RealTime IT News

Data-Mine Time in The Senate

Buried deep within the massive Homeland Security bill recently passed by the Senate is a provision that should give privacy advocates some much needed cheer. But it probably won't.

Section 504 of the bill requires the federal government to report annually on its development and use of data-mining technologies. However, the provision does not prohibit the government from data mining. It only has to tell Congress what it's doing.

So, one might logically ask, doesn't the government already do that? The answer, unfortunately, is no. Senators Russ Feingold (D-Wis.), Patrick Leahy (D-Vt.) and John Sununu (R-N.H.) aim to change that.

"Many law-abiding Americans are understandably concerned about the specter of secret government programs analyzing vast quantities of public and private data about their pursuits, in search of patterns of suspicious activity," Feingold, who co-sponsored the provision with Leahy and Sununu, said earlier this week.

"Four years after we first learned about the Defense Department's program called Total Information Awareness [TIA], there is still much Congress does not know about the federal government's work on data mining," he added.

TIA was a Defense Advanced Research Projects Agency (DARPA) idea that required harvesting enormous amounts of data on Americans, including credit-card purchases, car rentals, airline tickets, official records and the like. Congress killed it in 2003.

Despite the firestorm of criticism TIA generated and the subsequent de-funding of the project, the Bush administration has pressed on with its love affair of pattern analysis, although there is no real proof the idea works. Along the way, the government has kept Congress and the public in the dark as much as possible.

There was CAPPS II, the Assisted Passenger Prescreening System that would have required airline passengers to provide their full names, addresses, phone numbers and dates of birth into a database linked to government databases.

There is and continues be the government's collection and monitoring of telephone calls and e-mail data of millions of Americans. There is the Automated Targeting System (ATS), which creates and assigns risk assessments on U.S. travelers crossing international borders. The TSA was originally designed to create risk assessments on cargo, but with no authorization from Congress, they were expanded to cover travelers.

And then, well, the list goes on.

According to Leahy, there are at least 199 different government data-mining programs operating or planned throughout the federal government, with at least 52 different federal agencies currently using data-mining technology.

"More and more, these data-mining programs are being used with little or no notice to ordinary citizens or to Congress," Leahy said in February when he, Feingold and Sununu introduced the Federal Agency Data Mining Reporting Act of 2007, which was later attached to the Homeland Security bill.

The three are not opposed to data mining, per se; they just want to know what is being done on the taxpayer dollar.

"Intelligence and law-enforcement agencies would not be doing their job if they did not take advantage of new technologies," Feingold said. "But when it comes to pattern-based data mining, Congress needs to understand whether it can be effective in identifying terrorists, and Congress needs to consider the privacy and civil liberties implications of deploying such technology domestically."

Similar legislation was introduced in the Republican-controlled 109th Congress, but that disappeared into a fog of apathy over privacy rights. Although the Democrats now control Congress, don't expect easy passage of the data mining disclosure mandate.

The House version of the Homeland Security bill does not include any data-mining reporting requirements and differences between the two bills will have to worked out in a conference committee. And do not expect the White House to go gently into that good night.

On Thursday Homeland Security Secretary Michael Chertoff accused privacy advocates of being "Luddites" and urged the Northern Virginia Technology Counsel to "push back hard" on critics of REAL ID, the controversial 2005 law mandating states to standardize information contained on driver's licenses and to maintain databases of the information that can be shared with other states.

"This kind of ... attitude that any change in terms of our ability to secure identification or connect data is somehow an assault on our freedom and our liberty I think is exactly wrong," Chertoff said. "We should not allow ourselves to be captivated by the argument that every time we do something with a computer, we're invading privacy.

This has led privacy advocates to be guarded over the prospects of even merely making the government report what it's doing with the massive amounts of data it collects.

"It's a good start," Jim Dempsey, the policy director of the Center for Democracy and Technology, said. "[Privacy] problems keep popping up one-by-one and what Feingold is saying is that Congress deserves to know without having to read about it in the news."

So do the American people.