Privacy advocates: Congress must police data gathering

Assurances of limited scope from the leaders of two proposed U.S. government data-gathering projects weren’t good enough for privacy advocates, who on Tuesday urged Congress to police just what personal information the government should analyze.

Earlier this month, leaders of the Defense Advanced Research Projects Agency’s (DARPA) Total Information Awareness (TIA) data-mining research project, now renamed Terrorism Information Awareness, and the Transportation Security Administration’s (TSA) Computer Assisted Passenger Pre-screening System (CAPPS II) told a U.S. House subcommittee that their projects wouldn’t collect the wealth of information some privacy advocates fear they would. [See, “US agencies defend gov’t data-mining plans,” May 7.]

An American Civil Liberties Union (ACLU) official expressed fears Tuesday that both programs would be expanded to collect information on all kinds of people besides terrorist suspects, but Representative Adam Putnam, a Florida Republican, questioned whether that possibility was such a bad thing. Putnam is chairman of the U.S. House Committee on Government Reform’s Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census.

John Cohen, president and chief executive officer of PSComm LLC, a technology consultant for law enforcement agencies, questioned the need for TIA and CAPPS II when U.S. agencies have trouble sharing the data they currently have. Cohen suggested, instead, that the government direct more money toward information sharing among state and local law agencies, where investigations into crimes such as drug trafficking often turn up the first leads on terrorist activity.

Putnam seized upon Cohen’s point when questioning whether CAPPS II should be limited to catching terrorists. “Why would we restrict the ability of TSA and others, using best technology practices, to pick up a sniper, a weapons trafficker, a drug trafficker, a murder or a kidnapper?” he said. “How would we justify to the parents of a kidnapped child that we had the technology, and could’ve picked that person up at the airport, but we only do that for terrorists?”

The ACLU’s Barry Steinhardt complained to Putnam’s subcommittee of the “surveillance monster” growing in U.S. society. “We find ourselves being tracked, analyzed, profiled and flagged in our daily lives,” said Steinhardt, director of the Technology and Liberty Program at the ACLU. “(We’re) forced into an impossible struggle to conform to the letter of every rule or law society could impose. Our transgressions, whether they be real or imagined … become permanent scarlet letters that follow us our whole lives.”

Steinhardt suggested that neither DARPA or TSA has shown evidence that their data-gathering projects will be able to find terrorists by plugging a list of suspect activities into a database. But the ACLU was not opposed effective security measures, such as a way to match luggage loaded on an airplane to the passengers.

“What we do oppose are measures that offer nothing but the illusion of security — programs that make us no safer but carry a substantial price in lost freedom,” Steinhardt said. “Will we really be able to pick out the terrorists from the 100 million Americans who fly?”

On the same day a report on TIA was released to Congress, Steinhardt told the subcommittee that the public and Congress still know few details about either TIA or CAPPS II.

TSA officials have described CAPPS II as a data analysis tool that would run an airline passenger’s name, address, phone number and birth date through a sophisticated data analysis process to determine if that passenger presented a terrorism risk. Passengers would then get a score, ranging from green (safe to fly) to yellow (warrants more surveillance) to red (take into custody).

Steinhardt and Paul Rosenzweig, a senior legal research fellow at the Heritage Foundation, both called on Congress to keep a close eye on TIA and CAPPS II. “What will you be doing to examine whether or not it’s being used appropriately or inappropriately?” Rosenzweig asked the subcommittee members. “Congress is going to need absolute, unfettered access to information about the operation of a system like CAPPS II.”

A 116-page report detailing the TIA program was released to Congress Tuesday, as required under a spending bill amendment authored by Senator Ron Wyden, an Oregon Democrat. The report is available at A Wyden spokeswoman said the report confirms the senator’s concern that Congress should oversee the project. Wyden will need to be assured that privacy protections are in place, she added.

The name of TIA was changed because Total Information Awareness “created in some minds the impression that TIA was a system to be used for developing dossiers on U.S. citizens,” the report said. Instead, DARPA intends to use data that is either foreign intelligence legally gained by the U.S. government or “wholly synthetic (artificial) data that has been generated, for research purposes only, to resemble and model real-world patterns of behavior.” DARPA officials have described TIA as a program that would build models of terrorist activities, based on assumptions from intelligence officials, that could be used to identify terrorism suspects.

Some in Congress didn’t accept the DARPA explanation. “Renaming this may make it sound less Orwellian, but it does not change the intent and scope of this $53 million program,” Senator Patrick Leahy, a Vermont Democrat, said in a written statement. “Before we start pulling people off airplanes and denying them jobs based on large-scale data mining, we need to know whether this technology will generate too few solid investigative leads at the cost of too many false alarms and ruined reputations.”

The DARPA report said the right to privacy was a “bedrock principle,” but Leahy and Representative William Lacy Clay, a Missouri Democrat, complained that Congress has been given little information about government data-gathering projects. “Congress still doesn’t know what data is going to be used in CAPPS II or what rights the citizens will have,” Clay said at the subcommittee hearing.

A TSA spokesman said CAPPS II criteria was still being developed, but the agency was “absolutely committed” to briefing Congress once more details were available. “We’ve got to create the criteria before we can brief them on it,” he said.

Both agencies have changed their stories over time when asked to explain their data analysis projects, Steinhardt charged. He showed the subcommittee two DARPA charts explaining TIA, the earlier one saying transactional data such as medical, travel and financial records would be fed into the TIA database, and the second not including those details.

But the different versions were evidence that congressional inquires and public concern expressed over TIA were actually being heard, Rosenzweig suggested. While he called for congressional oversight of the programs, he defended the research into data analysis as an option for fighting terrorism.

“I don’t see in these (DARPA) charts a nefarious mutation of policy; I see the natural product of the development of an idea,” Rosenzweig told the subcommittee. “That ultimately gets defined as it’s subject to public scrutiny. DARPA’s mission is to have the wild hair for the idea, it’s the other people in the executive branch’s mission to say, ‘whoa, make sure you do it the right way,’ and it’s your mission to say, ‘no, really, make sure you do it the right way.’ “

The TSA spokesman disputed Steinhardt’s claims that the agency’s story about CAPPS II has changed, although the agency has supplied additional information to counter fears expressed by privacy groups that CAPPS II would screen for late alimony checks or parking tickets, he said. “We have described and articulated the mission of CAPPS II the same since day one,” he said.