Europe too? US acquires hundreds of millions of Latino citizens' data

Backdoor men

  • alert
  • submit to reddit

High performance access to file storage

The President's favorite database company, Choicepoint Inc., has acquired personal data on hundreds of millions of citizens in ten Latin American countries without their knowledge or consent. Data includes Mexico's Federal Electoral Register, details of drivers in Mexico City and Colombia.

"This is a corporation that works hand in glove with, and is politically connected to the administration, and does things that the US dare not do," Greg Palast, who uncovered Choicepoint's role in the 2000 election, told The Register last week. Choicepoint had been given a $67 million contract for data gathering on September 25, 2001. The contract lasts until 2005.

"It's doing this everywhere," said Palast, "but in Mexico it was caught out."

The scandal broke three weeks ago after an investigation by Mexican newspaper Milenio, although it received scant attention Stateside. But a report in today's Guardian should give it fresh impetus.

From the Guadalajara Times we learn that the company has been active in Brazil, Colombia, Venezuela, Costa Rica, Guatemala, Honduras, El Salvador and Nicaragua. However, the Times reports that Choicepoint has discontinued its role in Argentina, "due to lack of demand and a strict new law relating to privacy".

But ChoicePoint isn't shy about boasting of its Latino assets.

"You know the value of ChoicePoint's domestic data," begins a 2001sales brochure for its 'AutoTrack XP' product uncovered by privacy group EPIC under the Freedom of Information Act. "Now you can locate and identify business assets in foreign countries with ChoicePoint's new International searches".

"ChoicePoint gives you the most comprehensive online International data available, with individual and business information from Mexico, Colombia, Argentina [oops? - ed.] Brazil and Costa Rica."

"ChoicePoint is the only vendor capable of providing online access to the following data sets and/or functionality:

a) complete listings of all Mexican, Colombian and Argentine citizens
b) inclusion of unlisted numbers in telephone files in Mexico, Brazil and Argentina
c) inclusion of Mexican vehicle and driver license data
d) complete listing of Columbian company data
e) inclusion of personal identification information for Brazilian business people
f) full usability in English language

(Go here [200kb PDF] and here [292kb PDF] for the documents.)

The second document records that the US Department of Justice paid $11m for "access to ChoicePoint databases."

Now, you might ask, doesn't the US have official agencies that are supposed to undertake a much more focused version of this intelligence gathering? Indeed, it does, and being conscientious government agencies, the staff (in our experience) take information integrity pretty seriously. The value that ChoicePoint's places on data integrity is quite germane, as we shall see.

Who is Choicepoint Inc.?
In a letter to SEC last year, ChoicePoint described itself as "a leading information company with a long history of developing products and services for federal and state government agencies to locate individuals, businesses, and assets and to authenticate individuals' identities."

That long history goes back less than six years to August 1997, when Choicepoint was spun off from Equifax, where it was Equifax's Insurance Services Group.

An early earning statement described how "in business and government markets" it provided services including "pre-employment and drug testing, public records information, UCC search and filing."

A more recent statement is both fuzzier and warmer:

"ChoicePoint (NYSE :CPS) is the leading provider of identification and credential verification services for making smarter decisions in today's fast-paced world, serving the information needs of business, government and individuals."

"ChoicePoint is committed to protecting personal privacy and promoting the responsible use of information to help create a safer world."

But ChoicePoint's credentials as a responsible user of information were tested in its role in Florida, in the 2000 Election - a story that's probably more familiar to readers outside the United States than in.

ChoicePoint was given a contract to maintain Florida's electoral rolls and conveniently managed to scrub as many as 91,000 voters most of whom were poor or black. A complex and determined effort to disenfranchise a small number of people.

Standards body

But ChoicePoint has another role to play in a quite unexpected way. It's the guardian of our commercial data integrity. The "Providing Appropriate Tools Required to Intercept and Obstruct Terrorism" (PATRIOT) Act 2001 blessed the company as a kind of standards setter. Banks have been instructed to issue data in a format ChoicePoint likes, which will come as a surprise to the IETF, or the W3C, or OASIS, next time a web standard has to be set. But there you go. And ChoicePoint was singled out by name.

The commercial potential of this new PATRIOT-compatible standard was illustrated here by Sybase which is suddenly falling over itself to help the Homeland. Over at Choicepoint there's a handy compliance brochure you can read advising you how to comply with the PATRIOT Act. And not to complicate the picture too much, Marv Bush, one of the aforementioned Bush family, channeled money to Sybase via his job as a VC at Winston Partners. So you can see how they gamble, these Bushes.

With an essential part of US intelligence gathering now privatized, which we didn't know before - what else does this tell us? Palast reminds us that the state can now demand and control information flows without a warrant. Which is one of those nice 'Thank You's' that we expect, and would appreciate.®

High performance access to file storage

More from The Register

next story
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
Apple DOMINATES the Valley, rakes in more profit than Google, HP, Intel, Cisco COMBINED
Cook & Co. also pay more taxes than those four worthies PLUS eBay and Oracle
It may be ILLEGAL to run Heartbleed health checks – IT lawyer
Do the right thing, earn up to 10 years in clink
France bans managers from contacting workers outside business hours
«Email? Mais non ... il est plus tard que six heures du soir!»
Adrian Mole author Sue Townsend dies at 68
RIP Blighty's best-selling author of the 1980s
prev story


Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.