A coalition of privacy groups called on the U.S. Congress to halt the creation of a federal database of airline-passenger profiles until more details are available, such as who would be included and how it would be operated. Meanwhile, the White House's chief information officer (CIO) questioned Tuesday at a U.S. House of Representatives hearing whether that data-mining program would be effective.
At that hearing, a law professor and congressman disagreed over whether Congress should regulate government data-mining efforts, while most witnesses praised the use of data analysis for everything from reducing credit card abuse in government to catching terrorists.
Jeffrey Rosen, a law professor at George Washington University and legal affairs editor of The New Republic magazine, said Tuesday that "suspicionless surveillance of large groups of people" would violate the Fourth Amendment to the U.S. Constitution, which guarantees freedom from unreasonable searches and seizures.
Rosen said the U.S. Department of Defense's Total Information Awareness (TIA) research project, which focuses on surveillance through mass data mining, and the Transportation Security Administration's proposed second version of the Computer Assisted Passenger Prescreening System (CAPPS II) are examples of such "mass dataveillance." (More information about CAPPS II, can be found at http://www.tsa.gov/public/display?theme=44&content=535.)
"It's possible to design data-mining technologies in ways that strike better rather than worse balances between liberty and security," Rosen told the Subcommittee on Technology, Information Policy, Intergovernmental Relations, and the Census. That subcommittee falls under the House Committee on Government Reform.
"I urge Congress to accept the task of learning about the design choices inherent in these technologies. You have it in your power to strike a thoughtful balance between liberty and security, and all you need now is the will," he said.
Congress has decided to put a hold on the hotly debated TIA project, but Rep. Tom Davis, a Republican from Virginia who chairs the full government reform committee, questioned whether regulating data mining would slow the benefits of such technology.
Calling information retrieval the "oil of the 21st century," Davis said the benefits of data analysis are many. "My theory is we need to be slow about coming in and over-regulating sometimes," he said. "You let the industry come up with its own protocols before the government comes in and starts imposing a regulatory and taxing regime that could really stifle the growth and potential of this."
Rosen asked Davis to consider whether data sharing that's appropriate in private industry would be appropriate in national security agencies. "Much of the history of our privacy laws for the past 50 years have been based on the idea that completely unregulated information sharing is not consistent with the values of the Constitution or American citizens," Rosen said. "We don't want every low-level information officer in the field to know ... that I'm late on my child-support payments or that I'm late on my credit card. Complete transparency of information, total unregulated use, which many Silicon Valley people are urging, wouldn't be consistent with the values of the Fourth Amendment."
Rosen questioned whether huge government data-mining programs would be effective enough to warrant the added intrusion, but Davis argued that most of the information that would be used and analyzed together is available on separate government databases. "We know, for example, with the terrorists on 9/11, the information was out there," he said. "Had we been able to collate that information and get that in one place, we could have prevented that from happening. That's something you list as an infringement on privacy, but what do you say to the victims and the families of the 3,000 people who died that day?"
Meanwhile, a coalition of civil liberties and privacy groups, including the Electronic Frontier Foundation, the Electronic Privacy Information Center and the Center for Democracy and Technology, wrote a letter to Davis and ranking committee Democrat Henry Waxman, urging Congress to stop the CAPPS II program unless it was proven to be effective and consistent with privacy principles. Saying CAPPS II would attempt to assess the security risk of every single airline passenger based on commercial and government data, the letter asks Congress to "start asking questions about CAPPS II now."
But Mark Forman, associate director for information technology and e-government in the White House's Office of Management and Budget, said at the hearing that he, too, was waiting for details about CAPPS II, and that the Transportation Security Administration was tardy in answering his request. It doesn't make sense for the government to spend "hundreds of millions of dollars on a new IT system with very pretty screens" if it doesn't protect the U.S. against terrorism, said Forman, who is often referred to as the White House's CIO.
The Transportation Security Administration didn't have an immediate comment on the letter or Forman's comments.
Beyond the proposed CAPPS II or TIA, the federal government doesn't seem to have the kind of mass data-mining programs Rosen is worried about, Forman added. In a search of government resources in preparation for the House hearing, Forman said he found no data-mining efforts that searched databases without first pinpointing a suspect.
During most of the hearing, a series of witnesses praised the potential of some data-mining applications. Paula Dockery, a state senator from Florida, said the state has used data mining to gather more information on suspected criminals, but the state required a reasonable suspicion before its Financial Crime Analysis Center turned its data analysis on a suspect.
Gregory Kutz, director of financial management and assurance for the U.S. General Accounting Office, said his agency has used data mining to catch government employees using office credit cards on everything from escort services to Internet gambling to a down payment on a home. Kutz presented as evidence records of personal purchases a government employee made recently using a government credit card during a four-day shopping spree, in which the user ran up more than US$9,100 at various retail stores.
Rosen said he didn't object to targeted investigations like those at Kutz's agency, but he said mass sharing of data between government agencies may violate federal privacy laws. "If you're in any way concerned about restrictions on information sharing ... you're going to have to think about this issue afresh and decide to craft essential regulations for these new technologies," he told the subcommittee.