According to a report "An International Survey of Privacy Laws and Practice" by the Global Internet Liberty Campaign, "There are widespread violations of laws relating to surveillance of communications, even in the most democratic of countries. The U.S. State Department's annual review of human rights violations finds that over 90 countries engage in illegally monitoring the communications of political opponents, human rights workers, journalists and labor organizers... Police services, even in countries with strong privacy laws, still maintain extensive files on citizens not accused or even suspected of any crime... Companies regularly flaunt the laws, collecting and disseminating personal information. In the United States, even with the long-standing existence of a law on consumer credit information, companies still make extensive use of such information for marketing purposes."
On September 28, 2016 report by the Associated Press reported that: "police officers across the country abuse confidential law enforcement databases to get information on romantic partners, business associates, neighbors, journalists and others for reasons totally unrelated to police work. In the worst cases, officers have stalked, harassed and tampered with criminal cases using details obtained through criminal history and motor vehicle databases."
Earlier that same year (March 17, 2016) ARS Technica had reported that "Denver police officers performed searches on state and federal criminal justice databases that were not work-related and instead were made to help officers' in the romance department and to assist friends, according to an independent department monitor. The report said that punishment, usually a written reprimand instead of being charged criminally, is not enough to deter future abuse of the National Crime Information Center (NCIC) and the Colorado Crime Information Center (CCIC) databases."
Now it should be noted that the number of inappropriate or illegal uses of law enforcement databases is very small compared to the number of queries run every day for legitimate law enforcement purposes. When used appropriately, these law enforcement databases can be powerful tools to investigate crime, but the misuse of these databases for personal, non-law enforcement, purposes may compromise public trust and result in significant harm to community members.
Unlike with some other types of databases, it’s not possible to opt-out of having your personal and private information included in databases that can be accessed by law enforcement. It is often very difficult to even know what information about you may be contained in these databases, or whether there is any record pertaining to you at all.
How many Americans are going to have a record in law enforcement databases? According to an article by Andrew M. Cuomo, the 56th Governor of New York State: "70 million Americans have a criminal record - that’s 1 in 3 adults." "The FBI considers anyone who has been arrested on a felony charge to have a criminal record, even if the arrest did not lead to a conviction. The FBI only counts those with a misdemeanor if a state agency asks the bureau to keep it on file. So, by the FBI’s standard, 73.5 million people in the United States had a criminal record as of June 30, 2017. The Census Bureau lists the adult population in the United States at 249.4 million. That means the FBI considers about 29.5 percent of adults to have a criminal record." (PolitiFact) Law enforcement will have access to these records of arrest and prosecution.
But, you don’t have to have been arrested on a felony charge for the police to gather information about you. According to the Federal Highway Administration eighty-seven percent (87%) of the driving-age (16 and older) population has a driver's license. Law enforcement has access to information about you (name, address, date-of-birth, physical description, photo, and driving history) by accessing Department of Licensing / Department of Motor Vehicles databases. By running the license plates of any vehicle, law enforcement can identify the registered owner of that vehicle, and the address associated with that registration. Because driver’s license databases and motor vehicle registration databases are often linked – information from one database returns information from the other.
Now if this was the totality of the information about you accessible in police databases - criminal history and driving records - one might argue that this is reasonable. We ask our police officers to protect the community, and they should have the tools and information they need to do their jobs. But sometimes police surveillance and data collection can go too far.
In an article from The Stranger we read How the Seattle Police Secretly-and-Illegally Purchased a Tool for Tracking Your Social Media Posts. "Beginning two years ago, but unbeknownst to the public—until now—intelligence officers inside the Seattle Police Department headquarters on Third Avenue acquired the ability to watch your social media posts in real time, using software that can place those posts on a digital map. This tracking software, which the SPD purchased in October 2014 from a CIA-funded company called Geofeedia, is designed to tell officers where you posted from and what you said. It can also show hundreds of other tweets, Instagrams, and other social media posts from anyone else in the vicinity, and then file all of that information into one big database."
The Tacoma News Tribune reported that: "the Tacoma Police Department apparently has bought — and quietly used for six years — controversial surveillance equipment that can sweep up records of every cellphone call, text message and data transfer up to a half a mile away. You don’t have to be a criminal to be caught in this law enforcement snare. You just have to be near one and use a cellphone. Known as Stingray, the device — small enough to be carried in a car — tricks cellphones into thinking it’s a cell tower and draws in their information.
It can often be very difficult to know whether some government agency is illegally collecting information and maintaining files and records about you. Official records will generally be available at the Federal level through Freedom of Information Act (FOIA) / Privacy Act requests, and at the state level through similar open government laws. All 50 states also have public records laws which allow members of the public (including non-residents) to obtain documents and other public records from state and local government bodies. State public records laws are not identical to FOIA nor are state court interpretations of similar language in state statutes necessarily the same as federal court interpretation of FOIA (though many were modeled upon the federal FOIA). But when an agency is acting questionably said agency may act to avoid transparency and will refuse to release these records.
One way that government agencies can avoid transparency, and avoid FOIA is by placing information in Raw Data Files (RDF). These RDF can be used to collect information about people and organizations that could never be retained otherwise. As long as the RDF is kept open (which can be done for months or even years) an agency can refuse to release information under FOIA, by using an "active investigation" exemption.
Even worse is when some out of control government employee starts making his own personal files about you. You would likely never know about this illegal collection or have any notice about where that illegally collected information was shared, but you can be certain that this type of illegal collection and dissemination of information can result in substantial harm to you.
In 2011 the Olympian Newspaper (Olympia, WA) reported that: "A former Joint Base Lewis-McChord [an Army / Air Force base near Tacoma, WA] employee who spied on war protests in Olympia helped compile detailed information on protesters, including their names, photos, addresses and, in some cases, Social Security numbers, according to 133 pages of law enforcement records released by the City of Tacoma. The detailed information collected about the protesters continues to be stored by area law enforcement agencies..." In April 2017, the Huffington Post detailed much of the court case challenging this illegal collection of information, in its report: Antiwar Activists Challenge Army’s Domestic Spying Apparatus in Ninth Circuit. In May 2017 the United States Court of Appeal for the Ninth Circuit dismissed this case, in favor of the government.
What Can You Do?
First, determine your personal threat model. Frontline Defenders has resources you can download to aid in your risk analysis protection planning. The Electronic Frontier Foundation (EFF) also provides information on assessing your risks.
If you find that records are being illegally maintained about you by a Federal government agency, subject to provisions of the Privacy Act, then there are Judicial Remedies and Penalties for Violating the Privacy Act. There may be a similar laws in your state, or jurisdiction, that provide judicial remedies as well, but the difficulty will always be proving that the illegally collected record exists and being able to show actual damages for violation of the Privacy Act.
While it is unlikely that you are being specifically targeted by a government agency, it is certainly possible that you could be targeted by a rouge government employee, because of a personal grudge or grievance, and that person just might be invading your privacy, violating your civil rights, and keeping illegal files about you hidden on government computers!
The data privacy and security information I provide in this blog, Chesbro on Security, is intended to help you enhance your personal privacy, and help protect you against criminal activity - even if that criminal is a government employee. Use those techniques appropriate to your personal situation.
Other privacy and security information can be found at:
You may also choose to submit reports of violations of your rights to the agencies responsible for investigation of government misconduct.
The DOJ Civil Rights Division enforces civil rights laws in a wide variety of contexts. You may use the information on this page to find the appropriate way to submit a complaint or report of a potential civil rights violation. If you are not sure which Section is the appropriate one to receive your complaint, you may contact the Civil Rights Division at toll-free 855-856-1247 or (202) 514-3847. You can file a complaint for Official Misconduct of a government employee with the DOJ Civil Rights Division here: https://www.justice.gov/crt/how-file-complaint#one
The Department of Defense Office of the Inspector General maintains a hotline to provide a confidential, reliable means to report violations of law, rule, or regulation; fraud, waste, and abuse; mismanagement; trafficking in persons; serious security incidents; or other criminal or administrative misconduct that involve DoD personnel and operations, without fear of reprisal. You can contact the DOD OIG here: http://www.dodig.mil/Components/Administrative-Investigations/DoD-Hotline/
If the illegal collection or creation of records was conducted by an individual or agency falling under intelligence oversight regulations (i.e. any DOD component performing authorized intelligence functions. This includes "installation, organization, or facility security offices [e.g. operations specialists and anti-terrorism officers] when carrying out intelligence activities"), you should report this violation to the Department of Defense Senior Intelligence Oversight Official. Remember the Collecting information on U.S. persons, even through open source, when it is not part of the unit's mission is a questionable intelligence activity.
