A.C.L.U.'s Search for Data on Donors Stirs Privacy Fears

[R.A. Hettinga]

<http://www.nytimes.com/2004/12/18/national/18aclu.html?ei=5006&en=1fb103f41ec09d84&ex=1104037200&partner=ALTAVISTA1&pagewanted=print&position=>

The New York Times

December 18, 2004

A.C.L.U.'s Search for Data on Donors Stirs Privacy Fears
 By STEPHANIE STROM


he American Civil Liberties Union is using sophisticated technology to
collect a wide variety of information about its members and donors in a
fund-raising effort that has ignited a bitter debate over its leaders'
commitment to privacy rights.

 Some board members say the extensive data collection makes a mockery of
the organization's frequent criticism of banks, corporations and government
agencies for their practice of accumulating data on people for marketing
and other purposes.

 Daniel S. Lowman, vice president for analytical services at Grenzebach
Glier & Associates, the data firm hired by the A.C.L.U., said the software
the organization is using, Prospect Explorer, combs a broad range of
publicly available data to compile a file with information like an
individual's wealth, holdings in public corporations, other assets and
philanthropic interests.

 The issue has attracted the attention of the New York attorney general,
who is looking into whether the group violated its promises to protect the
privacy of its donors and members.

"It is part of the A.C.L.U.'s mandate, part of its mission, to protect
consumer privacy," said Wendy Kaminer, a writer and A.C.L.U. board member.
"It goes against A.C.L.U. values to engage in data-mining on people without
informing them. It's not illegal, but it is a violation of our values. It
is hypocrisy."

The organization has been shaken by infighting since May, when the board
learned that Anthony D. Romero, its executive director, had registered the
A.C.L.U. for a federal charity drive that required it to certify that it
would not knowingly employ people whose names were on government terrorism
watch lists.

A day after The New York Times disclosed its participation in late July,
the organization withdrew from the charity drive and has since filed a
lawsuit with other charities to contest the watch list requirement.

The group's new data collection practices were implemented without the
board's approval or knowledge, and were in violation of the A.C.L.U.'s
privacy policy at the time, said Michael Meyers, vice president of the
organization and a frequent and strident internal critic. Mr. Meyers said
he learned about the new research by accident Nov. 7 in a meeting of the
committee that is organizing the group's Biennial Conference in July.

He objected to the practices, and the next day, the privacy policy on the
group's Web site was changed. "They took out all the language that would
show that they were violating their own policy," he said. "In doing so,
they sanctified their procedure while still keeping it secret."

Attorney General Eliot Spitzer of New York appears to be asking the same
questions. In a Dec. 3 letter, Mr. Spitzer's office informed the A.C.L.U.
that it was conducting an inquiry into whether the group had violated its
promises to protect the privacy of donors and members.

 Emily Whitfield, a spokeswoman for the A.C.L.U., said the organization was
confident that its efforts to protect donors' and members' privacy would
withstand any scrutiny. "The A.C.L.U. certainly feels that data privacy is
an extremely important issue, and we will of course work closely with the
state attorney general's office to answer any and all questions they may
have," she said.

Robert B. Remar, a member of the board and its smaller executive committee,
said he did not think data collection practices had changed markedly. He
recalled that the budget included more money to cultivate donors but said
he did not know what specifically was being done.

 Mr. Remar said he did not know until this week that the organization was
using an outside company to collect data or that collection had expanded
from major donors to those who contribute as little as $20. "Honestly, I
don't know the details of how they do it because that's not something a
board member would be involved in," he said.

 The process is no different than using Google for research, he said,
emphasizing that Grenzebach has a contractual obligation to keep
information private.

 The information dispute is just the latest to engulf Mr. Romero. When the
organization pulled out of the federal charity drive, it rejected about
$500,000 in expected donations. Mr. Romero said that when he signed the
enrollment certification, he did not think the A.C.L.U. would have to run
potential employees' names through the watch lists to meet requirements.

The board's executive committee subsequently learned that Mr. Romero had
advised the Ford Foundation, his former employer, to follow the nation's
main antiterrorism law, known as the Patriot Act, in composing language for
its grant agreements, helping to ensure that none of its money
inadvertently underwrites terrorism or other unacceptable activities. The
A.C.L.U., which has vigorously contended that the act threatens civil
liberties, had accepted $68,000 from Ford under the new terms by then.

 The board voted in October to return the money and reject further grants
from Ford and the Rockefeller Foundation, which uses similar language in
its grant agreements.

In 2003, Mr. Romero waited several months to inform the board that he had
signed an agreement with Mr. Spitzer to settle a complaint related to the
security of the A.C.L.U.'s Web site. The settlement, signed in December
2002, required the agreement to be distributed to the board within 30 days,
and Mr. Romero did not hand it out until June 2003.

He told board members that he had not carefully read the agreement and that
he did not believe it required him to distribute it, according to a
chronology compiled by Ms. Kaminer.

Many nonprofit organizations collect information about their donors to help
their fund-raising, using technology to figure out giving patterns, net
worth and other details that assist with more targeted pitches.

Because of its commitment to privacy rights, however, the A.C.L.U. has
avoided the most modern techniques, according to minutes of its executive
committee from three years ago. "What we did then wasn't very sophisticated
because of our stance on privacy rights," said Ira Glasser, Mr. Romero's
predecessor.

Mr. Glasser, who resigned in 2001, said the group had collected basic data
on major donors and conducted a ZIP code analysis of its membership for an
endowment campaign while he was there. He said it had done research on
Lexis/Nexis and may have looked at S.E.C. filings.

Mr. Meyers said he learned on Nov. 7 that the A.C.L.U.'s data collection
practices went far beyond previous efforts. "If I give the A.C.L.U. $20, I
have not given them permission to investigate my partners, who I'm married
to, what they do, what my real estate holdings are, what my wealth is, and
who else I give my money to," he said.

 On Nov. 8, the privacy statement on the A.C.L.U. Web site was replaced
with an "Online Privacy Policy." Until that time, the group had pledged to
gather personal information only with the permission of members and donors.
It also said it would not sell or transfer information to a third party or
use it for marketing.

 Those explicit guarantees were eliminated from the Web site after Mr.
Meyers raised his concerns about the new data-mining program at the Nov. 7
meeting.

 After learning of Mr. Spitzer's inquiry, the executive committee of the
board took up the data-mining issue on Dec. 14. Board members are allowed
to listen in on any executive committee meeting, and Mr. Meyers asked the
panel to participate in its conference call.

 The first item on the agenda was whether he could be on the line. The
executive committee voted 9 to 1 to bar him and had a staff member inform
him that the meeting was of the board of the A.C.L.U. Foundation, not the
group's executive committee, and thus he was excluded.

 Mr. Remar, who has been a board member for 18 years, said board members
had been asked to leave executive committee meetings during personnel
discussions, but Mr. Meyers said it was a first.

Mr. Remar said the data collection efforts were a function of the
foundation, and thus the executive committee had met as the foundation
board.

But Mr. Romero convened a meeting of the executive committee, and Mr.
Spitzer's letter was addressed to the A.C.L.U., with no mention of the
foundation.

Mr. Meyers said his exclusion raises a profound issue for other board
members. "Their rationale for excluding me implicitly means that they can't
share anything with the board, but the board as a whole has fiduciary
responsibilities," he said. "How can board members do their duty if
information is withheld from them?"

-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'