House hearing offers clash over use of data mining

IDG News Service - A coalition of privacy groups wants the U.S. Congress to halt the creation of a federal database of airline-passenger profiles until more details about who would be included and how it would be operated are available. Meanwhile, the White House's CIO questioned today at a U.S. House of Representatives hearing whether that data mining program would be effective.
At that hearing, a law professor and congressman disagreed over whether Congress should regulate government data mining efforts, while most witnesses praised the use of data analysis for everything from reducing credit card abuse in government to catching terrorists.
Jeffrey Rosen, a law professor at George Washington University and legal affairs editor of The New Republic magazine, said that "suspicionless surveillance of large groups of people" would violate the Fourth Amendment to the U.S. Constitution, which guarantees freedom from unreasonable searches and seizures.
Rosen said the Department of Defense's Total Information Awareness (TIA) research project, which focuses on surveillance through mass data mining, and the Transportation Security Administration's proposed second version of the Computer Assisted Passenger Prescreening System (CAPPS II) are examples of such "mass dataveillance."
"It's possible to design data mining technologies in ways that strike better rather than worse balances between liberty and security," Rosen told the Subcommittee on Technology, Information Policy, Intergovernmental Relations, and the Census. That subcommittee falls under the House Committee on Government Reform.
Congress has decided to put a hold on the hotly debated TIA project, but Rep. Tom Davis (R-Va.), who chairs the full government reform committee, questioned whether regulating data mining would slow the benefits of such technology.
Calling information retrieval the "oil of the 21st century," Davis said the benefits of data analysis are many. "My theory is we need to be slow about coming in and overregulating sometimes," he said. "You let the industry come up with its own protocols before the government comes in and starts imposing a regulatory and taxing regime that could really stifle the growth and potential of this."
Rosen asked Davis to consider whether data-sharing that's appropriate in private industry would be appropriate in national security agencies. "Much of the history of our privacy laws for the past 50 years have been based on the idea that completely unregulated information-sharing is not consistent with the values of the Constitution or American citizens," Rosen said. "We don't want every low-level information officer in the field to know ... that I'm late on my child-support payments or that I'm late on my credit card. Complete transparency of information, total unregulated use, which many Silicon Valley people are urging, wouldn't be consistent with the values of the Fourth Amendment."
Rosen questioned whether huge government data mining programs would be effective enough to warrant the added intrusion, but Davis argued that most of the information that would be used and analyzed together is available on separate government databases. "We know, for example, with the terrorists on 9/11, the information was out there," he said. "Had we been able to collate that information and get that in one place, we could have prevented that from happening. That's something you list as an infringement on privacy, but what do you say to the victims and the families of the 3,000 people who died that day?"
Meanwhile, a coalition of civil liberties and privacy groups, including the Electronic Frontier Foundation, the Electronic Privacy Information Center and the Center for Democracy and Technology, wrote a letter to Davis and ranking committee Democrat Henry Waxman, urging Congress to stop the CAPPS II program unless it is proved to be effective and consistent with privacy principles. Saying CAPPS II would attempt to assess the security risk of every single airline passenger based on commercial and government data, the letter asks Congress to "start asking questions about CAPPS II now."
But Mark Forman, associate director for information technology and e-government in the White House's Office of Management and Budget, said at the hearing that he, too, is waiting for details about CAPPS II and that the Transportation Security Administration was tardy in answering his request. It doesn't make sense for the government to spend "hundreds of millions of dollars on a new IT system with very pretty screens" if it doesn't protect the U.S. against terrorism, said Forman, who is often referred to as the White House's CIO.
The Transportation Security Administration didn't have an immediate comment on the letter or Forman's comments.
Beyond the proposed CAPPS II or TIA, the federal government doesn't seem to have the kind of mass data mining programs Rosen is worried about, Forman said. In a search of government resources in preparation for the House hearing, Forman said he found no data mining efforts that searched databases without first pinpointing a suspect.
A series of witnesses at the hearing praised the potential of data mining applications. Paula Dockery, a state senator from Florida, said her state has used data mining to gather information on suspected criminals, although the state requires a reasonable suspicion before its Financial Crime Analysis Center turns its data analysis on a suspect.
Gregory Kutz, director of financial management and assurance for the U.S. General Accounting Office, said his agency has used data mining to catch government employees using office credit cards on everything from escort services to Internet gambling to a down payment on a home. Kutz presented evidence of personal purchases a government employee made recently using a government credit card during a four-day shopping spree, in which the user ran up more than $9,100 at various retail stores.