Because the American credit reporting system relies on both good and bad reports of creditworthiness, a consumer must have some kind of credit—not just the absence of bad credit. (In some countries, the lack of a credit report can establish good credit). “The American system, on other hand, relies on total surveillance,” writes Chris Jay Hoofnagle in his primer on privacy law and the Federal Trade Commission.
From the end of the Civil War to the mid-20th century, the breadth and detail of information collected by the reporting agencies only increased. Control over the access to that information, however, did not seem to keep up. “People do not realize, for example, that their own credit files are accessible to virtually anyone who understands the workings of credit bureaus and has a few dollars to spend on a report,” said one study in 1969. And those credit reports contained personal information ranging from the deeply prejudicial to the utterly inane.
The reports were compiled using information from retailers, from the public record (court records, newspaper clippings), and from interviews with friends and neighbors. In 1972, a Senate aide testified before a committee about the type of information that was collected by the automobile insurance industry: “If they, in any way, have some deviant behavior characteristics, they wear pink shirts, or have long hair and a mustache, they read Karl Marx … They can look in your library and see what books you read, what magazines you subscribe to…”
It was no wonder, then that Congress enacted the Fair Credit Reporting Act in 1970, to be enforced by the Federal Trade Commission and by private litigants through a civil cause of action. According to Hoofnagle, FCRA is “America’s first federal consumer information privacy law and one of the first information privacy laws in the world.”
Today FCRA is still at the forefront of fighting privacy violations—but the transition to the new frontier of digital privacy has not been a smooth one. In the 70s, FCRA looked like a white knight charging into the dragon of credit reporting. Today, it sometimes more closely resembles Don Quixote tilting at windmills.
FCRA, after all, assumes that the problem is inaccurate information. (And in all fairness, many Americans have low credit due to false information on their reports). It also imposes duties on credit reporting agencies to keep information from being carelessly disclosed. But people don’t object to spying on the grounds that the secret dossier about them might be full of errors. They object to spying because it’s spying.
A FCRA case still pending at the Supreme Court illustrates this tension. In Spokeo v. Robins, Thomas Robins initiated a class-action lawsuit against “people search engine” Spokeo, because they gave out information “indicating that he has more education and professional experience than he actually has, that he is married (although in fact he is not), and that he is better situated financially than he really is.” There are probably a lot of people who think Spokeo is creepy and should be regulated. The number of people who think Spokeo is creepy and should be regulated because they made Thomas Robins look better off than he actually is, is likely vanishingly small.