When cyber hackers breached Equifax’s consumer databases this past summer and ran off with the personal information of over 143 million people, or approximately half of the adult population of the United States, in many ways, they were doing unto Equifax what Equifax had done unto others for its entire history.
Equifax Inc., founded in 1899 in Atlanta, Georgia as the Retail Credit Company, reaped huge profits over the course of the twentieth century by taking people’s personal information without their knowledge or consent, and repackaging it for sale to other commercial institutions including insurance companies, credit lenders, and employers.
Equifax’s data practices were historically justified by the company as a kind of quid pro quo. In his recent history of consumer surveillance and financial identity in America, scholar Josh Lauer details how US credit bureaus such as Equifax legitimized their programs of surveillance and data storage by promising to “democratize” credit access. According to this logic, more readily available consumer information ensured that lenders, insurers, and employers were able to distinguish between financially safe and unsafe individuals, expanding economic security to the millions of Americans who needed loans, insurance, and jobs, but could not get them without the easy flow of consumer information. In reality, Equifax’s executives reinforced preexisting social inequalities and rationalized “fair” discrimination as a cornerstone of the capitalist economy. For women and poor African Americans, for example, a Retail Credit Company report did not open doors to financial security. It just recorded how society already saw you: as a bad risk.
Federal policymakers first took notice of Equifax, or more precisely, its predecessor the Retail Credit Company, in the mid-1960s, after Congress launched an investigation into a proposed government plan to harness the power of new computer technology and centralize the demographic and statistical information collected by different government agencies into one database. Federal legislators viewed the proposal as a potential threat to individual privacy rights.
Senator Cornelius Gallagher of New Jersey put it succinctly: “Today’s man’s home or castle, his traditional bastion of privacy, is in danger of becoming a fishbowl, no longer so well protected from prying eyes and ears. Man’s mind — the private vault of his ideas, opinions, and thoughts — is more than ever under psychological and electronic assault.” In the 1960s, fear of new computer technology, which had only just begun to be used by the government in mass, were at the center of much of this anxiety. Gallagher imagined that the “magic of computers” encouraged a world that rendered man more “psychologically naked” than ever.
It was during these congressional investigations that policymakers unintentionally stumbled upon what they believed to be an equally, if not more terrifying problem: the mass collection and storage of consumer information by the nation’s many credit bureaus. Retail Credit Company set off the most alarms as the nation’s biggest and most invasive information gatherer. In 1969, William Lee Burge, Retail Credit Co.’s CEO, reported during an investigation before the Senate Subcommittee on Financial Institutions that his company stored approximately forty-five million individual personal files, prepared thirty-five million consumer reports per year, and employed 8,500 investigation agents.
The scope and scale of credit bureaus concerned members of Congress, but they were more disturbed by the everyday business practices of credit bureaus. In this regard, Retail Credit Company was in a class of its own. Most credit bureaus were simply local or regional businesses that recorded basic ledger data. They kept track of people’s names, birth dates, address, and payment history, for example. Retail Credit Company, which specialized in insurance reporting, gathered far more information on consumers.
An article published in the New Republic in 1966 documented how Retail Credit Company investigators, or “inspectors,” at the behest of insurance companies, collected the most intimate details of an individual’s life. This included information about their race and sexual habits, their church attendance, their home environment, and whether or not they were experiencing marital discord. Still worse, the New Republic warned that this information could have originated from potentially unreliable neighbors and acquaintances. If damaging or just plain wrong information had managed to creep into a person’s file, they were at the mercy of the credit bureau, since it was nearly impossible to see these confidential consumer reports.
The New Republic article meant to stir fear in the hearts of its readers, but its claims were hardly outlandish. By the postwar period, the Retail Credit Company did have a network of inspectors, located throughout the continental United States, who were instructed by company managers to prepare detailed reports, using information gathered from neighbors, employers, and local merchants.
In 1968, Burge defended his company’s business and justified its existence by characterizing it as essential to the smooth operation of the American economy. “In our credit-oriented, insurance-supported economy — interstate and international as it is — business information is an absolute necessity. To restrict the interchange of this information is to restrict the commerce of our country,” he told government officials, “Without the economic lubricant of business information, many of the wheels of commerce would grind to a halt.” Burge’s words would become the mantra for Retail Credit Company, and later Equifax, in the proceeding decades.
In the 1960s and early 1970s, the panic policymakers felt in relation to Retail Credit Co.’s practices was in many ways misplaced. In reality, Retail Credit Co. posed little danger to the heterosexual middle- and upper-class white men like the ones who populated most of the Senate and House of Representatives in Washington. This was because insurance companies, the actual users of the Retail Credit Company’s information, by and large viewed white men with class and sexual privilege as good insurance risks. Hardly surprising, this reflected the fact that the historical majority of actuaries, underwriters, and insurance company managers — the ones delegated the responsibility of determining good from bad risk — were also white men from similar socioeconomic backgrounds. Credit bureau reporting errors might have been a nuisance for these groups, but it did not mean they would be systematically denied access to insurance.
That it took so long for policymakers to recognize the role the Retail Credit Company played as the middlemen between individuals and insurance companies only further demonstrates the extent to which certain classes and categories of people were largely insulated from the worst abuses of credit bureaus. It was a dramatically different story for people of color, women of all classes, and the queer community.
It was the members of these intersecting groups who experienced the brunt of Retail Credit Company’s and the insurance industry’s systematic discrimination. In the early 1960s, Edith Wetherby and Mary Dunnigan, roommates and co-owners of a small real estate business in Maryland, applied for life insurance policies, each naming the other as beneficiary in case of death. Without explanation, the pair had their applications denied by several life insurance companies. Eventually, one insurance agent betrayed that the decision to reject the women had been made based on a Retail Credit Report.
In a strange and ironic act of historical symmetry, Wetherby and Dunnigan paid a private detective $400 to steal their report from the local Retail Credit Company branch office in Baltimore. The report revealed that the women’s neighbors told the local Retail Credit Company inspector that the two were lesbians, or if not lesbians, at least behaved in masculine ways, unbefitting to the normative gender roles of the 1960s. Dunnigan and Wetherby denied these accusations and filed a lawsuit against Retail Credit Company for libel and slander. The two lost in court though after the neighbors Retail Credit Company had interviewed to make the report stood by their original statements and testified that Wetherby and Dunnigan “definitely do not act like the feminine sex if they are.”
In the 1970s, when Congress set out to make credit bureau reporting more fair, Edith Wetherby and Mary Dunnigan were not who they had in mind. The way many members of Congress understood Retail Credit Company as a problem reflected the gender, class, and racial privilege of policymakers. From their perspective, the issue was not that credit bureaus helped insurance companies distinguish between people, classing them as either good or bad risks, and then systematically denying them the benefits of insurance. Rather, credit bureaus presented a problem because sometimes they made mistakes and misreported good risks incorrectly as bad ones. But women, people of color, and the poor long knew that the disadvantages they faced did not simply come down to clerical errors or misfilings.
When Congress passed the Fair Credit Reporting Act in 1970, it meant to level the playing field between consumers and credit bureaus. For the first time, consumers were in a position to both learn and contest the information in their credit bureau reports. To the chagrin of many consumers, particularly women and people of color, and the queer community, the new legislation provided no legal recourse for individuals, who were seen by credit bureaus’ subscribers as bad economic risks. In 1974, Congress partially attempted to rectify this with the the Equal Credit Opportunity Act, which barred lenders from making credit granting decisions based on sex or marital status. In 1976, this Act was further amended to prohibit discrimination in credit because of race, color, national origin, and age.
The Equal Credit Opportunity Act adopted the logic that expanded credit access could be achieved by simply banning certain categories from lenders’ calculations of creditworthiness. It ignored the extent to which women or people color were perceived as bad credit risks because the credit system reinforced already existing social inequalities. Women and people of color were at a disadvantage in getting credit because they had a harder time finding employment or were fired more often from their jobs. Without tackling the underlying racial and gender inequities of the American labor market, barring discrimination in credit offered no real solution to many people when it came to obtaining credit.
No parallel federal law passed in Congress prohibiting insurance companies from using certain categories when calculating an individual’s risk. Instead, the lobbying arm of the insurance industry, particularly the Health Insurance Association of America and the American Council of Life Insurance, convinced policymakers that discrimination could be good and fair. Insurance industry lobbyists argued that insurance companies used the information provided by credit bureaus to calculate and classify individual risks. This allowed the industry to charge proper premiums to individual policyholders based on the likelihood that they would make a future claim.
If insurance companies were barred from accessing all the information they needed, or if credit bureaus were prevented from collecting certain kinds of information to sell to insurers, it would force them to charge less risky individuals more to make up for the risky individuals who slipped into the wrong risk classification pool. From this perspective, discriminating between individuals to place them into the proper risk group was essential to the continued solvency of the profit-driven insurance industry. In the early 1990s, political theorist Deborah Stone termed this unjust rationale “actuarial fairness.”
In the latter half of the twentieth century, debates over expanding credit and insurance access centered around what role information would play in our political economy. Most importantly, who would get to control and dictate the terms of its collection and distribution? Retail Credit Company, renamed Equifax in 1976, was at the center of these debates, since it, more than any of the other credit bureau of the twentieth century, was entangled in a vast network of information exchange with insurers, lenders, and employers. By the 1990s, other companies would catch up and rewrite themselves as “general data brokers” by diversifying their information-sharing portfolios. Yet Equifax had long been at the forefront.
This was no accident. After World War II, federal legislators and business executives moved towards an economy which, instead of creating a stronger welfare state with universal goods, relied on private banks and insurance companies to reinforce social hierarchies through “fair” discrimination. In this system, Equifax or Retail Credit Company could justify its existence as the backbone of an economy that relied on personal information to maintain fair prices and equilibrium in credit and insurance markets.
Since early September, when Equifax revealed to the public that its databases had been breached by a cyber attack, Congress has been quick to react. Senators Mark Warner (D-VA) and Cory Gardner (R-CO) announced plans for a new “Senate Cybersecurity Caucus” to address the escalating threat cyberattacks pose to national security and the US economy, while Senators Brian Schatz (D-HI), Elizabeth Warren (D-MA), and Claire McCaskill (D-MO) have proposed the Stop Errors in Credit Use and Reporting (SECURE) Act — a Fair Credit Reporting Act 2.0 for the digital age — which would like its legislative predecessor make the information practices of credit bureaus more visible to consumers by providing individuals with information about how credit scores are made and what they are used for.
However, as history demonstrates, these solutions would likely be no solutions at all for the people rendered most economically vulnerable by their credit scores. The ethical stakes of the commodification of consumer information runs far deeper than the individual right to privacy, cyber security, or making our economic infrastructure more transparent. They go to who has access to vital services in our economy, and who is shut out.