A top Democrat in the U.S. Senate questioned Wednesday why the U.S. Department of Justice (DOJ) continues to do business with data broker ChoicePoint a year after the company announced a data breach potentially affecting 145,000 U.S. residents.
Senator Patrick Leahy, of Vermont, blasted the DOJ and its Federal Bureau of Investigation (FBI) division for a recent five-year, $12 million contract for ChoicePoint to provide investigative analysis software to the FBI. In February 2005, ChoicePoint announced a data breach after criminals set up fake businesses that purchased private information from the data broker.
"What in heaven's name are we doing allowing someone as careless as ChoicePoint to be in control of our data?" Leahy said at a subcommittee hearing on the DOJ's 2007 budget. "I consider them the poster child for lax security protection."
U.S. Attorney General Alberto Gonzales defended the contract, announced Monday. The ChoicePoint contract represented the best value for the FBI, and it covers software and technology, not data services, he said.
Security and privacy issues were "taken into account in connection with this contract," Gonzales added. "Obviously there were mistakes made by ChoicePoint, and they suffered the consequences for that."
ChoicePoint, in a statement, also defended the contract, saying it was for technology not data services. "This technology and similar products we offer the law enforcement community in this country and around the world help safeguard [Leahy's] family as well as ours," the statement said. "It is indisputable that ChoicePoint’s technology and yes, its data, aid in stopping crime and capturing criminals."
Leahy's questions came a day after the U.S. Government Accountability Office (GAO) issued a report saying the DOJ and other federal agencies contract with some data resellers that do not comply with federal rules governing the collection of data. Data brokers often do not restrict their collection of personal data, as required in federal fair information practices law, and often do not inform the individuals whose data they are collecting, GAO said. DOJ and three other agencies spent about $30 million with data resellers in fiscal year 2005, the report said.
Leahy said he was concerned about the GAO report. "The Justice Department ... often doesn't even follow federal rules -- doesn't follow its own laws -- in protecting Americans' privacy," Leahy said. "You see my concern."
Gonzales said he had not reviewed the GAO report, but if the DOJ was breaking privacy rules, it would fix the problem. "I share your concern," he told Leahy. "There should be only one standard, that is, what the law requires."
Also at the hearing, Senator Richard Shelby, chairman of the justice subcommittee of the Senate Appropriations Committee, questioned the FBI's investments in new technology following its decision in March 2005 to abandon a case-management project after spending $170 million over four years.
Then in March of this year, the FBI announced it had contracted with Lockheed Martin Corp. to build a $425 million case management and information-sharing system, a replacement for the doomed Trilogy Virtual Case File System.
"This new technology is critically important, but I remain concerned that the FBI does not possess the necessary project management expertise, nor do I feel that the FBI has applied lessons learned from past mistakes," said Shelby, an Alabama Republican.
FBI Director Robert Mueller said the new contract with Lockheed Martin will face performance audits from investigators within and outside the FBI. Each of the four phases of the project will be reviewed, and the contract is structured so that the FBI can back out after any of the phases, he said. "We have learned from the mistakes of the past, and we are intent on bringing this home," he said.