ChoicePoint
From Wikipedia, the free encyclopedia
ChoicePoint Corporation | |
Type | Public (NYSE: CPS) |
---|---|
Founded | n/a |
Headquarters | Alpharetta, Georgia, USA |
Key people | Derek V. Smith, CEO Douglas C. Curling, President/COO Steven W. Surbaugh, CFO J. Michael de Janes, Gen. Counsel David T. Lee, Exec. VP |
Industry | Business Services |
Products | "Identification and credential verification services" |
Employees | 5,500 |
Website | www.choicepoint.com |
ChoicePoint (NYSE: CPS) is a data aggregation company based in Alpharetta, near Atlanta, Georgia, USA, that acts as a private intelligence service to government and industry.[1]
ChoicePoint aggregates personal data for sale to the government and the private sector. The firm maintains more than 17 billion records of individuals and businesses, which it sells to an estimated 100,000 clients, including 7,000 federal, state and local law enforcement agencies (30 March 2005 estimates).[2]
However, this data has not been secured sufficiently to prevent theft of data on a least one occasion (see below) which has had grave financial consequences for the company and for those whose data has been misused. The company has also been the subject of lawsuits for maintaining inaccurate data, inquiries whether it allowed political bias to influence its performance of government contracts and accused of illegally selling the data of overseas citizens to the US Government.
Contents |
[edit] Activities
ChoicePoint generated revenue of around US$1 billion in 2006,[3] and employed around 5,500 people at 60 locations in the United States and United Kingdom.[4]
The companies activites include the following (30 March 2005 estimates):[5]
- Consumer initiated transactions (60% of business), most of which are regulated by the Fair Credit Reporting Act. These include pre-employment screening, insurance underwriting services, tenant screening services, consumer record reporting and title insurance finances
- Marketing services (9% none of which include the distribution of personally identifiable information, but are regulated by state and federal do not mail and do not call legislation.
- Contracts with local and federal law enforcement agencies (5%)
- Data and authentication solutions (6%), including litigation and debt collection support to law firms, financial institutions and general business.
- Software and technology services (20%), which do not include the distribution of personally identifiable information.
ChoicePoint's database of personal information contains names, addresses, Social Security numbers, credit reports, and other sensitive data. In 2005, this database contained 250 terabytes of data on 220 million people.[6] ChoicePoint also operates the Comprehensive Loss Underwriting Exchange (CLUE), a database used by insurance companies to share histories of claims or damage reports on property.[7] The CLUE database includes identification information on properties such as homes and automobiles, policy records (name, date of birth, policy number), and records of claims (date and type of loss, amounts paid).[8] As of 2006, history is kept for five years.[7][8] It contains records of damage reports regardless of whether the damage resulted in a claim.[7]
ChoicePoint has been contracted by the Transportation Security Administration to screen job applicants and investigating 112,278 people.[citation needed] The US Department of Justice and the National Center for Missing and Exploited Children credit the corporation with assisting in the return of 800 missing children[citation needed].
[edit] History and news
ChoicePoint began in 1997 as a specialist seller of credit information to the insurance industry after being spun-off from credit bureau and information service Equifax Inc. Over the next seven years, it transformed itself into an all-purpose source of personal information about American citizens by acquiring more than 60 data collection and information gathering companies.[9] (A partial list of acquired companies is contained here.)
In January 2000, the company under fire for misusing of private data from government computers. The State of Pennsylvania terminated a contract with ChoicePoint, alleging that the firm had illegally sold citizens' personal information to unathorised individuals. Choicepoint regained limited access to Pennsylvania drivers records in December of 2000, after paying a US$1.375 million dollar fine and agreeing to abide by more stringent contractual requirements that restricted the company to use of the data for insurance purposes only. [10]
[edit] US voting work
The company's acquisition of publicly listed investigative database company - DBT Online of Boca Raton, Florida - for $444 million in 2000 led to its involvement in the Florida Election Controversy in the 2000 US presidential elections.
ChoicePoint's involvement in US voting processes also included lobbying for voter registration component of the Help America Vote Act 2002, which was drafted partly in reaction to the controversy surrounding the 2000 elections. [11] The company retained the Fleishman-Hillard lobby practice, which submitted a lobbying form on the topic on the company's behalf in 2001.The new act centralises some county voter registration activities to states and is thought to amount to federally mandated computerization of voter rolls.
[edit] National security contracts
Changes in national security policy in response to the 2001 September 11 terrorist attacks including the allocation of US$130 billion[12] in related government contracts increased the role of ChoicePoint and other private companies in homeland security and crime-fighting. (In 2005, around 50% of the US$40 billion given annually to the 15 United States intelligence agencies was spent on private contractors.[13])
It has been reported that this work was contracted to private companies because they could compile and use information in ways that government officials could not. US privacy and information laws, strictly limit the government's ability to conduct surveillance on US citizens, but these restrictions do not apply to corporations.[14]
As part of its national security contract work, ChoicePoint provided not only its commercially available products but developed bespoke information surveillance technology. According to 2003 federal contract documents released under freedom of information requests the technology was used to identify terrorism by continuously tracking subjects of interest and providing electronic notification when new information became available.[15]
The company also entered a strategic alliance with systems integrator and defence contractor SAIC. SAIC's Automated Data Analysis and Mining (ADAM) information management suite enables data mining from ChoicePoint's databases,[16] although SAIC has withdrawn public information about the product from its website. SAIC reported that users of the product included major insurance companies, a university research center, and federal and government clients, including the Immigration and Naturalization Service, the Internal Revenue Service, and Los Angeles County.
Transformation of ChoicePoint's role as a provider of information to businesses to a private intelligence agency is reflected in its hiring of former US Government security and intelligence officials. Richard Armitage is a former director. ChoicePoint apointed former US Attorney General John Ashcroft's Ashcroft Group practice as a lobbyist. In late 2003 it hired a team of prominent former government officials as homeland security advisors including former deputy director of the National Security Agency, William Crowell Jr; former FBI executive assistant director of counter-terrorism and counterintelligence, Dale Watson; and former assistant attorney general and primary author of the USA Patriot Act, Viet Dinh.[17]
[edit] Acquisiton of Latin American national databases
The growing role of ChoicePoint and other data aggregation companies in performing national security functions previously solely the preserve of government organisations was highlighted in 2003, following the disclosure that ChoicePoint had purchased Mexico's entire role of 65 million registered voters as well as six million licenced drivers in Mexico City as part of a US$67 million contract with the US Department of Justice.
Under the contract commencing 25 September 2001, ChoicePoint was charged by the US Government to assist the surveillance of Latin Americans, including the citizens of Mexico, Brazil, Colombia, Venezuela, Costa Rica, Guatemala, Honduras, El Salvador and Nicaragua.[18].
The revelation caused an uproar across Latin America.[19] Mexican and Colombian authorities allege that ChoicePoint obtained data on their citizens illegally;[20] the data from Mexico was reported to contain addresses, passport numbers and unlisted phone numbers. The US government had reportedly sought the data so it could conduct investigations involving Latin American citizens without having to contact national law enforcement agencies.
It is claimed that this data may have been used by the US Government to influence the 2006 elections in Mexico.[21] Journalist Greg Palast notes that members of the conservative Pan ruling parter had obtained voter registration lists allegedly only available to election officials. The Pan party had received assistance in conducting its campaign from theInternational Republican Institute, an organisation linked to the US Republican Party. ChoicePoint says that has “...no involvement in any election in any country.”[22]
[edit] Security breaches and insider stock trading investigation
The company was once again in the media spotlight in 2005 following a security breach at ChoicePoint when identity thieves stole the personal data of at least 163,000 Americans.[23]
Following the breach ChoicePoint announced in March 2005 that it would "discontinue the sale of information products that contain sensitive consumer data, including Social Security and driver's license numbers, except where there is a specific consumer-driven transaction or benefit" or law enforcement purpose. The change to the company was to include shutting down some business areas.[24].
At the same time, the US Securities and Exchange Commission launched an informal probe into sales of stock by chief executive Derek Smith and president Douglas Curling for a $16.6 million profit in the months after the company learned its database had been breached but before the information was made public.[25]
ChoicePoint Inc sold The Bode Technology Group, a unit that deals with forensic DNA analysis to GlobalOptions Group Inc, New York provider of risk management services, for $12.5 million in cash.(The Associated Press, March 1, 2007).
[edit] Florida voter file contract
- For more information regarding the voter file in the context of the 2000 election controversy, see Florida Central Voter File, 2000 Florida Election Controversy
ChoicePoint became embroiled in the Florida voter file controversy of 2000 through its acquisiton of Database Technologies (founded by Hank Asher and now known as DBT Online Inc.), a data analysis company in the same year. During the US Presidential Election of 2000, people in Florida were struck from central voter file and not permitted to vote. The US Presidential election hinged on the outcome of the vote in Florida.
DBT Online had been contracted to provide a list of voters barred from voting by the state of Florida in 1998 for US$4 million, including a first year fee of for a first year fee of $2,317,800. The 1998 contracting process involved no bidding[citation needed].
In the aftermath of the vote, the owner of DBT Online, ChoicePoint,was accused of cooperating with Florida Governor Jeb Bush, Florida Secretary of State Katherine Harris, and Florida Elections Unit Chief Clay Roberts, in voter fraud, conspiracy involving the central voter file. It was also accused of having a bias in favor of the Republican Party, for knowingly using inaccurate data, and for racial discrimination.
The allegations charge that 57,700 people (15% of the list), primarily Democrats of African-American and Hispanic descent, were incorrectly listed as felons and thus barred from voting. Reports estimate that 80% of these people would have voted, and that 90% of those who would have voted, would have voted for Al Gore.[26] Other allegations include listing voters as felons for alleged crimes said to have been committed several years in the future. The official (and disputed) margin of victory, in the election, was 537 votes.
ChoicePoint says that it acquired DBT Online after DBT delivered the initial 2000 voter exception list to Florida officials for verification and that it has “...no involvement in any election in any country.”[27] ChoicePoint's acquisiton of DBT Online was made public on 14 February 2000, the election was held on 7 November 2000.[28]
ChoicePoint Vice President Martin Fagan has admitted that at least 8,000 names were incorrectly listed in this fashion when the company passed on a list given by the state of Texas, these 8,000 names were removed prior to the election. Fagan has described the error as a "minor glitch."[29] ChoicePoint, as a matter of policy, does not verify the accuracy of its data arguing that it is simply compiling public information and that it is the original collectors' responsibility to verify accuracy.[30].
On April 17, 2000, at a special Congressional hearing in Atlanta, ChoicePoint Vice-President James Lee testified that Florida had ordered DBT to add to the list voters who matched 80% of an ineligible voter's name; middle initials and suffixes were to be dropped, while nicknames and aliases were added.[citation needed] In addition, names were considered reversible, for example; Clarence Thomas could be added in place of Thomas Clarence. Lee opened his testimony by noting that ChoicePoint intended to get out of the voter purge industry. Then, on February 16, 2001, DBT Senior Vice-President George Bruder testified before the U.S. Commission on Civil Rights that the company had misinformed the Florida Supervisors of Elections regarding the usage of race in compiling the list. Greg Palast concludes, "An African-American felon named John Doe might wipe out the registration of an innocent African-American Will Whiting, but not the rights of an innocent Caucasian Will Whiting." Palast believes that 80% of the 57,700 people allegedly barred from voting were African-American.
[edit] Civil Rights Commission Report on 2000 Florida Elections
The United States Civil Rights Commission, in its official report on the 2000 Presidential Elections (www.usccr.gov/pubs/vote2000/report/ch5.htm), concluded the following.
Summary (unedited)
Historically, individuals convicted of certain types of crimes alleged to be committed more by African Americans are affected by felon disenfranchisement. The practice of felon disenfranchisement has resulted in the greater likelihood of people of color, particularly African Americans, appearing erroneously on the Florida felon exclusion list.
In claiming to address the same types of fraud found during the 1997 Miami mayoral election, the Florida legislature enacted chapter 98.0975 of the Florida statutes, which required the Division of Elections to contract with a private entity to purge its voter file of deceased persons, duplicate registrants, individuals declared mentally incompetent, and convicted felons without civil rights restoration. [214] As a result, DBT Online was eventually retained to assist the Division of Elections in the removal of ineligible voter registrants from the voter file.
DBT Online performed an automated matching process against databases provided by the state of Florida and its own databases. Ultimately 173,127 Floridians were identified as potentially ineligible to vote in the November 2000 election. Of those on the list, 57,746 were identified as convicted felons. Based on DBT Online’s statistical verification, the list it provided to the Division of Elections was 99.9 percent accurate. The Division of Elections distributed the relevant portions of the list to the 67 supervisors of elections.
The Division of Elections instructed DBT Online to verify the clemency status of any alleged convicted felon, even those convicted in states with automatic civil rights restoration, with the Florida Executive Clemency Board. Among those states with their own executive clemency boards, DBT Online was instructed to confirm the alleged felons’ clemency status with the board. The methodology adopted by DBT Online to verify the clemency status of those alleged felons basically consisted of faxing a list to the appropriate state agency.
DBT Online was not required to provide a list of exact name matches. Rather, the matching logic only required a 90 percent name match, which produced “false positives” or partial matches of the data. Moreover, the Division of Elections required that DBT Online perform “nickname matches” for first names and to “make it go both ways.” Thus, the name Deborah Ann would also match the name Ann Deborah.
At a meeting in early 1999, the supervisors of elections expressed a preference for exact matches on the list as opposed to a “fairly broad and encompassing” collection of names. DBT Online advised the Division of Elections that it could produce a list with exact matches. Despite this, the Division of Elections nevertheless opted to cast a wide net for the exclusion lists.
Former director of the Division of Elections, Ethel Baxter, in 1998, recommended to the supervisors of elections that if there was any doubt as to the accuracy of an individual’s status, the voter should be allowed to vote by affidavit. Despite knowing the exclusion lists contained many errors, there is no record that the Division of Elections provided similar cautionary advice to the supervisors of elections for the 2000 presidential election. The evidence does show that some election officials decided that it further served the state’s interests to capture as many names as possible on these exclusion lists.
The process by which each county verified its exclusion list was as varied and unique as the supervisors of elections themselves. Some supervisors of elections sent letters to the alleged felons and held hearings to allow them to produce evidence of their clemency status or establish they were on the list in error. Other supervisors chose not to use the exclusion list at all.
Although the Commission’s record reflects that the Division of Elections is responsible for coordinating two statewide workshops annually for the supervisors of elections to ensure uniformity in the interpretation of Florida election laws, the complaints registered by some supervisors of elections suggest that there was no common understanding of the use of the exclusion lists. The Florida legislature’s decision to privatize its list maintenance procedures without establishing effective clear guidance for these private efforts from the highest levels, coupled with the absence of uniform and reliable verification procedures, resulted in countless eligible voters being deprived of their right to vote.
[edit] Major security breaches
ChoicePoint has suffered several security breaches which have led to the theft of the personal information it holds. The company has been criticized as much for way it has handled the thefts as the incidents themselves. Its actions over a substantial breach in 2004 led to calls for new national privacy laws in the US to protect the personal data of Americans.[31] Since then, reports published in the media say the company has improved its privacy practices.
ChoicePoint discovered on September 27, 2004, that some of its small-business customers in Los Angeles were engaged in suspicious activity. The company notified police, but did not inform the indivduals whose data was leaked until early February 2005. At first, the company only notified some 35,000 California residents as required by law in that state. After a public outcry for more information, the company notified a further 128,000 US citizens whose records were improperly accessed.[32]
Thieves used previously stolen identities to create apparently legitimate businesses seeking ChoicePoint accounts. Over the course of more than a year,[33] they then opened about 50 accounts and received personal information on individuals, including names, addresses, and identification numbers. The old-fashioned scheme, that did not involve any hacking, allowed each fake company account to collect "just enough data to fly under the radar"[34] in order to facilitate "at least 750 cases of identity theft".[35]. In total, more than 5,000 cases of identity theft were reported as the result of the breach.[36]
The scam came to light when 41-year-old Nigerian citizen, Olatunji Oluwatosin, was detected attempting to gain access to personal data held by ChoicePoint. Olatunji Oluwatosin was arrested in October 2004 with five cell phones and three credit cards that belonged to other people, according to investigators. He was sentenced by the Los Angeles County Superior Court in February 2005 to 16 months in prison.[37]
[edit] Incident made public due to California law
The incident became public because of a California notification law that came into effect on 1 July 2003 requiring companies to notify individuals when their personal information has been stolen. Further, until pressured by investigations (see below), ChoicePoint restricted its search of compromised records to the 15-month months that the California law had been in force, leading it to identify 145,000 records agsinst the eventual toal of 163,000.[38]
[edit] Investigations
The security breach sparked a number of investigations including congress people, the Federal Trade Commission, the US Securities and Exchange Commission and US state attorneys general as well as personal lawsuits. [39]
Media investigations generated by the incident brought to light that ChoicePoint had suffered a previous similar ID theft in 2002. Allegedly the suspects, also of Nigerian origin, pulled a similar scam of establishing fake businesses in order to make between 7,000 and 10,000 inquiries on names and Social Security numbers to commit at least US$1 million in fraud.[40]
Congress members rebuked the company for the security breaches, its intention only to notify California citizens of the breach and proposed federal privacy reforms.
The company eventually reached an agreement with around 20 state attorneys general to notify individuals in other states that their data had been stolen.
[edit] Cost to the company
The incident cost ChoicePoint millions of dollars. The company reported charges of US$11.4 million related to the incident in the first six months of 2005, including US$2 million to notify victims of the incident and US$9.4 million in legal and professional fees.[41] Changes to business practices to avoid further breaches were expected to cost the company between $15 million and $20 million in sales during 2005 and to reduce earnings per share by 10 cents to 12 cents.[42]
In January 2006 ChoicePoint was fined US$15 million by the Federal Trade Commission: US$10 million in civil penalties and US$5 million to compensate victims of the security breach. In addition, ChoicePoint was required to take steps to better secure personal information.[43]
The announcements of frauds and the fines have been accompanied by substantial falls in the value of the company's traded shares.[44]
[edit] Changes to business practices
Since this time ChoicePoint has taken steps to improve its image in the media. In September 2006, a Gartner Group report by Avivah Litan since said that “ChoicePoint has now become a role model for protecting customer data privacy.”.[45] In a recent New York Times [28]article on the company, noted privacy expert Daniel J. Solove was quoted as saying, “I have to give them a lot of credit…ChoicePoint had the attitude: ‘We want to make our privacy practices exemplary.” In the same article, New York Senator Charles Schumer stated, “I was worried that a fine would be seen as the cost of doing business… But I have to say, ChoicePoint has become a model company.” Other privacy experts noted in that article that ChoicePoint has made an effort to reach out to privacy experts and academics to discuss changes in the organization to better protect data.
[edit] Other topics
[edit] Out of date data
Several lawsuits and consumer complaints have accused ChoicePoint of providing inaccurate and out-of-date information in its criminal background reports, resulting in unfair job losses for applicants.[46]
It is claimed that the company has not met US federal laws requiring consumer reporting agencies (third parties who conduct background checks for employers) to verify the data they give employers or notify job applicants when they provide adverse information to an employer.[47]
[edit] National Credit Audit Corporation
ChoicePoint subsidiary, National Credit Audit Corporation of Peoria, Illinois has been accused of attempting to force magazine subscribers to pay for merchandise which they have not ordered.[citation needed]
[edit] CLUE database misuse
MSN Money columnist Liz Pulliam Weston wrote a column[7] about a Bremerton, Washington couple, State Farm Insurance customers for 30 years, who discussed an incident of rainwater damage to their home with the company. They ended up not filing a claim, thus maintaining a claim-free history for their home. In spite of the claim-free history, State Farm dropped them as customers, and shared information on their water damage with ChoicePoint's CLUE database. That sharing led the couple to be repeatedly denied coverage by other insurance companies. The column also describes anecdotal evidence cited by real estate agents that information obtained from CLUE has caused home sales to fall through.
[edit] References
- ^ [1] Washington Post, loaded 14 March 2007
- ^ EPIC, 30 March 2005, loaded 3 April 2007
- ^ Yahoo Finance
- ^ http://www.choicepoint.com/about/overview.html
- ^ [http://www.epic.org/privacy/choicepoint/ Epic, 30 March 2005, loaded 3 April 2007
- ^ http://www.businessweek.com/magazine/content/05_04/b3917056_mz005.htm
- ^ a b c d http://moneycentral.msn.com/content/Insurance/Insureyourhome/P35345.asp
- ^ a b http://www.insurance.wa.gov/factsheets/factsheet_detail.asp?FctShtRcdNum=13
- ^ [2] Washington Post
- ^ Penndot reaches agreement with informations servics provider, State of Pennsylvania, 27 December 2000, loaded 30 March 2007
- ^ [3], BlackBoxVoting.Org, 30 January 2007, loaded 30 March 2007
- ^ [4], Observer, loaded 14 March 2007
- ^ [5], Asia Times, loaded 14 March 2007
- ^ [6], GovExec.com loaded 14 March 2007
- ^ [7], GovExec.com loaded 14 March 2007
- ^ SAIC webpage at Archieve.org, loaded 2 April 2007
- ^ [8] Washington Post
- ^ [9], Information Clearing House, loaded 15 March 2007
- ^ [10], Sydney Morning Herald, loaded 15 March 2007
- ^ http://www.unknownnews.net/031126foreignvoters.html
- ^ [11], Guardian, loaded 15 March 2006
- ^ [12], ChoicePoint, loaded 14 March 2007
- ^ [13] Washington Post
- ^ [14], CSO Magazine, March 2005, loaded 30 March 2007
- ^ [15], MSN, 4 March 2005, loaded 30 March 2007
- ^ [16]
- ^ [17], ChoicePoint, loaded 14 March 2007
- ^ Voting Irregularities in Florida During the 2000 Presidential Election, Civil Rights Commission Report on 2000 Florida Elections, loaded 14 March 2007
- ^ http://archive.salon.com/politics/feature/2000/12/04/voter_file/print.html
- ^ [18] Emergent Chaos loaded 14 March 2007
- ^ http://www.thestandard.com/internetnews/2005_02.php
- ^ [19], Jurist, 26 January 2006, loaded 30 March 2007
- ^ http://sfgate.com/cgi-bin/article.cgi?f=/n/a/2005/02/17/state/n041832S59.DTL
- ^ http://www.redherring.com/Article.aspx?a=11336&hed=The+Choicepoint+incident
- ^ [20] Loaded 16 December 2006
- ^ [21], Jurist, 26 January 2006, loaded 30 March 2007
- ^ http://www.washingtonpost.com/wp-dyn/articles/A8587-2005Mar4.html
- ^ [22] Loaded 16 December 2006
- ^ [23]C|Net News.com4 March 2005, loaded 30 March 2007
- ^ [24][18 December 2006]]
- ^ [25], ZDNet News, 20 July 2005, loaded 30 March 2007
- ^ [26], MSN, 4 March 2005, loaded 30 March 2007
- ^ http://news.ft.com/cms/s/b02019f4-8ea2-11da-b752-0000779e2340.html
- ^ http://finance.yahoo.com/charts#chart2:symbol=cps;range=5y;indicator=volume;charttype=line;crosshair=on;logscale=on;source=undefined
- ^ [27], Gartner Group loaded 14 March 2007
- ^ http://www.wired.com/news/privacy/0,66983-0.html?tw=wn_story_page_prev2
- ^ http://www.wired.com/news/privacy/0,66983-0.html?tw=wn_story_page_prev2
[edit] External links
- ChoicePoint website
- Choicepoint DBT Online subsidiary
- Firm Mines Wealth Of Personal Data, Washington Post, loaded 14 March 2006
- Stealing Identities the Old-Fashioned Way, Tech News World
- Alert in Response to ChoicePoint Identity Data Theft
- Break-in costs ChoicePoint millions, News.com, 7/20/2005
- ChoicePoint files found riddled with errors, msnbc.com, 3/8/2005
- Electronic Privacy Information Center's ChoicePoint page - includes information EPIC gained from FOIA requests
- ChoicePoint-FBI Deal Raises New Privacy Questions, consumeraffairs.com, 16 May 2006, loaded 2 April 2007