Opinion

Duffy protects privacy in the real world

Photo of Michael Mayfield and John Berlau
Michael Mayfield and John Berlau
Research Associate, Senior Fellow in Finance, CEI
  • See All Articles
  • Subscribe to RSS
  • Bio

      Michael Mayfield and John Berlau

      Michael Mayfield is a research associate at the Competitive Enterprise Institute.

      John Berlau is senior fellow for finance and access to capital at CEI.

When he starred in the reality series “The Real World” in the late 1990s, Sean Duffy was under constant surveillance from MTV’s cameras. So perhaps it is not surprising that as a member of the U.S. House of Representatives elected in the Republican takeover of 2010, Duffy (R-Wis.) has emerged as a hero in protecting Americans from the unwanted surveillance by the federal government.

Duffy is taking on a shadowy entity created in 2010 by the Dodd-Frank financial “reform” law, the Consumer Financial Protection Bureau. Housed within the Federal Reserve, the CFPB is exempt from important federal privacy laws.

When the American people learned in June that the U.S. government has long been spying on their phone and Internet records, it jarred Americans’ sensitivity toward their privacy. Given the public outcry over the NSA spying revelations, one might expect other bureaucracies would tread carefully before encroaching on citizens’ privacy. Unfortunately, not all parts of government got the message: the CFPB is building a massive database of Americans’ financial records, even though this entity has no connection to fighting terrorism.

While most federal agencies are funded by Congress, the CFPB was created by the 2010 Dodd-Frank financial “reform” law as an independent agency within the Federal Reserve. It gets its funding from the Fed and thus, as the Daily Caller’s Brendan Bordelon reported, the agency did not furlough anyone during the shutdown. And because the CFPB bypasses Congress’s budgetary oversight, the agency lacks even the minimal accountability to which the NSA is subject.

This lack of oversight has enabled the CFPB to build a database of Americans’ private financial information that even the NSA would envy. The CFPB was supposedly created to defend credit card and mortgage consumers, but it has gone far beyond its stated founding purpose. It has already collected information about at least 10 million consumers without their consent.

The CFPB is just getting started. At a House Financial Service Committee’s Subcommittee on Financial Institutions and Consumer Credit hearing in July, CFPB Acting Deputy Director Steve Antonakes revealed that the agency hopes to be able to monitor more than 900 million credit card accounts — or 80 percent of the nation’s credit card market.

Worse, while CFPB officials claim that all of the data they collect is anonymous, they have failed to explain how they will maintain consumers’ privacy, as the Daily Caller’s Bordelon reports. While Dodd-Frank bars the CFPB from collecting consumers’ “personally identifiable financial information,” merely stripping individual names and account numbers from financial records is no assurance they cannot be linked to specific persons. Unmasking an anonymous credit card holder is a trivial endeavor if you know each time, location, and business where a particular credit card has been swiped.

How did we come to this? The main reason is that Dodd-Frank specifically exempts the CFPB from a bipartisan law enacted in the 1970s to protect Americans’ financial privacy.

In 1976, the U.S. Supreme Court ruled in U.S. v. Miller that the Fourth Amendment to the Constitution, which protects Americans from unreasonable searches and seizures, does not safeguard individuals’ financial information held by banks and other third-party institutions. In response to this ruling, Congress passed the Right to Financial Privacy Act (RFPA) in 1978. The law protects individuals’ financial privacy by requiring that federal agencies document their access to financial records. Under the RFPA, an agency that wishes to access a person’s financial information must first notify that person and give her an opportunity to object. If she objects, the agency is barred from accessing her records unless it formally certifies that they relate to a legitimate law enforcement investigation.