Where’s Waldo? Spotting the Terrorist using Data Broker Information
posted by:Louisa Garib // 11:59 PM // March 06, 2007 // ID TRAIL MIX
In the fall of 2006, the Ottawa Citizen broke a leading news story based, in part, on work done by the Canadian Internet Policy and Public Interest Clinic, (CIPPIC). Pursuant to an access to information request, CIPPIC learned that the Royal Canadian Mounted Police (RCMP) had purchased consumer information from Canadian data brokers for law enforcement purposes. The information that the RCMP obtained from data brokers included individuals’ telephone numbers and addresses, as well as personal information available from public records (On the Data Trail: A Report on the Canadian Data Brokerage Industry, April 2006).
Commercial data brokers on both sides of the border collect personal information from various sources such as public registries, contest ballots, product warranty forms, newspaper and magazine subscriptions, travel bookings, charitable donation records and from companies that track credit-card use. In its coverage of the issue, the Ottawa Citizen reported that since September 2001, the RCMP has been buying and retaining this kind of personal information from data brokers, and in some instances may have forwarded that information to U.S. law enforcement.
Shortly after the story broke, the Canadian Association for Security and Intelligence Studies (CASIS) held its Annual Conference in Ottawa. At the conference, Canadian and U.S. policy officials, judges, academics, and defence analysts met to discuss intelligence gathering and surveillance in the current security environment. One of the conference panels debated the role and relevance of using “open sources” versus secret intelligence and information during law enforcement investigations. “Open source” information can be information freely available on the Internet, data contained in public records such as land title registries, or information collected and sold by the private sector. While the panel discussion focused on using information from press reports and websites, conference participants spoke of making “better” or more “effective use” of open sources, and the need for systems that could analyze open source information. Data brokers could certainly serve that purpose, by collecting, categorizing and conducting a preliminary assessment of open source information for law enforcement. By performing a “first cut” of massive amounts of information, the commercial data brokers can help the state to “spot the terrorist” or identify any other type of criminal.
Also in the fall of 2006, the Ontario Superior Court struck down the definition of “terrorist activity” in the federal Anti-terrorism Act, [S.C. 2001, c. 41] (ATA) in the case of R. v. Khawaja,  O.J.No. 4245 (Ont. S.C.J.) (QL). The court found that the “motive clause” contained in the act infringed Mr. Khawaja’s rights to freedom of conscience and religion, and freedom of expression and association guaranteed by sections 2(a), (b) and (d) of the Canadian Charter of Rights and Freedoms.
The statutory definition linked terrorism to criminal activity motivated by religion, ideology or political belief. Judge Rutherford reasoned at para 58 that the “inevitable impact” of making motivation part of anti-terror investigations would be that a “shadow of suspicion and anger” would fall over certain groups in Canada, raising concerns about racial and ethnic profiling. In his decision, Justice Rutherford severed the invalid motive clause in the definition of terrorist activities from the rest of the anti-terrorism legislation; leaving the remainder of the provisions in force. To date, Mr. Khawaja has not proceeded to trial as there are aspects of his case that are currently before the courts.
While Khawaja, for now, stands as a bar to using motive as evidence of terrorist activity under the ATA, law enforcement’s potential use of personal information collected by data brokers raises the same concerns about racial profiling and creating groups of suspects that Justice Rutherford mentioned in his decision.
Information supplied by data brokers is unreliable. Brokers gather information from a variety of sources and have few incentives to determine and ensure the veracity of the information they collect and sell to law enforcement. Compounding this problem is the lack of transparency for consumers. It is virtually impossible for individuals to be aware of all of the organizations that have collected and retained their personal information over time. Consequently, consumers have minimal recourse to access, challenge and correct the myriad of what Professor Daniel Solove calls “digital dossiers” that often contain inaccurate personal information. The absence of recourse and access rights to ensure the reliability of information sold to law enforcement without consumers’ knowledge or consent also raises concerns about due process.
Nor is it clear what criteria law enforcement would use to assess the relevance, accuracy and reliability of information provided by commercial data brokers. What type of information is being purchased? How would the information interpreted and contextualized? What valid conclusions or predictions, if any, can be drawn from such information?
The inaccuracy or misinterpretation of information supplied by data brokers to law enforcement combined with the lack of transparency and oversight surrounding the use of that data can have dire consequences for targeted individuals and identifiable groups.
Identifying an individual as a security threat, terrorist, or terrorist sympathizer based on questionable information provided by data brokers can destroy a person’s livelihood, family life, reputation, and in some cases their physical security. Although it is not established that information from data brokers played a role in the “extraordinary rendition,” detention and torture of Canadian citizen Maher Arar, it is not difficult to contemplate the worst case scenario for an individual who is profiled according to information provided by data brokers based on what we know about Mr. Arar's terrifying ordeal. Identifying an entire group as suspect using information complied by data brokers could result in criminalization, stigmatization and marginalization, violating equality provisions as well as freedom of religion, thought, expression and association rights contained in the Charter.
Law enforcement’s potential practice of using information compiled by commercial data brokers isn’t only problematic for certain racialized groups or suspicious individuals; the practice implicates all of us. The private sector collects and uses personal information about nearly everyone. A criminal profile could be pieced together from various purchase records on any individual, based on the information complied by data brokers. That data could be used to establish a motive and identify individuals as suspects or potential suspects for any crime – including those not yet committed.
We could all, then, be profiled based on fragments of information about us that may be wrong, outdated, distorted, and removed from context. If information collected by the private sector is purchased and used by our government and law enforcement agencies without transparency, oversight and safeguards, it can be dangerously misinterpreted in ways that could prejudice people’s lives.