Government Use of Private Databases

Via Wired.com, an article on the FBI's National Security Branch Analysis Center (NSAC) database, which, according to declassified documents obtained by Wired, contains than 1.5 billion government and private-sector records about citizens and foreigners, ans is thus becoming the “Total Information Awareness” the government wanted to put in place after 9/11.

The government thought then of data mining private databases for national security reasons. The New York Times had reported in February 2002 that the Pentagon, under the leadership of Vice Admiral John Poindexter, was building a computer able to collect and data mine personal data, such as credit card records, school, travel and medical records, in order to track terrorists. The name of the program, Total Information Awareness, was later changed to Terrorism Information Awareness. Congress eliminated funding for the program in 2003.

TIA was followed by “The Matrix,” a data mining program linking government and commercial databases. Government agencies have also required in the past the assistance of telecommunication carriers to eavesdrop on suspect’s emails. The FBI’s CARNIVORE program plugs, (or plugged,) a computer (the DCS-1000) directly to an ISPs’ network to monitor suspect incoming and outgoing emails. ECHELON was a program eavesdropping on international private telephone calls, e-mails and faxes, using both ground and satellites.

Data mining, or Knowledge Discovery in Databases (KDD) is the process that allows experts to extract trends and patterns from data, using algorithms to identify relationships and patterns in data. There are two main data mining methods. The top-down method looks for a well-defined profile by asking questions and testing hypotheses. The bottom-up method analyzes raw data to find trends and groups.

Is data mining such an extensive amount of information an efficient method to increase security? This is an important question as citizens are asked to trade off some of their liberties for security, or at least for a renewed sense of security, and would be more reluctant to do so for a program efective in preventing terrorist attacks. Former Homeland Security Secretary Michael Chertoff believed in the ability of data mining to prevent terrorism. While an assistant attorney general, he testified in 2002 that he found data mining a promising way to fight terrorism. He further testified that the Department of Justice was “using computers to analyze information obtained in the course of criminal investigations, to uncover patterns of behavior.(…) Through what has come to be called ‘data mining’ and predictive technology, we seek to identify other potential terrorists and terrorism financing networks.”

Even some privacy advocates believe that the use of commercial databases can “help improve the amount and quality of identifying information in watch lists.” However, most of them do not believe that such massive data mining would protect us against terrorist attacks, and is not fail-proof. The Wired article quotes Kurt Opsahl, an EFF senior attorney: “We have a situation where the government is spending fairly large sums of money to use an unproven technology that has a possibility of false positives that would subject innocent Americans to unnecessary scrutiny and impinge on their freedom.”

The efficiency of a method should not be the ultimate test used to establish an opinion about government surveillance. But if we may have a high surveillance tolerance, we certainly have a zero tolerance for being arrested by mistake, or prevented to board an airplane.