ComputerWord reports that the government was approached by the data-aggregation firm Acxiom to conduct widespread surveillance of web sites discussing topics such as “abortion, racial superiority, politics, religion, immigration, and foreign affairs,” using technology designed to extract business contact information from dot-com sites (the harvesting of personal information from sites being a notable problem itself). Here’s how it would work:
In it, Acxiom described a process for crawling the Web, collecting information, parsing it for “marker words and phrases,” and extracting data such as names, titles, phone numbers, and e-mail and mailing addresses. Such information would have been sifted, indexed and, in the words of the proposal, “made available to the proper authorities for further action.”
According to the proposal, the system would continually crawl the Web seeking sites using “marker” words appearing in specific patterns. The proposal lists sample words in categories such as verbs (including bomb, kill, burn, kidnap and hijack), buildings, places, people, organizations, racial epithets, titles and “suspicious words” (such as explosives, bomb, jihad and kamikaze). Identification and contact data would also be gathered. A sifting function would validate the data against previously established facts and rules. Once validated, data would be entered into a database for official use. The proposal requested a total of $1 million in funding for two years.
What makes this even more troublesome is the fact that Acxiom doesn’t have a particularly healthy data-security record:
In 2003, it was revealed that Acxiom had given data on millions of passengers of JetBlue and other airlines to an Alabama firm preparing an antiterrorism study for the Department of Defense. While JetBlue apologized to passengers for violating its own customer-information policies, Acxiom drew fire from privacy advocates for not notifying those affected that private information — including passenger names, addresses, gender, home-ownership status, income, number of children, Social Security number, occupation and vehicle information — had been turned over to Torch Systems for use in development of its “Homeland Security: Airline Passenger Risk Assessment” study.
In 2004, six Floridians associated with defunct e-mail marketing firm Snipermail.com were charged with hacking Acxiom’s FTP servers and stealing 8.2GB of information on 1.6 billion consumers (see “Florida hacker indicted in big online theft case”). That data included names, e-mail and mailing addresses, and phone numbers, as well as banking and credit card data, including account numbers. A Snipermail executive, Scott Levine, was eventually convicted of 120 counts of unauthorized access to data in that case; a presentencing report released last month indicates that he could serve between 19-and-a-half and 24 years for those crimes.
Perhaps instead of using Acxiom, the government hopes to just get the data from Google instead….