Information about the proposed surveillance was included in documents released Thursday by the Electronic Privacy Information Center. The documents stated that information thus obtained could be used for both terrorism-related data analysis and an "Identity Verification System to be used by airlines, rental car agencies, and other business and government agencies."
The research proposal, jointly authored by Little Rock, Ark.-based Acxiom and the University of Arkansas' Department of Computer Science, was released to EPIC this week as a result of a 2004 Freedom of Information Act request.
In it, Acxiom described a process for crawling the Web, collecting information, parsing it for "marker words and phrases," and extracting data such as names, titles, phone numbers, and e-mail and mailing addresses. Such information would have been sifted, indexed and, in the words of the proposal, "made available to the proper authorities for further action."
According to the proposal, the system would continually crawl the Web seeking sites using "marker" words appearing in specific patterns. The proposal lists sample words in categories such as verbs (including bomb, kill, burn, kidnap and hijack), buildings, places, people, organizations, racial epithets, titles and "suspicious words" (such as explosives, bomb, jihad and kamikaze). Identification and contact data would also be gathered. A sifting function would validate the data against previously established facts and rules. Once validated, data would be entered into a database for official use. The proposal requested a total of US$1 million in funding for two years.
The documents indicate that Acxiom's proposal was delivered to the Justice Department by Congressman Vic Snyder (D-Ark.) in late 2001. Michael Chertoff, then assistant U.S. attorney general, responded by mail in June 2002, thanking the company for the proposal and noting, "We have been in contact with a variety of computer companies, including Acxiom Corporation, and are well aware of its impressive technical capabilities."
No paperwork released as a result of EPIC's Freedom of Information Act request indicates that the proposal was pursued further. Previous EPIC FOIA requests have revealed that Acxiom was considered a primary information provider for the controversial Total Information Awareness (TIA) program during the spring of 2002.
The data brokerage has been in the news several times over the past few years for security and privacy breaches. In 2003, it was revealed that Acxiom had given data on millions of passengers of JetBlue and other airlines to an Alabama firm preparing an antiterrorism study for the Department of Defense. While JetBlue apologized to passengers for violating its own customer-information policies, Acxiom drew fire from privacy advocates for not notifying those affected that private information -- including passenger names, addresses, gender, home-ownership status, income, number of children, Social Security number, occupation and vehicle information -- had been turned over to Torch Systems for use in development of its "Homeland Security: Airline Passenger Risk Assessment" study.
In 2004, six Floridians associated with defunct e-mail marketing firm Snipermail.com were charged with hacking Acxiom's FTP servers and stealing 8.2GB of information on 1.6 billion consumers. That data included names, e-mail and mailing addresses, and phone numbers, as well as banking and credit card data, including account numbers. A Snipermail executive, Scott Levine, was eventually convicted of 120 counts of unauthorized access to data in that case; a presentencing report released last month indicates that he could serve between 19-and-a-half and 24 years for those crimes.
On its Web site, Acxiom claims to work with nine of the top 10 credit card issuers, eight of the top nine automotive manufacturers, five of the top six magazine publishing companies, nine of the top 10 retail banks, seven of the top 10 retailers, eight of the top 10 telecommunications companies, and five of the top six media entertainment companies.
The pitch PDF file from EPIC is available here: http://epic.org/privacy/choicepoint/acxiominternet.pdf.