Secretary of Defense Donald Rumsfeld started a Pentagon program in 2003 called the Joint Advertising and Market Research Recruiting Database (JAMRS). The Department of Defense intended to collect and analyze information on high school students over the age of 15, college students, and others in order to enhance the Pentagon’s ability to target qualified candidates for military recruiting. Perhaps most notably, Rumsfeld did not publish any notice of JAMRS until after it had been established.

It appears that the database holds million of records with information including Social Security number, date of birth, ethnicity, address, grade point average and telephone number. Not surprisingly it is all managed by a private marketing firm outside the Department of Defense and is retained for a period of at least five years. Surprising, however, is the fact that there is no “opt-out” option:

Parents must contact the Pentagon directly to ask that their children’s information not be released to recruiters, but the data is not removed from the JAMRS database, according to Lt. Col. Ellen Krenke, a Pentagon spokeswoman.

Instead, the information is moved to a suppression file, where it is continuously updated with new data from private and government sources and still made available to recruiters, Krenke said. It’s necessary to keep the information in the suppression file so the Pentagon can make sure it’s not being released, she said.

Very Kafka-esque. They have to keep updating your information in a database in order to make sure they are not keeping your current information in the database?

Some investigative reporter might be able to confirm whether there is a connection between this particular marketing firm and a political party, private interest group (e.g. the NRA) or some family name on the hill.

EPIC provides more background and information on their DOD Recuiting Database Page. For example, they explain some of the Bush administration’s back-door dealings to quietly circumvent privacy laws:

The creation of the database caused many to revisit public policy choices made by Congress on military recruiting. As explained above, under the No Child Left Behind law, Congress forced public and private schools receiving federal educational fund to release secondary students’ names, addresses and telephone numbers to military recruiters who request them.

So I’ve been getting fraud email from @gmail users lately (ironically purporting to be @yahoo users). I simply made sure I had the header information and I forwarded the entire message with a brief “please investigate” message at the top to their “abuse” team.

I expected Google, like most companies, to parse my email with an automated system and send some sort of generic response. Alas, instead I was given the following answer:

Hello,

Thank you for the abuse report. To help us process your request quickly,
please fill out the form specific to your situation.

– If you believe that your account may have been compromised, please
visit: https://services.google.com/inquiry/gmail_security1

– To report a message that violates the Gmail Terms of Use or Program
Policies, please visit:
https://services.google.com/inquiry/gmail_security2

– To report an established account for sale, please visit:
https://services.google.com/inquiry/gmail_security3

– To report all other security and/or abuse-related issues, please visit:
https://services.google.com/inquiry/gmail_security4

WHAT HAPPENS WHEN YOU REPORT ABUSE?
Reports entered through the form are given our highest priority. Google
takes abuse situations like this very seriously. As appropriate, we may
warn users or discontinue Gmail service for the account(s) in question.
For privacy and security reasons, we may not reveal the final outcome of
an abuse case to the person who reported it. To read the Gmail Terms of
Use, please visit: http://gmail.google.com/gmail/help/terms_of_use.html.

If your issue is not related to abuse, you may want to visit our Help
Center at http://gmail.google.com/support/, or by clicking ‘Help’ at the
top of any Gmail page within your account.

We appreciate the urgent nature of your message, and thank you for your
cooperation.

Sincerely,

The Google Team

Sincere indeed. Perhaps instead of “To help us process your request quickly” they should have been honest and just said “Ooops, you sent us an email but we don’t know how to handle it. Mind if you put all the information from your email into a web form for us?”

Perhaps instead of the “form letter” (pun intended) we should create a shim that takes email input and submits to their form automatically. Now that would process requests quickly. What’s the rate limiting factor that Google assumes? 10 submits in an hour? 100? Let’s say hypothetically that I’m a security administrator for a large enterprise and I want to pursue all the fraud originating from their servers. Do they really expect me to have my staff manually enter every message into a little form? Their current method makes it such a pain to report fraud that I wonder if I’ll be seeing more and more @gmail abuse in the near future.

Incidentally, I filled out the form and did not receive any confirmation of receipt. Perhaps that comes after they have a human review the submission…since a form is also not immune from data integrity issues.

UPDATE: Google’s response above was emailed to me as #60445059 “Fw: Subject”. I just received another response from them, two days later, as #60655802 “Account Status”. What are the chances that they crossed their wires and I was sent the response for someone else’s ticket. Or maybe 210,743 other tickets really went through their system in the time it took to be resolved? They kindly report that “You can also help stop these individuals by sending a copy of such unlawful messages to the Federal Trade Commission at spam@uce.gov.” Nice. Does that mean they want users to actually forward a copy themselves because Google requires a form instead of a copy? Oh, the irony.