Privacy Groups Fight Government Data Mining
WASHINGTON--A coalition of privacy groups called on the U.S. Congress to halt creation of a federal database of airline-passenger profiles until more details are available, such as who would be included in th e database and how it would be operated. Meanwhile, at a U.S. House of Representatives hearing today, the White House's chief information officer questioned whether the data-mining program would be effective.
At that hearing, a law professor and a congressman disagreed over whether Congress should regulate government data-mining efforts, while most witnesses praised the use of data analysis for everything from reducing credit card abuse in government to catching terrorists.
Jeffrey Rosen, a law professor at George Washington University and legal
affairs editor of
Rosen said that the U.S. Department of Defense's Total Information Awareness (TIA) research project, which focuses on surveillance through mass data mining, and the Transportation Security Administration's proposed second version of the Computer Assisted Passenger Prescreening System are examples of such "mass dataveillance."
"It's possible to design data-mining technologies in ways that strike better rather than worse balances between liberty and security," Rosen told the Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census. That subcommittee falls under the House Committee on Government Reform.
"I urge Congress to accept the task of learning about the design choices inherent in these technologies. You have it in your power to strike a thoughtful balance between liberty and security, and all you need now is the will," he said.
Congress has decided to
Calling information retrieval the "oil of the 21st century," Davis said that the benefits of data analysis are many. "My theory is we need to be slow about coming in and over-regulating sometimes," he said. "You let the industry come up with its own protocols before the government comes in and starts imposing a regulatory and taxing regime that could really stifle the growth and potential of this."
Rosen asked Davis to consider whether data sharing that's appropriate in private industry would be appropriate in national security agencies. "Much of the history of our privacy laws for the past 50 years have been based on the idea that completely unregulated information sharing is not consistent with the values of the Constitution or American citizens," Rosen said.
"We don't want every low-level information officer in the field to know...that I'm late on my child-support payments or that I'm late on my credit card. Complete transparency of information--total unregulated use, which many Silicon Valley people are urging--wouldn't be consistent with the values of the Fourth Amendment."
Rosen expressed doubt that huge government data-mining programs would be effective enough to warrant the added intrusion, but Davis argued that most of the information to be used and analyzed in the comprehensive database is already available on separate government databases. "We know, for example, with the terrorists on 9/11, the information was out there," he said. "Had we been able to collate that information and get that in one place, we could have prevented that from happening. That's something you list as an infringement on privacy, but what do you say to the victims and the families of the 3000 people who died that day?"
Meanwhile, a coalition of civil liberties and privacy groups, including the Electronic Frontier Foundation, the Electronic Privacy Information Center, and the Center for Democracy and Technology, wrote a letter to Davis and ranking committee Democrat Henry Waxman, urging Congress to stop the CAPPS II program unless it was proved to be effective and consistent with privacy principles. Saying CAPPS II would attempt to assess the security risk of every single airline passenger based on commercial and government data, the letter asks Congress to "start asking questions about CAPPS II now."
Mark Forman, associate director for information technology and e-government in the White House's Office of Management and Budget, said at the hearing that he, too, was waiting for details about CAPPS II, and that the Transportation Security Administration was tardy in answering his request. It doesn't make sense for the government to spend "hundreds of millions of dollars on a new IT system with very pretty screens" if it doesn't protect the U.S. against terrorism, said Forman, who is often referred to as the White House's CIO.
The Transportation Security Administration didn't have an immediate comment on the letter or on Forman's remarks.
Beyond the proposed CAPPS II or TIA, the federal government doesn't seem to have the kind of mass data-mining programs that Rosen is worried about, Forman added. Forman said that in a search of government resources in preparation for the House hearing, he found no data-mining efforts that searched databases without first pinpointing a suspect.
During most of the hearing, a series of witnesses praised the potential of some data-mining applications. Paula Dockery, a state senator from Florida, said that the state has used data mining to gather information on suspected criminals, but the state required a reasonable suspicion before its Financial Crime Analysis Center turned its data analysis on a suspect.
Gregory Kutz, director of financial management and assurance for the U.S. General Accounting Office, said his agency has used data mining to catch government employees using office credit cards for everything from escort services to Internet gambling to a down payment on a home. Kutz presented as evidence records of personal purchases that a government employee made recently using a government credit card during a four-day shopping spree, in which the user ran up charges of more than $9100 at various retail stores.
Rosen said that he didn't object to targeted investigations like those at Kutz's agency, but he argued that mass sharing of data between government agencies may violate federal privacy laws. "If you're in any way concerned about restrictions on information sharing...you're going to have to think about this issue afresh and decide to craft essential regulations for these new technologies," he told the subcommittee.