A recent court case demonstrates, once again, the dangers of assembling massive police databases and trusting that law enforcement officers with access are paragons of virtue.
In this case, the unvirtuous Fed is named Rafael Pacheco, an agent with the US Customs Service in Florida. And the database in question is the Treasury Enforcement Communications System, or TECS, which contains more than a billion records used by Customs and other federal police.
Pacheco was, to put it bluntly, a corrupt cop. He sold access to TECS for money.
He got caught when a Mexican man named Fidencio Estrada was nabbed by state police in a traffic stop near Houston. Estrada had Pacheco's business card with him, and the state trooper asked him about it. After receiving a suspicious answer, the trooper phoned Pacheco, who called back and said that Estrada was a "huge" confidential informant and demanded that the trooper "let him go now."
You can imagine what the truth was. The US Customs Service, which was subsequently renamed Immigration and Customs Enforcement, would later say that Estrada was never a confidential informant. Instead, Estrada and his family had sent about $18,000 in Western Union money transfers to the Customs agent, who deposited the cash in his personal bank account and used it to pay off a vehicle loan with the Florida Customs Federal Credit Union. Estrada is, according to ICE, a drug trafficker.
In return, in February 2000, Pacheco accessed TECS to check for records on Estrada. He searched for Estrada under two aliases and looked up records for those aliases in the NCIC database, which lists outstanding warrants against a person. He also helped Estrada's family members in Mexico obtain visas.
TECS, by the way, is described in a Justice Department report as including a watch list mechanism and, more generally, is: "Designed to identify individuals, businesses, and vehicles suspected of or involved in violation of federal law. TECS is also a communications system permitting message transmittal between law enforcement offices and other federal, state, and local law enforcement agencies. The database provides access to the FBI's NCIC and the National Law Enforcement Telecommunications System. The TECS database serves as the principal information system supporting border management and the law enforcement mission of the DHS's US Customs and Border Protection and other federal law enforcement agencies."
So what eventually happened? Thanks to the happenstance of the traffic stop, the access-for-cash scheme unraveled, and Pacheco was convicted of receiving a bribe, hindering law enforcement, money laundering, obstruction of justice, and unlawfully accessing restricted federal computer databases. He was sentenced to 87 months in prison (and a separate 60-month sentence to be served at the same time).
As for Estrada, a US permanent resident, he was found guilty by a jury of conspiring to bribe a public official, conspiring to launder money, 5 counts of bribery, and 10 counts of money laundering. He was sentenced to 41 months in prison, followed by 36 months supervised release.
He appealed, claiming that there was insufficient evidence, that the convictions were based on inadmissable hearsay, and other technical grounds. But the 11th Circuit Court of Appeals upheld his convictions last Monday.
In an interview with ZDNet Australia yesterday, chairman of the Australian Privacy Foundation and data surveillance expert, Roger Clarke described the standard of data maintenance and security in the US public sector as "appalling", and said that this reason alone is enough for the FBI's proposed international criminal database to be considered a danger to personal liberties.
The last comparable breach of this kind in Australia was uncovered last year, when Centrelink conducted an audit of staff access to client records in 2005 and found that 367 individual breaches of client privacy had occurred in that year.
The ensuing investigation resulted in the sacking of 24 staff, while hundreds of others received a range of reprimands from warning letters to fines.
Marcus Browne contributed to this report
It is a terrible situation when police, law-enforcement and similar officers breach the trust of their community. However, databases of information are critical to any organisation - be they private or public. Banks, for example, potentially have more information about their clients than police do about criminals. Without the databases of information available to them, police simply could not function. Strong protection mechanisms for accessing information is important, but taking harsh action against those who breach their duty of trust is equally important.