The tracking federal contractors conundrum, with Hudson Hollister

A look inside the shift away from proprietary DUNS numbers to a common federal ID for corporations that's been a decade in the making

One of the prime ambitions of this newsletter, Slow Build, is to dig into topics with especially attractive obscurity-to-impact ratios — that is, things happening in the world that get minimal attention but that are nonetheless shaping how we live our lives. Often, it’s the sort of things that the people doing the hard in-the-trenches work of government or politics or media are especially passionate about, the stuff they spend their days obsessing on. 

In that vein comes DUNS, or the Data Universal Numbering System. (If you can say “DUNS” without singing “DUN-da-DUN-DUN-DUNS” in your head, you’re a stronger person than I am.)

DUNS is the nine-digit code that U.S. General Services Administration has long used as the official identifier to track federal contractors, under a contract with Dun & Bradstreet that dates back to 1978. Federal contracts are of course big business in the U.S. — $682 billion last year — but they also are at the center of everything from health care to how we wage wars. Because DUNS numbers are a proprietary product of Dun & Bradstreet, though, folks attempting to make use of them to better understand federal contracts have run into roadblocks. The Government Accountability Office has branded it “a monopoly that has contributed to higher costs.”

But change is afoot!

After years of advocacy in Washington by good-government groups and others, the GSA, for its part, is beginning to do away with its dependence on DUNS, turning instead to a “Unique Entity Identifier” controlled by the federal government. It recently said that it’s going to finish the transition in April of 2022. It’s the story of a seemingly small shift behind the scenes that could produce big results.

One of the organizations agitating for change has been the Data Coalition, founded in 2012 by Hudson Hollister (@hudsonhollister). Hollister said he was inspired by his time as an attorney at the SEC at the height of the 2008 financial crisis, and his horror at how little ability federal regulators had to track companies they were charged with overseeing. Says Hollister, who now runs a company called HData, “I’m still just as mad.”

(This interview has been condensed for length and clarity.)

Scola: When it comes to DUNS, how do you answer the inevitable question, ‘Who cares?’ 

Hollister: Since the 1990s and until a couple of years ago, the federal government was contracting with Dun & Bradstreet for a system to identify every federal contractor. That’s fine. The challenge has always been that this contract gave Dun & Bradstreet a proprietary interest in not just the system, but the number itself. 

This meant that the key element of the data set about federal contractors was and still is, until the transition, owned by a private-sector contractor itself. It means that if either the government or the private sector wants to do analytics or number crunching on federal contracting, they would need to purchase a license to that number. So taxpayers are not just paying for hundreds of billions of contracting, but they’re also paying again for information about the contracts they’re paying for. 

Dun & Bradstreet made that deal with the federal government decades ago. And then as federal contracting because somewhat centralized under the authority of GSA, the DUNS number became ingrained in everything. Thousands of government systems use the DUNS number as the way they track federal contracting, to associate who’s doing the work with who gets paid. 


When it comes to federal contracting, you often hear about the ‘matching’ problem. What’s that?

It’s trivial for companies to get a DUNS number. You go to Dun & Bradstreet to do it, and they make it easy because that’s part of their marketing. But that means there’s not a reliable map of how all owners and subsidiaries match to each other. And because it’s owned by Dun & Bradstreet, you’ve got to pay for a license before you can do any matching. 

Is GSA moving to a unique non-proprietary ID really that big of a deal? Or is it just housekeeping?

It’s the single biggest issue in federal contracting oversight.

In order for inspectors general, citizens groups, or Congress to truly get a handle on federal contracting, we need to be able to do matching. But we can’t do that unless we buy a license to the dataset, so all the matching and analytics have never been developed. These efforts build on top of each other; We should have inspectors general, Congress, GAO, private-sector watchdog groups all collaborating. None of this is happening because the data sets are not shareable. 

We haven’t even tried higher-level analytics in federal contracting oversight.

“It would mean that you could pull up a company’s SEC filings, procurement records — all the different touch points between a company and government automatically without ever having to do data matching.”

So is Holy Grail here detecting fraud?

It’s the triumvirate — waste, fraud, and abuse

In 2017 the Data Foundation [a research group affiliated with the Data Coalition] put out a study about federal identification numbers for companies, not just in contracting but in regulatory and statistical uses as well. We found then that there were 50 different identification codes for private sector companies across regulatory agencies, the GSA and procurement, and statistical [agencies] like the Census Bureau. Hundreds of government agencies are tracking companies and what they do, but they use disparate identification codes. Every effort to oversee companies starts with a bunch of data matching. 

Data matching should be ubiquitous and automatic. In other countries it is. For example, Australia has one identification code that’s used by all the different regulatory, statistical, and procurement agencies. We should do the same thing. 

So just to pick one company, Google would have one number I could use to track it across every government database? 

It would mean that you could pull up a company’s SEC filings, procurement records — all the different touch points between a company and government automatically without ever having to do data matching.

Often agency regimes overlap. Like, we’ve got six different banking agencies. All of them are tracking banks, and all of them are having the banks reporting separately to them, instead of benefiting from their fellow regulators. 

How did you get started doing this work?

I worked for the SEC during the financial crisis, and I discovered we were not using common data fields or digital identifiers for all this information. I went to Congress for a bit, then resigned to start the Data Coalition. I’m still just as mad.

Can’t get enough DUNS? Read the GAO’s landmark 2012 report here.