http://www.nytimes.com/2004/12/18/national/18aclu.html?ei=5006&en=1fb103f41ec09d84&ex=1104037200&partner=ALTAVISTA1&pagewanted=print&position=December 18, 2004
A.C.L.U.'s Search for Data on Donors Stirs Privacy Fears
By STEPHANIE STROM
The American Civil Liberties Union is using sophisticated technology to collect a wide variety of information about its members and donors in a fund-raising effort that has ignited a bitter debate over its leaders' commitment to privacy rights.
Some board members say the extensive data collection makes a mockery of the organization's frequent criticism of banks, corporations and government agencies for their practice of accumulating data on people for marketing and other purposes.
Daniel S. Lowman, vice president for analytical services at Grenzebach Glier & Associates, the data firm hired by the A.C.L.U., said the software the organization is using, Prospect Explorer, combs a broad range of publicly available data to compile a file with information like an individual's wealth, holdings in public corporations, other assets and philanthropic interests.
The issue has attracted the attention of the New York attorney general, who is looking into whether the group violated its promises to protect the privacy of its donors and members.
"It is part of the A.C.L.U.'s mandate, part of its mission, to protect consumer privacy," said Wendy Kaminer, a writer and A.C.L.U. board member. "It goes against A.C.L.U. values to engage in data-mining on people without informing them. It's not illegal, but it is a violation of our values. It is hypocrisy."
The organization has been shaken by infighting since May, when the board learned that Anthony D. Romero, its executive director, had registered the A.C.L.U. for a federal charity drive that required it to certify that it would not knowingly employ people whose names were on government terrorism watch lists.
A day after The New York Times disclosed its participation in late July, the organization withdrew from the charity drive and has since filed a lawsuit with other charities to contest the watch list requirement.
The group's new data collection practices were implemented without the board's approval or knowledge, and were in violation of the A.C.L.U.'s privacy policy at the time, said Michael Meyers, vice president of the organization and a frequent and strident internal critic. Mr. Meyers said he learned about the new research by accident Nov. 7 in a meeting of the committee that is organizing the group's Biennial Conference in July.
He objected to the practices, and the next day, the privacy policy on the group's Web site was changed. "They took out all the language that would show that they were violating their own policy," he said. "In doing so, they sanctified their procedure while still keeping it secret."
Attorney General Eliot Spitzer of New York appears to be asking the same questions. In a Dec. 3 letter, Mr. Spitzer's office informed the A.C.L.U. that it was conducting an inquiry into whether the group had violated its promises to protect the privacy of donors and members.
Emily Whitfield, a spokeswoman for the A.C.L.U., said the organization was confident that its efforts to protect donors' and members' privacy would withstand any scrutiny. "The A.C.L.U. certainly feels that data privacy is an extremely important issue, and we will of course work closely with the state attorney general's office to answer any and all questions they may have," she said.
Robert B. Remar, a member of the board and its smaller executive committee, said he did not think data collection practices had changed markedly. He recalled that the budget included more money to cultivate donors but said he did not know what specifically was being done.
Mr. Remar said he did not know until this week that the organization was using an outside company to collect data or that collection had expanded from major donors to those who contribute as little as $20. "Honestly, I don't know the details of how they do it because that's not something a board member would be involved in," he said.
The process is no different than using Google for research, he said, emphasizing that Grenzebach has a contractual obligation to keep information private.
The information dispute is just the latest to engulf Mr. Romero. When the organization pulled out of the federal charity drive, it rejected about $500,000 in expected donations. Mr. Romero said that when he signed the enrollment certification, he did not think the A.C.L.U. would have to run potential employees' names through the watch lists to meet requirements.
The board's executive committee subsequently learned that Mr. Romero had advised the Ford Foundation, his former employer, to follow the nation's main antiterrorism law, known as the Patriot Act, in composing language for its grant agreements, helping to ensure that none of its money inadvertently underwrites terrorism or other unacceptable activities. The A.C.L.U., which has vigorously contended that the act threatens civil liberties, had accepted $68,000 from Ford under the new terms by then.
The board voted in October to return the money and reject further grants from Ford and the Rockefeller Foundation, which uses similar language in its grant agreements.
In 2003, Mr. Romero waited several months to inform the board that he had signed an agreement with Mr. Spitzer to settle a complaint related to the security of the A.C.L.U.'s Web site. The settlement, signed in December 2002, required the agreement to be distributed to the board within 30 days, and Mr. Romero did not hand it out until June 2003.
He told board members that he had not carefully read the agreement and that he did not believe it required him to distribute it, according to a chronology compiled by Ms. Kaminer.
Many nonprofit organizations collect information about their donors to help their fund-raising, using technology to figure out giving patterns, net worth and other details that assist with more targeted pitches.
Because of its commitment to privacy rights, however, the A.C.L.U. has avoided the most modern techniques, according to minutes of its executive committee from three years ago. "What we did then wasn't very sophisticated because of our stance on privacy rights," said Ira Glasser, Mr. Romero's predecessor.
Mr. Glasser, who resigned in 2001, said the group had collected basic data on major donors and conducted a ZIP code analysis of its membership for an endowment campaign while he was there. He said it had done research on Lexis/Nexis and may have looked at S.E.C. filings.
Mr. Meyers said he learned on Nov. 7 that the A.C.L.U.'s data collection practices went far beyond previous efforts. "If I give the A.C.L.U. $20, I have not given them permission to investigate my partners, who I'm married to, what they do, what my real estate holdings are, what my wealth is, and who else I give my money to," he said.
On Nov. 8, the privacy statement on the A.C.L.U. Web site was replaced with an "Online Privacy Policy." Until that time, the group had pledged to gather personal information only with the permission of members and donors. It also said it would not sell or transfer information to a third party or use it for marketing.
Those explicit guarantees were eliminated from the Web site after Mr. Meyers raised his concerns about the new data-mining program at the Nov. 7 meeting.
After learning of Mr. Spitzer's inquiry, the executive committee of the board took up the data-mining issue on Dec. 14. Board members are allowed to listen in on any executive committee meeting, and Mr. Meyers asked the panel to participate in its conference call.
The first item on the agenda was whether he could be on the line. The executive committee voted 9 to 1 to bar him and had a staff member inform him that the meeting was of the board of the A.C.L.U. Foundation, not the group's executive committee, and thus he was excluded.
Mr. Remar, who has been a board member for 18 years, said board members had been asked to leave executive committee meetings during personnel discussions, but Mr. Meyers said it was a first.
Mr. Remar said the data collection efforts were a function of the foundation, and thus the executive committee had met as the foundation board.
But Mr. Romero convened a meeting of the executive committee, and Mr. Spitzer's letter was addressed to the A.C.L.U., with no mention of the foundation.
Mr. Meyers said his exclusion raises a profound issue for other board members. "Their rationale for excluding me implicitly means that they can't share anything with the board, but the board as a whole has fiduciary responsibilities," he said. "How can board members do their duty if information is withheld from them?"
