Alleged data theft by DEA official raises privacy concerns

"I think this case points to the necessity that such (database) systems have a foolproof electronic audit trail and sanctions so serious that no officer would dream of stealing the data," said Beth Givens, director of the San Diego-based Privacy Rights Clearinghouse, a nonprofit consumer information, research and advocacy program.

On Monday, Emilio Calatayud, a 34-year-old veteran in the Los Angeles Field Division of the DEA, was arraigned on charges that he allegedly misused his position at the agency to sell information to a private investigations firm.

The U.S. Attorney's Office for the District of Central California charged Calatayud with five counts of illegally accessing law-enforcement computer systems, five counts of wire fraud and one count of bribery.

In total, Calatayud is believed to have reaped $22,580 in payments from Los Angeles-based private investigations firm Triple Check Investigative Services between August 1993 and August 1999.

Not an isolated case
A warrant for Calatayud's arrest had been issued Jan. 11, and the agent turned himself over to law enforcement officials on the following night.

U.S. Attorney Alejandro N. Mayorkas slammed Calatayud's alleged misconduct.

"The sale of confidential information by a member of a law enforcement agency jeopardizes the viability of criminal investigations, threatens the safety of members of the public and undermines the integrity of our law enforcement community," he said in a statement.

Givens thought the case was far from isolated. "I do think this is more common than one might think," she said, adding that the PRC has received several calls complaining about the similar abuse of private data by law officers.

Another privacy advocate condemned the alleged actions of the agent, but stressed that other ways of accessing data--allowable by law--are far more worrisome than those that are illegal.

"The unauthorized and illegal use of information will become more common as it becomes mined and searched and all those things we can do now," said Barry Steinhardt, associate director for the American Civil Liberties Union. "But we have laws to protect against those things, or at least punish the offenders when we find them."

Steinhardt pointed to the recent hack of the University of Washington Medical Center, where a Russian cyberthief made off with almost 5,000 hospital records. Yet, what is often worse is the hospital's use of such data for its own marketing purposes and the low legal barriers for others to access the data.

"In the end, we need to be much more concerned with the authorized uses of data than their unauthorized uses," Steinhardt said. "Right now, the law allows a lot of data usage by the government. And there is an awful lot of information that corporations can use as well."