review our filings with your company before
they are submitted to a federal agency.

To briefly summarize, Mr. Hoofnagle and Professor Solove on behalf of
EPIC, wrote to the Federal Trade Commission to request an investigation
into data broker products for compliance with the Fair Credit Reporting
Act. The FTC would have every reason to pursue this complaint. Chris
Hoofnagle is one of the country's leading privacy advocates. Professor
Solove is one of the most respected privacy scholars in the United
States. And EPIC is responsible for much of the section 5 jurisprudence
that has contributed to stronger privacy protections for millions of
American consumers.

We argued correctly that many of the data products sold by companies
such as Choicepoint, though not exclusively by your company, avoid
coverage under the Fair Credit Reporting even though the content and
source of these profiles on American consumers may be virtually
indistinguishable from a credit report that would be covered under the
federal law.

This is hardly an outlandish claim. As you well know, the scope of
coverage of the FCRA has been a central concern for the US Congress, the
federal courts, and the Federal Trade Commission for many years.
Companies such as yours have found exceedingly clever ways to sell more
and more information about American consumers with fewer and fewer
obligations. When inaccuracies arise or the information is improperly
used, the consequences are serious. Jobs are lost and loans are turned
down, not because of any fault of the individual but because of the
inaccurate information that companies such as yours can provide without
liability.

Consider for example, the AutoTrackXP and Customer Identification
Programs. Mr. Hoofnagle and Professor Solove provide considerable detail
in the December 16 letter to the FTC both as to the contents and use of
the consumer profiles that your company sells to banks, law enforcement
agencies, and private investigators. It is obvious that many of the same
problems that arise with credit reports will arise with these products,
yet federal law covers credit reports but not these consumer profiles.
Significantly, your reply of December 29, 2004 says not a word on this
point.

The December 16, 2004 EPIC complaint reasonably concludes:

	Even if these products are not consumer reports for purposes of
	the FCRA, it is incumbent on the FTC to analyze them and make
	recommendations to Congress concerning possible expansion of the
	FCRA. If these products are found not to be within the FCRA, the
	FTC should recommend to Congress to expand the scope of the Act.

Perhaps you could provide a simple answer to the FTC and to the American
public of why, in your opinion, these products should not be covered
under the FCRA if they are virtually indistinguishable from similar
products that would be covered.

While your letter makes a lot of nonsensical claims about EPIC, I
suspect your real concern is EPIC's repeated success at the FTC, in
federal courts, and working with state attorneys general to defend the
privacy rights of American consumers. We have earned the respect of
these public officials precisely because we pursue these matters to a
successful resolution. You are correct that there is an error in the
letter regarding the cleansing of voter registration information in
Florida. The list was actually complied by DBT, a company acquired by
ChoicePoint in 2000. The sale of voter qualification information
nevertheless is a perfect example of how non-FCRA flows of personal
information can result in harm to individuals. At the same time, we made
no mention in our initial complaint to the FTC regarding the numerous
violations of privacy laws outside of the United States that implicate
your company. As USA Today reported on September 1, 2003:

	After the Mexican government complained that its federal voter
	rolls were the source, and were likely obtained illegally by a
	Mexican company that sold them to ChoicePoint, the suburban
	Atlanta company cut off access to that information.
	
	In June, ChoicePoint wiped its hard drives of Mexicans' home
	addresses, passport numbers and even unlisted phone numbers. The
	company also backed out of Costa Rica and Argentina.
	
	ChoicePoint had been collecting personal information on residents
	of 10 Latin American countries — apparently without their consent
	or knowledge — allowing three dozen U.S. agencies to use it to
	track and arrest suspects inside and outside the United States.
	
	The revelations helped kindle privacy movements in at least six
	countries where the company operates. Government officials have
	ordered — or threatened — inquiries into the data sales, saying
	ChoicePoint and the U.S. government violated national sovereignty.

If it is you contention that Choicepoint has faithfully complied with
all privacy obligations, we would be pleased to provide further
information to the Commission and Congressional oversight committees so
that they may open a separate investigation.

You and your chairman have proposed a national debate on the responsible
use of personal information. We support this. But it is not a debate
that should take place at industry trade shows or closed door meetings
with PR specialists and Washington lobbyists.

We would welcome a public hearing in Congress with balanced
representation between those in the information broker industry and
those in the consumer protection field, including state attorneys
general, to discuss the scope and application of the Fair Credit
Reporting Act to the dossiers on American consumers now being sold by
companies such as yours.

We would welcome a similar public workshop before the Federal Trade
Commission with balanced participation on the same issue. In fact, we
hoped that our letter to the Federal Trade Commission would lead to just
such an inquiry.

We have posted your reply to our letter on the EPIC web site. We invite
you to post this answer to your reply on your site. We also encourage
you to show support for a genuine national debate on these issues with a
letter to the FTC and the appropriate members of Congress.

Sincerely,


  Marc Rotenberg
  EPIC President

Cc:
  FTC Chairwoman Deborah Majoras
  FTC Commissioner Orson Swindle
  FTC Commissioner Pamela Harbour
  FTC Commissioner Jonathan Leibowitz
  FTC Commissioner Thomas Leary

  House Commerce Committee Chairman Joe Barton
  House Commerce Committee Ranking Member John Dingell
  Senate Commerce Committee Chairman John McCain
  Senate Commerce Committee Ranking Member Daniel Inouye

On Jan 11, 2005, at 12:27 AM, Declan McCullagh wrote:

> Excerpt from EPIC's letter to the FTC trying to compel the agency to  
> target ChoicePoint:
>
> http://epic.org/privacy/choicepoint/fcraltr12.16.04.html
> "ChoicePoint, one of the largest data aggregation companies, became  
> independent from Equifax, a leading U.S. credit rating agency, in  
> 1997.  ChoicePoint has bought more than 40 companies and competitors,  
> and obtains 40,000 new public records daily for its database of more  
> than 19 billion records. Choicepoint contracts with about 35 federal  
> agencies to supply data. The company's slogan is "Smarter Decisions.  
> Safer World."
>
> ChoicePoint's reply follows.
>
> -Declan
>
> ---


_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)



This archive was generated by hypermail 2.1.3 : Tue Jan 11 2005 - 22:23:32 PST