On 7 September 2022, the Invest in Open Infrastructure (IOI) Community Oversight Council hosted a public discussion with McKenzie Funk, award-winning journalist and author, and Sarah Lamdan, Professor of Law at the City University of New York (CUNY).
We share the recording and a summary of this session.
In this insightful conversation facilitated by Dinesh McCoy (Just Futures Law), McKenzie and Sarah shared how they started looking into the activities of data brokering companies. As a law librarian in 2017, Sarah was teaching hundreds of law students how to use LexisNexis and Westlaw, widely-used legal information portals. She was alarmed when she saw the companies behind these products, RELX and Thomson Reuters, were participating in the investor day of the U.S. Immigration and Customs Enforcement (ICE)'s extreme vetting programme. When looking into a potential story on child exploitation busts, McKenzie was intrigued by the software the investigators were using – one built by a businessman named Hank Asher, who built the investigative products at the core of LexisNexis’ Accurint and Thomson Reuters’s CLEAR.
RELX and Thomson Reuters both did not start as mega data analytics powerhouses but as a publisher (Elsevier), a company building law information products (LexisNexis), and a media and financial information company (Reuters). As more information about our personal lives and day-to-day activities becomes digitized, more data products are built and used. Through a gradual process of consolidation, acquisitions and mergers, the data collected by these individual companies and products are fused together, producing more advanced data products for users and collecting more data. This cycle enables players like RELX and Thomson Reuters to emerge and have more data than any other entities. Furthermore, they imbue our personal data with the academic and legal information they have to build predictive analytics that they then sell to not only agencies like ICE and law enforcement, but also to other industries and clients, ultimately to maximize profit.
In order to live in the United States, there's no way to escape from having data collected by these data brokers. One needs a bank account to be paid one's salary, utility contracts, and a driver's license to drive – all this is information collected by data brokers, which then makes it available to ICE and law enforcement. Not only do they make the information available, they also build specialized products such as CLEAR to allow investigators to easily query information and related predictive analytics, e.g. how likely someone is an undocumented person living in the US, and how to find them. These data brokers have a huge role in enabling policing and surveillance. When organizations like Just Futures Law and Mijente try to legally challenge some of these surveillance technologies and companies and propose regulations and laws to enhance data protection, the data brokers pour in increasing amounts of lobbying money to shut down their efforts. All this impacts everyone living in the U.S., but particularly marginalized communities who find themselves or their families as targets of surveillance, investigations, and even detention and deportation.
What can academics and librarians who are users of these technologies or customers of these companies do? McKenzie suggested that we need to be careful with what data we make open and cut off our data spigots, as it is easier to kneecap these surveillance tools before they are built. Sarah reflected that community organizing, connecting people who care about this issue, has already raised further awareness and helped gather steam around these ideas. For libraries, factoring privacy into decision making and fostering competition by teaching researchers to use products other than Westlaw, like Casetext and Fastcase, may help break the duopoly in the legal information world. Academic institutions can also consider infusing their contracts with privacy languages – when signing a contract to use Elsevier or LexisNexis products, one can try to negotiate a deal with the vendor where the institution would only use these products if they protect the patrons' and users’ data. Lastly, shareholder action has also been shown to be effective, as these for-profit companies care about the opinions of their users.
We’d like to sincerely thank McKenzie, Sarah, Dinesh, and everyone who participated in and contributed to the discussion. We’d also like to express our gratitude to our Community Oversight Council for organizing this and our previous discussion, and for their work over the past year. We’ll be pausing Council activities from 15 September 2022, as we reflect on this format, our experience in the past year, and how we’d like to move forward. We’ll publish a blog post summarizing the COC’s achievements and key learnings in the next weeks.
- How ICE Picks Its Targets in the Surveillance Age, New York Times, 2 October 2019.
- US immigration agency explores data loophole to obtain information on deportation targets, The Guardian, 20 April 2022.
- ICE searched LexisNexis database over 1 million times in just seven months, The Intercept, 9 June 2022.
- Privacy bill triggers lobbying surge by data brokers, Politico, 28 August 2022.
- Utility giants agree to no longer allow sensitive records to be shared with ICE, The Washington Post, 8 December 2021.
- NoTechForICE, a student campaign against data brokers and their technologies.
- Thomson Reuters to review contracts, including for database used to track immigrants, The Washington Post, 29 April 2022.
- Data Cartels, Sarah Lamdan’s forthcoming book.