Remember when the federal government exposed the personal data of a bunch of you who applied for fishing licenses? Well, the strange comings and goings of your private information doesn’t stop there. The Inspector General of the Homeland Security office has released a report which finds that the detailed personal information of thousands of people was shared in a haphazard, sometimes unsecure fashion across multiple agencies. The source for this potential exposure is an odd one since it involves an investigation into individuals who helped people get through lie detector tests, and the clients include people from all walks of life, including priests. (Government Executive)

Customs and Border Protection released the personally identifiable information, including Social Security numbers, of thousands of individuals to dozens of federal agencies during an investigation of cheating on polygraph tests.

CBP violated some aspects of the Privacy Act in distributing the information across government, the Homeland Security Department’s inspector general found in its report. The agency collected and distributed information such as Social Security numbers, email and mailing addresses, and phone numbers of individuals who had purchased materials from two individuals who helped job applicants pass polygraphs.

Rather than yet another case of hackers browsing poorly guarded government databases, this was a particularly odd situation where the agency in question was sending around the personal data of citizens as part of an investigation. And the nature of that investigation is rather odd indeed. Customs and Border Patrol was apparently checking into the clients of two individuals, Chat Dixon and Douglas Williams, who offered a service which prepared clients to take lie detector tests. From the sound of it, they were interested in seeing who among lists of job applicants and employees of 30 federal agencies had engaged with Dixon and Williams to help prepare for the tests.

Wait… that’s illegal? Apparently something they’ve been up to was, since both of the men reportedly have served time in prison for their crimes. But not all of the people who contacted the pair were involved with the federal government. In fact, the report concludes that 70% of them were unrelated to the agencies and they included priests and professional golfers. (Er… what?) And while the data may not have been hacked, the agency was found to have been particularly sloppy in how it was protected as they passed it around.

The related question we might be asking is why these agencies are still using lie detector tests, particularly in terms of hiring decisions. Sure, you want to know all you can about those who may be getting government jobs, but the results are dubious and you generally can’t even use them in court. People telling the truth can still frequently fail them if they are too nervous and, conversely, a person who can control their own internal reactions is still able to beat them.

In any event, let’s put a flag on this one for later use. It’s yet another case of the government playing fast and loose with the private data of citizens in overly broad investigations. It’s part of a larger pattern, and it’s a disturbing one.

DHS