The Pentagon has spent more than $70.5 million on market research, national advertising, website development, and management of the Joint Advertising Market Research and Studies (JAMRS) database — a storehouse of questionable legality that includes the names and personal details of more than 30 million U.S. children and young people between the ages of 16 and 23.

The database is separate from information collected from schools that receive federal education money. The No Child Left Behind Act requires schools to report the names, addresses, and phone numbers of secondary school students to recruiters, but the law also specifies that parents or guardians may write a letter to the school asking that their children’s names not be released.

However, many parents have reported being surprised that their children are contacted anyway, according to a San Francisco-based coalition called Leave My Child Alone (LMCA).

“We hear from a lot of parents who have often felt quite isolated about it all and haven’t been aware that this is happening all over the country,” said the group’s spokeswoman, Felicity Crush.

Parents must contact the Pentagon directly to ask that their children’s information not be released to recruiters, but the data is not removed from the JAMRS database, according to Lt. Col. Ellen Krenke, a Pentagon spokeswoman.

Instead, the information is moved to a suppression file, where it is continuously updated with new data from private and government sources and still made available to recruiters, Krenke said. It’s necessary to keep the information in the suppression file so the Pentagon can make sure it’s not being released, she said.

Krenke said the database is compiled using information from state motor vehicles departments, the Selective Service, and data-mining firms that collect and organize information from private companies. In addition to names, addresses, Social Security numbers, and phone numbers, the database may include cell phone numbers, e-mail addresses, grade-point averages, ethnicity, and subjects of interest.

She said the Pentagon spends about $500,000 annually to purchase the data from private companies, and has paid more than $70 million since 2002 to Mullen Advertising — a Massachusetts firm whose clients include General Motors, Hooked on Phonics, XM Satellite Radio, and 3Com — to target recruiters’ messages toward teens and young adults.

The Boston Business Journal reported in October that the Pentagon had spent a total of $206 million on the JAMRS program to date, and could spend another $137 million over the next two years.

Invasion of privacy?

The JAMRS program “provides the services with contact information on millions of prospective recruits annually … Beyond list management services, DM outreach initiatives include targeted fulfillment pieces directed at influencers,” according to the program’s password-protected website.

In real terms, what that rhetoric looks like at the other end can stack up to harassment, said Crush. “Kids have been relentlessly harassed,” she said, “things like persistent phone calls — and you can’t remove your phone numbers from their list because it’s the government; people being called on numbers that have been listed as private, or for emergency only; kids under 17 called at home, night after night, and not being given a realistic picture about life in the military, particularly during a time of war.”

Her organization contends that the Pentagon’s conduct is illegal under the federal Privacy Act, which requires notification and public comment whenever new data is being compiled on individuals by any branch of government.

The Pentagon maintains it has provided that notice, posted in the Federal Register on May 23, but LMCA and other JAMRS critics point out that because new data is being collected daily, JAMRS is failing to fulfill the notification requirements of the Privacy Act.

Last fall, 100 privacy and civil rights groups sent a letter to Defense Secretary Donald Rumsfeld urging him to dismantle the database. “The Privacy Act requires that agencies publish in the federal register upon establishment or revision a notice of the existence and character of the system of records” 30 days before the publication of information, they noted. “The maintenance of a system of records without meeting the notice requirements is a criminal violation of the Privacy Act.”

But Barry Steinhardt, director of the ACLU’s Technology and Liberty Project in New York, said protection offered by the Privacy Act — the 1974 statute aimed at reducing the government’s collection of personal data on U.S. citizens — might be overestimated. “The federal Privacy Act is to some extent an over-hyped statute,” said Steinhardt. “It is largely a statute that requires notice; it doesn’t give you any substantive rights.”

Questions from Congress

Vermont Sen. Patrick Leahy, D-VT, said he had grave concerns about the legality of the database. “I think this is absolutely wrong,” he told the Vermont Guardian. “You have the law, and then you have an administration that says we don’t like the law so let’s find another way of doing it.”

“When my kids were in school I would have been really angry if this had happened,” said Leahy, whose youngest son enlisted in the Marines. “I would have been absolutely ripped if they would have gone into his high school or other records to contact him this way; I know nothing that allows it.”

“Data mining and proliferation of using databases are all concerns because it represents an administration that does not believe in checks and balances,” said Leahy. “Can you imagine our country if a Joseph McCarthy or J. Edgar Hoover has the electronic power these guys have today?”

Discomfort over the database extends to other members of Congress. Seven senators, including New York’s Hillary Rodham Clinton and Wisconsin’s Russ Feingold, both Democrats, sent a letter to Rumsfeld on June 24 asking him to “immediately cease creation of this database.”

“This personal information, which would be obtained from schools as well as from commercial data brokers, state drivers’ license records, and other sources, could then be used to formulate and execute a targeted ‘marketing’ campaign to identify and recruit individuals based on these personal factors,” they noted.

In his July 11 response, Undersecretary of Defense David Chu said the database was an important component in the nation’s volunteer military — one that enables the United States to avoid a draft.

“The department collects basic information on youth in response to a congressional mandate in 1982 that noted ‘it is essential that the Secretary of Defense obtain and compile directory information pertaining to students enrolled in secondary schools throughout the United States’ to support recruiting for the all-volunteer force and avoid conscription,” he wrote to the senators.

Chu said the central database was designed to save the Pentagon money. “In the past, the data were compiled by each of the services independently. In order to achieve significant cost savings, the data are now purchased by the department, housed centrally, and sent out to the services. The services use these data to provide information and marketing materials to potential recruits.”

Leahy scoffed at such reasoning. “This is coming from a Pentagon that tells us they don’t have money to pay for body armor for our troops over in Iraq,” he said.

Chu also said the Pentagon had no intention of using the information for purposes other than targeted recruitment.

But according to the privacy group, BeNow, the direct marketing company chosen by the Pentagon to compile the data, is owned by the credit reporting company Equifax and does not have a privacy policy, “nor has it troubled itself to enlist in a privacy seal program regarding the handling of information collected for this purpose.”

The Pentagon proposes a wide range of “blanket routine uses” that allow an agency to disclose personal information to others without the individual’s consent or knowledge, the groups wrote in their letter to Rumsfeld. “The list of 14 DOD ‘blanket routine uses’ include: disclosures to law-enforcement; state and local tax authorities; employment queries from other agencies; and disclosure of records to foreign authorities. Although individuals can opt out of recruitment solicitations, they cannot opt out of this enormous database.”

In a separate statement, the Electronic Privacy Information Center said both the Privacy Act and the DOD’s own internal regulations require the agency to collect information directly from citizens when possible.

“The main commercial vendors that sell students’ data, American Student List and Student Marketing Group, were both pursued recently by consumer protection authorities for setting up front groups that tricked students into revealing their personal information,” according to the center.

What to do

The Leave My Child Alone coalition is urging the Pentagon to add an 800 number and online opt-out links to its websites. The group concedes, however, that given reports of massive security breaches at data firms, the fact that the information remains on file “hardly grants parents peace of mind.”

One California lawmaker is sponsoring state legislation that would require high schools to include opt-out information on the emergency forms that parents must fill out annually for school records. In one California school district that implemented such a policy, the number of families choosing to opt out went from 16 percent to 63 percent, Crush said.

Meanwhile, asked what parents could do about the Pentagon database, the ACLU’s Steinhardt said, “This is as much a political issue as anything else; it’s an issue to be decided in the Congress. A state like Vermont could take it up. It’s a perfect issue for a town meeting … calling on your senators to pass some legislation.”

Information and action

Parents seeking to determine whether information about their children is contained in the JAMRS database system should address typewritten inquiries to:

The Department of Defense
c/o JAMRS, Direct Marketing Program Officer
Defense Human Resources Activity
4040 N. Fairfax Drive, Suite 200
Arlington, VA 22203-1613

Requests should contain the child’s full name, date of birth, current address, and telephone number. Do not include a Social Security number.

To ask that your child’s name be added to the suppression files of the database, send a typewritten request to:

Joint Advertising and Marketing Research
& Studies Office (JAMRS)
Attention: Opt Out
4040 North Fairfax Drive, Ste. 200
Arlington, VA 22203-1613

Include the child’s full name, street address, date of birth, and telephone number. Do not include a Social Security number.

For more information: www.leavemychildalone.org, www.jamrs.org/.

Vermont Guardian staffer Shay Totten contributed to this report.