Computerworld
Print Article
Close Window

U.S. agencies defend government data mining plans

Grant Gross, IDG News Service
 

May 7, 2003 (IDG News Service)

Leaders of two much-criticized projects that privacy advocates fear will collect massive amounts of data on U.S. residents defended those initiatives before Congress Tuesday, saying their scope will be much more limited than opponents fear.
James Loy, director of the Transportation Security Administration (TSA), and Anthony Tether, director of the Defense Advanced Research Projects Agency (DARPA), countered concerns, saying that neither the TSA's proposed Computer Assisted Passenger Prescreening System (CAPPS II) nor DARPA's Total Information Awareness (TIA) research project would house new volumes of data that could be later used to check up on U.S. citizens.
Instead, CAPPS II will run an airline passenger's name, address, phone number and birth date through a sophisticated data analysis process to determine if that passenger presents a terrorism risk, Loy said. And DARPA is providing agencies such as the FBI with tools to mine data for important trends, but the agency itself isn't planning to collect data, Tether said.
Asked how DARPA would ensure that any information about U.S. residents caught in TIA's net would be correct, Tether said that's up to agencies like the FBI to decide. "At DARPA, we develop the tools," he said. "We don't collect any data. We're not the people who collect data; we're the people who supply the analytical tools to the people who collect the data."
Loy and Tether, along with Steve McCraw, assistant director of the Office of Intelligence at the FBI, testified Tuesday at the House Committee on Government Reform's Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census. The subject was whether data mining programs can improve national security.
As details of both TIA and CAPPS II have slowly come out this year, the two projects have come under fire from privacy advocates and Congress, mostly from Democratic lawmakers. Opponents questioned how such data mining technologies would be used, what databases would be collected and how the public could correct any mistakes in collected information.
But the criticism hasn't come only from liberal-leaning civil rights groups and lawmakers. On Tuesday, Lori Waters, executive director of the conservative, pro-family Eagle Forum, said she continues to have concerns about the scope of both programs.
The CAPPS II program doesn't have any congressional limits on the data it collects, Waters said, and little information has been available on either program. "What is the goal of CAPPS II? What is the goal of TIA?" she asked. "There are questions that need to be answered before we pour millions of dollars into this type of technology. We haven't seen any evidence that these will be effective plans."
Rep. William Clay (D-Mo.) also criticized the two programs for a "dark cloud of secrecy" hanging over them. "I would like each of you to go back to your respective agencies and figure out what you can do to help build confidence in your activities ... and make this process a little easier on the American public," he said.
Loy said his agency is soliciting comments from the public and privacy advocates. "We are absolutely not putting together a ... system that we'd be ashamed of or fear offering to the public for comment," he said. "In fact, we are going desperately, quickly in the opposite direction."
Loy declined to expand on what measures the TSA would use to determine whether an airline passenger should be let on a plane, questioned further or detained by law enforcement agents, saying he wasn't comfortable releasing those benchmarks to the public. He promised that CAPPS II would reduce the number of false positive identifications the current airline passenger profiling system now produces, and he said CAPPS II would "improve security and customer service."
CAPPS II would replace the current airline passenger screening system in the U.S., which Loy said is flawed because it lacks sophisticated methods of predicting passenger behavior and produces false positives. The current CAPPS system flags about 15% of U.S. air travelers. Loy said he expects the TSA to roll out CAPPS II in mid-2004.
The TSA is working on a privacy strategy and will create a way for airline passengers to dispute their CAPPS II risk scores, Loy said, and it won't save information on travelers in a database.
"CAPPS II will not build databases on U.S. persons permitted to fly," Loy said. "We will not be looking for the proverbial needle in the haystack. Rather, we will be taking the haystack off the needle by identifying those thousands and thousands of perfectly innocent travelers, opting them in, if you will, thereby leaving those we can't evaluate as OK."
Tether said the subcommittee hearing was a good step toward explaining the programs to the public. He promised that a full report on TIA would be released to Congress later this month and said that in retrospect, the agency should have responded to recent media reports speculating about the scope of TIA.
"DARPA is not developing a system to profile the American public," he said. "Nothing could be further from the truth. The mistake we at DARPA made is we were so stunned by some of the outrageous comments that we didn't do anything about it for some time."
Instead of collecting and analyzing huge amounts of data, the goal of TIA, Tether said, is to put together likely terrorist attack scenarios, then match those models against activities in public databases. Instead of searching databases for unknown patterns in large databases, which leads to a lot of false positives, TIA's data mining component would start with those scenarios created by experts, he said.
Subcommittee Chairman Adam Putnam (R-Fla.) asked Tether if TIA would analyze records such as credit card purchases and video rentals. Tether said he would be surprised if TIA would eventually use such records, but DARPA researchers might "contemplate" how to use that kind of data. DARPA may be interested in travel information of terrorist suspects, he acknowledged.
"You pay us to contemplate," Tether said of DARPA considering the use of information such as library records. "I personally would be extraordinarily surprised if video rentals would be something that they use."
Asked by Putnam whether their programs could eventually be used to track criminals who aren't terrorists or even parents behind on child support, Loy promised to protect CAPPS II against "mission creep." The system isn't set up to catch suspected ax murderers, he added. "That is not the person we are trying to keep off the plane today," he said.
But the FBI's McCraw said his agency is planning to search publicly available databases, such as LexisNexis, to track criminals through a data mining project it is developing called SCOPE. The FBI protects against false information in those databases by checking out the leads it finds in the data, he said, and it has no plans to purchase personal information on U.S. citizens who aren't part of an investigation.
The subcommittee will host another hearing about the privacy concerns over data mining in two weeks.