<<

. 33
( 53 .)



>>

cept of government information as a corporate resource,” one com-
mentator worried in 1994, “appears to be overriding the concept
of public rights to that information.”27 ) However, commercial value
can only be extracted if agencies are able to block the disclosure of

205
Blacked Out


information at no cost through FOI laws; as a result, many govern-
ments have attempted to interpret or amend their laws so that access
can be denied if it would compromise their commercial interests. A
New Jersey law proposed in 2004 included a criminal penalty for indi-
viduals who obtained commercially valuable information under the
state™s open government law if they violated an agreement not to put
the information to commercial use.28
Of course, information sold by government is still publicly avail-
able, in principle, but often at a price that creates a barrier to access
for many citizens. In a portentous 1994 case, the government of the
Canadian province of British Columbia refused to give data to an
environmental advocacy group, arguing that the data was already
available for purchase at a price of $30,000. The group could not pay,
and the government refused to bend, saying that exceptions would
“eliminate this revenue source for the government.” The agency™s posi-
tion was upheld on appeal; similar cases soon arose in other parts of
Canada.29
When the information contained in government databases relates
to the private sector, access to information may also be compromised
because of industry pressure on government agencies. In 2004, the
U.S. government was sued by major tire manufacturers in an effort
to block the disclosure of data on fatal accidents that could be related
to tire failures, which it began collecting after the Firestone contro-
versy.30 The ongoing ¬ght over disclosure of information through the
U.S. government™s Toxic Release Inventory program provides another
vivid illustration of industry pressure. As Mary Graham has noted,
disclosure provisions in the 1986 law that authorized the TRI were
restricted in three ways to overcome industry resistance to the plan:
by excluding important categories of businesses, such as power plants
and mining operations; by limiting the number of chemicals covered
by the scheme; and “ critically “ by requiring that ¬rms report only
their estimate of the amount of chemicals released into the environ-
ment, rather than the amount actually used at a facility.31
Attempts by the Clinton administration to overcome these restric-
tions met strong industry resistance, which intensi¬ed as nongovern-
mental groups became more ef¬cient in disseminating TRI data.
(One trade journal reported “spasms” among chemical manufactur-
ers when one environmental group launched a website that improved
access to TRI data, combined with its own analysis of the results.32 )

206
Liquid Paper


When the Environmental Protection Agency announced its intention
to broaden the list of TRI chemicals in 1994, the chemical indus-
try responded with litigation that delayed implementation for three
years.33 In 1996, the EPA announced its intention to expand TRI to
measure the use, rather than the release, of chemicals; but indus-
try lobbyists successfully blocked the needed legislative amendments
and by the end of the decade the Clinton administration had given up
on its efforts.34
The private sector scored other successes in the effort to pre-
vent the release of environmental information. In 1997, the EPA
announced a new project, the Sector Facility Indexing Project, that
would consolidate data on environmental performance and compli-
ance for factories in ¬ve major industries, and provide an overall
ranking of factories based on the environmental threat they posed.35
The affected industries lobbied Congress and sought an injunction to
block the project, which they argued would unfairly stigmatize their
facilities. The EPA quickly abandoned the proposed project.36
The EPA encountered similar problems when, in 1996, it
announced its intention to publish the “risk management plans” of
over 60,000 businesses on its website beginning in 1999. Required
under the Clean Air Act of 1990, the plans were intended to show
how businesses would respond to catastrophic chemical accidents
within their facilities. The business community fought against dis-
closure, arguing that internet-accessible data could be misused by
terrorists. In 1998, the EPA retreated, promising that details about
these “worst-case scenarios” would be removed before the plans were
posted on the web. The following year, Congress went further, denying
any right of access to the “worst-case scenario” data under the Free-
dom of Information Act “ a step that prevented nongovernmental
organizations from using the FOIA to access the data and construct
a web-accessible database.37


An end to “practical obscurity”
The work of journalists and advocacy groups, while signi¬cant, pales
in comparison to the efforts undertaken by businesses “ known as
data aggregators or commercial data brokers “ to exploit new stock-
piles of digitized data collected by government agencies. Much of
this is personal information, and the success these businesses have

207
Blacked Out


had in compiling previously disparate collections of data has raised
troubling questions about the erosion of privacy.
The amount of personal data that can be gleaned from government
documents is surprisingly large. This includes data gleaned from so-
called “vital records” on births, deaths, marriages, and divorces; infor-
mation on voter registration, sometimes including party af¬liation;
property tax assessment information, including details on the fea-
tures of a home; information on vehicle registrations, driver™s licenses,
accident reports, and traf¬c citations; information from business reg-
istrations and professional or trade license applications; details on
workers™ compensation claims; for public sector workers, details on
employment; and police booking and arrest records. Much more per-
sonal data can be extracted out of court records “ from documents
produced in civil litigation, family court proceedings, bankruptcy
applications, and criminal cases.38
In principle, much of this data has been publicly accessible for
many years. However, the ability to collect and use this information
has been constrained because traditionally it has been recorded on
paper and stored by a large number of state and local governments.
As U.S. Supreme Court Justice John Paul Stevens observed in an
important 1989 decision, Department of Justice v. Reporters Commit-
tee For Freedom of the Press, this data existed in a state of “practi-
cal obscurity.”39 Digitization has now removed barriers to harvesting
vast amounts of personal information from public records across the
United States.
The data aggregation industry is increasingly dominated by a
small number of businesses.40 One of the most prominent is Choice-
Point, which “ like its major competitors “ combines publicly accessi-
ble information with spending-habit data and other details collected
within the private sector. Established in 1997, ChoicePoint has grown
rapidly. In 2003 alone, it reported that it had acquired nine other
¬rms that specialized in collecting public records and commercial
information.41 ChoicePoint, Government Executive reported in 2003,
“owns an astounding 19 billion records, about 65 times as many
pieces of information as there are people in the United States. As
a result, ChoicePoint knows more about most people than the federal
government does.”42
In fact, the federal government has not been blind to this real-
ity. ChoicePoint and other data brokers have aggressively marketed

208
Liquid Paper


their data aggregation capabilities to federal agencies, and many “
including the Federal Bureau of Investigation and Central Intelli-
gence Agency “ have contracted for their services. (In promotional
material, ChoicePoint boasted to federal of¬cials about the “one-stop
mind-boggling power” of its databases.43 A ChoicePoint executive
explained to one journalist that the company acts “as an intelligence
agency, gathering data, applying analytics” to generate “actionable
intelligence” for its clients.44 ) Documents released to the Electronic
Privacy Information Center under the Freedom of Information Act
suggest that one federal agency “ the United States Marshal Ser-
vice “ conducted between 14,000 and 40,000 searches on ChoicePoint
databases each month between 1999 and 2001.45
The growth of these privately held databases has alarmed pri-
vacy advocates. As Daniel Solove observes, the principle of public
access to government records was intended to “empower individuals
to monitor their government,” but the practices of commercial data
brokers now threaten to turn this principle on its head. By harvesting
and aggregating vast amounts of personal information, data brokers
have the ability to create “digital biographies” that are often used for
investigative purposes by businesses, employers, private detectives,
and other individuals.46 These massive private databanks can also be
used for illicit purposes. In early 2005, ChoicePoint acknowledged
that it had unwittingly sold the personal information of tens of thou-
sands of Americans, much of it collected from government agencies,
to identity thieves posing as small businessmen.47
The threat to personal privacy may be aggravated when govern-
ment agencies begin to rely on commercial data brokers for citizen
pro¬les. As critics have pointed out, federal privacy law would likely
bar federal law enforcement agencies from creating databases anal-
ogous to the ones constructed by data brokers, and the agencies™
reliance on brokers™ services looks very much like a way of circum-
venting those privacy rules.48 The data ChoicePoint sells to federal
agencies is indexed by Social Security Number.49 Although Ameri-
cans have often balked at the idea of establishing a universal identi¬er
(and even though there are good technical reasons why the SSN is a
poor choice for an identi¬er),50 government agencies effectively use
the SSN for this purpose when they rely on ChoicePoint™s services.
There is growing evidence that the American public is becoming
sensitive to the privacy intrusions that can result from the disclosure

209
Blacked Out


of personal information given to the government. One warning sign
was the evidence of public resistance to the 2000 national census “
even though there are strong statutory protections against the dis-
closure of census data. Despite a legal obligation to cooperate and
a $167 million advertising campaign to encourage participation,
many Americans refused to answer census questions: The response
rate for the census™ long-form questionnaire was signi¬cantly lower
that it had been ten years earlier. Census director Kenneth Pre-
witt attributed the decline to Americans™ “heightened concern about
privacy.”51 The majority of Americans who thought the census ques-
tions were too intrusive found support from Republican presiden-
tial candidate George W. Bush, who told journalists he could “under-
stand why people don™t want to give over that information to the
government.”52
In 1994, concern about the abuse of publicly accessible personal
data led Congress to legislative action. The Driver™s Privacy Protection
Act prohibits state governments from disclosing personal informa-
tion contained in their driver™s license and motor vehicle registration
records. (The law was strengthened in 1999.) The law was passed in
response to controversy over the widespread practice among state
motor vehicle departments of selling personal data to data brokers “
the Justice Department claimed that New York State earned $17 mil-
lion in one year by selling driver records53 “ and cases in which serious
crimes had been facilitated by the disclosure of motor vehicle records.
The constitutionality of the law was challenged but ultimately upheld
by the U.S. Supreme Court in 2000.54 Enforcement of the DPPA has
not been easy: In Florida, for example, government of¬cials and data
brokers have been the object of at least four class action lawsuits for
violations of the law.55
Nevertheless, DPPA may be a bellwether of a trend toward broader
controls on access to government-collected personal data. Many
states have recently adopted restrictions on the disclosure of Social
Security Numbers, a piece of information that is highly valued by
identity thieves.56 Several states have also adopted statutory restric-
tions that prohibit the release of data for commercial purposes.57
There is an analogy here to the restrictions imposed on various
kinds of “homeland security information” in the months following
the September 2001 terror attacks. In both cases, technology had
lowered the cost of accessing and distributing information, effectively

210
Liquid Paper


liberating data that had once existed in “practical obscurity.” But this
transformation brought new sensitivity to potential abuses, and sub-
sequently new controls on access. In both cases there has been a
philosophical “ and often controversial “ shift away from the long-
standing proposition that governments have no right to consider the
motives of an individual or organization when making judgments
about the release of information.
The national debate over access to digitized court records turns
on the question of whether “ and how far “ access controls should be
imposed. There is a settled tradition in the United States of making
court records publicly accessible “ on paper, and at the courthouse.
As records themselves are put in electronic form, there is no technical
barrier to making them accessible on the web “ and some courts have
already taken that step, allowing anyone with an internet connection
to browse through documents submitted by litigants or prosecutors,
or issued by the courts themselves.
Privacy advocates protest that these new systems “ offering instant
access to social security numbers, addresses, phone numbers, credit
card numbers, bank account numbers, and tax information “ con-
stitute “a treasure trove for identity thieves.”58 And perhaps worse:
Information might be used for stalking, harassment, or blackmail.
Finally there is the prospect of simple embarrassment, as ¬nancial,
family, or medical details are revealed on the web.59 These new infor-
mation systems, says attorney George Carpinello, “turn court records
into a massive data bank, opening all the information ¬led in every
action instantaneously to the world. . . . The public will have ready
access to an array of potentially private and embarrassing informa-
tion regarding anyone who was a party or who was even mentioned
in papers ¬led in any action in any court.”60
Many governments have now recoiled from the idea of allowing
universal access to digitized court ¬les, although it remains unclear
how far the retreat is likely to go. In 2002, a committee of federal
judges recommended a relatively liberal approach on access to digi-
tized court records “ although it still recommended the deletion of sev-
eral “personal data identi¬ers” and a delay on online access to crimi-
nal court records to allow further study.61 In the same year, however,
a proposed set of guidelines on access for state courts took a more
severe view. It drew a sharp distinction between “courthouse access”
and “remote access,” recommending that remote access should be

211

<<

. 33
( 53 .)



>>