Future Tense

We Don’t Need a National Data Center of the Poor

The many, many ways the food-stamp database proposed by House Republicans could go wrong.

Anthony, 15, waits for his mother, Raphael Richmond, who is loading up on meat at the discount grocery store where they do a big once-a-month shopping trip on the day that their monthly SNAP account is refunded.
Anthony, 15, waits for his mother, Raphael Richmond, who is loading up on meat at the discount grocery store where they do a big once-a-month shopping trip on the day that their monthly SNAP account is refunded. Photo by Michael S. Williamson/The Washington Post via Getty Images

In data privacy, as in so many other matters, past is prologue. Fifty years ago, there were calls for a “National Data Center” amassing all personal data collected by federal agencies. Supporters claimed it would lead to more efficiency and better research. Congressional hearings made clear that the bigger the database, the greater risk of abuse, and the more opportunities for errors. Congress ultimately rejected that “Orwellian nightmare,” as a New York Times editorial put it on Aug. 9, 1966. Instead, it passed the Privacy Act of 1974, establishing procedural restraints on federal agencies’ data practices.

The National Data Center may not have materialized, but the impulse behind it—what we can think of as a “data-collection imperative”—never faded. For low-income people, the specter of total state surveillance is quite real. The merger of big data and law enforcement results in persistent, indiscriminate surveillance of poor communities. Public benefits programs subject the poor to intrusive and demeaning interrogations and inspections.

Now, legislation advancing in the House of Representatives would establish what amounts to a National Data Center of the Poor: a national database of all recipients of the Supplemental Nutrition Assistance Program (SNAP, formerly food stamps). Under the proposal, the Department of Agriculture, with the assistance of private vendors, would amass the highly sensitive information—Social Security numbers, asset information, birthdates, and more—of the more than 40 million individuals receiving food assistance. Because SNAP has a high turnover rate as people find better jobs and leave the program, roughly 60 million people would have their information included in this database over the course of a year.

According to proponents, this de facto National Data Center of the Poor would help detect individuals who receive food benefits in more than one state. Eliminating fraud is important, but the benefits of the proposal must be considered along with its considerable privacy risks. First, the benefits would be modest. Double dipping is rare. According to a study, less than 0.2 percent of SNAP participants were dual participants. To put it another way, about 99.8 percent of SNAP enrollees received food aid in only one state. Occasionally a household looks like it’s double dipping when it moves to a new state and the SNAP agency in its former state is slow to record its case as closed. This is a particular problem with migrant farm workers, who move frequently.

The proposed National Data Center of the Poor wouldn’t just address a problem that doesn’t really exist—it risks serious abuse. Government databases are notoriously insecure, as demonstrated by the breach of the federal Office of Personnel Management. Tens of thousands of federal, state, and local employees, along with private contractors, would have to have access to the SNAP database, which means claims that it could remain secure are delusional. Perhaps the biggest risk would be fraud and identity theft. With Social Security numbers, dates of birth, and account information, thieves can empty individuals’ bank accounts, wiping out whatever meager funds they have struggled to save. They could also become vulnerable to scammers and extortionists. For instance, bad actors could threaten to release sensitive information found in the database unless food-aid recipients do something for them.

Massive collections of personal data can metastasize to countless other databases run by state, local, and federal agencies, thanks to the “routine use” exemption to the Privacy Act’s protections. Errors in the data would be replicated. The proposed database could, say, incorrectly list someone’s birthdate or Social Security number—if shared with other agency databases, the error could mean the loss of benefits, the ability to vote, and far more. And errors there would be. Many states’ salaries for eligibility workers are so low that it is difficult to attract and retain staff capable of implementing increasingly complex SNAP rules, and many states’ automated systems have failed sensationally. In states all over the country, agency decision-making systems have erroneously terminated Medicaid to cancer patients. Computers have incorrectly identified parents believed to owe child support and initiated collection proceedings against the innocent.

Given the rush to adopt predictive tools in the public sector, there is a strong likelihood that government agencies will use individuals’ personal data to create risk profiles that could interfere with their eligibility for services, government employment, or reunification with family members overseas. Charles Reich warned 50 years ago that state surveillance of the poor can create a “black mark” on someone’s record that can never be escaped. Margaret Hu has aptly described government-generated risk profiles as resulting in “big data blacklisting.” Risk profiles can be shared with a host of federal and state agencies, impacting food-aid recipients’ life opportunities far into the future. Low-income people already face enough barriers to employment; they do not need more.

The proposed National Data Center of the Poor would demean and stigmatize food-aid recipients. As Khiara Bridges argues in The Poverty of Privacy Rights, the state’s collection of personal data from the poor “facilitates social control while revealing [them] as the type of [people] that society wants to control.” By demanding this type of database, proponents are saying that SNAP recipients are the type of people who will abuse public benefits even when the evidence shows otherwise. Automation bias will beset hearing officers, making a bad situation far worse. Because the natural human tendency is to believe computers (after all, they are not biased—it is “just” a computer), hearing officers will more often credit automated findings of fraud without investigating if the data is wrong or if the algorithms produced an inaccurate match.

There is a better option, and federal laws likely need not be changed to accomplish it. States could ping one another’s existing databases to ensure that individuals are enrolled in and receiving SNAP benefits from one state at a time. Eligibility workers could do that when people move into their states, ensuring that states where individuals used to live have updated and accurate records. Much like in voting, people remain on the rolls in states where they once lived even though they moved away long before. That simple step would likely eliminate what might otherwise be viewed as fraud. Just as being registered to vote in a state where you no longer live is not a problem (or a potential crime) unless you actually try to vote in two states, having an open SNAP file in a state where you used to live isn’t a problem, let alone a potential crime, unless you actually receive aid in both states.

The bill has been approved by the House Committee on Agriculture and may be brought up for a vote soon. But we don’t need a new federal law to accomplish any of the supposed objectives, let alone one that would create enormous—and costly—privacy risks to individuals and society with negligible benefit.