The kind of pattern-seeking data mining and behavioral surveillance technologies that are being used by several federal agencies to identify potential terrorists are far too unreliable to be of any real value, according to a report issued by the National Research Council.
The continued and unchecked use of such tools also poses potential privacy problems for individuals, the NRC said in its 376-page report, which was prepared at the request of the U.S. Department of Homeland Security (DHS) and the National Science Foundation.
In light of the findings, the 21-member committee that conducted the study is recommending that agencies using or planning to adopt such tools for counterterrorism purposes should first be required to thoroughly evaluate their effectiveness, lawfulness and impact on privacy . The committee also called on Congress to consider revising national privacy laws in order to ensure better protection for U.S. residents.
The NRC and the National Academy of Sciences, the National Institute of Medicine and the National Academy of Engineering make up what is known as the National Academies, which advise the government on science and technology issues.
The findings detailed in the NRC's report hammer home concerns that have been voiced by many privacy advocates, said Marc Rotenberg, executive director of the Electronic Privacy Information Center (EPIC) in Washington.
"What the [NRC] has concluded is that there needs to be much more effective oversight of these programs," Rotenberg said. "It's a very timely and significant report." He noted that despite the privacy concerns, the government has gone ahead with many data mining programs in the name of countering terrorism. But the NRC's report raises questions about whether such programs really work, Rotenberg said.
As of January 2007, there were nearly 200 data mining programs planned or already operating throughout the federal government. Among them were the Automated Targeting System at the DHS for assigning "terror scores" to U.S. citizens and the Transportation Security Administration's Secure Flight program for analyzing data about airline passengers. The FBI has several data mining initiatives underway, including some that target terrorists.
One of the most controversial programs was the Total Information Awareness (TIA) initiative that was quietly launched in 2002 by the Defense Advanced Research Projects Agency but then abandoned in 2003 after Congress stopped funding for it following a public outcry.
William Perry, co-chair of the NRC committee that wrote the new report, said in a prepared statement that technology should be used as needed to combat terrorism. "However, the threat does not justify government activities that violate the law, or fundamental changes in the level of privacy protection to which Americans are entitled," he added.
The NRC committee didn't look specifically at any counterterrorism-related data mining initiatives, nor did it conduct any direct evaluations of behavioral surveillance tools being used by agencies. Instead, the report is based on a generalized study of the effectiveness of such technologies in identifying potential terrorists.
What the report highlights are the severe limitations of automated data mining techniques for counterterrorism purposes and their potential privacy impacts, said committee member Fred Cate, who is the director of the Center for Applied Cybersecurity Research at Indiana University.