To those who want to take and collect people’s biometric identification – retinal scans, fingerprints, palm scans and other identifiers – lawmakers in Alaska have a response: No.
Alaska Senate Bill 98 has been introduced to make it illegal for companies to gather and maintain prints, scans or other private information without the prior, informed consent of the person.
The proposal is the brainchild of Jason Giaimo and his group, Privacy Now Alaska.
Giaimo co-chairs with Tim Pearson the group, which started pushing for a ban on biometrics three years ago.
The bill now is being discussed in Alaska’s Senate Judiciary Committee and it is the second attempt to pass strong privacy legislation. A similar privacy bill last year died because the last legislative session ended without final action.
Giaimo said lawmakers have been interested, but there is strong opposition to the bill from the major data collection firms who make money off the processes, and one of the companies sent two high-powered lobbyists to Alaska to try to water down the bill.
He said within days of the lobbyists arrival, the “very strong bill” that had been planned was watered down.
“I’m not sure of how they did that, but these are powerful lobbying firms and they know the game,” Giaimo observed.
But Giaimo, also president of Net Gain Business Consultants, said he is trying to stand up for what’s right, and lawmakers have been listening to his arguments.
“We have succeeded in making the case to the legislature that they should increase the strength of that bill and they did,” Giaimo said.
Nick Ludlum of Reed Elsevier’s Public Relations firm Ogilvie PR reports that the company is interested in working with the Alaska Legislature.
“Reed Elsevier is working with the sponsors of the bill to help them understand the important uses of biometrics to prevent identity theft and fraud. We help our clients by storing the biometric data in a safe, secure manner,” Ludlum said.
Reed Elsevier’s statement also says the data is not resold.
“In sum, we want to ensure the biometrics can be used for legitimate business purposes, identity verification and fraud prevention. We support protections for consumers and the ability to opt out when appropriate,” Ludlum said.
Ludlum also said that the two “high-powered” lobbyists who apparently helped water down the bill were not sent by Reed Elsevier.
Giaimo says his reason for campaigning for a strong privacy bill is simple.
“After about five years of education and testing, studying and preparation, I was in the last two days of my requirements to actually get my certification as a state CPA. I would certified for the rest of my life as a CPA,” Giaimo said.
“I had already taken the first parts of the exam and I just had to show up and show two forms of ID. The rules changed on January 1, 2008, where the company involved decided they wanted to collect fingerprints from the test takers, and for a fee. So they’re making money on collection of American’s fingerprints for ID purposes,” Giaimo said.
Giaimo objected, explaining his U.S. passport should be good enough to get into the exam but was told that the passport wasn’t accepted.
“I actually refused. I’ve never been fingerprinted or been in trouble in my life. I thought that was ridiculous,” Giaimo observed. “Being a trained financial auditor, it didn’t take me long to find out that the company that takes those fingerprints send them, encrypted, over the internet to an international data mining firm called ChoicePoint.”
(Listen to Jason Giaimo’s interview here:)
The CPA exam is administered by Prometric Services, but the testing firm hired
ChoicePoint, a Georgia corporation, to handle the collection and storage of the fingerprints.
Prometric Services did not respond to WND requests for comment.
Giaimo says the problem is that ChoicePoint sold the information to other companies and government agencies. He added that ChoicePoint was making a lot of money.
“The website said they sold the information to about 7,000 clients and it’s a big industry. The company made $9.3 billion selling our personal information to their clients,” Giaimo explained.
One of ChoicePoint’s biggest customers was the Department of Homeland Security.
“The DHS doesn’t specify where they get their data, however, they are the largest customer of ChoicePoint,” Giaimo said.
“ChoicePoint doesn’t say which files they send to the DHS and how much money they’re paid per file. However, they are engaging in multi-million dollar contracts with the DHS,” he said.
The Privacy Rights Clearinghouse website confirms Giaimo’s statements, saying that ChoicePoint is a major distributor of consumer and personal information.
“ChoicePoint is one of the largest data aggregators and resellers in the country. It compiles, stores, and sells information about virtually every U.S. adult. Its customers include employers, debt collectors, loan officers, media organizations, law offices, law enforcement, among others,” the PRC website said.
PRC’s statement also said that several identity-theft groups fraudulently obtained ChoicePoint’s records. When they did, PRC says they had the equivalent of a key to Fort Knox.
“With their online access to ChoicePoint’s data files, they were able to obtain all the personal information they needed – including Social Security numbers and date of birth – to successfully commit identity theft,” the site also reported.
Press reports indicate that ChoicePoint had a history of leaks and security breaches. The Federal Trade Commission reported in 2006 that the company paid a fine to settle one security violation case.
“Consumer data broker ChoicePoint, Inc., which last year acknowledged that the personal financial records of more than 163,000 consumers in its database had been compromised, will pay $10 million in civil penalties and $5 million in consumer redress to settle Federal Trade Commission charges that its security and record-handling procedures violated consumers’ privacy rights and federal laws,” that announcement said.
Then, in 2008, the Georgia-based firm was bought out by Lexis Nexis’ parent company, Reed-Elsevier, for $4.1 billion in cash.
Rather than talk about ChoicePoint’s legal issues, USA Today reported that Reed Elsevier focused on the Georgia company’s large pool of information.
“The combination of ChoicePoint’s highly regarded data and analytics assets with Lexis Nexis’s market leading technology can be leveraged to create greater opportunities in addressing the growing risk information and analytics needs in insurance, financial, legal, screening, law enforcement, public safety, health care and other sectors.”
This acquisition means that a British-based company now has access to the information American test takers provide at the licensing exams, including the digital fingerprints, eye scans and other “bio-metric” information.
Prometric Services is moving ahead with the biometric identification process. The company’s website has a page telling test registrants to prepare for what the company calls a “Biometric-enabled check-in.” Prometric says it’s an improvement.
“The process provides a smooth, stress-free candidate experience. …The first time a candidate appears at the center and has a fingertip scanned, an image of that scan is created, encrypted and securely stored on protected servers. This is done so that the next time the candidate comes to the center to test (testing under a biometrically-enabled program), when his/her fingertip is scanned, the machine will ‘recognize’ him/her from last time – and validate that he/she is the same person,” the company’s site read.
“This prevents the test center personnel from having to go through a full-scale information entry each time the candidate returns to test; significantly cutting down on the time it takes to “process” their check-in at the center,” the site statement said.
The company also includes a tab giving a step-by-step instruction of the check-in process.
Giaimo reports that the CPA exam isn’t the only one being administered with biometric data gathering in place. Giaimo says the Graduate Management Admission Test requires test takers to submit to digital fingerprinting.
Pearson Education’s testing branch, Pearsonvue administers the GMAT, the Graduate Record Exam, and a host of other tests, and they now require a “digital fingerprint.”
Giaimo says that other major national education testing firms are moving towards having “biometric identification” at all of their testing sites. He added that because the data gathering is growing, he’s hopeful that Alaska’s tough privacy bill will be a model for the rest of the country.