The history of medicine provides numerous examples of good intentions gone horribly wrong. Anemia was treated with bloodletting, morphine addiction with a heroin dose and asthma with a curative cigarette.
These treatments weren’t developed by evil villains, but by people who genuinely desired to provide relief for real problems. And they illustrate a fundamental truth about trying to make a situation better: Just because you have good intentions doesn’t mean you won’t end up making things worse in the end. Sometimes much worse.
Example A could be the Consumer Financial Protection Bureau, mandated by the Dodd-Frank Act in the wake of the financial crisis.
The brainchild of Elizabeth Warren, the bureau was designed to protect consumers against predatory lending and loan servicing. Consumers certainly need protection from bad actors at banks and other financial institutions, and the bureau’s consumer focus differentiated it from other regulatory bodies already watching the financial sector.
All in all, the bureau seemed like a good idea.
But in the four years since its creation, the CFPB has become a law unto itself, full of conflicting agendas and unaccountable to the Congress that created it. Nowhere is this more obvious than in its massive, intrusive data collection program.
The genesis of the problem lies in the list of the CFPB’s goals from its website:
“Congress established the CFPB to protect consumers by carrying out federal consumer financial laws. Among other things, we:
- Write rules, supervise companies, and enforce federal consumer financial protection laws
- Restrict unfair, deceptive, or abusive acts or practices
- Take consumer complaints
- Promote financial education
- Research consumer behavior
- Monitor financial markets for new risks to consumers
- Enforce laws that outlaw discrimination and other unfair treatment in consumer finance
Did you catch that? Research consumer behavior.Why is an organization dedicated to protecting consumers targeting those same consumers for research? Shouldn’t they be researching the behavior of financial institutions instead?
It’s possible that to support some of its other goals, the bureau needs to research how consumers approach credit, or figure out what level of financial education most consumers have. That would make sense. But the bureau has gone far beyond any common-sense implementation of this goal. (See our feature story for a more detailed look).
According to a comprehensive study last fall by the Governmental Accountability Office, the CFPB collects data on up to 600 million consumer credit accounts and is on target to monitor 95% of all credit-card transactions by 2016.
And that’s not all.
The CFPB is also collecting arbitration case records, vehicle transaction-level data from departments of motor vehicles, credit scores, information on deposit advance products, data on overdraft fees and more.
The scope of the bureau’s data collection is both stunning and disturbing. I understand the tradeoff we make in our society between privacy and protection, but what protection am I getting by the bureau accessing my transaction-level data from the DMV?
Instead, this data program exposes consumers to an unreasonable search and seizure of their private information — without their knowledge or consent.
Under the Dodd-Frank Act, the bureau is allowed to collect data, but with several important caveats. One of those is to remove any personally identifiable information. Unfortunately, the CFPB hasn’t followed the law with its approach to data collection, as a letter from Sens. Tim Scott and Mike Crapo to CFPB Director Richard Cordray makes clear.
“We are gravely concerned by the CFPB’s inability to confirm that the massive amount of data it collects and stores could not be reverse-engineered and traced back to one of our constituents,” the letter states.
Indeed, the letter asks for reassurance that the bureau had taken action on the 11 points of failure the GSO outlined last fall. So far there’s been no answer.
Even if you think that the CFPB itself has nothing but good motives, a depository of loan data that large makes for a tempting target. Is the bureau any more prepared than the IRS or the OPM for the attempted security breaches that are no doubt already under way?
Not according to the same GAO report, which found numerous problems, including the security of the third-party vendors the bureau relies on. The senators’ letter echoes this concern.
“Despite having spent over $10 billion on information technology and related services over the past decade and a half, the IRS was unable to prevent identity thieves from walking right through the front door of the IRS’s computer system and stealing tax returns. We are concerned that without adequate safeguards, the computer systems that store personally identifiable information at the CFPB and its vendors are equally vulnerable,” it states.
A simple cost-benefit analysis exposes the ludicrousness of this project. On one side you have very sensitive data that is being collected and analyzed on millions of consumers, without their consent. A breach of this data could compromise the finances of these consumers for years to come and jeopardize their ability to obtain any credit, much less pursue homeownership.
On the other hand you have, well, nothing.The CFPB should have to justify this massive, intrusive breach of the public’s trust. Just for starters, it should have to answer:
- What specific benefits will consumers get from this data collection?
- How do these benefits compare to the real risks it poses to consumers’ personal data?
- Who can access this data, and for how long?
- How can consumers find out what personal data is being collected, and how can they correct it if it’s wrong?
Like many of the medical solutions of the past, the far-reaching data collection the CFPB is undertaking in the name of consumer research is actually counter-indicated, and ironically, puts us all at risk.
