ii SAFEGUARDING PRIVACY IN THE FIGHT AGAINST TERRORISM SAFEGUARDING PRIVACY IN THE FIGHT AGAINST TERRORISM The Report of the Technology and Privacy Advisory Committee MARCH 2004 Report of the Technology and Privacy Advisory Committee 121 ii SAFEGUARDING PRIVACY IN THE FIGHT AGAINST TERRORISM Report of the Technology and Privacy Advisory Committee iii Technology and Privacy Advisory Committee Newton N. Minow Chairman Floyd Abrams Zoë Baird Griffin Bell Gerhard Casper William T. Coleman, Jr. Lloyd N. Cutler John O. Marsh, Jr. Lisa A. Davis Executive Director and Designated Federal Official Fred H. Cate Reporter iv SAFEGUARDING PRIVACY IN THE FIGHT AGAINST TERRORISM CONTENTS Executive Summary vii Acknowledgments xv Introduction 1 TAPAC’s Creation and Charge 1 Government Data Mining 2 New Challenges to an Outdated Regulatory Structure 5 Security and Liberty 7 The New Terrorist Threat 11 The Threat from Within 11 The Suicidal Threat 11 The Threat of Weapons of Mass Destruction 11 The Terrorist Infrastructure 12 The New Threat 12 Empowering Our Nation’s Defenders 12 TIA 15 Early Descriptions of TIA 15 Early Public and Congressional Reaction to TIA 16 May 20, 2003 DARPA Report 17 Congressional Response 18 Inspector General’s Report 18 Understanding the TIA Controversy 18 Informational Privacy and Its Protection from Intrusion by the Government 21 The Meaning of “Privacy” 21 Constitutional Protections 21 The Fourth Amendment 22 Protection Against Government Disclosure of Personal Matters 25 Protection Against Unlawful Discrimination 25 Other Protections for Informational Privacy in the Public Sector 25 The Privacy Act of 1974 25 Sectoral Protections 26 Electronic Surveillance 27 Intelligence Gathering 28 Government Privacy Policies 29 Non-U.S. Privacy Protections and Principles 31 Summary 32 Report of the Technology and Privacy Advisory Committee v Privacy Risks Presented by Government Data Mining 33 Digital Information and the Privacy Debate 33 Chilling Effect and Other Surveillance Risks 35 Data Aggregation Risks 36 Data Inaccuracy Risks 37 Data Errors 37 Data Integration 37 Individual Identification 38 False Positives 39 Mission Creep 39 Data Processing Risks 40 Disclosure 40 Data Misuse 40 Data Transfer 40 Data Retention 41 Security 42 Summary 42 Conclusions and Recommendations 43 TIA and the Secretary’s Questions to TAPAC 43 Recommendations Concerning DOD Data Mining 45 Data Mining Based on Particularized Suspicion 46 Foreign Intelligence Data Mining 47 Federal Government Employees 47 Publicly Available Data 47 Other Data Mining Involving U.S. Persons 47 Recommendations Concerning Government Data Mining 56 Conclusion 61 Separate Statement of Floyd Abrams 63 Separate Statement of William T. Coleman, Jr. 67 Appendices A Biographies of Technology and Privacy Advisory Committee Members and Staff 93 B TAPAC Witnesses 97 C Bibliography 99 Notes 103 Figures Summary of TAPAC Recommendations xiii DOD Data Mining Activities 3 Other Government Data Mining Activities 4 Early DARPA TIA Slide 15 Data Mining Checklist 54 Impact of TAPAC Recommendations on Government Data Mining 60 List of Abbreviations and Defined Terms 91 vi SAFEGUARDING PRIVACY IN THE FIGHT AGAINST TERRORISM EXECUTIVE SUMMARY TAPAC’S CREATION AND CHARGE The United States faces, in the words of British developed within [the Department of Defense] Prime Minister Tony Blair, “a new and deadly DOD is carried out in accordance with U.S. law virus.”1 That virus is “terrorism, whose intent to and American values related to privacy.”4* inflict destruction is unconstrained by human The decision to create TAPAC was prompted by feeling and whose capacity to inflict it is enlarged the escalating debate over the Terrorism Informa- by technology.”2 tion Awareness (“TIA”) program.† TIA had been As the murderous attacks of September 11 pain- created by the Defense Advanced Research Projects fully demonstrated, this new threat is unlike Agency (“DARPA”) in 2002 as a tool to “become anything the nation has faced before. The much more efficient and more clever in the ways combination of coordinated, well-financed ter- we find new sources of data, mine information rorists, willing to sacrifice their lives, potentially from the new and old, generate information, armed with weapons of mass destruction, capable make it available for analysis, convert it to of operating within our own borders poses knowledge, and create actionable options.”5 extraordinary risks to our security, as well as to TIA sparked controversy in Congress and the our constitutional freedoms, which could all too press, due in large part to the threat it was per- easily be compromised in the fight against this ceived as posing to informational privacy. On new and deadly terrorist threat. September 25, 2003, Congress terminated funding To help guard against this, Secretary of Defense for the program with the exception of “process- Donald Rumsfeld appointed the Technology and ing, analysis, and collaboration tools for counter- Privacy Advisory Committee (“TAPAC”) in terrorism foreign intelligence,” specified in a February 2003 to examine the use of “advanced classified annex to the Act. These tools may be information technologies to identify terrorists used only in connection with “lawful military before they act.”3 Secretary Rumsfeld charged the operations of the United States conducted out- committee with developing safeguards “to ensure side the United States” or “lawful foreign intel- that the application of this or any like technology ligence activities conducted wholly overseas, or * U.S. laws apply to surveillance, searches, and seizures of personally identifiable information conducted or authorized by government officials within the United States. Those laws apply outside of the United States only if the surveillance, search, or seizure involves a U.S. citizen (although not necessarily a permanent resident alien). This report focuses exclusively on the privacy issues posed by U.S. government data mining programs under U.S. law to U.S. persons, which are defined under U.S. law as U.S. citizens and permanent resident aliens. It does not address data mining concerning federal government employees in connection with their employment. † When first announced, the program was entitled “Total Information Awareness.” The title was changed to “Terrorism Information Awareness” in May 2003. Report of the Technology and Privacy Advisory Committee vii wholly against non-United States citizens.”6 This TAPAC’S CONCLUSIONS language makes clear that TIA-like activities may After many public hearings, numerous back- be continuing. ground briefings, and extensive research, TAPAC The Scope of government Data Mining has reached four broad conclusions: TIA was not unique in its potential for data TIA was a flawed effort to achieve worthwhile mining.* TAPAC is aware of many other programs ends. It was flawed by its perceived insensitivity to in use or under development both within DOD critical privacy issues, the manner in which it was and elsewhere in the government that make presented to the public, and the lack of clarity and similar uses of personal information concern- consistency with which it was described. DARPA ing U.S. persons to detect and deter terrorist stumbled badly in its handling of TIA, for which activities, including: the agency has paid a significant price in terms of its credibility in Congress and with the public. • DOD programs to determine whether data This comes at a time when DARPA’s historically mining can be used to identify individuals creative and ambitious research capacity is more who pose a threat to U.S. forces abroad necessary than ever. By maintaining its focus on imaginative, far-sighted research, at the same time • the intelligence community’s Advanced Re- that it takes account of informational privacy search and Development Activity center, based concerns, DARPA should rapidly regain its bear- in the National Security Agency, to conduct ings. It is in the best interests of the nation for it “advanced research and development related to do so. to extracting intelligence from, and provid- ing security for, information transmitted or Data mining is a vital tool in the fight against manipulated by electronic means”7 terrorism, but when used in connection with per- sonal data concerning U.S. persons, data mining • the Computer-Assisted Passenger Prescreening can present significant privacy issues. Data min- System in the Department of Homeland ing tools, like most technologies, are inherently Security (“DHS”) neutral: they can be used for good or ill. However, • the Treasury Department’s Financial Crimes when those tools are used by the government to Enforcement Network scrutinize personally identifiable data concerning U.S. persons who have done nothing to warrant • federally mandated “Know Your Customer” rules suspicion, if they are conducted without an adequate predicate they run the risk of becoming • the “MATRIX” (Multistate Anti-Terrorism the 21st-century equivalent of general searches, Information Exchange) system to link law which the authors of the Bill of Rights were so enforcement records with other government concerned to protect against. and private-sector databases in eight states and DHS To be certain, data mining has many valuable and lawful uses in both the private and public • Congress’ mandate in the Homeland Security sectors. In many settings it may prove less intru- Act that DHS “establish and utilize . . . a secure sive to privacy than other techniques for guard- communications and information technology ing against terrorist threats. Moreover, the same infrastructure, including data mining and other technologies that make data mining feasible can advanced analytical tools,” to “access, receive, be used to reduce the amount of personally and analyze data detect and identify threats identifiable data necessary, facilitate data mining of terrorism against the United States”8 *We define “data mining” to mean: searches of one or more electronic databases of information concerning U.S. persons, by or on behalf of an agency or employee of the government. viii SAFEGUARDING PRIVACY IN THE FIGHT AGAINST TERRORISM
Description: