The Post-Dispatch editorializes today on the sharing of personally-identifiable information of Missouri driver’s license and CCW applicants with third-parties outside of state government. Unfortunately, the old adage about everyone being entitled to their own opinion, but not their own facts is applicable here. 

The editorial claims: 

Somewhat saner minds in the Missouri House intervened this week to actually ask Department of Revenue officials what happened. Nobody’s private information is being sent to either the federal government or a third-party vendor, lawmakers were told. 

This statement, however, is in fact nearly the exact opposite of the testimony heard by the House Committee on Government Oversight and Accountability.

As detailed in my prior post, the department testified that it sends the “folio” information of every applicant for a driver’s license, non-driver’s license, and CCW endorsement to MorphoTrust USA in Atlanta, Georgia. The “folio” information includes everything which appears on a driver’s license – including, among other things, their name, height, weight, address, photograph, medical restrictions, and whether they are a CCW permit holder. The department testified that the contract with MorphoTrust calls for the licenses to be printed and folio information destroyed in a short time-frame, but it did not have any procedure to verify whether the records were actually destroyed. Nor did the Department know if it had the right to spot-check MorphoTrust USA to ensure such destruction is actually completed. On Tuesday, it’s my understanding that the Department testified in court in Stoddard County that it has never received verification of destruction from MorphoTrust. Under further questioning by Rep. Richardson, the Department testified that MorphoTrust is audited six times per year by federal agencies. Rep. Richardson commented that such audits were paradoxical from the perspective of ensuring that such information is not shared with the federal government. It does not make sense to have the entities from which we are concerned does not get the information to then do the audits to ensure that the information is being destroyed. A lobbyist for MorphoTrust testified at the hearing but did not know the nature of any contracts and contacts MorphoTrust has with agencies of the federal government. Those questions from the committee remain outstanding.

Though the PD’s editors call our committee “saner,” I hold the apparently insane belief that facts should matter. And details matter. Insistence on the same has caused me to ruffle-feathers on occasion, but I think it’s my duty as a public servant to act on facts.

I’m also surprised by the P-D’s stance on this issue. This is about far more than guns. It’s about the privacy rights of all Missourians – including gun owners. It’s about Big Data and the march towards a society where huge companies have more information on every individual American than any other entities in the history of human-kind. These companies piece together bits of information about all of us that let’s them know things about us that even those closest to us do not know. Target, for example, can use Big Data to discover that a teenage girl is pregnant before her father even knows.

MorphoTrust has contracts with approximately 47 states to process driver’s licenses of the vast majority of American citizens – licenses which include personally-identifiable information and sensitive information about medical conditions and gun ownership. MorphoTrust claims to destroy such information quickly after using it to process licenses and to not share it with third parties or federal agencies. The committee has requested information from the company aimed to see if this is true. But, even assuming it is, whether MorphoTrust is a well-intentioned steward of the information or not, we live in a world in which no data is entirely secure. The Obama administration has accused the Chinese government of hacking U.S. media and corporations. Hackers have attacked the Department of Defense. How much sense then does it make for 47 states to entrust this data with a single company, that if successfully hacked, would unintentionally provide the hackers with the biggest treasure trove of PII in world history?

I’ll ask the rhetorical question again. If you had 50 golden eggs, would you put 47 of them in one basket? I think not.  

On Monday afternoon, the House Committee on Government Oversight and Accountability held a fact hearing to investigate allegations that driver’s license fee agents throughout the state are being compelled by the Department of Revenue to illegally disclose personally-identifiable information of Missourians to a third-party private company in Atlanta, Georgia capable of building a massive database and intruding on the privacy rights of Missourians. 

We did not conduct this investigation in a vacuum. Many Missourians, including myself, fear that if we are not vigilant that the coming Age of Big Data will also be the Age of Winston Smith. You can see evidence of the dangers of government and big business overreach into the privacy of Missourians nearly every day. Just last week, Attorney General Eric Holder opined that the President has the legal authority to kill American citizens on American soil with neither judge nor jury. Sen. Rand Paul spent 13 heroic hours last week exposing that fundamentally un-American legal opinion to the American public through an old-fashioned filibuster. As a second example, Google admitted last week that the FBI made over 1,000 warrantless requests for information on Google users – requests that do not involve permission from a neutral judge or grand jury. 

The concerns are not limited to the actions of government. Big Data companies know more about each of us than any third-party companies have ever known about individuals in the history of the world. There are many who defend this collection of data as being “good for us.” But there are others, myself included, who fear the long-term consequence of such data collection and how it might be abused and manipulated by private companies – and, eventually, be taken by government.

Monday’s hearing had two parts. The first part was a factual inquiry into what the Department of Revenue is actually doing here. Just as with our Mamtek investigation, it is not this Committee’s role to indict or declare activity legal or illegal – that is the role of our legal system. Instead, it is our job to determine the fact’s as best we can – and to use those facts to determine if a legislative solution is necessary, warranted, or possible.

Here’s what we learned Monday – and what we’ve subsequently learned from other hearings or legal proceedings: 

• The Department is transitioning to a new driver’s license issuance system. This transition moves away from the old process of printing licenses at each individual fee office to central issuance. 

• The Department then outsourced the printing to a vendor called MorphoTrust in Atlanta, Georgia. In its bid materials, MorphoTrust touted the fact that it has similar contracts with 46 other states. 

• The Department testified that MorphoTrust provides license fee offices with scanners and computer systems to make copies of documents and share information with the Department of Revenue. 

• Upon a Missourian requesting a license or CCW endorsement, the new system requires individual fee office agents to scan a copy of the Missourian’s source documents (for example, birth certificate) and send the copy of the source document to the Department in Jefferson City.

• The fee office agent also sends the “folio” for each applicant to the Department, which is all of the information which appears on the driver’s license, including, whether the Missourian has health restrictions on the license or a CCW permit. 

• The Department testified that it keeps the source documents itself and does not share them with any third-party. This is different than the prior system, in which individual fee office clerks reviewed the source documents and verified that they had reviewed them. The Department justifies keeping this source documents by pointing to an example of identity theft that occurred in a St. Joseph, Missouri licensing office. The Department asserts that keeping the source documents is an important deterrent to similar events in the future, and ensures that prosecutors will have necessary evidence in a prosecution for identity theft based on the presentation of forged or stolen source documents. 

• The Committee questioned whether keeping the source documents was an effective deterrent. Through questioning, the Department estimated that only 50 source documents were reviewed by its employees each week to ensure accuracy. Rep. Richardson pointed out that this was akin to search for the proverbial “needle in a haystack” and would be highly unlikely to either catch or deter a perpetrator. 

• The Committee also questioned whether keeping the source documents was necessary for the introduction of key evidence in an identity theft prosecution. I made the point that the fact that a defendant presented false documents with someone else’s name on them could be brought into evidence through the business records exception rule of evidence. 

• The Department testified that it forwards the “folio” information to MorphoTrust in Atlanta, Georgia where the contract specifies that the licenses should be printed within seven days and the folio information destroyed. 

• Under questioning by myself, the Department testified that it did not know if the contract had any procedure to verify whether such records were actually destroyed. Nor did the Department know if it had the right to spot-check to ensure such destruction is actually completed. It is my understanding that the Department testified at a hearing in Stoddard County that it has never received verification from MorphoTrust of the destruction of records. 

• Under questioning by Rep. Richardson, the Department testified that MorphoTrust is audited six times per year by federal agencies. Rep. Richardson commented that such audits were paradoxical from the perspective of ensuring that such information is not shared with the federal government. It does not make sense to have the entities from which we are concerned does not get the information to then do the audits to ensure that the information is being destroyed. 

• The Department testified that it paid for the central issue system after receiving clearance from the General Assembly in last year’s budget. The bid accepted reduced costs by $4 million per year. It was not clear at such time, however, that the bid would be secured by an out-of-state vendor with 46 other states under contract.

• Upon questioning about equipment with “Department of Homeland Security” markings, in particular “void” hole-punchers, the Department testified that such equipment was purchased with grants from DHS. These hole-punchers cost approximately $134 each – an issue of itself. 

• Rep. Richardson questioned the price of scanners in the contract – approximately $4,000 per scanner if my memory is correct – when a similar scanner can be purchased retail for approximately $600. 

• Russ Oliver, the attorney for the plaintiff in the Stoddard County case, testified that their lawsuit was based on the claim that the Department had illegally placed another hurdle in the CCW process – namely, requiring a permit holder to allow the copying of their source documents. He further testified that he believed the same requirement was illegal as a new requirement for Missourian’s applying for driver’s licenses. Oliver’s case will be determined by a judge in Stoddard County. 

• The committee took testimony from Richard McIntosh, a registered lobbyist for MorphoTrust USA. Mr. McIntosh was only recently hired by MorphoTrust, and, as a result, was unable to answer many questions of the committee, including, but not limited to the following:
  • Does MorphoTrust have contracts with federal agencies for the collection of personal data of Americans?
  • Does MorphoTrust have contracts with any private companies for the sharing of personal data or creation of databases with details on Americans?
  • How does MorphoTrust verify that it destroys the records it receives? 

• On Wednesday, the Department testified before the Senate Budget Committee – and the end result were serious questions raised by Sen. Kurt Schaefer about the source of some funds. Though relevant to this issue, the questions raised by Sen. Schaefer are more appropriate for budget committees than Government Oversight and Accountability.

From the fact-hearing, the Committee has identified two major areas of concern. The first is the copying and keeping of source documents by the Department of Revenue. As Rep. Richardson pointed out, while rational, the Department’s reasons for keeping this information do not hold up under scrutiny. By creating a centralized data-base in state possession, the Department has created an enormous target for hackers – and, no matter how secure the Department believes it’s systems are, the Committee does not believe there is any such thing as a complete secure database. Just ask companies being hacked by China.

The second issue is the sharing of folio data with an out-of-state private vendor that has similar contracts with approximately 46 other states. Though MorphoTrust touts this dominance as a reason for states to contract with it, I believe it is a detriment. If you had 50 golden eggs, would you put 47 in the same basket? I don’t believe so. Allowing one company to compile such a vast amount of personally-identifiable information from nearly every state creates a serious security risk and states ought to take action to ensure that the outsourcing of these services is de-centralized.

The second part of the hearing was HB 787, sponsored by Rep. Richardson, which is a first-draft attempt to ensure that personally-identifiable information of Missourians remains protected. Rep. Richardson’s bill as currently drafted would require the Department to destroy any source documents collected from license fee offices. His bill, however, is likely to grow.

I have inquired of the Department on how much it would cost to either (1) go to a complete central-issuance system ran by the state of Missouri, or (2) to purchase a single printer to allow Missourians with privacy concerns to opt-out of having their personally-identifiable information shared with a third-party vendor that collects such information on Americans from 46 different U.S. states. Rep. Richardson’s bill could be amended to require the Department to allow such an opt-out – or to require the Department to do the printing in-house. This opt-out or in-house model would apply to applicants for driver’s licenses and CCW permits.

Rep. Wanda Brown has also filed a bill which would require the Department to indemnify fee office agents simply carrying out orders of the Department. This provision is likely to be added as an amendment to Rep. Richardson’s bill as well.

The legislature takes its annual spring break next week. The Committee when we return from break – giving Rep. Richardson time to add various provisions to the bill to ensure we have as complete a resolution as possible. The Committee will likely vote on Rep. Richardson’s amended bill on Tuesday, March 26, our second day back from spring break. 

Elizabeth Crisp reports that the House Committee on Gov’t Oversight and Accountability will investigate recent reports of the sharing of personally-identifiable information of applicants for driver’s licenses and conceal-carry permits in Missouri. 

This story also made it as a link on Drudge. 

The committee will also hear HB 787, sponsored by Rep. Todd Richardson, which would protect personally-identifiable information of Missouri residents. 

The hearing will be held next Monday at noon. 

Next Monday at noon, the House Committee on Government Oversight and Accountability will hear the following items:

• HCR 9 – sponsored by Rep. Paul Curtman, would urge Congress to audit the Fed. 
• HB 627 – sponsored by Democratic Minority Leader Jake Hummel, would expand our already broken Medicaid system

I filed the “Buck Stops Here” Tax Credit Reform Act this morning to improve performance and enhance accountability for Missouri’s jobs tax incentive programs. HB 620 would replace the Quality Jobs, Enhanced Enterprise, Rebuilding Communities, and Development tax credits with one new streamlined program which reduces the “entitlement” nature of each prior program and replaces it with a system of discretion and accountability.

Under the “Buck Stops Here” Tax Credit Reform Act, business tax credit recipients would only be “entitled” to a credit of one percent of payroll. Discretionary benefits of up to 11 percent of payroll would be available to any qualifying company based on these factors:

1. The significance of the qualified company’s need for program benefits;

2. The amount of projected net fiscal benefit to the state and the period in which the state would realize such net fiscal benefit;

3. The overall size and quality of the proposed project, including the number of new jobs, new capital investment, proposed wages, growth potential of the qualified company, the potential multiplier effect of the project, and similar factors;

4. The financial stability and creditworthiness of the qualified company;

5. The level of economic distress in the area;

6. An evaluation of the competitiveness of alternative locations for the project facility, as applicable;

7. The percent of local incentives committed; and

8. The likelihood that the qualified company will create new jobs or make new capital investment without the award of the benefits.

In determining whether to use its discretion, the Department must issue a written decision which addresses all of the above factors. Any discretionary decision awarding more than $1 million in benefits REQUIRES the governor’s signature – hence the title, “The Buck Stops Here.” 

I believe this new accountability provision will ensure that DED is not pushing high-dollar projects with no chance of success because the governor will be reluctant to put their name on anything but that which they are fairly confident will be successful. Then, if a project succeeds, the governor can take credit for the decision – and if a project fails, they will take the blame. 

Under the current system, there is no mechanism by which DED can save taxpayers from bad projects. This puts real accountability into the system. 

I find it ironic that I’m sponsoring this legislation. I’m still not a fan of these types of tax incentives. If we were starting from scratch, I wouldn’t support my own bill. However, I realize there’s not the political will to eliminate the programs altogether – and we’re not starting from scratch. This bill improves an incentive system which I believe is broken. It’s not perfect – far from it – but it makes things better for taxpayers.

The bill also reduces the total cap allotted to these programs to $90 million. 

The House Committee on Government Accountability and Oversight will meet Friday morning from 9:00 to approximately 11:30 a.m. at Union Station in Kansas City to discuss the topic, “What to Do About Kansas?”

The general public is invited to attend. The tentative schedule for testimony is as follows:

• 9:00 – 9:20ish – Mayor Sly James
• 9:20 – 10:00 – Local economic development officials and representatives of the Kansas City Chamber of Commerce
• 10:00 – 10:25ish – Bill Hall of Hallmark
• 10:30 – 11:20ish – Local small business owners and activists who support global reductions in tax rates. 

Other testimony will be received as time permits. All are welcome to submit written testimony.

I wish the committee had time to hear from all groups, but we just don’t. In fact, the initial plan was to have the Department of Economic Development testify as well – but that was scuttled because the Department has sufficient means of communication with the committee and other elected officials in Jefferson City.

These three groups were chosen because each represents a different perspective on the question. Though some believe these perspective contradict – and there is some truth to that, I’m not convinced it’s entirely true. 

It appears the Justice Department is finally getting serious about cracking down on the debt industry’s abrogation of professional duty. The Washington Post reports on lawsuits being filed against Standard & Poor’s for their role in the mortgage meltdown – drive-by ratings on bundles of bad mortgages which transformed junk into AAA rated debt.

Why is this relevant to Missouri? First, because the mortgage meltdown was a driving factor in the Great Recession effecting Missouri just like every other state. Second, because we saw the same thing from a ratings agency in the Mamtek fiasco.