- The Washington Times - Friday, May 28, 2004

Numerous federal government agencies are collecting and sifting through massive amounts of personal information, including credit reports, credit-card purchases and other financial data, posing new privacy concerns, according to the General Accounting Office (GAO).

The GAO surveyed 128 federal departments and agencies and found that 52 are using, or planning to implement, 199 data-mining programs, with 131 already operational.

The Education, Defense, Homeland Security, Veterans Affairs, Health and Human Services, Interior, Labor, Justice, and Treasury departments are among those that use the contentious new technology to detect criminal or terrorist activity; manage human resources; gauge scientific research; detect fraud, waste and abuse; and monitor tax compliance.

The audit released yesterday shows 36 data-mining programs collect and analyze personal information that is purchased from the private sector, including credit reports and credit-card transactions. Additionally, 46 federal agencies share personal information that includes student-loan application data, bank-account numbers, credit-card information and taxpayer-identification numbers.

The Defense Department is the largest user of data-mining technology, followed by the Education Department, which uses private information to track the life of student direct loans and to monitor loan repayments.

“Mining government and private databases containing personal information creates a range of privacy concerns,” the report said.

Data-mining technology can sift through massive amounts of information to uncover hidden patterns and subtle relationships to make predictions.

The technology “has led to concerns about the government’s use of data mining to conduct a mass ‘dataveillance’ — a surveillance of large groups of people — to sift through vast amounts of personally identifying data to find individuals who might fit a terrorist profile,” the GAO report said.

Sen. Daniel K. Akaka, Hawaii Democrat and ranking member of a Governmental Affairs financial management, budget and international security subcommittee, requested the nearly yearlong audit.

The most widely reported data-mining project — the Pentagon’s Total Information Awareness (TIA) program — was shut down by Congress because of widespread privacy fears. The project sought to use credit-card, medical and travel records to search for terrorists and was dubbed by privacy advocates as a “supersnoop” system to spy on Americans.

“We always knew that the [TIA] program was not the only data-surveillance program out there, but it now appears possible that such activities are even more widespread than we imagined,” said Barry Steinhardt, director of the American Civil Liberties Union (ACLU) technology and liberty program.

Bob Barr, chairman of the American Conservative Union Foundation’s 21st Century Center for Privacy and Freedom and a former congressman from Georgia, said the use of data mining to spy on American citizens will continue to grow until Congress addresses the issue.

“Many in Washington cheered when it appeared the Congress killed TIA. However, as I said at the time and have repeated since, it is not dead, only renamed and resurfaced elsewhere,” Mr. Barr said.

“We cannot rely on this or any other administration to pull back on its own. The executive branch likes information on citizens far too much to voluntarily stop developing ever more and expanded databases,” he said.

The ACLU said some programs appear to be a “dragnet on the general population,” including a Homeland Security program that “correlates events and people to specific information” and a Defense Intelligence Agency data-mining program to “identify foreign terrorists or U.S. citizens connected to foreign terrorism activities.”

Data mining is used by the Health and Human Services Department to monitor food and drug safety. The department is developing a data-mining tool to track and report “adverse incidents” involving food, cosmetics, and dietary supplements.

Homeland Security is developing an “incident data mart,” which will “look through incident logs for patterns of events.” Incident is defined as “an event involving law enforcement or government agency for which a log was created (e.g. traffic ticket, drug arrest, or firearm possession).” The system will “look at crimes in a particular geographic location, particular types of arrest, or any type of unusual activity.”

The GAO report did not include classified programs, and some agencies did not respond to its request for information, including the CIA, National Security Agency and the Equal Employment Opportunity Commission.

James Dempsey, executive director of the Center for Democracy & Technology, said it is likely that there are data-mining programs not listed in the report.

“More and more agencies are relying on complex data-mining techniques and commercial data, a combination that has significant potential to threaten civil liberties,” Mr. Dempsey said.