US gov't data-laundering: using corporate databases to get around privacy law

"Buying You: The Government's Use of Fourth-Parties to Launder Data about 'The People'," a paper by Columbia Law School's Joshua L. Simmons in the Columbia Business Law Review, describes the way that US government agencies circumvent the fourth amendment and privacy statutes by outsourcing their surveillance to private credit reporting bureaux and other mega-databases. He argues that the law should ban the use of this improperly gathered information, binding paid government informants to the same rules that the government must follow.

Your information is for sale, and the government is buying it at alarming rates. The CIA, FBI, Justice Department, Defense Department, and other government agencies are at this very moment turning to a group of companies to provide them information that these companies can gather without the restrictions that bind government intelligence agencies. The information is gathered from sources that few would believe the government could gain unfettered access to, but which, under current Fourth Amendment doctrine and statutory protections, are completely accessible.

Fourth-parties, such as ChoicePoint or LexisNexis, are private companies that aggregate data for the government, and they comprise the private security-industrial complex that arose after the attacks of September 11, 2001. They are in the business of acquiring information, not from the information's originator (the first-party), nor from the information's anticipated recipient (the second-party), but from the unavoidable digital intermediaries that transmit and store the information (third-parties). These fourth-party companies act with impunity as they gather information that the government wants but would be unable to collect on its own due to Fourth Amendment or statutory prohibitions. This paper argues that when fourth-parties disclose to law enforcement information generated as a result of searches that would be violations had the government conducted the searches itself, those fourth-parties' actions should be considered searches by agents of the government, and the data should retain privacy protections.

Buying You: The Government's Use of Fourth-Parties to Launder Data about 'The People' (via Resource Shelf)


  1. So a whistleblower who reported information to the government (information the government presumably couldn’t have gathered save by a search warrant) would be prohibited by this too, eh?

  2. Do you think that it would be impossible for a judge to distinguish between an individual whistleblower who exposes illegal conduct in government, and a commercial, publicly-traded company who has been contracted by the government to conduct illegal searches and surveillance?

    1. Sure, you could distinguish it, but how would you separate it out in principle– a private individual/corporation hands information over to the government, in exchange for which it gets some dough. Same thing’s happening in both cases, so how do you distinguish the one from the other when trying to permit one and not both?

  3. So, hypothetically, if I were to approach these companies, and made them a fair offer to supply me with certain types of data, say, the financial transactions of a government bureau over a period of time, there would not be any legal issue standing in the way for me making that request, right?!

  4. @1: Only if it you blew so many whistles that the govt came to *you* for information, instead of the other way around. The knowledge and expectation that you are aggregating information can be thought of as de facto employment.

  5. A quote from Bruce Schneier at the last ORG talk in London:

    “…in the US data that it’s illegal for the government to collect they’ll buy from corporations and data that it’s illegal for corporations to collect they’ll buy from the government.” – Bruce Schneier

  6. I’m reasonably certain ChoicePoint or LexisNexis doesn’t collect data in the manner specified. They don’t act as a hub for data between first and second parties. I think you want to finger the telcom companies for that. What data aggregators do, in fact, is to collect vast amounts of public record and private data. All types of public record data are collected: bankruptcy, assessor, deed, driver’s license, criminal history, marriage, divorce etc… it originates from state and local governments. You can get this data too, for free. Private data consists of cell phone number data bases, demographics, and land line phone number lists. Again, all of this data is easily accessible to anyone.

    As a taxpayer, if the federal government can buy a service that helps to eliminate welfare fraud, then why wouldn’t I want them to?

    1. By welfare fraud, we’ll assume you mean corporate welfare fraud. Right? Because the $96B that the government *gives* corporations, plus forgoing collecting taxes from said corporations, is considerably bigger than the $17B the government spends to keep the poorest of the poor from starving to death. According to the Wiki, anyway, so the numbers could be off a bit (but not by a factor of 5, so don’t even go there).

  7. UberCookKungFu it’s not that the data “can” be collected, its the power of the linking and tenuous connections drawn by the ChoicePoint or LexisNexis bodies.

    As a taxpayer, I do not condone the premise that “since I don’t do anything wrong, why should I care if someone see’s what I do.” As a citizen, my guilt or non-guilt does not warrant the circumvention of the Fourth Amendment restrictions for Government bodies. The end does not justify the means in this case. Just my opinion, by all means you are entitled to yours and that’s just fine.

  8. I’m trying to figure out how collecting data that people give away freely is a violation of the fourth amendment. Don’t get me wrong, I will strongly protect my fourth amendment rights as a citizen of the USA, but if I freely put something out in the public, or give something to a private entity who is then willing to freely give or sell it, how did the government receiving it LEGALLY violate my rights?

    I think the wrong issue is being targeted. Since people don’t like to be held accountable for their own stupid actions, they want to point their finger everywhere else, and the government is an easy target. The real issue is, in this day and age, people are much more willing to give their personal information away for free. Just look at twitter and facebook.

    Now, here’s where I have to ask, and maybe this is where the fourth amendment violation comes in: Is the data aggregated obtained illegally? How is the data collected? If I were to do it myself, would I be charged with a valid crime (you know, other than the typical blanket “terrorism” or something similar)?

    1. I used to work in the mortgage industry, and I can confirm that when you apply for a mortgage loan, all the information on the application, plus all the information on the credit report, plus all the information on the title report is sent to a “fraud checking service” that has everyone’s personal info on file. For some reason, I am blanking the name of the company at the moment. This company cross checks all this information with the information it already has on file to make sure that there are “no red flags”. It also goes to the govt so they can look for “red flags”, too. I am pretty sure that all this information is permanently stored by both agencies. We were prohibited from telling clients that their information was being sent to this company/govt. I am sure the mortgage industry isn’t the only industry that does that, too.

  9. “Fourth party”, what newspeak is this? There’s me the first party, you the second party and anyone else is a third party.

  10. The author of the post is technically correct. Govt. agenciescannot violate the 4th amendment and use the evidence against you. However, information provided to them from a 3rd party can be used. Once govt. starts paying a 3rd party for information then said 3rd party essentially BECOMES an agent of government. So, if they get all this statistical data illegally, it can’t be used as evidence. In addition any further evidence gathered thru investigation rooted from the tainted evidence is inadmissable, given that it would not have been found otherwise. It’s called ‘fruit of the poisonous tree’.
    Here’s an example: A policeman gets a tip from someone that you are growing a marijuana plant on your property. He can use that tip to get a warrant and search the premises, resulting in arrest and charges. Now, say that person was tresspassing when they saw your plant. Still admissable, this person is not an agent of govt. so the govt. had no involvement in the illegality of the tresspass.
    But, if the policeman had paid or otherwise put someone up to tresspassing on your property in hopes of them seeing something (fishing), this evidence is inadmissable. If the defense uncovers this, the whole chain of evidence is gone including the warrant and the search.
    The whole problem with this scenario is disclosure. If the policeman doesn’t reveal his impropriety in using a 3rd party, no one knows the evidence is tainted as far as the state is concerned.
    Relate that to the topic at hand. Govt. data mining provides clues. If they eventually catch a terrorist when it all started from a trace of tainted evidence, prosecutors aren’t going to tell. They probably won’t even know. Agencies will keep that bit hush. And aside from the defendant, who will really care?
    The real concern here is our overall loss of privacy in this post 9/11 world. It’s a shame really and I don’t have an answer. The terrorists have won. GW Bush said that they hate us for our freedoms. So govt. is slowly taking away our freedoms thereby giving the terrorists less to hate.

Comments are closed.