Feds Defend Data-Mining Plans
WASHINGTON -- Leaders of two much-criticized projects that privacy advocates fear will collect massive amounts of data on U.S. residents defended those projects before the U.S. Congress Tuesday, saying the projects will be much more limited in scope than opponents fear.
James Loy, director of the U.S. Transportation Security Administration (TSA), and Anthony Tether, director of the U.S. Defense Advanced Research Projects Agency (DARPA), countered concerns that the TSA's proposed Computer Assisted Passenger Prescreening System (CAPPS II) nor DARPA's
Instead, CAPPS II will run an airline passenger's name, address, phone number, and birth date through a sophisticated data analysis process to determine if that passenger presented a terrorism risk, Loy said. And DARPA is simply providing other agencies such as the U.S. Federal Bureau of Investigation with the tools to mine data for important trends, Tether said, but the agency isn't planning to collect data itself.
Asked how DARPA would ensure that any information about U.S. residents caught in TIA's net would be correct, Tether said that's up to agencies like the FBI to decide. "At DARPA, we develop the tools," he said. "We don't collect any data. We're not the people who collect data; we're the people who supply the analytical tools to the people who collect the data."
Loy and Tether, along with Steve McCraw, assistant director of the Office of Intelligence at the FBI, testified Tuesday at the U.S House Committee on Government Reform's Subcommittee on Technology, Information Policy, Intergovernmental Relations, and the Census. The subject was whether data mining programs can improve national security.
As details of both TIA and CAPPS II have slowly come out this year, the two proposals have
But the criticism hasn't come only from liberal-leaning civil rights groups and lawmakers. On Tuesday, Lori Waters, executive director of the conservative "pro-family" Eagle Forum, said she continues to have concerns about the scope of both programs.
The CAPPS II program doesn't have any Congressional limits on the data it collects, Waters said, and little information has been available on either program. "What is the goal of CAPPS II? What is the goal of TIA?" she asked. "There are questions that need to be answered before we pour millions of dollars into this type of technology. We haven't seen any evidence that these will be effective plans."
Representative William Clay (D-Missouri) also
Loy said his agency is soliciting comments from the public and from privacy advocates. "We are absolutely not putting together a ... system that we'd be ashamed of or fear offering to the public for comment," he said. "In fact, we are going desperately, quickly in the opposite direction."
Loy declined to expand on what measures TSA would use to determine whether an airline passenger was to be let on a plane, questioned further, or detained by law enforcement agents, saying he wasn't comfortable releasing those benchmarks to the public. He promised that CAPPS II would reduce the number of false positive identifications the current airline passenger profiling system now produces, and he said CAPPS II would "improve security and customer service."
CAPPS II would replace the current airline passenger screening system in the U.S, which Loy called flawed because it lacks sophisticated methods of predicting passenger behavior and produces false positives. The current CAPPS system flags about 15 percent of U.S. air travelers, and Loy said he expects TSA to roll out CAPPS II in mid-2004.
TSA is working on a privacy strategy and will create a way for airline passengers to dispute their CAPPS II risk scores, Loy said, and it will not save information on travelers in a database.
"CAPPS II will not build databases on U.S. persons permitted to fly," Loy said. "We will not be looking for the proverbial needle in the haystack. Rather, we will be taking the haystack off the needle by identifying those thousands and thousands of perfectly innocent travelers, opting them in, if you will, thereby leaving those we can't evaluate as OK."
Tether said the subcommittee hearing was a good step toward explaining the programs to the public. He promised a full report on TIA would be released to Congress later this month, and in retrospect, the agency should have responded to recent media reports speculating about the scope of TIA, he said.
"DARPA is not developing a system to profile the American public," he said. "Nothing could be further from the truth. The mistake we at DARPA made is we were so stunned by some of the outrageous comments that we didn't do anything about it for some time."
Instead of collecting and analyzing huge amounts of data, the goal of TIA, Tether said, is to put together likely terrorist attack scenarios, then match those models against activities in public databases. Instead of searching databases for unknown patterns in large databases, which leads to a lot of false positives, TIA's data-mining component would start with those scenarios created by experts, he said.
Subcommittee Chairman Adam Putnam, a Florida Republican, asked Tether if TIA would analyze records such as credit card purchases and video rentals. Tether said he'd be surprised if TIA would eventually use such records, but DARPA researchers might "contemplate" how to use that kind of data. DARPA may be interested in travel information of terrorist suspects, he admitted.
"You pay us to contemplate," Tether said of DARPA considering the use information such as library records. "I personally would be extraordinarily surprised if video rentals would be something that they use."
Asked by Putnam whether their programs could eventually be used to track criminals who aren't terrorists, or even parents behind on child support, Loy promised to protect CAPPS II against "mission creep." The system isn't set up to catch suspected ax murderers, he added. "That is not the person we are trying to keep off the plane today," he said.
But the FBI's McCraw said his agency is planning to search publicly available databases, such as LexisNexis, to track criminals with a data-mining project called SCOPE that it is developing. The FBI protects against false information in those databases by checking out the leads it finds in the data, he said, and it has no plans to purchase personal information on U.S. citizens who are not part of an investigation.
The subcommittee will host another hearing about the privacy concerns over data mining in two weeks.