Obama and privacy: some early disquieting signs

Sarah Lai Stirland discusses Barack Obama’s Privacy Challenge on Wired’s Threat Level, focusing on the question of what’s going to happen to the huge amount of information that Obama, the Democrats, and firms like Catalist collected from during the campaign from all kinds of sources — voter files, commercial databases, phone and canvassing information, etc.

What will the Obama campaign do with all this data? It’s not saying. A query to the Obama press office last week went unanswered. Catalist, the Democratic data firm profiled earlier this year in Wired magazine, declined to answer any questions. A spokeswoman referred all queries to the Obama campaign…..

The Obama campaign’s privacy policy states that it generally doesn’t make your personal information available to anyone other than its campaign staff and “agents,” but that it might share it with organizations that have similar political goals. That’s a pretty big loophole.

Ironically, the Obama campaign’s own technology policy platform (pdf) promises the electorate that an Obama administration will “safeguard our right to privacy.”

Ironic indeed, given the Obama transition teams’s highly-invasive vetting process for job applications … more on that below.

The article also includes suggestions from privacy advocates — like my co-author on Tales from the Net:

Deborah Pierce, founder of the non-profit group Privacy Activism, suggests that the Obama campaign adopt the Organization of Economic Cooperation and Development’s fair information principles.*

Great suggestion!  Although I’m not holding my breath, especially in light of the vetting requirements that applicants authorize a ChoicePoint background check.  Robert O’Harrow’s excellent January 2007 Washington Post article In Age of Security, Firm Mines Wealth Of Personal Data makes the point that

ChoicePoint and other private companies increasingly occupy a special place in homeland security and crime-fighting efforts, in part because they can compile information and use it in ways government officials sometimes cannot because of privacy and information laws….

Attorney General John D. Ashcroft and other government authorities have said these new tools are essential to national security. But activists for civil liberties and privacy, and some lawmakers, say current laws are inadequate to ensure that businesses and government agencies do not abuse the growing power to examine the activities of criminals and the innocent alike.

Another issue with ChoicePoint is the quality of their data.  PrivacyActivism’s 2005 study showed a horrendously high error rate, with 73% of ChoicePoint reports having errors in basic information like name, address, phone number, and social security number.  As Bruce Schneier dryly commented, it doesn’t look good.

Of course, a lot of companies do use ChoicePoint for background checks, and for people who aren’t familiar with this information or the privacy implications, it’s easy to think of them as the “safe” choice.  Maybe all this reflects is that the transition team isn’t paying a lot of attention to privacy.

Still, especially when combined with Obama’s FISA vote in July, seeing them follow the Bush administration’s lead in aggressively using ChoicePoint doesn’t give a warm and fuzzy feeling about his stance on wiretapping, surveillance, or privacy issues in general.

* for more on Fair Information Principles, aka Fair Information Practices, please see Deborah’s overview in the Seattle Press — or read the whole five-part series notice, choice, access, security, and enforcement.