A Look at Information Stored About You in Databases

lexnex-prcvy1Most of us are aware that police departments and security services collect much information about us. Some of us even understand that social media and our online activities are a treasure trove for law enforcement. It is one thing to know that your personal information resides in law enforcement accessible databases, but to see it with your own eyes is sometimes unsettling. Most of us believe that your driver’s license, other licensing information and even your travel are part of your profile that resides in massive databases that are accessible to many agencies. However, did you know that your profile in the databases even includes who your neighbors are? More importantly, did you know that a private company is the one that parcels out your private details to others, including law enforcement?

Those of you in the legal profession or who do research know about LexisNexis, a private company that holds your personal details in its databases. News media outlets use LexisNexis for background investigations. Creditors and anyone willing to pay for access can view some of your records maintained by the company. Some of my personal revenue streams comes from gathering, collating, organizing and delivering curated data sets to end users. As such, today’s post is not about advocating that there is something wrong, illegal, or immoral about companies that gather and sell data to their customers.

However, what this post is about is to show you how much of your data is available and to have you think about the power of data, especially when it is managed by a private company whose only accountability is to its shareholders. As with all things, big data management and dissemination via revenue streams is a very complex topic that requires much detail to fully articulate. As my intention is only to show you how much of your data is collected, I will gloss over much of the detail and related minutia for now.

In addition, there has been a recent tendency by one, or more commenters to post comments about the legalities about the information that I share with you. Whether the poster(s) is/are speaking from a legal background or as an armchair attorney is irrelevant because the only true adjudicator of the laws is the judiciary process. However, to avoid the expected distraction of how I came about this information and whether I should be posting it in the first place, I am going to tell you exactly how I came to have it. The information was delivered to me by the City of El Paso through an open records request. If someone has a problem with the details I share with you today, feel free to take it up with the City of El Paso.

I am only posting data that was given to me pursuant to the Texas Public Information Act.

Those of you who have been reading my blog recently know that I had been on a quest for information about Claudia Ordaz and Vince Perez and the police incident they had been involved in at the Whataburger last year. As part of that quest, I submitted various open records requests to the city. In one of the responses I received a document titled “LexisNexis Accurint for Law Enforcement”. It was a report generated by the El Paso Police Department for Taylor Cortinas on December 2, 2015.

I encourage you to download the document by clicking here so that you can follow along as I point out various things.

I am somewhat familiar with LexisNexis and the types of information gathered by them about individuals. I am also aware of the types of data sets that law enforcement in many countries keep about their citizens and foreigners alike, as well as the types of data sets gathered by different government entities. I have been accused of being a conspiracy theorist by many of you before, so certain things should not surprise me anymore. But they still do.

What caught my attention and made me take a second look was the level of data that is accessible and the fact that it is controlled by a private entity, not a government. The El Paso Police Department, for all of its sophistication, is one of the least sophisticated law enforcement entities when compared to larger police forces and national agencies like the FBI or even the NSA. No, I am not suggesting they should have the same budgets, or capabilities.

However, what I am suggesting is that the types of information that they use for investigating individuals should be derived from a government entity and not a private company. Sure, driver’s licenses, the automobiles you own or even if you have a professional license or purchased a boat are, and should be public record. Maybe some of it should have higher requirements to access than others.

But, are you comfortable with a private database holder knowing who your “possible associates” are? Or how about, you immediate neighbors, including dates of birth and their spouses?

Take a close look at Taylor Cortina’s LexisNexis report. Even with the redacted information you can get a pretty accurate picture of who she is, even if you had not met her before. But what I want you to look at closely is the number of metrics that the database contains. We know that Cortinas is not a concealed carry permit holder or that she does not own an airplane. We also know that she is a Democrat (big surprise, huh?) and that she last voted in 2014. We also know that she possibly lives in a house that is owned by her parents. That house was purchased in 1998 for $76,000 and it is worth about $158,000, according to the report. We also know that she uses Sprint as her mobile provider.

Most of this information is accessible and much of it is in the public domain. What I want to point out to you today is how easy it is to get because a private company compiles it and how detailed it is. I really have no problem with law enforcement having these types of databases but I am concerned that they rely on a private company to organize it and present it to them.

My problem lies on the fact that LexisNexis is not accountable to anyone but its shareholders. In other words, it not only gets paid by law enforcement agencies for the information but their data treasure trove is ripe for abuse.

Look closely at the report again, in the section about neighbors. You should see a “LexID” followed by a number. Those are what information technology types refer to as “meta data”. If you had access to the database, you would be able to click or enter the unique ID and generate the same detail for one of the neighbors. Imagine the social graph that dataset can generate.

The discussion about privacy and access to information rages on in all levels of community discussion and government accountability. But until you look at a simple example of what data is collected about you, you start to see how dangerous your profile in databases like LexisNexis can be in the wrong hands.

Did I tell you that LexisNexis isn’t even a United States company? It is owned by a London-based multinational.

I love to point out the hypocrisy of certain political types and the laws they enforce on the citizens while avoiding them themselves. Well, Google and other online companies are embroiled in legal arguments in Europe over the “right to be forgotten”. The Europeans have a law that essentially gives the citizens of the EU the right to erase their online footprint on Google, or other social media outlets.

Yet, so far as I know, no one in the EU has challenged the London-based company on the right to be forgotten. Likewise, US citizens believe they have the right to privacy, yet, I do not know of anyone questioning, much less challenging LexisNexis on its compilation, collation and selling of US citizen data to law enforcement types and marketers, or swindlers who are able to breach their systems. A foreign company decides who to sell your most intimate and private data to and neither Hillary Clinton, Barack Obama, Donald Trump or Bernie Sanders has told you that they have a problem with that fact.

Advertisements