Since Edward Snowden leaked details of the National Security Agency’s electronic surveillance program two years ago, the controversy over privacy and domestic spying has crossed party lines, embarrassed senior officials and launched presidential campaigns. The political furor led to passage of the USA Freedom Act in early June. It will stop the NSA from collecting information on millions of American citizens’ phone calls.
A Pew survey in May showed bipartisan majority disapproval of the NSA program—including 56% of Republicans, 48% of Democrats and 57% of independents. Yet the NSA at least was trying to protect Americans from terrorism. Another, far more pernicious data-collection program run by another huge, secretive and unaccountable government bureaucracy exists instead for the purpose of limiting Americans’ freedom.
The Consumer Financial Protection Bureau, through its 12 data-mining programs, collects and monitors information for nearly 600 million personal credit-card accounts on a monthly basis. The CFPB is gearing up to monitor 95% of all credit-card transactions by 2016 (more about this below).
The NSA surveillance program that stirred controversy gathered “metadata”—not the content of the calls, but information like the numbers dialed, the call duration, and the cellphone towers involved. According to the NSA and President Obama, the data collected was anonymous. But researchers at Stanford have demonstrated that linking supposedly anonymous phone numbers back to real people is simple. At that point, the data allows for inferences about those people, their relationships and activities.
If your cellphone bill can reveal that much personal information, imagine how much is contained in your credit-card bill. Every restaurant you visit, every drugstore purchase, every trip you go on, every time you fill up your car—all potentially scooped up by a government agency. And earlier this year MIT researchers demonstrated a method to “re-identify” anonymous credit-card data.
Every month the CFPB also gathers data on 22 million mortgages, 5.5 million student loans, two million bank accounts with overdraft fees, and hundreds of thousands of auto sales, credit scores and deposit advance loans.
The agency claims most of the data it acquires through third parties is anonymous. But as in the case with the NSA surveillance, anonymous means only that the CFPB hasn’t connected the data with a name at the time they collect it. All of the data the CFPB is accumulating adds up to millions of detailed profiles of American citizens.
Section 1022 of the Dodd-Frank Act—the 2010 law that created the CFPB—specifically bars the agency from collecting data “for purposes of gathering or analyzing the personally identifiable financial information of consumers.” But Section 1031 does give the CFPB broad power to prohibit what the agency determines to be “unfair, deceptive, or abusive acts or practices.”The express purpose of the data collection, according to the agency, is to decide what it will prohibit.
That’s a far cry from trying to prevent another 9/11. It’s also a far cry from the private information that we entrust to companies like Visa and Google. To the extent that these companies data-mine, they do so to better serve us as consumers. CFPB’s snooping is about deciding what financial services or products—such as auto loans or payment processors like PayPal—consumers shouldn’t be able to choose.
When questioned at a congressional hearing in 2013 about the need for such a massive aggregation of data about Americans’ personal financial lives, Richard Cordray, the CFPB director, responded, “You want us to do careful cost-benefit analysis. We can’t do that without good data.”
This supposed need for “good data” may not pass muster with most Americans. A Junepoll conducted by Zogby for the U.S. Consumer Coalition found that only one in five Americans said they believed the CFPB should be allowed to gather credit-card statements without consumers’ knowledge.
Unfortunately, Congress cannot simply rein in the CFPB through its power of the purse. Thanks to the 2010 Dodd-Frank law, the agency is funded through a fixed percentage of the Federal Reserve budget. Congress must move urgently to end this mechanism and subject the agency to the annual congressional appropriations. One more thing: If the government now needs a warrant to obtain the phone records of suspected terrorists, it should need one to obtain our credit-card statements.
Privacy advocates, this should be your next target.
Mr. Gingrich is a former speaker of the U.S. House of Representatives. Newt Gingrich is senior adviser to the U.S. Consumer Coalition, which opposes some policies of the Consumer Financial Protection Bureau.