A report from the Terrorism Information Awareness program contains a major loophole that allows the government to data mine “everything under the sun” including medical and credit records, says the top Senate Democrat on privacy issues.
The report said the program to track terrorists will use information collected and analyzed that is “legally obtained and usable by the federal government under existing law.”
Sen. Ron Wyden of Oregon said vast amounts of data can be legally obtained, including consumer information purchased from private companies.
“That’s basically everything under the sun, all kinds of stuff can be bought from private firms. All of that can be obtained legally, and that would just be some of it,” Mr. Wyden said.
Congress mandated the report on the program — labeled by some critics as a “supersnoop” — that is under design by the Pentagon to track terrorists. The program became such a magnet of criticism from civil-liberty advocates that when the report came due May 20, the program’s name was changed from Total Information Awareness to Terrorism Information Awareness (TIA).
“I will fight strongly the proposition that TIA will be used to analyze everything collected in a legal fashion. That loophole is so big you could drive five trucks through it,” Mr. Wyden said.
The report was required under legislation authored by Mr. Wyden and also requires congressional approval before the program can use new technology.
In a letter yesterday to Anthony Tether, director of the Defense Advanced Research Projects Agency, Mr. Wyden said the report failed to address numerous privacy and civil-liberty issues, including whether U.S. citizens will be used voluntarily or involuntarily when technologies are tested.
The program would collect personal information from driver’s licenses, airline tickets, arrest reports, visas and work permits to analyze and predict terrorist attacks.
In one description, the report said “social interaction, financial transactions and telephone calls” will be analyzed. Mr. Wyden wants to know if that includes credit-card and automated teller machine activity, wire transfers, loan applications or credit reports.
“Will this information be obtained from U.S. persons? What privacy protections will be in place for this information?” Mr. Wyden asked in the letter.
The Next Generation Face Recognition program, also part of TIA, will be tested with “experimentation on databases of at least one million individuals” and Mr. Wyden asked if that will also include U.S. citizens and be voluntary.
In spite of the Pentagon’s report, Mr. Wyden said he remains “very deeply concerned that TIA technology will be used to plow through large amounts of private information on individual Americans in search of hypothetical threat situations.”
“Your report states that ‘the TIA program is not attempting to create or access a centralized database that will store information gathered from various publicly or privately held databases.’ Nonetheless, it is clear that the TIA program will access any number of such databases and then sort through the information,” Mr. Wyden said in the letter.
Mr. Wyden said he is also concerned that “data inaccuracies are not truly a concern” within the TIA program.
“I am concerned that a tool providing decision-makers with information obtained without consideration for inaccuracies is begging for bad decisions to be made — decisions that may jeopardize the lives of individual Americans,” he said.