A US-based credit reporting agency and data broker that provides US immigration authorities with information that enables them to locate people targeted for deportation.
Equifax Inc, headquartered in Atlanta, is a data broker and one of three major credit reporting companies in the U.S. The company collects information on millions of U.S. residents, including from their employers, on their credit history, financial assets, telecommunications and utility payments, employment, income, and other demographics. The company then provides this information to its clients to condition access to credit, mortgages, child support, and social services. Equifax generated $4.9 billion in revenue during 2021.
Immigration and Customs Enforcement (ICE) uses multiple Equifax databases to locate people targeted for arrest or deportation, mainly through 3rd parties like LexisNexis Accurint and Thomson Reuters CLEAR, as detailed below. In addition, in 2020 ICE awarded a small 3-year contract directly with Equifax for unspecified “support services.”
Jail Booking Data - Sabotaging Sanctuary
Since early 2021, ICE has used a database called Justice Intelligence (formerly JusticeXchange), a product of data broker Appriss Insights, which Equifax acquired later that year. This database collects incarceration records and real-time jail booking data from thousands of U.S. jails and prisons, information which ICE uses to learn the release date of people it wants to deport. ICE has access to this database as an add-on to its subscription to LexisNexis Accurint.
ICE has been using this product to circumvent state and local sanctuary policies that prevent local law enforcement from cooperating with the jailing and deportation of immigrants. For example, a Colorado 2019 law prohibits state agencies from sharing information with ICE, and similar policies exist in ten other states and hundreds of cities and counties as of 2021. In its justification for the contract with Equifax, ICE noted that “policy or legislative changes” have caused “an increase in the number of law enforcement agencies and state or local governments that do not share information about real-time incarceration of foreign-born nationals with ICE. Therefore, it is critical to have access to Justice Intelligence services through LexisNexis' Appriss Insights.” In other words, through their privatization of data sharing, Equifax and LexisNexis provide ICE with a backdoor to the same data, enabling it to continue targeting immigrants.
Other clients of the Justice Intelligence database include some of the fusion centers of the Department of Homeland Security (DHS). These centers share local law enforcement data with DHS, which includes ICE, and other federal law enforcement agencies. For example, Justice Intelligence is used by the Austin Regional Intelligence Center (ARIC), a DHS fusion center that shares data across 10 counties in Central Texas. As of August 2021, Appriss held 4 contracts with the city of Austin worth $204,554 to provide database services.
ICE uses Equifax’s utility providers' data, which is part of a database called CLEAR, a product of Thomson Reuters. ICE has been using CLEAR since at least 2009. CLEAR includes “more than 400 million names, addresses and service records from more than 80 utility companies.” CLEAR also includes Equifax’s credit data, covering 352 million records including name, address, Social Security Number, and more.
Equifax obtains its utilities data from the National Consumer Telecom & Utilities Exchange (NCTUE), an organization of the largest telecom and utilities companies in the U.S. NCTUE was established by the telecom industry in 1997 and its database has been operated by Equifax ever since. The platform allows companies to evaluate individuals’ creditworthiness and share address information for “skip tracing,” i.e. locating people with missed payments. NCTUE members point out that the platform is particularly useful for locating and identifying “underserved, underbanked, multicultural consumers,” a demographic that overlaps with persons targeted by ICE. These data thus allow ICE to locate undocumented immigrants who pay utility bills.
Federal laws regulate how the U.S. federal government can use and acquire data, but do not cover privately-owned databases such as CLEAR. As a result, more U.S. law enforcement agencies have turned to such private data sources.
In October 2021, NCTUE directed Equifax to stop selling utility data to third parties like CLEAR. This policy affects data collected after its implementation, but CLEAR still holds its existing data from October 2021 and earlier and can still provide it to government agencies. While people’s addresses may change, other personal information, e.g. date of birth and social security number, remains accurate.
Equifax has a Political Action Committee (PAC) that raises money for U.S. Congressional candidates. It spent $1.2 million from 1981 to 2021 on both Democratic and Republican candidates through direct contributions and other PACs. From 1999 to June 2021, the company also spent $24.5 million in lobbying expenses in relation to issues like financial services, privacy, cybersecurity, background investigations, use of commercial data by federal government agencies, and the Comprehensive Credit Act.
As the U.S. House of Representatives was discussing the Student Borrower Credit Improvement Act in 2021, several organizations called for a major overhaul of the credit reporting system, stating that the current system not only charges people to obtain their own credit reports but also disproportionately impacts communities of color. Furthermore, they characterized attempts at trying to fix the credit reporting system as a “Kafkaesque nightmare in which the Big Three nationwide consumer report agencies (CRAs) – Equifax, Experian, and TransUnion – consistently favor the side of the creditor or debt collector… over the consumer.”
In 2017, Equifax’s data system was hacked and 143 million records were stolen, including social security numbers and credit card information. Prior to this breach, hackers had access to employee tax records from April 2016 to March 2017. In March 2021, the U.S. Senate Committee on Homeland Security and Governmental Affairs stated that “Equifax failed to prioritize cybersecurity,” and that after being audited, the company detected over “8,500 known vulnerabilities that had not been patched.” After the breach, the company waited six weeks before notifying the public, leaving usernames and passwords exposed while conducting business as usual.