The type of information that can be legally obtained for a new federal government computer program ranges from political and religious contributions to magazine subscriptions, clothing sizes and even data about prostate problems.
The Pentagon’s Terrorism Information Awareness program is being designed to track terrorists, but privacy advocates say it could be misused.
“This now opens the door to wholesale involvement by the Defense Department in domestic evidence gathering on U.S. citizens, and it should be a very frightening prospect to Americans,” said Bob Barr, a civil-liberties advocate and former Republican congressman from Georgia.
Almost every conceivable tidbit of personal information is collected and sold by private firms to create behavioral dossiers on millions of consumers so marketers can pitch products to them.
But a loophole created for the data-gathering computer program — dubbed by critics a “supersleuth” system — makes that same information fair game for the government.
Civil-liberty advocates say that because there are no laws to govern this relatively new method of data mining, it leaves people vulnerable to gross invasions of privacy and due-process violations.
“Once this information is obtained by the government, the consequences are much greater. Marketers can sell you a widget, but the government can arrest you,” said Lara Flint, staff counsel for the Center for Democracy and Technology.
In a congressionally mandated report, officials from the Pentagon’s TIA program said it will only collect data for its database that are “legally obtained and usable by the federal government under existing law.”
Sen. Ron Wyden, Oregon Democrat and a leading critic of the program, called the language a major loophole to data mine “everything under the sun.”
When asked if they would use consumer data in their program, a TIA official did not answer the question but reiterated the agency’s stance that it would use only legally obtained information.
“In obtaining their information, the operational agencies participating in TIA’s experiments comply with the laws and regulations governing intelligence activities and the laws governing the privacy and constitutional rights of U.S. persons,” said the e-mail response from TIA. The TIA is fielding questions from the press only by e-mail.
Chris Hoofnagle, deputy counsel of the Electronic Privacy Information Center, said information legally obtainable includes: current and past addresses, the number of bathrooms and bedrooms in a house, what utilities are consumed, telephone numbers, smoking habits, Social Security numbers, hobbies, income, automobiles, shopping preferences, height, weight, race, clothing size, magazine subscriptions, purchases through book, music and video clubs, and whether the family pet is a “Fido” or a “Fluffy.” This information, he said, can be bought for pennies per person.
Just as easily obtainable is information on individual contributions to political, religious and charitable groups, financial records, arrest records, occupation, levels of education, and health information, including allergies, visual impairment, birth defects, diabetes and prostate problems.
“All information is on the table, and a lot of information is being placed on the table by commercial-database vendors and direct marketers,” Mr. Hoofnagle said.
The problem with commercial data is its reliability. Because it was not collected for law-enforcement purposes, “the accuracy standards may not be as high as they should have been,” Miss Flint said.
An important distinction should be made, she said, between government searches for a specific suspect versus the government looking for patterns on a computer and “looking through everyone’s information, including those they know have not been doing anything.”
“It’s an entirely new way to look for suspects — backwards,” Miss Flint said.
The system could also be misused intentionally.
“There is also the risk that either a government or a rogue actor in government could use the information to attack a political opponent,” Mr. Hoofnagle said.
Chris Westphal, chief executive officer of the data-mining company Visual Analytics, said information that is off-limits includes e-mail, phone records and credit-card purchases.
“They could collect if they got a judge’s order, but they can’t do that just willy-nilly,” he said.
Congress has passed legislation requiring oversight of the TIA technology before implementation, but critics say updated privacy laws are needed to address the fast-moving technology of data mining.
“Pattern analysis is a new technique that allows uniquely intrusive government searches not previously possible or even imaginable, and we really need our laws to catch up with our technology,” Miss Flint said.