Embattled Data Collector a Big Homeland Security Contractor

The nation's giant in personal-information collection, which announced recently that it had unwittingly handed at least 145,000 Americans' Social Security numbers and other private records to a ring of crooks, is also a major government contractor, providing the tools in sophisticated homeland security screening and law enforcement surveillance efforts.

This has led experts who have been watching the ever-expanding ChoicePoint (search), Inc., an Atlanta-based commercial-information service, to wonder how the massive theft will affect the integrity of such sweeping homeland security efforts as the screening of airline passengers and terrorist and criminal profiling.

It also causes them to wonder how safe Americans' personal information is — even in the government's hands.

"The government is becoming a big potential customer for companies like ChoicePoint, driving ChoicePoint to gather more and more information, and that puts data in a vulnerable position," said Jim Harper, director of information policy studies at the Cato Institute (search) and editor of Privacilla.org.

"If a company this central to this [surveillance] process is this careless, I think we should definitely step back and wonder about data mining," he added.

Erick Stakelbeck, senior writer for the Investigative Project (search), a Washington D.C-based counter-terrorism think tank, said it would be just as possible under these circumstances for potential terrorists to steal identities and use them to carry out actions against Americans.

"Who knows what they would be able to tap into with this kind of information at their disposal?" he asked.

Inevitable Privacy Problems?

ChoicePoint and its numerous subsidiaries are involved in everything from providing government employees with quick online access to criminal background checks, to helping law enforcement and intelligence agencies cultivate, sift through and swap the private and public records of American citizens — even their DNA. This is what's commonly known as "data mining." (search)

"ChoicePoint is used virtually everywhere in the federal government that is doing data mining — it is a widely used source," said one official with the federal Government Accountability Office (search).

ChoicePoint officials announced this month that the company was investigating last fall's theft of personal and financial details.

It has since mailed out notifications to each of the estimated 145,000 people affected and has hired a credit-monitoring company to keep watch on the credit reports of each victim.

The company said the thieves apparently used previously stolen identities to pose as legitimate debt collectors, insurance providers and other small-business officials.

They opened 50 ChoicePoint accounts and then, for a full year, were eligible to receive volumes of data on consumers, including Social Security numbers, names, addresses and credit reports.

ChoicePoint officials say the fraud affected about 5 percent of its $900 million annual enterprise, which includes the warehousing of nearly 19 billion personal and consumer records.

Outside of its federal government work, ChoicePoint provides data and screening services to police, creditors, telemarketers, employers and more.

"If you have 19 billion records you're attempting to sift through, trying to put them in the right files, you're likely to have problems," noted Jordana Beebe, spokeswoman for the Privacy Rights Clearinghouse (search), which takes complaints from victims of identity theft. "That happens all to often."

She agreed that the recent ChoicePoint incident has some wondering to what extent the homeland security and federal surveillance systems may be at risk when so much of their work depends on the free flow of citizens' criminal, consumer and public records.

With so much information out there, Beebe said, hackers could steal or tamper with data without it being quickly discovered. Regular computer glitches could have equally serious results.

"If ChoicePoint has erroneous information, you may not know it," she pointed out. "You may be placed on a no-fly list or be a possible terror suspect, and wouldn't know why."

The General Services Administration (search) did not reply to a request for the number of contracts currently held by ChoicePoint or its subsidiaries.

But according to extensive research by Washington Post reporter Robert O'Harrow, author of "No Place to Hide: Behind the Scenes of Our Emerging Surveillance Society," and the Electronic Privacy Information Center (search), the need for fast, reliable information has become a federal priority since the Sept. 11, 2001 attacks, and ChoicePoint has clearly been able to accommodate.

O'Harrow and EPIC say ChoicePoint has bought no fewer than 58 small companies, many of which have ties to the government, and has developed specialized tools for surveillance and screening.

They add that the company is now behind much of the Department of Justice and other homeland security and surveillance departments' data-mining and sharing efforts.

Officials at the Homeland Security and Justice departments did not return calls for comment.

Chuck Jones, a spokesman for ChoicePoint, told FOXNews.com he was unaware of any impact the recent security breach could have on the company's government contracts. He would not disclose the number or nature of those contracts.

John Soma, law professor and director of the Privacy Policy Center at the University of Denver, said it was unlikely that the federal contracts would be directly affected by the ChoicePoint debacle — but that data mining's growing vulnerabilities had been revealed.

Soma said private companies such as ChoicePoint can legally collect and swap many private and public records that the government cannot. Hiring ChoicePoint allows the government to sift through records it would not be able to on its own.

"We need oversight on the state and, of course, the federal level to find out what these people are doing in these agencies," he said.

Congress to Tackle ID Theft

Some members of Congress are already using the ChoicePoint incident to underscore their concerns about federal data mining.

"I have asked the Government Accountability Office to review selected federal data-mining activities that use personal information, including information from the private sector, and report on the privacy implications for this activity to see if legislative action is necessary," announced Senator Daniel K. Akaka, D-Hawaii.

Rep. Ed Markey, D-Mass., agrees.

"The industry may prefer the atmosphere of regulatory ambiguity," he said, "but that is clearly not in the interest of American citizens' privacy and security."

Sen. Arlen Specter, R-Pa., chairman of the Judiciary Committee, said he will also hold hearings about companies such as ChoicePoint. Ranking committee Democrat Sen. Patrick Leahy, D-Vt., and other Democrats have been urging such hearings for some time.

"I got a letter from Senator Leahy yesterday on the identity-theft issue and I immediately said we can hold a hearing," Specter said Thursday.

Others are letting the ChoicePoint news sink in with the public before they ring any alarm bells.

"The [Government Reform] committee is currently gathering the facts regarding ChoicePoint and recent media accounts of what happened," said Drew Crockett, spokesman for Rep. Tom Davis, R-Va., chairman of the committee. "We can't really offer more comment until we have had an opportunity to talk to the representatives of ChoicePoint and appropriate government agencies."

The Associated Press contributed to this report.