The Federal Information Tax

Data brokers know better. Knowledge is both power and payday. "Today, information is everything," ChoicePoint proclaims on its
June 03, 2006
The most shocking thing about AT&T's surrender of its customer call data to the National Security Agency is that AT&T sold its shareholders short--it gave away all that valuable data for nothing, except perhaps the goodwill of government regulators.

Data brokers know better. Knowledge is both power and payday. "Today, information is everything," ChoicePoint proclaims on its Web site, home of its AutoTrackXP service for professional investigators. "Whether in insurance, government, banking, law enforcement or other fields, getting information quickly and easily is essential for smart decision making."The government is of course keen to make smart decisions and to get information quickly and easily. Thus it has become one of ChoicePoint's best customers. It's not hard to see why. With only a name, the AutoTrackXP service, for example, "cross-references an enormous amount of data--addresses, driver licenses, property deed transfers, corporate information and much more--and unifies it into a single, easy-to-read report. ...It is powerful technology that changes the way you work."

That's been the promise and the reality of information technology. It has changed the way everyone works, in both the public and private sector. And as a consequence it has changed the way surveillance works. It has made eavesdropping and investigation more of a challenge.

The question is whether these changes have created a de facto information tax that businesses must pay in bits and bytes upon demand. To what information is the government entitled? For what information must the government pay? And what information is beyond Uncle Sam's purview?

"In the past historically, when there was the Bell System, the government played footsie with the phone company," says Stephen Ryan, a former government prosecutor and current partner in the government and regulatory practice at Manatt, Phelps & Phillips. "In the atomized world that we now live in, it became more complicated to them. In the post 9/11 world, it looks like they've really put the arm on everyone to ante up information, really at the edges of their authority to do so."

Search engines are among those that have been asked to ante up. And as required by law, they provide information to the U.S. government and the governments of other countries, like China.

The law is the problem. Information technology has changed the way everyone works, but regulations haven't kept up, and legislators show few signs of bringing the law up to speed. "The laws in the criminal area need a period examination to see if they're keeping up with the pace of potential unlawful activity, particularly in the terrorist and criminal area," says Ryan. "I don't think there's any genuinely systematic policy effort in Washington to do that."

And civil cases may be even trickier than the criminal ones. The U.S. Department of Justice, for example, has been pursuing a goal most people support: protecting children online. But many question its methods: attempting to buttress the Child Online Protection Act, a law of dubious constitutionality, by demanding data from businesses with subpoenas of questionable scope.

Last year, between June and September 2005, the DOJ subpoenaed AOL, Google, MSN, and Yahoo for two months of search queries and all the URLs in their respective indexes. Google alone fought the government in court and eventually was told that it need only reveal 50,000 URLs and no search queries.

"We will always be subject to government subpoenas, but the fact that the judge sent a clear message about privacy is reassuring," Google Associate General Counsel Nicole Wong posted to the company blog. "What [the judge's] ruling means is that neither the government nor anyone else has carte blanche when demanding data from Internet companies. When a party resists an overbroad subpoena, our legal process can be an effective check on such demands and be a protector of our users."

The DOJ also sent subpoenas to more than 30 other companies last summer--telecom and cable ISPs and security software vendors--asking for business documents. The documents sought fell into 29 categories, including the kinds of content filtering products or services offered, the number of customers using those products or services, users' configuration information, data about how filters get updated, R&D spending on filtering products, the methodology used to generate blacklisted or filtered sites, and so on.

Many of the businesses that received these subpoenas also considered them to be "overly broad" and "unduly burdensome," as Cablevision Systems Corp. attorney Fernando Laguarda objected in a letter.

In an interview with InformationWeek in March, Dan Jude, president of filtering software company Security Software Systems, said that the request was a burden, that he didn't comply completely, and that his company spent over 40 hours assembling documents for the DOJ.

Without clearer regulation and stronger oversight, companies will continue to face public sector interest in private sector data. "Congress ought to be holding genuine, non-pants-on-fire oversight hearings to examine this question," says Ryan, "but it doesn't do that job very well anymore."

But it's not just that Congress is asleep at the wheel. The Bush Administration hasn't been shy about asserting executive branch power. Says Ryan, "Right now, given the administration's consistent thrust to push their authority, frankly, to places they've never been before, you have to examine that conduct as opposed to the systematic conduct."