Judicial Watch: FOIA release shows CFPB conducting "warrantless surveillance" on consumers

Get ready for another front on the debate over privacy, consumption, and the trade-off between them.  Yesterday, Judicial Watch announced that they had received data through a FOIA demand that showed warrantless surveillance on 5 million American consumers — not for national-security reasons, but for the new Consumer Financial Protection Board.  The documents show that the controversial panel has contracted out the service of trawling through millions of transactions, emphases in original:

Judicial Watch announced today that it has obtained records from the Consumer Financial Protection Bureau (CFPB) revealing that the agency has spent millions of dollars for the warrantless collection and analysis of Americans’ financial transactions. The documents also reveal that CFPB contractors may be required to share the information with “additional government entities.”

The records were obtained pursuant to a Freedom of Information Act (FOIA) request filed on April 24, 2013, following the April 23 Senate Banking Committee testimony of CFPB Director Richard Cordray. …

The full extent of the CFPB personal financial data collection program is revealed in a document obtained by Judicial Watch entitled “INDEFINITE-DELIVERY INDEFINITY-QUANTITY (IDIQ) STATEMENT OF WORK.”  Issued by CFPB Contracting Officer Xiaoling Ang on July 3, 2012 the IDIQ document’s stated objective: “The CFPB seeks to acquire and maintain a nationally representative panel of credit information on consumers for use in a wide range of policy research projects… The panel shall be a random sample of consumer credit files obtains from a national database of credit files.”

To accomplish this objective, the CFPB describes the scope of the program accordingly:

The panel shall include 5 million consumers, and joint borrowers, co-signers, and authorized users [emphasis added]. The initial panel shall contain 10 years of historical data on a quarterly basis [emphasis added]. The initial sample shall be drawn from current records and historical data appended for that sample as well as additional samples during the intervening years [emphasis added] to make the combines sample representative at each point in time.

What exactly does this mean?  US News and World Report provides the response from the CFPB:

The CFPB denies that Americans are being subjected to broad surveillance. Most of the consumer information came from commercially available data sets purchased from the company Experian. Some data is taken from companies under the agency’s supervision. All consumer data is “anonymized” and does not feature specific purchases, according to the CFPB.

“The Bureau’s existing data-gathering activities are authorized by the Dodd-Frank Act,” a CFPB spokesperson told U.S. News.

“Like other federal regulators, the CFPB is a data-driven agency and the CFPB uses anonymized industry data to better understand the markets it oversees,” the spokesperson said. “The consumer credit history data and other information from industry data sources is used by CFPB staff to analyze industry trends, conduct research about household finances, and assess the impact of its proposed rules on consumers and industry. In the credit-card data collection effort the Bureau is not receiving data about individual purchase transactions nor are we receiving any personally identifiable information.”

CFPB Director Richard Cordray acknowledged that his agency paid $1.6 million for “about 10 years of credit record data representing about 4 percent of consumers” in a May 23 letter to Sen. Mike Crapo, R-Idaho.

“[L]et me clarify that the Bureau is not engaged in a ‘Big Data Initiative,'” Cordray wrote. “[W]e are spending about $3 million per year to collect [the data], and taking pains to protect privacy.”

The first questions here are whether this information is private, and whether this counts as surveillance.  At least according to the CFPB’s response, this seems to involve data that can be transacted by credit-card companies already.  That may be a problem that a CFPB should be fixing rather than exploiting, but nonetheless would not be “surveillance” in the traditional sense.  Nor would it be private, which relates to the earlier issue of NSA surveillance of Internet traffic, at least in part.  Consumers demand free or low-cost services from Internet providers, who then have to figure out methods of monetization for their income.  That ends up with the Googles et al of the world grabbing a lot of our personal data and selling them to the highest bidders, or sharing some of that (if not more than that) with national-security efforts.

That, however, might be understandable in the national-security context.  The CFPB isn’t a national-security agency.  Its mandate is to tighten the leash on the credit and finance markets.  Americans might be willing to trade off privacy for security in some ratio, but if the CFPB has to compile massive databases of transactions to test the outcome of their regulatory activities, then their regulatory activities need to be curtailed.  The creepy Big Brother approach shows just how misguided the Dodd-Frank bill turns out to be — and how creating the kind of top-down power in the CFPB promotes the Big Brother approach.