Several federal agencies are using the personal data of U.S. citizens to pinpoint terrorist activity, a practice that a secretive Pentagon program was pursuing before Congress axed its funding amid fears it would be used to spy on Americans.
Congress killed the Pentagon’s Total Information Awareness (TIA) project to create a supercomputer and sift through the private information of U.S. citizens, calling it a vast violation of privacy.
The Defense Department says it has not shared the data-mining technology it researched for the TIA project, but similar supersnoop programs using advanced technology are under development.
The funding of such endeavors by the Homeland Security Department, the Defense Department, the Justice Department and the National Aeronautics and Space Administration (NASA) has angered privacy advocates and civil libertarians.
The personal information of millions of airline passengers has been used in two government data-mining studies to predict terrorist activity, another program is moving a step closer to “scoring” the potential of all airline passengers on a terrorism scale and a vast database containing billions of private records held by a commercial company is now available to law enforcement at all levels of government.
“These programs are turning every American into suspects and creating detailed dossiers on their lives,” said Barry Steinhardt, director of the technology and privacy program at the American Civil Liberties Union.
“The legend of TIA is that the technological impulse still exists to gather the separate strands of our lives that are documented in government and private databases to create some sort of profile on us,” Mr. Steinhardt said.
Congress scrapped funding of TIA after a public outcry about privacy and civil-liberty concerns in 2002 and totally dismantled the project last year after more questionable programs were exposed.
“There was a great deal of applause last year when folks thought TIA was dead, but I cautioned people to hold their applause because it has been my experience that these things never die,” said Bob Barr, 21st Century Liberties chairman for Freedom and Privacy at the American Conservative Union.
“There is an insatiable desire on the part of Washington agencies and big business to constantly look at newer and more efficient ways to gather, store and manipulate data on people,” said Mr. Barr, a former Republican congressman from Georgia.
Even the name of the program, Total Information Awareness, drew criticism and prompted the agency to change it to Terrorism Information Awareness.
“TIA will live on in the broad sense,” said Marcia Hofmann, staff counsel for the Electronic Privacy Information Center (EPIC). “Just because the name has been killed and the specific project killed, it doesn’t mean the idea is dead. We will see it continue in smaller projects throughout government in different agencies, that is what I see as its legacy.”
Data-mining technology was central to the TIA project to identify and predict terrorism, but critics called it an unprecedented invasion of privacy and civil liberties.
Government officials are trying to distance their programs from the term “data mining.”
Data mining looks for relationships, called algorithms, to link individuals with raw data to create a profile of a terrorist and then make predictions based on that data, said Ralph Rector, project manager for the Heritage Foundation’s Center for Data Analysis.
“Data-mining technology involves very sophisticated and complex calculations that test for a myriad of relationships in a short period of time,” he said.
The software application is used primarily by the private sector for marketing purposes to link customers to products they might purchase. Since the September 11 terrorist attacks, the government has increasingly looked to the technology as a law-enforcement tool.
“I don’t like the term ‘data mining,’ but ‘data correlation’ I think is probably a more appropriate term,” said one Defense Department official.
The Terrorist Threat Integration Center (TTIC) is the government’s new data warehouse and has the specific task of fusing and analyzing all sources of information related to terrorism. It also rejects the tarnished label.
“The term ‘data mining’ is not appropriate and should not be used in reference to the TTIC,” said a spokeswoman for the CIA. “The words we use are ‘advanced analytic searches’ or ‘sophisticated analytic search tools’ that we use to create linkages and relationships between information.”
Data mining, Mr. Steinhardt said, has become “dirty words.”
“They are all looking at patterns and connections and mining enormous amounts of data. They can call it a pink elephant, but it’s not going to change the fact it is still data mining,” Mr. Steinhardt said.
The leading critic of data mining on Capitol Hill told Homeland Security Secretary Tom Ridge last week to give Congress information on all data-mining activities in his department.
“A whole host of information is being examined by government agencies every single day,” Sen. Ron Wyden, Oregon Democrat, told Mr. Ridge at a Budget Committee hearing. “Congress is in the dark with respect to what’s going on in data mining, there are no privacy rules, and [taxpayers] are spending money on this, and it seems to me that the public has a right to know exactly what’s going on.”
There are no comprehensive privacy laws to regulate the federal government’s access or use of public and private databases.
However, Mr. Wyden is sponsoring the Citizens’ Protection in Federal Databases Act that prohibits the use of databases to mine for hypothetical scenarios and prevents government agencies from trolling through bank records, online purchases or travel plans without regard to actual intelligence or law-enforcement information.
The Computer-Assisted Passenger Prescreening System (CAPPS II) is under development by the Transportation Security Administration (TSA) to confirm the identity of airline passengers and check it against terrorist watch lists and outstanding criminal warrants using unknown commercial and government databases.
Passengers will be “scored,” and color codes will be assigned to each indicating a low, moderate or high risk of being a terrorist.
A fact sheet on CAPPS II says it will not use data-mining techniques, however a recent General Accounting Office study said it is based on “algorithms … used to calculate risk scores.”
A TSA spokesman said passenger names, addresses, phone numbers and dates of birth instead will be “pinged” with two commercial databases and run against government terrorist watch lists and outstanding criminal warrants.
The primary objective of CAPPS II mandated by Congress is to identify foreign terrorists, but the role has been expanded to include domestic terrorists, criminals with arrest warrants and individuals overstaying visas.
“The impulse to use it for other things will be irresistible,” Mr. Steinhardt predicted.
The GAO report was highly critical of CAPPS II and called it “mission creep,” and Mr. Barr upped the ante by calling it “mission gallop.”
“This is precisely why the government wants these programs, to get evidence on people and use it against them,” Mr. Barr said.
The GAO report said “expanding the CAPPS II mission could also lead to an erosion of public confidence in the system” and “increase the number of passengers erroneously identified as needing additional security.”
Ferreting out terrorists was only the initial use of the “mega-scale database” that TIA wanted to create, according to an internal e-mail obtained by EPIC.
The recommendation to then-TIA director John Poindexter said, “People will object to Big Brother, wide-coverage databases, but they don’t object to use of relevant data for specific purposes that we can all agree on.” The e-mail was from Lt. Col. Doug Dyer, who suggested the initial purpose be to track terrorists.
“Ultimately, the U.S. may need huge databases of commercial transactions that cover the world or certain areas outside the U.S. This information provides economic utility, and thus provides two reasons why foreign countries would be interested,” the e-mail said.
The TSA also is under fire for telling JetBlue Airlines to turn over more than 1 million passenger records to a Defense Department contractor for a data-mining study to flag terrorists among passengers.
NASA also asked for passenger data on millions of Northwest Airlines customers for a similar data-mining study. Both incidents have prompted dozens of lawsuits.
The police database Matrix, short for Multi-State Anti-Terrorism Information Exchange, has received $12 million in funding from the Justice Department and Homeland Security Department. The ACLU calls it a “radical new trend toward mass surveillance of the American people.”
Matrix can root through 20 billion records on U.S. citizens and connect the records with information from local, state and federal law enforcement to identify terrorists and criminals. Documents obtained by the ACLU from Matrix describe it as a “data-mining system,” but a Matrix spokesman called it a “query-response system.”
Although data mining shows patterns of behavior of an individual and makes predictions, the spokesman said Matrix “as it exists today has no capability such as that.”
Privacy advocates say the type of data linkage used by Matrix amounts to unreasonable search and seizure.
“It’s an end-run around the Fourth Amendment to outsource our constitutional rights,” said Bill Scannell, president of Don’t Spy On Us.
States participating in Matrix include Florida, Connecticut, Michigan, Ohio, Pennsylvania and New York. Georgia and Utah dropped out this year citing privacy concerns, and other states including Alabama, California, Louisiana, Kentucky, Oregon, South Carolina and Texas have declined to participate.
Matrix combines state records with databases owned by Seisint Inc., which include property, boats and Internet domains that people own, address history, utility connections, bankruptcies, liens and business filings, according to the Associated Press.