Big Brother, it seems, never tires of finding new ways to keep tabs on his “siblings.” The latest exhibit: a national database of mortgages that will include highly personal information, including a borrower’s Social Security number, financial history, race, household composition, life events, and even religion.
“The database might be a gold mine for curious regulators and researchers, but is not cause for celebration for the borrowers whose personal information populates the database,” observed Hester Peirce, a senior research fellow at George Mason University’s Mercatus Center.
The National Mortgage Database (NMD) Program, a joint effort by the Federal Housing Finance Authority (FHFA) and the Consumer Financial Protection Bureau (CFPB), already exists, though the information contained therein is limited primarily to specifics about the mortgage itself. Now, according to an April Federal Register notice, the agencies want to expand the database to include vastly more personal information, including “without limitation” a borrower’s name, address, date of birth, ethnicity, gender, language, religion, Social Security number, education records, military and employment status and records, account number, financial and life events in the last few years, other assets and wealth, mortgage information, credit card and other loan information, household composition, household income, marital status, and “information collected from consumers as part of surveys, randomized controlled trials, or through other mechanisms.”
In other words, the NMD can hold as complete a picture of someone’s life as the government desires to paint. What’s more, as House Financial Services Committee chairman Rep. Jeb Hensarling (R-Texas) and Senate Banking Committee ranking member Sen. Mike Crapo (R-Idaho) pointed out in a letter to the directors of the two agencies, “the FHFA and CFPB have already publicly indicated that borrowers do not have the opportunity or right to opt out of the database.”
The exact number of records the NMD will contain is unknown. According to the Washington Examiner, as of last July it held information on at least 10.1 million borrowers. The Federal Register notice says that the NMD will contain a 1-in-20 sample of all “first lien single-family mortgages in existence at any point in time from January 1998 to the present (and continuing on into the future).” The Examiner, however, notes that one of the companies working on the database, CoreLogic, “boasts that it has ‘access to industry’s largest most comprehensive active and historical mortgage databases of over 227 million loans.’”
The FHFA claims the NMD is being built and expanded in order to fulfill the 2008 Housing and Economic Recovery Act’s (HERA) mandate that the agency provide Congress with a monthly mortgage survey. The U.S. Chamber of Commerce disagrees. “Congress did not explicitly require (or even implicitly authorize) the FHFA to build anything resembling the NMD,” the Chamber declared in a May 16 letter to FHFA director Mel Watt. Hensarling and Crapo, too, are concerned about the legality of the database, particularly its expansion, which they argued “represents an unwarranted intrusion into the private lives of ordinary Americans.” Furthermore, they penned, the law “specifically mandates that information be collected in a timely manner,” yet the agency is proposing “to include mortgages in existence 16 years ago that could have originated as far back as 1969.” All of this suggests that the agency is far exceeding its mandate.
Even if the NMD were perfectly legal — and it certainly is not as far as constitutionalists are concerned — it would still be highly dangerous, especially now that so much personally identifiable data will be on file. According to the Examiner, CFPB director Richard Cordray “repeatedly” told Hensarling’s committee in January that “the database will only contain ‘aggregate’ information with no personal identifiers.” The Federal Register notice, however, promises only that “in most cases, records will not contain personal identifiers” and adds that “records with personal identifiers will be used solely for the purposes of matching the records with other datasets” — a matter that Hensarling and Crapo stated “is of grave concern to us.” (Emphasis added.)
“Even in the absence of personal identifiers, the nature of the contemplated data collections leaves little to the database researcher’s imagination,” averred Peirce, who reported that “one of the engineers of the database acknowledged that ‘it is easy to reverse engineer and identify the people in our database.’”
Peirce also expressed misgivings about the number of people who will have authorized access to the NMD:
The FHFA and the CFPB are not going to keep the information they collect to themselves. The information will be provided to academic researchers subject to carefully designed parameters, but data leakage or unauthorized reverse engineering are likely to occur at some point. Moreover, the Federal Register notice identifies a long list of other outside parties that may get access to records in the database. Some of these make sense, but others such as regulated entities and “contract personnel, grantees, volunteers, interns, and others performing or working on a contract, service, grant, cooperative agreement, or project for FHFA,” raise concerns about just how many eyes are going to be perusing the personal data of millions of Americans and for what purpose.
Then there is the specter of unauthorized access, something even Cordray could not guarantee would not occur. “We’re making every effort to be very careful,” he told the House committee in January, but “he could not promise there would never be a data breach,” said the Examiner.
“If someone were to breach that system, they could very easily steal somebody’s identity,” Rep. Randy Neugebauer (R-Texas), who sits on the committee, told the paper, which reminded readers that there is good reason to be concerned about this possibility: “A December report from the Government Accountability Office on breaches containing personally identifiable information from federal databases shows unlawful data breaches have doubled, from 15,140 reported incidents in 2009 to 22,156 in 2012.”
The NMD, therefore, is unconstitutional, probably illegal under the HERA, and definitely dangerous. The grownups in Congress — if any can be found — ought to force Big Brother to delete his database, go to his room, and mind his own business. Better still, they should just shutter the FHFA and CFPB, neither of which has any constitutional justification for existing and both of which serve to distort markets and pry into Americans’ private affairs.